Hi all,
I’m setting up an OOD instance with Dex + LDAP (AD). The attribute I’m using for user login uses capital and dot, i.e: Guilherme.BALZANA. I had to set a custom user_map script to lower case everything. I’m not in control of AD, so user attributes and schema are out of my reach.
There is one account which fails with the following after authenticating
Error -- invalid byte sequence in US-ASCII
Run 'nginx_stage --help' to see a full list of available command line options.
That means user’s PUN isn’t created. I’ve added set +x and a few debug prints on nginx_stage script and got the command which I think is triggering error
/usr/bin/env ruby -I/opt/ood/nginx_stage/lib -rnginx_stage -e NginxStage::Application.start -- pun -u abdelali.elkouri -a https%3a%2f%2f10.43.102.30%3a443%2fnginx%2finit%3fredir%3d%24http_x_forwarded_escaped_uri
going deeper into /opt/ood/nginx_stage/lib/nginx_stage/application.rb I found the error is triggered by
The character encoding of the plain text document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the file needs to be declared in the transfer protocol or file needs to use a byte order mark as an encoding signature.
I tried setting pun_custom_env: { LANG=en_US.UTF8 } with no difference
It’s not clear that that’s your issue. But, you should set the system-wide LANG /etc/locale.conf or maybe localectl. I’m not entirely sure, but you’d need to set it for root because this is all executed by apach running sudo, so basically you’re safest bet to change it is to just change it on the entire system.
But again, I don’t think that’s the issue because that name abdelali.elkouri appears to be just fine in US ascii (even you say you can manually run the command and it works) I cannot replicate by running LANG=en_US.US-ASCII sudo /usr/bin/env ruby .... My guess is is there’s some white space characters that your not seeing like ^M.
In terms of debugging maybe you can redirect the names to a file and use cat -e to see if there’s something funny there. Or use curl to interact with Dex and extract the usernames from there (if this is your account).