[Steven Chamberlain]
> Hi,
>
> The timestamps in syslog are confusing. Seems like they are
> interchangeably UTC or localtime.
Yes. The syslog messages from /target/ have localtime, and the ones
from d-i have UTC.
> Anyway, assuming the log entries are the right order, it looks like
> OpenLDAP got started before it was configured.
Given that it work for others, I believe LDAP is properly configured
in the common case.
I was told on IRC by the bug reporter, bammes, that his installation
worked when he did not use characters like * and # in the password.
This made me check the code to see if the root and first user password
are properly quoted in the source. The attached patch fix a few
missing quotes. The patch is untested, because I lack my test bench
here.
--
Happy hacking
Petter Reinholdtsen
Index: share/debian-edu-config/tools/kerberos-kdc-init
===================================================================
--- share/debian-edu-config/tools/kerberos-kdc-init (revisjon 77145)
+++ share/debian-edu-config/tools/kerberos-kdc-init (arbeidskopi)
@@ -263,7 +263,7 @@
GID=1000
chown -R $UID:$GID $HOMEDIR
- pwlen=$(echo -n $FIRSTUSERPWD | wc -c)
+ pwlen=$(echo -n "$FIRSTUSERPWD" | wc -c)
echo "Creating Kerberos principal for $USERDN (password length $pwlen)"
kadmin.local -q "add_principal -pw $FIRSTUSERPWD -x dn=$USERDN
$FIRSTUSERNAME" 1>&2
db_set debian-edu-config/first-user-password ''
Index: ldap-tools/ldap-debian-edu-install
===================================================================
--- ldap-tools/ldap-debian-edu-install (revisjon 77145)
+++ ldap-tools/ldap-debian-edu-install (arbeidskopi)
@@ -254,7 +254,7 @@
## Create and distribute a random password and
## its hash for the ldap gosa-admin account:
GOSAPWD=`slappasswd -g -h {CLEARTEXT}`
- GOSAPWDHASH=`slappasswd -s $GOSAPWD -h {SSHA}`
+ GOSAPWDHASH=`slappasswd -s "$GOSAPWD" -h {SSHA}`
GOSACONFDIR="/etc/gosa/"
GOSACONF="gosa.conf"
GOSAADMINSDN=$(awk '/dn: cn=gosa-admins,/ { print $2 }' /etc/ldap/gosa.ldif)
@@ -306,11 +306,11 @@
## Create and distribute a random password and its hash
## for the kdc service accounts kadmin and kdc-service:
KDCPWD=`slappasswd -g -h {CLEARTEXT}`
- KDCPWDHASH=`slappasswd -s $KDCPWD -h {SSHA}`
+ KDCPWDHASH=`slappasswd -s "$KDCPWD" -h {SSHA}`
KDCCONFDIR="/etc/krb5kdc/"
KEYFILE="service.keyfile"
## convert to {HEX} encoding:
- KDCPWDHEX=`echo $KDCPWD | xxd -g0 -ps | sed "s/0a$//"`
+ KDCPWDHEX=`echo "$KDCPWD" | xxd -g0 -ps | sed "s/0a$//"`
KRB_CONT_DN=`awk '/dn: cn=kerberos,/ { print $2 }' /etc/ldap/krb5.ldif`
mkdir -p $KDCCONFDIR
@@ -327,7 +327,7 @@
SAMBAPWD=$(slappasswd -g -h {CLEARTEXT})
# then generate hashed Samba password, this will be needed for bootstrapping
# cn=smbadmin in root.ldif
- SAMBAPWDHASH=$(slappasswd -u -s $SAMBAPWD)
+ SAMBAPWDHASH=$(slappasswd -u -s "$SAMBAPWD")
# first portion of bootstrap (everything except samba.ldif)
for ldif in \
@@ -440,7 +440,7 @@
EOF
# Store root's password temporarily in secrets.tdb (for
cn=admin,ou=ldap-access,BASEDN)
- smbpasswd -c /etc/samba/smb-debian-edu-ldapbootstrap.conf -w $ROOTPWDCLEAR
+ smbpasswd -c /etc/samba/smb-debian-edu-ldapbootstrap.conf -w
"$ROOTPWDCLEAR"
# This will initialize the sambaDomainName=<DOMAIN> object in LDAP and
# generate a sambaSID for <DOMAIN>.
@@ -455,7 +455,7 @@
# now set up our auto-generated Samba password (created further above)
that shall be
# used in smb.conf and with smbldap-tools
# (i.e. for cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no)...
- smbpasswd -c /etc/samba/smb.conf -w $SAMBAPWD
+ smbpasswd -c /etc/samba/smb.conf -w "$SAMBAPWD"
# also put the $SAMBAPWD also into smbldap_bind.conf
chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
@@ -489,7 +489,7 @@
fi
# Generate NT/LM hashes for Samba's Administrator account
- SAMBA_ADMPWD_HASHES=$(perl -MCrypt::SmbHash -e "print join(q[:],ntlmgen
\$ARGV[0]), $/;" $ROOTPWDCLEAR)
+ SAMBA_ADMPWD_HASHES=$(perl -MCrypt::SmbHash -e "print join(q[:],ntlmgen
\$ARGV[0]), $/;" "$ROOTPWDCLEAR")
SAMBA_ADMPWD_LMHASH=$(echo $SAMBA_ADMPWD_HASHES | cut -d ":" -f1)
SAMBA_ADMPWD_NTHASH=$(echo $SAMBA_ADMPWD_HASHES | cut -d ":" -f2)
