The nimbus-new-user does accept email addresses with the '+' character in the
leading portion of the username, which are perfectly legitimate email
addresses. For instance firstname.lastname@example.org.
When attempt to run nimbus-new-user with such an address, the following error
./nimbus-new-user --dest /tmp --batch --web --group=3
Traceback (most recent call last):
File "/opt/nimbus/libexec/nimbus_new_user.py", line 420, in
rc = main()
File "/opt/nimbus/libexec/nimbus_new_user.py", line 407, in main
File "/opt/nimbus/libexec/nimbus_new_user.py", line 340, in create_user
nimbusweb.setup.setuperrors.UnexpectedError: Problem creating certificate.
[<<< stderr: 'Problem creating certificate: String index out of range: -1
This is not actually a problem with the email address, it is a problem with the common name for the cert DN. You can work around this by using the -c option and using a name without a + in it.
The bouncy castle class X509Principal will not accept a DN with a + in it, thus Nimbus cannot support this.
Very well, if such an email address is attempted, can the error message indicate something along those lines then?
That seems reasonable. I will open this back up.