#2131 Traceback message displaye while registeredAddress attribute has incorrect values in Active Directory.
Closed: fixed a month ago by rcritten. Opened 7 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=755851

Description of problem:
When a user provides incorrect multivalued string for registeredAddress in AD,
"--all" option for ipa user-show displays traceback.

Version-Release number of selected component (if applicable):
ipa-server-2.1.3-9.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure IPA - AD winsync.
2. Launch ADSI Edit in AD.
3. RMC on any user | Properties | Navigate to "registeredAddress"
4. Add "registeredAddress" as "00 06".
5. Wait until the winsyncInterval.
6. ipa user-show user --all

Actual results:
ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token):
line 12, column 15
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in
execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in
__call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in
forward
    return self.Backend.xmlclient.forward(self.name, *args, **kw)
  File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward
    response = command(*xml_wrap(params))
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response
    p.feed(response)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed
    self._parser.Parse(data, 0)
ExpatError: not well-formed (invalid token): line 12, column 15
ipa: ERROR: an internal error has occurred
[root@decepticons ~]#


The error is due to incorrectly entered by user multi-valued string coming from
AD for registeredAddress attribute.

Expected results:
Error should be caught and traceback message should not be displayed.

Additional info:
ldapsearch against AD:
[root@decepticons ~]# ldapsearch -LLL -x -h dhcp201-112.englab.pnq.redhat.com
-D "cn=Administrator,cn=Users,dc=englab,dc=pnq,dc=redhat,dc=com" -w Secret123
-b "CN=user6 user6,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com"
dn: CN=user6 user6,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: user6 user6
sn: user6
c: IN
l: Pune
st: Maharashtra
description: Description for user6
postalAddress: Stow, Ohio, USA
postalCode: 400706
registeredAddress:: AAY=
givenName: user6
distinguishedName: CN=user6 user6,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com
instanceType: 4
whenCreated: 20111122062117.0Z
whenChanged: 20111122073708.0Z
displayName: user6 user6
uSNCreated: 49290
uSNChanged: 49306
co: India
streetAddress: Magarpatta City
name: user6 user6
objectGUID:: qn5MqOTqhE2a/IRthLE5hw==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 356
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 129664164770156250
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA5bzg0+7Bup2snmc4agQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: user6
sAMAccountType: 805306368
userPrincipalName: user6@englab.pnq.redhat.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=englab,DC=pnq,DC=redha
 t,DC=com
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 129664167423437500
homePhone: 12345678
mobile: 9820499133
pager: 87654321




ldapsearch from IPA server:
[root@decepticons ~]# ldapsearch -LLL -x -b
"cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com" -D "cn=Directory
Manager" -w Secret123 -h localhost uid=user6
dn: uid=user6,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
registeredAddress:: AAY=
postalAddress: Stow, Ohio, USA
street: Magarpatta City
st: Maharashtra
l: Pune
pager: 87654321
mobile: 9820499133
homePhone: 12345678
postalCode: 400706
ntUserLastLogon: 0
ntUserLastLogoff: 0
description: Description for user6
krbExtraData:: AAgBAA==
krbExtraData:: AAI+QMtOcm9vdC9hZG1pbkBMQUIuRU5HLlBOUS5SRURIQVQuQ09NAA==
krbLastPwdChange: 20111122062502Z
krbPasswordExpiration: 20120220062502Z
krbPrincipalKey:: MIIBnKADAgEBoQMCAQGiAwIBAaMDAgEApIIBhDCCAYAwaKAbMBmgAwIBBKES
 BBAqueU/iQ4G+5Co6Qusg8RwoUkwR6ADAgESoUAEPiAAmpHA8jrwmNAkcgh/3KMPJqO1uZMcxR02F
 xwHCW/di7XCkyqzcugUpvLBW3XHEhQeMOz8R0dDu6D89RnGMFigGzAZoAMCAQShEgQQYWUIxHDJL2
 gVsUBVNzXpCqE5MDegAwIBEaEwBC4QAF7PsWRnuiy52QNvPrUR/4PhkLk9KXKqYGZkXciv1mFY3Wa
 GDT9ww5kmgSfFMGCgGzAZoAMCAQShEgQQyJLiJMYt/Luw0cuDWaOAuaFBMD+gAwIBEKE4BDYYAOVv
 mkG81X1x3PdaijkPj9vsHPqIIlPXakylt/XFBSU3BwaoIM4MR7cxxj2ibkF+9AjuphIwWKAbMBmgA
 wIBBKESBBCx1aJevGimBd8G12LjDq2LoTkwN6ADAgEXoTAELhAApzwumQ4gsWDBJXdBujum09zjwq
 GvHbEyycLTMOi6C0fCb+YPMn7bbIbDp3Y=
userPassword:: e1NTSEF9Y00zR2NZbnpmaXBvdER2dmNNb3RQZGY2TGRGM1pIbG84R2Y3T0E9PQ=
 =
mepManagedEntry: cn=user6,cn=groups,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat
 ,dc=com
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: ntUser
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: mepOriginEntry
ntUserDeleteAccount: true
uid: user6
sn: user6
givenName: user6
cn: user6 user6
ntUserCodePage: 0
ntUserAcctExpires: 9223372036854775807
ntUserDomainId: user6
ntUniqueId: aa7e4ca8e4ea844d9afc846d84b13987
employeeType: unknown
krbPrincipalName: user6@LAB.ENG.PNQ.REDHAT.COM
homeDirectory: /home/user6
gecos: user6 user6
loginShell: /bin/sh
uidNumber: 1814400218
gidNumber: 1814400218
ipaUniqueID: 99254b36-14d2-11e1-8e1f-525400f56e2e



[root@decepticons ~]# ipa user-show user6
  User login: user6
  First name: user6
  Last name: user6
  Home directory: /home/user6
  Login shell: /bin/sh
  UID: 1814400218
  GID: 1814400218
  Account disabled: False
  Keytab: True
  Password: True
[root@decepticons ~]#


[root@decepticons ~]# ipa -vv user-show user6 --all
ipa: INFO: trying https://decepticons.lab.eng.pnq.redhat.com/ipa/xml
ipa: INFO: Forwarding 'user_show' to server
u'https://decepticons.lab.eng.pnq.redhat.com/ipa/xml'
send: u'POST /ipa/xml HTTP/1.0\r\nHost:
decepticons.lab.eng.pnq.redhat.com\r\nAccept-Language: en-us\r\nReferer:
https://decepticons.lab.eng.pnq.redhat.com/ipa/xml\r\nAuthorization: negotiate 
YIIFdAYJKoZIhvcSAQICAQBuggVjMIIFX6ADAgEFoQMCAQ6iBwMFACAAAACjggGBYYIBfTCCAXmgAwI
BBaEYGxZMQUIuRU5HLlBOUS5SRURIQVQuQ09NojUwM6ADAgEDoSwwKhsESFRUUBsiZGVjZXB0aWNvbn
MubGFiLmVuZy5wbnEucmVkaGF0LmNvbaOCAR8wggEboAMCARKhAwIBAqKCAQ0EggEJUBBfHkF2fxXfA
ZfEzkFKbUtpuJflAMd+11XLweYi/Xovy0WxmJAU2hz3N/epOWUlhfTbptbpFzWapGa4aQObZ/4QWXeb
ySG/MaKYw+owJFvEd/7v3GTNeNqdnoqiWb7xXMyOz8wDBvwnngmJxRV3KYhHFX83m3ScbPJQhK+WmWH
R8KR/58Ea/bOXezXgNnQcFX/ke5csnJbSymu7PKgfplvxvWDqPdTizMxke6AtRtCBCq9fa+DM4RbB91
IcpOLwN9J2UilejjsrNYWQtT3E8WpS5t2nVpvdfHvwoD5amzU2LnuMuKcRI569sm3pneemP+wiNA6d9
0z3df0kg4agb2u4fL+CvCLHIqSCA8MwggO/oAMCARKiggO2BIIDsscrmok5iVJuNVTsBLzOYMUNAVj0
CNbaXbjy11oFTHOfR4jpCiXywCZBLpGBETwbL2jAgxVSBpPLU92WFjUbl08v98Npm/juWzVUVa7+xXc
aY/3xqg+03DG9RrMpXSEMr9lXk9BMbNXen+4GXJCaJFo9c7Q1JM5v2BGIhzfqD/09eaglS1Vo9axJ/b
0XcEhzlR6U22G1Cif72WAvGQaasnbTxr9aMqCKynwzadfy6LF/wC1v9sR0LnWWmHS7ItHaOHkpexe37
1Q4LFJ8fzibDzHA3Q/KvN+oB1akbvHZp20+JHsrNKXXAXbWEkKT3mVO1SRnn0/0QULPbobUK6VI5coe
i+8cPI6oKT7vOCs/Kz067jimSb4CNaSaIj3n7WcFS/hioVR6cn0JXh/fC5c28puJIR2I354XQxVgMOr
dJX7qPTVBRSD4VPAngpbKyffWFyYt0n6WhoV/qtctFhitog+eCTkrHg57r7OqJAiUYLZfbczjUXuG0p
6G02Ov/M/wt7NV9ydYvOXAX3Y8ojEOZzPug+YgycWuHE00WfLg011PJrVvl0OZGAhjHJp0occfyXXy2
qaIuHJ9IyS6neiWruyjS2vnQeRYe4YhiyxJ9I85Em7k55Nd/A0xBsF8tbys/+acm2NOZDxWo9MZGuBb
U939n7vMtcufshDVGN1V0G5QLfAHuS1ZSbYXCA1ouXtixSap+tF4nHNsJv1seMR2nX2cHUvRyVeHNOp
fO0jxG1t7KmQziQKQveN54VW1IfTmDL5Rmil8NO4T9bLs47oVDvadYMySl9g8EPDqa1tG55D1KnadkC
PjECoq9uAftHLjfiFdAQ1y08eq+jDIa0CO7goGqbB0eOGyf80AIy5LdqFglp9s4oIhMi912Nda3664Q
6UmKzrP/UzuFSyZkgnP2m3Mqt6ry1tV+QfeGTH0GIXRcHQO4HnEvyhVmnXEV4y0KwaNDykw0HT9367p
AsKYyHLFTqgN/NdWNibYfUiRStfWWd5VpeMDVdt0iuR9GCH8gTGOVxArpynmreVgNdXRnkV9mGgyq6I
dKR85zJ8oQ6pg0rAuY09rgSA5oCDLFTnlZOGRD1EVQmNNK+Ld6nW5y8Mh3F5JMxhT1HILl70rDPQkxj
llCU2m1VvXiK/CakPypMHm+OCziBoElLiuqItSWqoc4E0q+/OyoDUeEs1+NBSQYj7hzCBo8lZ4TuS6s
MT+UAQPZEld7oSwpoCqQ6CcWfT5lo6tRD86hhCvX8bjxXCm1/I=\r\nUser-Agent:
xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type:
text/xml\r\nContent-Length: 567\r\n\r\n'
send: "<?xml version='1.0' encoding='UTF-8'?>\n<methodCall>\n<methodName>user_s
how</methodName>\n<params>\n<param>\n<value><array><data>\n<value><string>user6
</string></value>\n</data></array></value>\n</param>\n<param>\n<value><struct>\
n<member>\n<name>raw</name>\n<value><boolean>0</boolean></value>\n</member>\n<m
ember>\n<name>all</name>\n<value><boolean>1</boolean></value>\n</member>\n<memb
er>\n<name>version</name>\n<value><string>2.13</string></value>\n</member>\n<me
mber>\n<name>rights</name>\n<value><boolean>0</boolean></value>\n</member>\n</s
truct></value>\n</param>\n</params>\n</methodCall>\n"
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Tue, 22 Nov 2011 07:58:02 GMT
header: Server: Apache/2.2.15 (Red Hat)
header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+
iejB4oAMCARKicQRv41ubsLP5Fgy6J1Z/Z3L7D89mhmlJPTmrwS1NCpNmXpGsrLMO4ODl7KVYub0zGO
NVl1YmbdPkhSC2w4ydV7XyFmsWM1pLCYAzGfxIyYvA8nBU5vPLkYxgIbf/zDDfm7zSJptcYEfqax8cH
Dt4SGOk
header: Connection: close
header: Content-Type: text/xml; charset=utf-8
body: "<?xml version='1.0' encoding='UTF-8'?>\n<methodResponse>\n<params>\n<par
am>\n<value><struct>\n<member>\n<name>result</name>\n<value><struct>\n<member>\
n<name>registeredaddress</name>\n<value><array><data>\n<value><string>\x00\x06<
/string></value>\n</data></array></value>\n</member>\n<member>\n<name>krbextrad
ata</name>\n<value><array><data>\n<value><base64>\nAAgBAA==\n</base64></value>\
n<value><base64>\nAAI+QMtOcm9vdC9hZG1pbkBMQUIuRU5HLlBOUS5SRURIQVQuQ09NAA==\n</b
ase64></value>\n</data></array></value>\n</member>\n<member>\n<name>cn</name>\n
<value><array><data>\n<value><string>user6 user6</string></value>\n</data></arr
ay></value>\n</member>\n<member>\n<name>ntuserlastlogoff</name>\n<value><array>
<data>\n<value><string>0</string></value>\n</data></array></value>\n</member>\n
<member>\n<name>has_keytab</name>\n<value><boolean>1</boolean></value>\n</membe
r>\n<member>\n<name>has_password</name>\n<value><boolean>1</boolean></value>\n<
/member>\n<member>\n<name>homedirectory</name>\n<value><array><data>\n<value><s
tring>/home/user6</string></value>\n</data></array></value>"
ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token):
line 12, column 15
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in
execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in
__call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in
forward
    return self.Backend.xmlclient.forward(self.name, *args, **kw)
  File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward
    response = command(*xml_wrap(params))
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response
    p.feed(response)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed
    self._parser.Parse(data, 0)
ExpatError: not well-formed (invalid token): line 12, column 15
ipa: ERROR: an internal error has occurred
[root@decepticons ~]#

similar issue when an attribute for a user or a group is null

cat /etc/redhat-release ; uname -a; rpm -qa ipa-*
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Linux ipaserver2.example.com 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13
EST 2011 x86_64 x86_64 x86_64 GNU/Linux
ipa-server-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64
ipa-server-selinux-2.1.3-9.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-python-2.1.3-9.el6.x86_64
ipa-admintools-2.1.3-9.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch

user or group test

easier test:

vi /tmp/tt.ldif
dn: uid=guest1,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: description
description:: AA==

ldapmodify -x -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -f /tmp/tt.ldif


ldapsearch -xLLL -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -b dc=example,dc=com uid=guest1 description
dn: uid=guest1,cn=users,cn=compat,dc=example,dc=com

dn: uid=guest1,cn=users,cn=accounts,dc=example,dc=com
description:: AA==


[root@ipaserver2 ~]# ipa user-show guest1 --all
ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token): line 138, column 15
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in __call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in forward
    return self.Backend.xmlclient.forward(self.name, *args, **kw)
  File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward
    response = command(*xml_wrap(params))
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response
    p.feed(response)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed
    self._parser.Parse(data, 0)
ExpatError: not well-formed (invalid token): line 138, column 15
ipa: ERROR: an internal error has occurred
[root@ipaserver2 ~]#

for a group:

vi /tmp/ttt.ldif
dn: cn=group0,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
replace: description
description:: AA==


ldapsearch -xLLL -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -b
dc=example,dc=com cn=group0 description
dn: cn=group0,cn=groups,cn=accounts,dc=example,dc=com


ldapmodify -x -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -f
/tmp/ttt.ldif


ldapsearch -xLLL -h 10.14.5.37 -p 389 -D "cn=directory manager" -w password -b
dc=example,dc=com cn=group0 description
dn: cn=group0,cn=groups,cn=accounts,dc=example,dc=com
description:: AA==


[root@ipaserver2 ~]# ipa group-find
ipa: ERROR: unhandled exception: ExpatError: not well-formed (invalid token):
line 79, column 15
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 125, in
execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 432, in
__call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 739, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 760, in
forward
    return self.Backend.xmlclient.forward(self.name, *args, **kw)
  File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in forward
    response = command(*xml_wrap(params))
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1387, in _parse_response
    p.feed(response)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 601, in feed
    self._parser.Parse(data, 0)
ExpatError: not well-formed (invalid token): line 79, column 15
ipa: ERROR: an internal error has occurred
[root@ipaserver2 ~]#


ipa -vvv group-find
...snip...
body:
'=groups,cn=accounts,dc=example,dc=com</string></value>\n</member>\n<member>\n<name>gidnumber</name>\n<value><array><data>\n<value><string>1002</string></value>\n</data></array></value>\n</member>\n<member>\n<name>cn</name>\n<value><array><data>\n<value><string>editors</string></value>\n</data></array></value>\n</member>\n<member>\n<name>description</name>\n<value><array><data>\n<value><string>Limited
admins who can edit other
users</string></value>\n</data></array></value>\n</member>\n</struct></value>\n<value><struct>\n<member>\n<name>dn</name>\n<value><string>cn=group0,cn=groups,cn=accounts,dc=example,dc=com</string></value>\n</member>\n<member>\n<name>description</name>\n<value><array><data>\n<value><string>\x00</string></value>\n</data></array></value>\n</member>\n<member>\n<name>cn</name>\n<value><array><data>\n<value><string>group0</string></value>\n</data></array></value>\n</member>\n<member>\n<name>member_user</name>\n<value><array><data>\n<value><string>guest1</string></value>\n<value><string>guest2</string></value>\n<value><string>guest3</strin'


->
<name>description</name>\n<value><array><data>\n<value><string>\x00</string></value>\n

Moving to next month iteration.

Moving to next month iteration.

There is a request to escalate it.

This is not so straightforward as it sounds. We rely on the LDAP schema to tell us what type of data to expect. Things go badly when we receive binary data in what should be a string field. This can be addressed in a couple of ways but all rely on some way to recognize that we have binary data and base64 encode it. There has been much discussion over where this is best done.

The current status is the patch has been NACKed.

This ticket is for the XML-RPC transport. There needs to be a way to pass strings that are invalid XML over the transport, and keep raw 8-bit Python strings in the Python code on both sides.

Displaying non-printable data to the user, and storing problematic data in LDAP, are different issues. Mixing that with the XML marshalling is the wrong thing to do. It would make sense to create a bugs for those (if they really are problems) and triage them separately. For this issue we need to make XML-RPC take any data we give it and reliably pass it to the other side. While keeping backwards compatibility.

I'm not mixing the issues. The XML encoder uses the LDAP schema to determine what type of field it needs to send. If it is told a string field and that field contains binary (as in this case) then it blows up.

My proposal was to detect this binary data and encode it. If it is a string field it will be left encoded on the client side. This had the side effect of making it displayable to the user.

This has absolutely nothing to do with the data stored in LDAP. We just currently have no reliable way of determining if data is compatible with XML-RPC, that is the problem.

Bumping priority of this ticket as it is being hit by more users and it is quite hard to debug and to workaround as ipa command then always crashes on this bad data.

FWIW, switching to JSON RPC should alleviate the problem (though only for the ipa client).

The refactoring that Honza has in mind should also alleviate this issue.

Obsoleted patch, removing on_review flag.

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: Future Releases

2 years ago

I'm going to mark this as fixed since we now use the JSON API exclusively.

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a month ago

Login to comment on this ticket.

Metadata