Skip Headers
Oracle® Fusion Middleware Release Notes
11g Release 1 (11.1.1) for AIX Based Systems (64-Bit)

Part Number E14771-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

31 Oracle Virtual Directory

This chapter describes issues associated with Oracle Virtual Directory. It includes the following topics:

31.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

31.1.1 Oracle Directory Services Manager Browser Window is Not Usable

In some circumstances, after you launch Oracle Directory Services Manager from Fusion Middleware Control, then select a new Oracle Directory Services Manager task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.

As a workaround, go to the URL: http://host:port/odsm, where host and port specify the location where Oracle Directory Services Manager is running, for example, http://myserver.example.com:7005/odsm. You can then use the Oracle Directory Services Manager window to log in to a server.

31.1.2 Exceptions May Occur in Oracle Directory Services Manager When Managing Multiple Oracle Virtual Directory Components and One is Stopped

Under certain circumstances, when managing multiple Oracle Virtual Directory components from the same Oracle Directory Services Manager session, exception or error messages may appear if you stop one of the Oracle Virtual Directory components. For example, you are managing Oracle Virtual Directory components named ovd1 and ovd2 from the same Oracle Directory Services Manager session. Both ovd1 and ovd2 are configured and running. If you stop ovd1, an exception or Target Unreachable message may appear when you try to navigate Oracle Directory Services Manager.

To workaround this issue, exit the current Oracle Directory Services Manager session, close the web browser, and then reconnect to Oracle Virtual Directory components in a new Oracle Directory Services Manager session.

31.1.3 Identifying the DN Associated with an Access Control Point in Oracle Directory Services Manager

When you create an Access Control Point (ACP) using Oracle Directory Services Manager, the Relative Distinguished Name (RDN) of the DN where you created the ACP appears in the navigation tree on the left side of the screen. For example, if you create an ACP at the DN of cn=ForExample,dc=us,dc=sales,dc=west, then cn=ForExample appears in the navigation tree. After clicking an ACP in the navigation tree, its settings appear in the right side of the screen and the RDN it is associated with appears at the top of the page.

To identify the DN associated with an ACP, move the cursor over ("mouse-over") the ACP entry in the navigation tree. The full DN associated with the ACP will be displayed in a tool-tip dialog box.

Mousing-over ACPs in the navigation tree is useful when you have multiple ACPs associated with DNs that have identical RDNs, such as:

ACP 1 = cn=ForExample,dc=us,dc=sales,dc=west

ACP 2 = cn=ForExample,dc=us,dc=sales,dc=east

31.1.4 Issues With Oracle Virtual Directory Metrics in Fusion Middleware Control

This topic describes issues with Oracle Virtual Directory metrics in Fusion Middleware Control, including:

31.1.4.1 Some Oracle Virtual Directory Metrics Displayed in Fusion Middleware Control are Incorrect

In Fusion Middleware Control, the Distinct Connected Users metric on the Oracle Virtual Directory Home page, and the Total No of Users Currently Connected metric on the Oracle Virtual Directory Performance Summary page, display incorrect information.

If you want to resolve this issue, contact Oracle Support and request a patch.

31.1.4.2 Configuring Operation-Specific Plug-Ins to Allow Performance Metric Reporting in Fusion Middleware Control After Upgrading to 11g Release 1 (11.1.1)

If you upgraded an Oracle Virtual Directory Release 10g installation with plug-ins configured to execute on specific operations, such as add, bind, get, and so on, to 11g Release 1 (11.1.1), you may have to update those operation-specific plug-ins before you can use Fusion Middleware Control to view performance metrics.

After upgrading to 11g Release 1 (11.1.1) and performing some initial operations to verify the upgrade was successful, check the Oracle Virtual Directory home page in Fusion Middleware Control. You should see data for the Current Load and Average Response Time and Operations metrics.

If you do not see any data for these metrics, you must update the plug-ins configured to execute on specific operations. The work-around is to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain.

Perform the following steps to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain:

  1. If the operation-specific plug-in is a Global-level plug-in, edit the server.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.

    If the operation-specific plug-in is an adapter-level plug-in, edit the adapters.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.

    Note:

    If multiple adapters are configured, you must perform steps 2 and 3 for every adapter configuration in the adapters.os_xml file.
  2. Locate the pluginChains element in the file. For example, if the Dump Transactions plug-in is configured to execute on the get operation, you will see something similar to the following:

    Example 31-1 Dump Transactions Plug-In Configured for get Operation

      <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
       <plugins>
          <plugin>
            <name>Dump Transactions</name>
            <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
            <initParams>
              <param name="loglevel" value="info"/>
            </initParams>
          </plugin>
          <plugin>
            <name>Performance Monitor</name>
            <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
            <initParams/>
          </plugin>
       </plugins>
       <default>
          <plugin name="Performance Monitor"/>
       </default>
       <get>
          <plugin name="Dump Transactions">
            <namespace>ou=DB,dc=oracle,dc=com </namespace>
          </plugin>
        </get>
      </pluginChains>
    
  3. Add the following Performance Monitor plug-in element within the operation-specific configuration chain:

    <plugin name="Performance Monitor"/>
    

    For example:

    Example 31-2 Adding the Performance Monitor to the Operation-Specific Plug-In Configuration Chain

    <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
       <plugins>
          <plugin>
            <name>Dump Transactions</name>
            <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
            <initParams>
              <param name="loglevel" value="info"/>
            </initParams>
          </plugin>
          <plugin>
            <name>Performance Monitor</name>
            <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
            <initParams/>
          </plugin>
       </plugins>
       <default>
          <plugin name="Performance Monitor"/>
       </default>
       <get>
          <plugin name="Dump Transactions">
            <namespace>ou=DB,dc=oracle,dc=com </namespace>
          </plugin>
          <plugin name="Performance Monitor"/>
        </get>
      </pluginChains>
    
  4. Save the file.

  5. Restart Oracle Virtual Directory.

Note:

Refer to "Updating New Plug-Ins to Execute on Operations Which Have Existing Operation-Specific Plug-Ins Configured" for more information related to operation-specific plug-ins in Oracle Virtual Directory 11g Release 1 (11.1.1).

31.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

31.2.1 Java Virtual Machine Dumps Core With OutOfMemory Error in Oracle Virtual Directory Database

For certain operations, the out-of-box heap size of 512 MB is not sufficient for Oracle Virtual Directory (OVD) on AIX.

Workaround

Increase the heap size to over 1 GB for production environments. Complete the following steps to increase the heap size for Oracle Virtual Directory (OVD):

  1. In INSTANCE_HOME/config/OPMN/opmn.xml, find the following XML fragment:

    <process-type id="OVD" module-id="OVD">
           <environment>
                 <variable id="TNS_ADMIN" value="$ORACLE_INSTANCE/config"/>
           </environment>
           <module-data>
                 <category id="start-options">
                     <data id="java-bin" value="$ORACLE_HOME/jdk/bin/java"/>
                     <data id="java-options" value="-server -Xms512m -Xmx512m
    -Dvde.soTimeoutBackend=0  
    -Doracle.security.jps.config=$ORACLE_INSTANCE/config/JPS/jps-config-jse.xml"/>
                     <data id="java-classpath" 
    value="$ORACLE_HOME/ovd/jlib/vde.jar$:$ORACLE_HOME/jdbc/lib/ojdbc6.jar"/>
                 </category>
           </module-data>
           <stop timeout="120"/>
    </process-type>
    
  2. Modify the default -Xmx512m to an appropriate value. For example: -Xmx2048m.

  3. Shutdown Oracle Virtual Directory.

  4. Execute opmnctl reload command to refresh OPMN configuration.

  5. Start Oracle Virtual Directory.

31.2.2 Updating New Plug-Ins to Execute on Operations Which Have Existing Operation-Specific Plug-Ins Configured

If you upgraded an Oracle Virtual Directory Release 10g installation with plug-ins configured to execute on specific operations, such as add, bind, get, and so on, to 11g Release 1 (11.1.1), then add new plug-ins using Oracle Directory Services Manager, the new plug-ins will not execute on operations that have operation-specific plug-ins configured.

For example, if you upgraded to 11g Release 1 (11.1.1) with the Dump Transactions plug-in configured to execute on the get operation, then add a new plug-in named NEW_PLUG-IN using Oracle Directory Services Manager, the NEW_PLUG-IN will not execute for the get operation.

To work-around this issue, you must add the new plug-in configuration to the existing operation-specific plug-in chain by performing the following steps:

  1. If the new plug-in created by Oracle Directory Services Manager is a Global-level plug-in, edit the server.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.

    If the new plug-in created by Oracle Directory Services Manager is an adapter-level plug-in, edit the adapters.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.

    Note:

    If multiple adapters are configured, you must perform steps 24 for every adapter configuration in the adapters.os_xml file.
  2. Locate the configuration for the new plug-in created by Oracle Directory Services Manager. It will be in the default section of the file. For example, if you added a new plug-in named NEW_PLUG-IN using Oracle Directory Services Manager:

    Example 31-3 Locating New Plug-In Configuration Chain in Default Section of File

    <default> 
             <plugin name="Performance Monitor"/> 
             <plugin name="NEW_PLUG-IN"> 
                 <namespace>dc=my_ns,dc=com</namespace> 
             </plugin> 
             <plugin name="Dump Transactions"/> 
          </default> 
          <get> 
             <plugin name="Performance Monitor"/> 
             <plugin name="Dump Transactions"/> 
          </get>
    
  3. Copy the configuration for the new plug-in.

  4. Paste the configuration for the new plug-in into the configuration for the existing operation-specific plug-in chain. For example:

    Example 31-4 Pasting New Plug-In Configuration into Existing Operation-Specific Configuration Chain

    <default> 
             <plugin name="Performance Monitor"/> 
             <plugin name="NEW_PLUG-IN"> 
                 <namespace>dc=my_ns,dc=com</namespace> 
             </plugin> 
             <plugin name="Dump Transactions"/> 
          </default> 
          <get> 
             <plugin name="Performance Monitor"/> 
             <plugin name="NEW_PLUG-IN"> 
                 <namespace>dc=my_ns,dc=com</namespace> 
             </plugin> 
             <plugin name="Dump Transactions"/> 
          </get>
    
  5. Save the file.

  6. Restart Oracle Virtual Directory.

31.2.3 Configuring a No-Authentication SSL Connection Between Oracle Virtual Directory and a Proxy LDAP Directory

To configure a No-Authentication SSL connection between Oracle Virtual Directory and a proxy LDAP directory, you must perform the steps described in the "Configuring a No-Authentication SSL Connection Between Oracle Virtual Directory and a Proxy LDAP Directory" section of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

Note:

This procedure includes using Oracle Directory Services Manager to create and configure an LDAP Adapter—and—manually editing the adapters.os_xml file.

When you configure the No-Authentication SSL connection, be sure you manually edit the adapters.os_xml file. The adapter configuration is not complete until you do so, despite the information that may appear in Oracle Directory Services Manager.

For example, to configure a No-Authentication SSL connection between Oracle Virtual Directory and Oracle Internet Directory, you must first create and configure the LDAP Adapter for Oracle Internet Directory using Oracle Directory Services Manager. Next, you must manually edit this adapter's configuration in the adapters.os_xml file as follows:

  • Locate the <ssl> and </ssl> tags for the Oracle Internet Directory LDAP Adapter.

  • Enter the following anonymous ciphers values within the <cipherSuites> and </cipherSuites> tags:

    <ssl>
          <protocols>SSLv3,TLSv1</protocols>
          <cipherSuites>
            <cipher>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</cipher>
            <cipher>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</cipher>
            <cipher>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</cipher>
            <cipher>SSL_DH_anon_WITH_DES_CBC_SHA</cipher>
            <cipher>SSL_DH_anon_WITH_RC4_128_MD5</cipher>
          </cipherSuites>
     </ssl>
    

See:

The "Configuring a No-Authentication SSL Connection Between Oracle Virtual Directory and a Proxy LDAP Directory" section of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory for complete information.

Note:

In the "Configuring a No-Authentication SSL Connection Between Oracle Virtual Directory and a Proxy LDAP Directory" section of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory, the SSL_VERSION, SSL_VERSION1, and SSL_VERSION2 strings are variables within the <protocols> tags used to represent various types of SSL—they do not represent explicit text you should configure.

Replace the SSL_VERSION variables within the <protocols> tags with the appropriate SSL types for your environment.

31.2.4 Deploying Enterprise User Security Plug-ins for Microsoft Active Directory and Sun Java System Directory Server

In Oracle Virtual Directory Release 10g (10.1.4.2.0), the Enterprise User Security mappings for Microsoft Active Directory and Sun Java System Directory Server were deployed by default when you installed Oracle Virtual Directory. These mappings are not deployed by default in Oracle Virtual Directory 11g Release 1 (11.1.1).

You can deploy these mappings by referring to Chapter 14, "Managing Oracle Virtual Directory Mappings," in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

Note:

This issue also affects the "Integrating with Oracle's Enterprise User Security" procedures in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory. Refer to "Corrections for Integrating with Oracle's Enterprise User Security Documentation" for more information.

31.2.5 Database Adapter Character Requirements for Oracle Database Table and Column Names

When creating Database Adapters for Oracle databases in Oracle Virtual Directory 11g Release 1 (11.1.1), use only alphanumeric characters or the following special characters in database table and column names: Dollar sign ($), underscore (_), and pound/hash (#).

When you create a Database Adapter for Oracle databases, be sure you:

  • Do not use non-ASCII characters in database table and column names

  • Do not surround database table and column names with double quotation marks ("), for example, do not use "tablename" or "columnname"

If you do not following these character requirements for database table and column names when you create Database Adapters for Oracle databases, you will encounter an ORA-00904 or LocalLDAPException error if you try to use Oracle Directory Services Manager's Data Browser to view the data in the database.

31.3 Documentation Errata

This section describes documentation errata. It includes the following topics:

31.3.1 Correction for Invoking Fusion Middleware Control Documentation

In Chapter 8, "Getting Started with Administering Oracle Virtual Directory," of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory, the "Invoking Fusion Middleware Control to Manage Oracle Virtual Directory" procedure contains an error.

Step 2 currently states: "In the left panel topology tree, expand the farm, then Fusion Middleware, then Identity and Access. Alternatively, from the farm home page, expand Fusion Middleware, then Identity and Access. Oracle Virtual Directory components are listed in both places." However, there is no Fusion Middleware entry in the left panel topology tree, though there is a Fusion Middleware entry on the farm home page.

The correct step 2 is: "In the left panel topology tree, expand the farm, then Identity and Access. Alternatively, from the farm home page, expand Fusion Middleware, then Identity and Access. Oracle Virtual Directory components are listed in both places."

31.3.2 Corrections for Configuring Oracle Virtual Directory Server Settings Using WLST Documentation

In Chapter 9, "Configuring and Managing the Oracle Virtual Directory Server," of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory, the "Configuring Oracle Virtual Directory Server Settings Using WLST" procedure contains an error.

In step 4, there is a list of all Oracle Virtual Directory server configuration MBean attributes and an example command for setting them. The current example for the SchemaLocations attribute is incorrect.

The correct example for setting the SchemaLocations attribute is:

Add (on one command-line):

invoke('addSchemaLocation',jarray.array([java.lang.String('schema.myschema.
xml')],java.lang.Object),jarray.array(['java.lang.String'],java.lang.String
))

Delete (on one command-line):

invoke('deleteSchemaLocation',jarray.array([java.lang.String('schema.mysche
ma.xml')],java.lang.Object),jarray.array(['java.lang.String'],java.lang.Str
ing))

31.3.3 Missing Documentation for Updating a Trusted Certificate After it Expires

In Chapter 8, "Getting Started with Administering Oracle Virtual Directory," of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory, the "Managing Oracle Directory Services Manager's Key Store" section does not include information about updating a trusted certificate after it expires.

To list the valid dates for the certificate, list its contents as described in the "Listing the Contents of the Trusted Certificate" procedure in the same section. When the certificate has expired, delete it as described in the "Deleting the Trusted Certificate" procedure in the same section.

For general information about certificate expiration, see Chapter 7, "Managing Keystores, Wallets, and Certificates," of the Oracle Fusion Middleware Administrator's Guide.

Note:

Oracle Directory Services Manager does not provide a web based user interface for managing its keystore. You must manage Oracle Directory Services Manager's key store by using keytool.

31.3.4 Corrections for Creating Database Adapters for Oracle TimesTen In-Memory Database Documentation

In Chapter 12, "Creating and Configuring Oracle Virtual Directory Adapters," of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory, the procedure for Creating Database Adapters for Oracle TimesTen In-Memory Database is incorrect.

The following is the correct procedure to create Database Adapters for Oracle TimesTen In-Memory Database:

  1. If native Oracle TimesTen libraries are not accessible to Oracle Virtual Directory, you must install the Oracle TimesTen In-Memory Database client.

  2. In Oracle Virtual Directory's opmn.xml file, add the location of the Oracle TimesTen libraries and add the location of the Oracle TimesTen JDBC driver to the class-path. The opmn.xml file is located in the following directory:

    ORACLE_INSTANCE/config/OPMN/opmn/

    To set the location of the Oracle TimesTen libraries:

    Add the LD_LIBRARY_PATH environment variable for UNIX and Linux platforms, or add the PATH environment variable on Windows.

    For example, on UNIX and Linux platforms, you add the LD_LIBRARY_PATH environment variable as follows, where TIMESTEN_HOME represents the directory where you installed the Oracle TimesTen software:

    Example 31-5 Setting the Location of the Oracle TimesTen Libraries on UNIX/Linux

    <ias-component id="ovd1">
       <process-type id="OVD" module-id="OVD">
          <environment>
             <variable id="TNS_ADMIN" value="$ORACLE_INSTANCE/config"/>
             <variable id="LD_LIBRARY_PATH" value="/TIMESTEN_HOME/lib" append="true"/>
          </environment>
    

    To add the location of the Oracle TimesTen JDBC driver to the class-path:

    Set the java-classpath to include the path to the TimesTen JDBC Driver as follows, where TIMESTEN_HOME represents the directory where you installed the Oracle TimesTen software:

    Example 31-6 Adding the Location of the Oracle TimesTen JDBC Driver to the class-path

    <module-data>
       <category id="start-options">
          <data id="java-bin" value="$ORACLE_HOME/jdk/bin/java"/>
          <data id="java-options" value="-server -Xms512m -Xmx512m
    -Dvde.soTimeoutBackend=0 -Doracle.security.jps.config=$ORACLE_INSTANCE/config/JPS/jps-config-jse.xml"/>
          <data id="java-classpath" value="$ORACLE_HOME/ovd/jlib/vde.jar$:$ORACLE_HOME/jdbc/lib/ojdbc6.jar:/TIMESTEN_HOME/lib/ttjdbc6.jar"/>
       </category>
    </module-data>
    
  3. Reload the configuration to OPMN, and stop, then start Oracle Virtual Directory. For example:

    To reload the configuration to OPMN, execute:

    ORACLE_INSTANCE/bin/opmnctl reload
    

    To stop Oracle Virtual Directory, execute:

    ORACLE_INSTANCE/bin/opmnctl stopproc ias-component=NAME_OF_OVD_COMPONENT
    

    To start Oracle Virtual Directory, execute:

    ORACLE_INSTANCE/bin/opmnctl startproc ias-component=NAME_OF_OVD_COMPONENT
    
  4. Create a Database Source Name (DSN) for Oracle TimesTen. Refer to the Oracle TimesTen Operations Guide on the Oracle Technology Network web site for more information.

  5. Create the Database Adapter for Oracle TimesTen using Oracle Directory Services Manager. When you create the Database Adapter for Oracle TimesTen:

    If the adapter is for an Oracle TimesTen client-only installation: 

    1. Select the Use Custom URL option from the URL Type list on the Connection screen of the New Database Adapter Wizard.

    2. In the Database URL field, enter the following and replace DSN with the Database Source Name you created in step 4:

      jdbc:timesten:client:dsn=DSN
      
    3. Continue creating the adapter by referring to the "Creating Database Adapters" section of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

    If the adapter is for an Oracle TimesTen client and server installation: 

    1. Select the Use Predefined Database option from the URL Type list on the Connection screen of the New Database Adapter Wizard.

    2. Choose Oracle - Times-Ten from the Database Type list.

    3. Continue creating the adapter by referring to the "Creating Database Adapters" section of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

Note:

The Enable Case Insensitive Search option, as described in the "Configuring Database Adapter General Settings" section of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory, can be used to improve Database Adapter performance during searches on case-insensitive LDAP attributes, such as uid, for Oracle TimesTen databases.

In addition to enabling the Enable Case Insensitive Search option, the linguistic indexes for the database columns used in the search must be created in the database. Refer to the Oracle Database Globalization Support Guide for information about Oracle TimesTen database linguistic indexes.

31.3.5 Corrections for Oracle Communications Universal User Profile Diameter Adapters Documentation

The following is a list of corrections for the information in Chapter 20, "Oracle Communications Universal User Profile," of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory:

  • In the "Enabling Support for Diameter Adapters" procedure, an additional step is required. After updating the java-classpath property for the Oracle Virtual Directory server entry in the opmn.xml file as described in step 2, you must then reload the opmn configuration by executing the following command:

    $ORACLE_INSTANCE/bin/opmnctl reload
    
  • In the "Creating and Configuring Diameter Adapters" procedure, step 3 currently states: "Go to the Plug-ins tab for the new Diameter adapter and expand the Get entry. Select DiameterAdapterPlugin and click the Edit button. The Edit Plug-in: DiameterAdapterPlugin dialog box appears."

    The correct step 3 should state only "Go to the Plug-ins tab for the new Diameter adapter. Select DiameterAdapterPlugin and click the Edit button. The Edit Plug-in: DiameterAdapterPlugin dialog box appears."

31.3.6 Correction for Dump Transactions Plug-In's Log Level Documentation

In Chapter 4, "Understanding Oracle Virtual Directory Plug-Ins," of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory, the default value for the Dump Transactions plug-in's log level parameter is incorrect. The document states the default log level is Debug, however, there is no default log level.

Also, the document does not list the supported values for the log level parameter, which are: SEVERE, WARNING, INFO, FINE, FINER, and FINEST.

31.3.7 Corrections for Integrating with Oracle's Enterprise User Security Documentation

The following is a list of corrections for the information in the "Integrating with Oracle's Enterprise User Security" section of Chapter 19, "Configuring Oracle Virtual Directory for Integrated Directory Solutions," in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

Note:

If you attempted to integrate Enterprise User Security with Oracle Virtual Directory 11g Release 1 (11.1.1) before reading these Release Notes and have encountered issues with the configuration, try removing the LDAP Adapter for Enterprise User Security and then creating a new one by first using the information in these Release Notes and then referring to the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
  • In the "Preparing Oracle Virtual Directory for the Enterprise User Security Integration" section, step 2 states: "If one does not already exist, create an LDAP listener that is secured with SSL."

    The correct step 2 is: "If one does not already exist, create an LDAP listener that is secured with SSL No Authentication Mode."

  • In the "User Identities in Microsoft Active Directory" section:

    • In step 2 of the "Configuring Active Directory for the Integration" procedure, the location of the extendAD file is not provided. The extendAD file is located in the $ORACLE_HOME/ovd/eus/ directory.

    • In step 3a of the "Configuring Active Directory for the Integration" procedure, the location of the oidpwdcn.dll file is not provided. The oidpwdcn.dll file is located in the $ORACLE_HOME/ovd/eus/ directory.

    • In the "Configuring Oracle Virtual Directory for the Integration" procedure, an additional step is required in step 5. You must deploy the EUS_ActiveDirectory mapping. The following step should be performed before the current step 5a:

      Click the Advanced tab, click the EUS_ActiveDirectory entry under Mapping Templates, and then click the Apply to deploy the mapping.

    • In steps 5b and 5c of the "Configuring Oracle Virtual Directory for the Integration" procedure, after you select the ObjectclassMapper plug-in (step 5b) and the ActiveDirectory Password plug-in (step 5c), you must click the Edit button to create the namespace for the plug-ins.

    • In step 8c of the "Configuring Oracle Virtual Directory for the Integration" procedure, you must click Create Plugin, not Create Mapping, to create the EUSMemberDNMapping plug-in.

  • In the "User Identities in Microsoft Active Directory and Metadata in Oracle Internet Directory" procedure, step 15 states: "Create a mapping for the Active Directory user search base adapter" using the EUSActiveDirectory.py mapping.

    Note that the EUSActiveDirectory.py mapping may already exist. Before performing step 15, check if the EUSActiveDirectory.py mapping is already deployed. If it is not, create it as documented then proceed to step 16.

  • In the "User Identities in Sun Java System Directory Server" section:

    • An additional step is required in step 5 of the "Configuring Oracle Virtual Directory for the Integration" procedure. You must deploy the EUS_Sun mapping. The following step should be performed before the current step 5a:

      Click the Advanced tab, click the EUS_Sun entry under Mapping Templates, and then click the Apply to deploy the mapping.

    • The existing step 5c is incorrect. It currently states the following:

      Click the Create Mapping button, then select EUS_Sun.py, then enter a unique mapping name, then click the Create Namespace button, then enter cn=users,<YOUR DOMAIN NAME> in the Namespace field, and then click the OK button.

      The following is the correct step, where you do not include cn=users as part of the Namespace:

      Click the Create Mapping button, then select EUS_Sun.py, then enter a unique mapping name, then click the Create Namespace button, then enter the name of your domain in the Namespace field, and then click the OK button.

  • In the "User Identities in Novell eDirectory" section, an additional step is needed in step 7 of the "Configuring Oracle Virtual Directory for the Integration" procedure. You must deploy the EUS_EDir mapping. The following step should be performed before the current step 7a:

    Click the Advanced tab, click the EUS_EDir entry under Mapping Templates, and then click the Apply to deploy the mapping.

31.3.8 Clarifications for Migrating Local Store Adapter Data Documentation

The following clarifications are needed for the information in the "Migrating Local Store Adapter Data" section in Chapter 2, "Understanding Oracle Virtual Directory Adapters," of the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory:

  • Only the compare and reconcile operations of oidcmprec tool are supported for Local Store Adapter data migration.

  • When synchronizing data between two Local Store Adapters, only one-way data migration is supported. That is, if you initially synchronize data in Local Store Adapter A (source) to Local Store Adapter B (destination), you should not synchronize data from Local Store Adapter B to Local Store Adapter A in the future.