When you try to install IPA on a fresh Fedora 20 which has LANG set to tr_TR.UTF installation hangs up on "[3/21]: configuring certificate server instance" step.
=== Extract from install logs ========== Configuring certificate server (pkispawn): Estimated time 3 minutes 30 seconds [1/21]: creating certificate server user [2/21]: creating pki-ca instance [3/21]: configuring certificate server instance ===
When you look at the /var/log/pki/pki-tomcat/ca/debug file you see that installation process is blocked while importing /var/lib/pki/pki-tomcat/ca/conf/vlvtasks.ldif file
Steps to reproduce the issue.
Installation will hang on step [3/21]: configuring certificate server instance
In the /var/log/dirsrv/slapd-PKI-IPA/access log file you will see following entries piling up.
[31/Mar/2014:12:04:12 +0300] conn=13 op=687 RESULT err=32 tag=101 nentries=0 etime=0 [31/Mar/2014:12:04:13 +0300] conn=13 op=688 SRCH base="cn=index1160589769,cn=index,cn=tasks,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [31/Mar/2014:12:04:13 +0300] conn=13 op=688 RESULT err=32 tag=101 nentries=0 etime=0
As this is the upstream ticket for Bugzilla Bug #1083170 - Installation of IPA hangs up when LANG is set to tr_TR.UTF8, promote this to 10.2 (May).
Proposed milestone: 10.2 (May)
Submitted two patches which address this issue.
The first patch attempts to insure that 'UTF-8' encoding is always used when importing data from an LDIF file by replacing the Java commands which utilize the default Locale and thus potentially would override the use of 'UTF-8' when working with LDIF files.
The following ticket has been issued to address further concerns related to this issue:
[PKI TRAC Ticket #1005 - Analyze source code for Java commands which utilize default Locale and honor 'i18n'](https://fedorahosted.org/pki/ticket/1005)
The second patch specifically addresses the use of the 'tr_TR.UTF-8' issue reported in this ticket by changing the following problematic LDIF attribute names:
index.ldif nsIndexType --> nsindexType nsSystemIndex --> nsSystemindex vlvtasks.ldif nsInstance --> nsinstance nsIndexVLVAttribute --> nsindexVLVAttribute
The root of the problem that appears to cause this issue is the use of the 'toLowerCase()' method as utilized in the LDAPJDK. The following bug has been issued which fully describes this issue:
[Bugzilla Bug #1097868 - Proposal: Consider not honoring 'i18n' on LDAP attribute names . . .](https://bugzilla.redhat.com/show_bug.cgi?id=1097868)
These patches were tested on a 64-bit Fedora 20 machine by doing the following:
Install the patched RPMS onto the Fedora 20 test machine Set contents of '/etc/locale.conf': LANG="tr_TR.UTF-8" Reboot machine LANG="tr_TR.UTF-8" ssh root@fedora20.example.com cat /etc/resolv.conf ipa-server-install --setup-dns Choose defaults and change the BIND settings using the values from '/etc/resolv.conf' klist kinit admin klist ipa user-find ipa help cert ipa cert-show
Prevent LDAP Attributes from being affected by Locale 20140514-Prevent-LDAP-Attributes-from-being-affected-by-Locale.patch
Change LDAP Attributes to allow for 'tr_TR' Locale 20140514-Change-LDAP-Attributes-to-allow-for-tr_TR-locale.patch
ACKED by tbordaz and vakwetu.
Checked-in to 'master':
Metadata Update from @mharmsen: - Issue assigned to mharmsen - Issue set to the milestone: 10.2 - 05/14 (May)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1512
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.