https://bugzilla.redhat.com/show_bug.cgi?id=755851
Description of problem: When a user provides incorrect multivalued string for registeredAddress in AD, "--all" option for ipa user-show displays traceback. Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure IPA - AD winsync. 2. Launch ADSI Edit in AD. 3. RMC on any user | Properties | Navigate to "registeredAddress" 4. Add "registeredAddress" as "00 06". 5. Wait until the winsyncInterval. 6. ipa user-show user --all Actual results: ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token): line 12, column 15 Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run return self.forward(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in forward return self.Backend.xmlclient.forward(self.name, *args, **kw) File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward response = command(*xml_wrap(params)) File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request verbose=self.__verbose File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request return self._parse_response(h.getfile(), sock) File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response p.feed(response) File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed self._parser.Parse(data, 0) ExpatError: not well-formed (invalid token): line 12, column 15 ipa: ERROR: an internal error has occurred [root@decepticons ~]# The error is due to incorrectly entered by user multi-valued string coming from AD for registeredAddress attribute. Expected results: Error should be caught and traceback message should not be displayed. Additional info: ldapsearch against AD: [root@decepticons ~]# ldapsearch -LLL -x -h dhcp201-112.englab.pnq.redhat.com -D "cn=Administrator,cn=Users,dc=englab,dc=pnq,dc=redhat,dc=com" -w Secret123 -b "CN=user6 user6,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com" dn: CN=user6 user6,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: user6 user6 sn: user6 c: IN l: Pune st: Maharashtra description: Description for user6 postalAddress: Stow, Ohio, USA postalCode: 400706 registeredAddress:: AAY= givenName: user6 distinguishedName: CN=user6 user6,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com instanceType: 4 whenCreated: 20111122062117.0Z whenChanged: 20111122073708.0Z displayName: user6 user6 uSNCreated: 49290 uSNChanged: 49306 co: India streetAddress: Magarpatta City name: user6 user6 objectGUID:: qn5MqOTqhE2a/IRthLE5hw== userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 356 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 pwdLastSet: 129664164770156250 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAA5bzg0+7Bup2snmc4agQAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: user6 sAMAccountType: 805306368 userPrincipalName: user6@englab.pnq.redhat.com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=englab,DC=pnq,DC=redha t,DC=com dSCorePropagationData: 16010101000000.0Z lastLogonTimestamp: 129664167423437500 homePhone: 12345678 mobile: 9820499133 pager: 87654321 ldapsearch from IPA server: [root@decepticons ~]# ldapsearch -LLL -x -b "cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com" -D "cn=Directory Manager" -w Secret123 -h localhost uid=user6 dn: uid=user6,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com registeredAddress:: AAY= postalAddress: Stow, Ohio, USA street: Magarpatta City st: Maharashtra l: Pune pager: 87654321 mobile: 9820499133 homePhone: 12345678 postalCode: 400706 ntUserLastLogon: 0 ntUserLastLogoff: 0 description: Description for user6 krbExtraData:: AAgBAA== krbExtraData:: AAI+QMtOcm9vdC9hZG1pbkBMQUIuRU5HLlBOUS5SRURIQVQuQ09NAA== krbLastPwdChange: 20111122062502Z krbPasswordExpiration: 20120220062502Z krbPrincipalKey:: MIIBnKADAgEBoQMCAQGiAwIBAaMDAgEApIIBhDCCAYAwaKAbMBmgAwIBBKES BBAqueU/iQ4G+5Co6Qusg8RwoUkwR6ADAgESoUAEPiAAmpHA8jrwmNAkcgh/3KMPJqO1uZMcxR02F xwHCW/di7XCkyqzcugUpvLBW3XHEhQeMOz8R0dDu6D89RnGMFigGzAZoAMCAQShEgQQYWUIxHDJL2 gVsUBVNzXpCqE5MDegAwIBEaEwBC4QAF7PsWRnuiy52QNvPrUR/4PhkLk9KXKqYGZkXciv1mFY3Wa GDT9ww5kmgSfFMGCgGzAZoAMCAQShEgQQyJLiJMYt/Luw0cuDWaOAuaFBMD+gAwIBEKE4BDYYAOVv mkG81X1x3PdaijkPj9vsHPqIIlPXakylt/XFBSU3BwaoIM4MR7cxxj2ibkF+9AjuphIwWKAbMBmgA wIBBKESBBCx1aJevGimBd8G12LjDq2LoTkwN6ADAgEXoTAELhAApzwumQ4gsWDBJXdBujum09zjwq GvHbEyycLTMOi6C0fCb+YPMn7bbIbDp3Y= userPassword:: e1NTSEF9Y00zR2NZbnpmaXBvdER2dmNNb3RQZGY2TGRGM1pIbG84R2Y3T0E9PQ= = mepManagedEntry: cn=user6,cn=groups,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat ,dc=com objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: mepOriginEntry ntUserDeleteAccount: true uid: user6 sn: user6 givenName: user6 cn: user6 user6 ntUserCodePage: 0 ntUserAcctExpires: 9223372036854775807 ntUserDomainId: user6 ntUniqueId: aa7e4ca8e4ea844d9afc846d84b13987 employeeType: unknown krbPrincipalName: user6@LAB.ENG.PNQ.REDHAT.COM homeDirectory: /home/user6 gecos: user6 user6 loginShell: /bin/sh uidNumber: 1814400218 gidNumber: 1814400218 ipaUniqueID: 99254b36-14d2-11e1-8e1f-525400f56e2e [root@decepticons ~]# ipa user-show user6 User login: user6 First name: user6 Last name: user6 Home directory: /home/user6 Login shell: /bin/sh UID: 1814400218 GID: 1814400218 Account disabled: False Keytab: True Password: True [root@decepticons ~]# [root@decepticons ~]# ipa -vv user-show user6 --all ipa: INFO: trying https://decepticons.lab.eng.pnq.redhat.com/ipa/xml ipa: INFO: Forwarding 'user_show' to server u'https://decepticons.lab.eng.pnq.redhat.com/ipa/xml' send: u'POST /ipa/xml HTTP/1.0\r\nHost: decepticons.lab.eng.pnq.redhat.com\r\nAccept-Language: en-us\r\nReferer: https://decepticons.lab.eng.pnq.redhat.com/ipa/xml\r\nAuthorization: negotiate YIIFdAYJKoZIhvcSAQICAQBuggVjMIIFX6ADAgEFoQMCAQ6iBwMFACAAAACjggGBYYIBfTCCAXmgAwI BBaEYGxZMQUIuRU5HLlBOUS5SRURIQVQuQ09NojUwM6ADAgEDoSwwKhsESFRUUBsiZGVjZXB0aWNvbn MubGFiLmVuZy5wbnEucmVkaGF0LmNvbaOCAR8wggEboAMCARKhAwIBAqKCAQ0EggEJUBBfHkF2fxXfA ZfEzkFKbUtpuJflAMd+11XLweYi/Xovy0WxmJAU2hz3N/epOWUlhfTbptbpFzWapGa4aQObZ/4QWXeb ySG/MaKYw+owJFvEd/7v3GTNeNqdnoqiWb7xXMyOz8wDBvwnngmJxRV3KYhHFX83m3ScbPJQhK+WmWH R8KR/58Ea/bOXezXgNnQcFX/ke5csnJbSymu7PKgfplvxvWDqPdTizMxke6AtRtCBCq9fa+DM4RbB91 IcpOLwN9J2UilejjsrNYWQtT3E8WpS5t2nVpvdfHvwoD5amzU2LnuMuKcRI569sm3pneemP+wiNA6d9 0z3df0kg4agb2u4fL+CvCLHIqSCA8MwggO/oAMCARKiggO2BIIDsscrmok5iVJuNVTsBLzOYMUNAVj0 CNbaXbjy11oFTHOfR4jpCiXywCZBLpGBETwbL2jAgxVSBpPLU92WFjUbl08v98Npm/juWzVUVa7+xXc aY/3xqg+03DG9RrMpXSEMr9lXk9BMbNXen+4GXJCaJFo9c7Q1JM5v2BGIhzfqD/09eaglS1Vo9axJ/b 0XcEhzlR6U22G1Cif72WAvGQaasnbTxr9aMqCKynwzadfy6LF/wC1v9sR0LnWWmHS7ItHaOHkpexe37 1Q4LFJ8fzibDzHA3Q/KvN+oB1akbvHZp20+JHsrNKXXAXbWEkKT3mVO1SRnn0/0QULPbobUK6VI5coe i+8cPI6oKT7vOCs/Kz067jimSb4CNaSaIj3n7WcFS/hioVR6cn0JXh/fC5c28puJIR2I354XQxVgMOr dJX7qPTVBRSD4VPAngpbKyffWFyYt0n6WhoV/qtctFhitog+eCTkrHg57r7OqJAiUYLZfbczjUXuG0p 6G02Ov/M/wt7NV9ydYvOXAX3Y8ojEOZzPug+YgycWuHE00WfLg011PJrVvl0OZGAhjHJp0occfyXXy2 qaIuHJ9IyS6neiWruyjS2vnQeRYe4YhiyxJ9I85Em7k55Nd/A0xBsF8tbys/+acm2NOZDxWo9MZGuBb U939n7vMtcufshDVGN1V0G5QLfAHuS1ZSbYXCA1ouXtixSap+tF4nHNsJv1seMR2nX2cHUvRyVeHNOp fO0jxG1t7KmQziQKQveN54VW1IfTmDL5Rmil8NO4T9bLs47oVDvadYMySl9g8EPDqa1tG55D1KnadkC PjECoq9uAftHLjfiFdAQ1y08eq+jDIa0CO7goGqbB0eOGyf80AIy5LdqFglp9s4oIhMi912Nda3664Q 6UmKzrP/UzuFSyZkgnP2m3Mqt6ry1tV+QfeGTH0GIXRcHQO4HnEvyhVmnXEV4y0KwaNDykw0HT9367p AsKYyHLFTqgN/NdWNibYfUiRStfWWd5VpeMDVdt0iuR9GCH8gTGOVxArpynmreVgNdXRnkV9mGgyq6I dKR85zJ8oQ6pg0rAuY09rgSA5oCDLFTnlZOGRD1EVQmNNK+Ld6nW5y8Mh3F5JMxhT1HILl70rDPQkxj llCU2m1VvXiK/CakPypMHm+OCziBoElLiuqItSWqoc4E0q+/OyoDUeEs1+NBSQYj7hzCBo8lZ4TuS6s MT+UAQPZEld7oSwpoCqQ6CcWfT5lo6tRD86hhCvX8bjxXCm1/I=\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: text/xml\r\nContent-Length: 567\r\n\r\n' send: "<?xml version='1.0' encoding='UTF-8'?>\n<methodCall>\n<methodName>user_s how</methodName>\n<params>\n<param>\n<value><array><data>\n<value><string>user6 </string></value>\n</data></array></value>\n</param>\n<param>\n<value><struct>\ n<member>\n<name>raw</name>\n<value><boolean>0</boolean></value>\n</member>\n<m ember>\n<name>all</name>\n<value><boolean>1</boolean></value>\n</member>\n<memb er>\n<name>version</name>\n<value><string>2.13</string></value>\n</member>\n<me mber>\n<name>rights</name>\n<value><boolean>0</boolean></value>\n</member>\n</s truct></value>\n</param>\n</params>\n</methodCall>\n" reply: 'HTTP/1.1 200 OK\r\n' header: Date: Tue, 22 Nov 2011 07:58:02 GMT header: Server: Apache/2.2.15 (Red Hat) header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+ iejB4oAMCARKicQRv41ubsLP5Fgy6J1Z/Z3L7D89mhmlJPTmrwS1NCpNmXpGsrLMO4ODl7KVYub0zGO NVl1YmbdPkhSC2w4ydV7XyFmsWM1pLCYAzGfxIyYvA8nBU5vPLkYxgIbf/zDDfm7zSJptcYEfqax8cH Dt4SGOk header: Connection: close header: Content-Type: text/xml; charset=utf-8 body: "<?xml version='1.0' encoding='UTF-8'?>\n<methodResponse>\n<params>\n<par am>\n<value><struct>\n<member>\n<name>result</name>\n<value><struct>\n<member>\ n<name>registeredaddress</name>\n<value><array><data>\n<value><string>\x00\x06< /string></value>\n</data></array></value>\n</member>\n<member>\n<name>krbextrad ata</name>\n<value><array><data>\n<value><base64>\nAAgBAA==\n</base64></value>\ n<value><base64>\nAAI+QMtOcm9vdC9hZG1pbkBMQUIuRU5HLlBOUS5SRURIQVQuQ09NAA==\n</b ase64></value>\n</data></array></value>\n</member>\n<member>\n<name>cn</name>\n <value><array><data>\n<value><string>user6 user6</string></value>\n</data></arr ay></value>\n</member>\n<member>\n<name>ntuserlastlogoff</name>\n<value><array> <data>\n<value><string>0</string></value>\n</data></array></value>\n</member>\n <member>\n<name>has_keytab</name>\n<value><boolean>1</boolean></value>\n</membe r>\n<member>\n<name>has_password</name>\n<value><boolean>1</boolean></value>\n< /member>\n<member>\n<name>homedirectory</name>\n<value><array><data>\n<value><s tring>/home/user6</string></value>\n</data></array></value>" ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token): line 12, column 15 Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run return self.forward(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in forward return self.Backend.xmlclient.forward(self.name, *args, **kw) File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward response = command(*xml_wrap(params)) File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request verbose=self.__verbose File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request return self._parse_response(h.getfile(), sock) File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response p.feed(response) File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed self._parser.Parse(data, 0) ExpatError: not well-formed (invalid token): line 12, column 15 ipa: ERROR: an internal error has occurred [root@decepticons ~]#
similar issue when an attribute for a user or a group is null
cat /etc/redhat-release ; uname -a; rpm -qa ipa-* Red Hat Enterprise Linux Server release 6.2 (Santiago) Linux ipaserver2.example.com 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux ipa-server-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-admintools-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch
user or group test
easier test:
vi /tmp/tt.ldif dn: uid=guest1,cn=users,cn=accounts,dc=example,dc=com changetype: modify replace: description description:: AA== ldapmodify -x -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -f /tmp/tt.ldif ldapsearch -xLLL -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -b dc=example,dc=com uid=guest1 description dn: uid=guest1,cn=users,cn=compat,dc=example,dc=com dn: uid=guest1,cn=users,cn=accounts,dc=example,dc=com description:: AA== [root@ipaserver2 ~]# ipa user-show guest1 --all ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token): line 138, column 15 Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run return self.forward(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in forward return self.Backend.xmlclient.forward(self.name, *args, **kw) File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward response = command(*xml_wrap(params)) File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request verbose=self.__verbose File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request return self._parse_response(h.getfile(), sock) File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response p.feed(response) File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed self._parser.Parse(data, 0) ExpatError: not well-formed (invalid token): line 138, column 15 ipa: ERROR: an internal error has occurred [root@ipaserver2 ~]#
for a group:
vi /tmp/ttt.ldif dn: cn=group0,cn=groups,cn=accounts,dc=example,dc=com changetype: modify replace: description description:: AA== ldapsearch -xLLL -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -b dc=example,dc=com cn=group0 description dn: cn=group0,cn=groups,cn=accounts,dc=example,dc=com ldapmodify -x -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -f /tmp/ttt.ldif ldapsearch -xLLL -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -b dc=example,dc=com cn=group0 description dn: cn=group0,cn=groups,cn=accounts,dc=example,dc=com description:: AA== [root@ipaserver2 ~]# ipa group-find ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token): line 79, column 15 Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run return self.forward(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in forward return self.Backend.xmlclient.forward(self.name, *args, **kw) File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward response = command(*xml_wrap(params)) File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request verbose=self.__verbose File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request return self._parse_response(h.getfile(), sock) File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response p.feed(response) File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed self._parser.Parse(data, 0) ExpatError: not well-formed (invalid token): line 79, column 15 ipa: ERROR: an internal error has occurred [root@ipaserver2 ~]# ipa -vvv group-find ...snip... body: '=groups,cn=accounts,dc=example,dc=com</string></value>\n</member>\n<member>\n<name>gidnumber</name>\n<value><array><data>\n<value><string>1002</string></value>\n</data></array></value>\n</member>\n<member>\n<name>cn</name>\n<value><array><data>\n<value><string>editors</string></value>\n</data></array></value>\n</member>\n<member>\n<name>description</name>\n<value><array><data>\n<value><string>Limited admins who can edit other users</string></value>\n</data></array></value>\n</member>\n</struct></value>\n<value><struct>\n<member>\n<name>dn</name>\n<value><string>cn=group0,cn=groups,cn=accounts,dc=example,dc=com</string></value>\n</member>\n<member>\n<name>description</name>\n<value><array><data>\n<value><string>\x00</string></value>\n</data></array></value>\n</member>\n<member>\n<name>cn</name>\n<value><array><data>\n<value><string>group0</string></value>\n</data></array></value>\n</member>\n<member>\n<name>member_user</name>\n<value><array><data>\n<value><string>guest1</string></value>\n<value><string>guest2</string></value>\n<value><string>guest3</strin' -> <name>description</name>\n<value><array><data>\n<value><string>\x00</string></value>\n
attachment freeipa-rcrit-971-binary.patch
Moving to next month iteration.
Moving to backlog.
There is a request to escalate it.
This is not so straightforward as it sounds. We rely on the LDAP schema to tell us what type of data to expect. Things go badly when we receive binary data in what should be a string field. This can be addressed in a couple of ways but all rely on some way to recognize that we have binary data and base64 encode it. There has been much discussion over where this is best done.
The current status is the patch has been NACKed.
This ticket is for the XML-RPC transport. There needs to be a way to pass strings that are invalid XML over the transport, and keep raw 8-bit Python strings in the Python code on both sides.
Displaying non-printable data to the user, and storing problematic data in LDAP, are different issues. Mixing that with the XML marshalling is the wrong thing to do. It would make sense to create a bugs for those (if they really are problems) and triage them separately. For this issue we need to make XML-RPC take any data we give it and reliably pass it to the other side. While keeping backwards compatibility.
I'm not mixing the issues. The XML encoder uses the LDAP schema to determine what type of field it needs to send. If it is told a string field and that field contains binary (as in this case) then it blows up.
My proposal was to detect this binary data and encode it. If it is a string field it will be left encoded on the client side. This had the side effect of making it displayable to the user.
This has absolutely nothing to do with the data stored in LDAP. We just currently have no reliable way of determining if data is compatible with XML-RPC, that is the problem.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=955741 (Red Hat Enterprise Linux 6)
Bumping priority of this ticket as it is being hit by more users and it is quite hard to debug and to workaround as ipa command then always crashes on this bad data.
FWIW, switching to JSON RPC should alleviate the problem (though only for the ipa client).
The refactoring that Honza has in mind should also alleviate this issue.
Obsoleted patch, removing on_review flag.
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: Future Releases
I'm going to mark this as fixed since we now use the JSON API exclusively.
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.