Check LDAP passwords and reject invalid shell characters like $

[tpsands]

From support.gluu.org issue #4115. Password entered at setup caused issue.

After setup, oxAuth and oxTrust couldn't access LDAP. ldapsearch bind attempt failed. After troubleshooting, I thought the password may be too complex or too long. I tried a simpler password and that worked.

Initial password had 16 characters. The 10th character was a dollar sign ($) and all others were alphanumeric. The simplified password that allowed the system to connect to LDAP was 8 characters and all alphanumeric.

[mzico]

@zamilskhan : Can you please try to reproduce the issue? Please check which one is not accepting special character password: (a) setup script? (b) OpenLDAP (c) oxAuth.

[tpsands]

I re-installed with a short superuser password: adm$n. Again, the same failure where oxAuth nor oxTrust could access LDAP. Running ldapsearch at the command line said 'invalid credentials'. The dollar-sign ($) seems to be the culprit. The initial failure had a 16 character password which included a dollar-sign ($). The only point I enter that password is in the prompt from the setup.py script for superuser: "Optional: enter password for oxTrust and LDAP superuser."

I then re-reinstalled using an at-sign (@) in the superuser password and that worked. I've previously installed successfully with only alpha-numeric characters.

[nynymike]

$ has a special meaning in shell scripts. The way we are using the password to run a script is causing that error. We should add a warning that $ is not allowed, and perhaps compare against other invalid shell characters.