Actions
Bug #3726
closed
The migration script should be able to handle passwords with non-alpha characters
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
In all the LDAP query done in the migration script, the password is not quoted, so if it contains funky characters, there's a risk it might fail
We need to quote all the uses to the LDAP password
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.4.7 to 2.4.8
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.8 to 2.4.9
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.9 to 2.4.10
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.10 to 2.4.11
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.11 to 2.4.12
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.12 to 2.4.13
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.4.13 to 2.6.11
Since 2.4 is not maintained anymore, retargeting to branch 2.6
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.6.11 to 2.6.12
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.6.12 to 2.6.13
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.6.13 to 2.6.14
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.6.14 to 2.6.16
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.6.16 to 2.6.17
Updated by Nicolas PERRON over 10 years ago
- Target version changed from 2.6.17 to 2.6.18
Updated by Matthieu CERDA about 10 years ago
- Target version changed from 2.6.18 to 2.6.19
Updated by Vincent MEMBRÉ about 10 years ago
- Target version changed from 2.6.19 to 2.6.20
Updated by François ARMAND almost 10 years ago
- Target version changed from 2.6.20 to 2.10.10
There is a better in Rudder 2.10, but some uses are still unquotted.
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.10 to 2.10.11
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.11 to 2.10.12
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 34 to Rudder
- Category set to Packaging
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.12 to 2.10.13
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.13 to 2.10.14
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.14 to 2.10.15
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.15 to 2.10.16
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.16 to 2.10.17
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.17 to 2.10.18
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.18 to 2.10.19
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.19 to 2.10.20
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 2.10.20 to 2.11.18
Updated by Jonathan CLARKE almost 9 years ago
- Status changed from New to In progress
- Assignee set to Jonathan CLARKE
Updated by Jonathan CLARKE almost 9 years ago
- Status changed from In progress to Rejected
All uses of LDAP_PASSWORD variable in rudder-upgrade come from this one line:
LDAP_PARAMETERS="-H ldap://${LDAP_SERVER}:${LDAP_PORT}/ -D ${LDAP_USER} -w ${LDAP_PASSWORD} -x"
The shell automatically quotes any special characters in this, as shown here:
# grep root /opt/rudder/etc/openldap/slapd.conf rootdn "cn=Manager,cn=rudder-configuration" rootpw a!ca*d?085e3 # bash -x /opt/rudder/bin/rudder-upgrade ... ldapsearch -H ldap://localhost:389/ -D cn=manager,cn=rudder-configuration -w 'a!ca*d?085e3' -x -LLL -b cn=rudder-configuration -s base dn
This does not work, however, if the password contains a single quote, for obvious reasons. Apart from that, all characters seem to be just fine. I think that is good enough, so I'm closing this ticket.
Note: rudder-inventory-endpoint-upgrade does not use LDAP.
Actions