"invalid byte sequence in US-ASCII" for few users after login using dex + ldap (AD)

Hi all,
I’m setting up an OOD instance with Dex + LDAP (AD). The attribute I’m using for user login uses capital and dot, i.e: Guilherme.BALZANA. I had to set a custom user_map script to lower case everything. I’m not in control of AD, so user attributes and schema are out of my reach.

There is one account which fails with the following after authenticating

Error -- invalid byte sequence in US-ASCII
Run 'nginx_stage --help' to see a full list of available command line options.

That means user’s PUN isn’t created. I’ve added set +x and a few debug prints on nginx_stage script and got the command which I think is triggering error

/usr/bin/env ruby -I/opt/ood/nginx_stage/lib -rnginx_stage -e NginxStage::Application.start  -- pun -u abdelali.elkouri -a https%3a%2f%2f10.43.102.30%3a443%2fnginx%2finit%3fredir%3d%24http_x_forwarded_escaped_uri

going deeper into /opt/ood/nginx_stage/lib/nginx_stage/application.rb I found the error is triggered by

# generator == NginxStage::PunConfigGenerator
# options == {:user=>"abdelali.elkouri", :app_init_url=>"https://10.43.102.30:443/nginx/init?redir=$http_x_forwarded_escaped_uri"}
generator.new(options).invoke if generator

Worth to mention that if I spawn the nginx_stage manually in the server then the user can login and use that session.

This only happens for this particular user
Any debug guidance or help is appreciated
thanks

found this on console browser tool.

The character encoding of the plain text document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the file needs to be declared in the transfer protocol or file needs to use a byte order mark as an encoding signature.

I tried setting pun_custom_env: { LANG=en_US.UTF8 } with no difference

It’s not clear that that’s your issue. But, you should set the system-wide LANG /etc/locale.conf or maybe localectl. I’m not entirely sure, but you’d need to set it for root because this is all executed by apach running sudo, so basically you’re safest bet to change it is to just change it on the entire system.

But again, I don’t think that’s the issue because that name abdelali.elkouri appears to be just fine in US ascii (even you say you can manually run the command and it works) I cannot replicate by running LANG=en_US.US-ASCII sudo /usr/bin/env ruby .... My guess is is there’s some white space characters that your not seeing like ^M.

In terms of debugging maybe you can redirect the names to a file and use cat -e to see if there’s something funny there. Or use curl to interact with Dex and extract the usernames from there (if this is your account).

thanks jeff, for helping debugging this issue.
I’ve put printenv in the nginx_stage script and was able to see that the root running has LANG=C.

Adding LANG=en_US.UTF8 to /etc/ood/profile fixed the problem!

Thanks!