Skip Headers
Oracle® Fusion Middleware Release Notes
11g Release 1 (11.1.1) for IBM AIX on POWER Systems (64-Bit)

Part Number E14771-27
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

39 Oracle Internet Directory

This chapter describes issues associated with Oracle Internet Directory. It includes the following topics:

39.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topic:

39.1.1 ODSM Browser Window Becomes Unusable

Under certain circumstances, after you launch ODSM from Fusion Middleware Control, then select a new ODSM task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.

As a workaround, go to the URL: http://host:port/odsm, where host and port specify the location where ODSM is running, for example, You can then use the ODSM window to log in to a server.

39.1.2 In ldapdelete Command -V Should Be The Last Parameter

For certain platforms command ldapdelete considers everything after -v, as parameter. A typical ldapdelete command looks like this:

ldapdelete -h hostname  -p portname  -v 's' -D cn=orcladmin -w welcome1

For Linux x86-64 and Microsoft Windows x64 the command mentioned here works fine. However, for Solaris Operating System (SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium platforms the above command fails.


Use the flag -v as the last parameter when running the ldapdelete command. For example:

ldapdelete -h hostname  -p portname -D cn=orcladmin -w welcome1   -v 's'

39.1.3 Bulkmodify Might Generate Errors

If Oracle Internet Directory is using Oracle Database 11g Release 1 (, you might see ORA-600 errors while performing bulkmodify operations. To correct this problem, apply the fixes for Bug 7019313 and Bug 7614692 to the Oracle Database.

39.1.4 Upgrading from Infrastructure to Application Server 11g Infrastructure

If Application Server LDAP port number is less then 1024, then perform the following steps before running Upgrade Assistant:

  1. Change the permission of the following files:

    chmod 0710 oidmon         # only owner and group has execute permission 
    chmod u+s  oidmon 
    chown root oidldapd       # make oidldapd setuid root for security 
    chmod 4710 oidldapd       # only owner and group has execute permission
  2. Upgrade infrastructure by deselecting the "retain ports from source Oracle Home" option in Upgrade Assistant.

  3. If required, re-configure the necessary 10g configset properties in 11g Oracle Internet Directory (OID) instance, by following the instructions mentioned in Chapter 9 "Managing System Configuration Attributes" of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

  4. Restart OPMN processes.

39.1.5 Turkish Dotted I Character is Not Handled Correctly

Due to a bug, Oracle Internet Directory cannot handle the upper-case dotted I character in the Turkish character set correctly. This can cause problems in Oracle Directory Services Manager and in command-line utilities.

39.1.6 OIDCMPREC Might Modify Operational Attributes

By default, the oidcmprec tool excludes operational attributes during comparison.That is, oidcmprec does not compare the operational attributes values in source and destination directory entries. During reconciliation of user defined attributes however, operational attributes might be changed.

39.1.7 OIDREALM Does Not Support Realm Removal

The oidrealm tool supports creation, but not deletion, of a realm. A procedure for deleting a realm is provided in Note 604884.1, which is available on My Oracle Support at

39.1.8 Apply Patch to Oracle Database to Fix Purge Job Problem

If you use Oracle Database with Oracle Internet Directory, apply Patch PSU to Oracle Database. Purge jobs do not function properly without this patch.

39.1.9 SQL of OPSS ldapsearch Might Take High %CPU

The SQL of an OPSS one level ldapsearch operation, with filter "orcljaznprincipal=value" and required attributes, might take unreasonably high %DB CPU. If this search performance impacts the overall performance of the machine and other processes, you can alleviate the issue by performing the following steps in the Oracle Database:

  1. Log in to the Oracle Database as user ODS and execute the following SQL:

  2. Flush the sharedpool.

39.1.10 If you Start the Replication Server by Using the Command Line, Stop it Using the Command Line

If you start the replication server by using the command line, stop it by using the command line. If you attempt to stop it by using Oracle Enterprise Manager Fusion Middleware Control, the attempt fails.

39.2 Configuration Issues and Workarounds

This section describes configuration issues and workarounds. It includes the following topics:.

39.2.1 Re-Create Wallet After Moving Oracle Internet Directory from Test to Production

If you configure Oracle Internet Directory to use SSL in server authentication mode or mutual authentication mode on your test machine, and then move Oracle Internet Directory to a production machine, re-create the Oracle Internet Directory wallet on the production machine.

The old wallet contains the hostname of the original machine as the DN in the certificate. This host name in the DN is not changed during the test to production move. Re-create the wallet on the production machine to avoid SSL communication issues.

39.2.2 Directory Server Might Crash if Configured with More Than One Cipher Suite

The Oracle Internet Directory 11g ( server sometimes crashes if it is configured with more than one cipher suite. This does not occur in the default configuration.

To fix this problem, apply the patch for Bug 11070732. For more information, see Note 1283579.1: OID Processes Crash After Installation of Patchset 3 ( on My Oracle Support at

39.3 Documentation Errata

This section describes documentation errata. It includes the following topics:

39.3.1 Bulkdelete Deletes Entries, not Attributes

The section on bulkdelete in the "Performing Bulk Operations" chapter of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory is entitled "Deleting Entries or Attributes of Entries by Using bulkdelete." This title is misleading. You can only use bulkdelete to delete entire entries or subtrees. The first sentence in that section is also misleading and should be ignored.

39.3.2 ODSM Section Should Refer to Oracle Internet Directory

The Chapter 7 section of Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory entitled "Single Sign-On Integration with Oracle Directory Services Manager" contains references to Oracle Virtual Directory. It should actually refer to Oracle Internet Directory.

39.3.3 Incorrect Bug Numbers in Prerequisites for Rolling Upgrade

The bug fix numbers listed in the Prerequisites section of the "Performing Rolling Upgrades" appendix to Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory are incorrect. They should be as follows:

  • If you have Oracle Internet Directory Version, apply the fix for bug number 10431688 on each Middleware Oracle home.

  • If you have Oracle Internet Directory Version, apply the fix for bug number 10431664 on each Middleware Oracle home.

39.3.4 Default orclcryptoscheme Value is SSHA

In Oracle Internet Directory 11g ( and (, the default value of orclcryptoscheme is SSHA. The documentation is incorrect in the following places:

  • Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Table 9-3, "Attributes of the DSE."

  • Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Chapter 30, "Managing Password Verifiers," in the section "Hashing Schemes for Creating Userpassword Verifiers."

  • Oracle Fusion Middleware Reference for Oracle Identity Management, Chapter 8, "LDAP Attribute Reference," entry for orclcryptoscheme.