Univention Bugzilla – Bug 34208
univention-run-join-scripts fails to read password with -dcpwd
Last modified: 2014-04-07 15:40:07 CEST
I have some scripts to do an unattended setup of UCS machines. One of the things done there is to run univention-run-join-scripts if it detects I am setting up a slave. I always used the -dcpwd option to have this done unattended. Since UCS 3.2 this does fail. The same script does run without problems in UCS 3.0 and UCS 3.1. Manually running the script without -dcpwd and then entering the password does work. Steps to reproduce: 1. Set up UCS master server 2. Set up UCS slave server 2.1 Try to run the join scripts with the password handed over in a file: $ echo "secretDomainAdminPassword" > /tmp/domain_pwd.txt $ univention-run-join-scripts -dcaccount Administrator -dcpwd /tmp/domain_pwd.txt Expected behaviour: Slave runs the join scripts. Experienced behaviour: Script fails with message "Invalid credentials" even though they are correct.
(In reply to Niko Wenselowski from comment #0) > I always used the -dcpwd option to have this done unattended. Since UCS 3.2 > this does fail. ... > $ echo "secretDomainAdminPassword" > /tmp/domain_pwd.txt Your file is terminated by a new-line, which some tools no longer like, for example "ldapsearch -y /tmp/domain_pwd.txt" uses the complete content of the file for binding. Most other UCS tools (udm, join, ...) now also have an option to read the password directly from a file and follow the same path to take the full content as-is. Use »echo -n "secretDomainAdminPassword" > /tmp/domain_pwd.txt« (or printf) instead to generate the file. FYI: The change regarding the terminating new-line was initiated by Bug #14186 for UCS-3.0-0, but the change was not announced in the release notes of 3.0-0. It starts failing with 3.2 because of Bug #32005, which fixed several quoting problems with univention-run-join-scripts. Bug #20611 will continue the work to get rid of password on the command-line.
(In reply to Philipp Hahn from comment #1) Hello Philipp, thank you for your explanation. > Use »echo -n "secretDomainAdminPassword" > /tmp/domain_pwd.txt« (or printf) > instead to generate the file. I am using this workaround now and it works fine. Kind regards Niko
Reproduce the problem, but only because of the newline. Verified invalid.
OK, nothing to release.