This chapter describes issues associated with Oracle Internet Directory. It includes the following topics:
This section describes general issue and workarounds. It includes the following topic:
Under certain circumstances, after you launch ODSM from Fusion Middleware Control, then select a new ODSM task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.
As a workaround, go to the URL:
/odsm, where host and port specify the location where ODSM is running, for example,
http://myserver.example.com:7005/odsm. You can then use the ODSM window to log in to a server.
For certain platforms command ldapdelete considers everything after
-v, as parameter. A typical ldapdelete command looks like this:
ldapdelete -h hostname -p portname -v 's' -D cn=orcladmin -w welcome1
For Linux x86-64 and Microsoft Windows x64 the command mentioned here works fine. However, for Solaris Operating System (SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium platforms the above command fails.
Use the flag
-v as the last parameter when running the ldapdelete command. For example:
ldapdelete -h hostname -p portname -D cn=orcladmin -w welcome1 -v 's'
If Oracle Internet Directory is using Oracle Database 11g Release 1 (220.127.116.11.0), you might see
ORA-600 errors while performing
bulkmodify operations. To correct this problem, apply the fixes for Bug 7019313 and Bug 7614692 to the Oracle Database.
If Application Server 10.1.2.0.2 LDAP port number is less then 1024, then perform the following steps before running Upgrade Assistant:
Change the permission of the following files:
cd $ORACLE_HOME/bin "AS11G ORACLE_HOME" chmod 0710 oidmon # only owner and group has execute permission chmod u+s oidmon chown root oidldapd # make oidldapd setuid root for security chmod 4710 oidldapd # only owner and group has execute permission
Upgrade infrastructure by deselecting the "retain ports from source Oracle Home" option in Upgrade Assistant.
If required, re-configure the necessary 10g configset properties in 11g Oracle Internet Directory (OID) instance, by following the instructions mentioned in Chapter 9 "Managing System Configuration Attributes" of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.
Restart OPMN processes.
Due to a bug, Oracle Internet Directory cannot handle the upper-case dotted I character in the Turkish character set correctly. This can cause problems in Oracle Directory Services Manager and in command-line utilities.
By default, the
oidcmprec tool excludes operational attributes during comparison.That is,
oidcmprec does not compare the operational attributes values in source and destination directory entries. During reconciliation of user defined attributes however, operational attributes might be changed.
oidrealm tool supports creation, but not deletion, of a realm. A procedure for deleting a realm is provided in Note 604884.1, which is available on My Oracle Support at
If you use Oracle Database 18.104.22.168.0 with Oracle Internet Directory, apply Patch 22.214.171.124.3 PSU to Oracle Database. Purge jobs do not function properly without this patch.
The SQL of an OPSS one level
ldapsearch operation, with filter "
value" and required attributes, might take unreasonably high %DB CPU. If this search performance impacts the overall performance of the machine and other processes, you can alleviate the issue by performing the following steps in the Oracle Database:
Log in to the Oracle Database as user
ODS and execute the following SQL:
BEGIN DBMS_STATS.GATHER_TABLE_STATS(OWNNAME=>'ODS', TABNAME=>'CT_ORCLJAZNPRINCIPAL', ESTIMATE_PERCENT=>DBMS_STATS.AUTO_SAMPLE_SIZE, CASCADE=>TRUE); END; /
Flush the sharedpool.
If you start the replication server by using the command line, stop it by using the command line. If you attempt to stop it by using Oracle Enterprise Manager Fusion Middleware Control, the attempt fails.
This section describes configuration issues and workarounds. It includes the following topics:.
If you configure Oracle Internet Directory to use SSL in server authentication mode or mutual authentication mode on your test machine, and then move Oracle Internet Directory to a production machine, re-create the Oracle Internet Directory wallet on the production machine.
The old wallet contains the hostname of the original machine as the DN in the certificate. This host name in the DN is not changed during the test to production move. Re-create the wallet on the production machine to avoid SSL communication issues.
The Oracle Internet Directory 11g (126.96.36.199) server sometimes crashes if it is configured with more than one cipher suite. This does not occur in the default configuration.
To fix this problem, apply the patch for Bug 11070732. For more information, see Note 1283579.1: OID Processes Crash After Installation of Patchset 3 (188.8.131.52) on My Oracle Support at
This section describes documentation errata. It includes the following topics:
The section on bulkdelete in the "Performing Bulk Operations" chapter of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory is entitled "Deleting Entries or Attributes of Entries by Using bulkdelete." This title is misleading. You can only use bulkdelete to delete entire entries or subtrees. The first sentence in that section is also misleading and should be ignored.
The Chapter 7 section of Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory entitled "Single Sign-On Integration with Oracle Directory Services Manager" contains references to Oracle Virtual Directory. It should actually refer to Oracle Internet Directory.
The bug fix numbers listed in the Prerequisites section of the "Performing Rolling Upgrades" appendix to Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory are incorrect. They should be as follows:
If you have Oracle Internet Directory Version 184.108.40.206.0, apply the fix for bug number 10431688 on each Middleware Oracle home.
If you have Oracle Internet Directory Version 220.127.116.11.0, apply the fix for bug number 10431664 on each Middleware Oracle home.
In Oracle Internet Directory 11g (18.104.22.168) and (22.214.171.124), the default value of
orclcryptoscheme is SSHA. The documentation is incorrect in the following places:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Table 9-3, "Attributes of the DSE."
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Chapter 30, "Managing Password Verifiers," in the section "Hashing Schemes for Creating Userpassword Verifiers."
Oracle Fusion Middleware Reference for Oracle Identity Management, Chapter 8, "LDAP Attribute Reference," entry for