On 01/11/2018 02:36 PM, Rob Crittenden via FreeIPA-users wrote:
lejeczek via FreeIPA-users wrote:
hi everyone

when I see this in replica install log:

..
2018-01-11T12:46:31Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n
PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -a -f
/etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt
2018-01-11T12:46:31Z DEBUG Process finished, return code=255
2018-01-11T12:46:31Z DEBUG stdout=
2018-01-11T12:46:31Z DEBUG stderr=certutil: Could not find cert:
PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found
..

Is that just the log or actual surrounding quotes are missing in
replica-install code?
For, when I manually in bash exec this on replica candidate:

$ certutil -d /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n
"PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA" -a -f
/etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMSswKQYDVQQKDCJQUklW
QVRFLkNDTlIuQ0VCLlBSSVZBVEUuQ0FNLkFDLlVLMR4wHAYDVQQDDBVDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkwHhcNMTgwMTExMTIxMjIxWhcNMzgwMTExMTIxMjIxWjBN
...
Arguments passed into exec don't need to be shell-escaped or quoted.
but "PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA" contains spaces, if you don't quiote it how would certutil handle it ?

This is most likely IPA looking to see what CA certificate(s) are
already available in order to know what to add.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to