This chapter describes issues associated with Oracle Internet Directory. It includes the following topics:
This section describes general issue and workarounds. It includes the following topic:
Section 39.1.2, "In ldapdelete Command -V Should Be The Last Parameter"
Section 39.1.4, "Upgrading from 10.1.2.0.2 Infrastructure to Application Server 11g Infrastructure"
Section 39.1.5, "Turkish Dotted I Character is Not Handled Correctly"
Section 39.1.6, "OIDCMPREC Might Modify Operational Attributes"
Section 39.1.8, "Apply Patch to Oracle Database 11.2.0.1.0 to Fix Purge Job Problem"
Section 39.1.9, "SQL of OPSS ldapsearch Might Take High %CPU"
Under certain circumstances, after you launch ODSM from Fusion Middleware Control, then select a new ODSM task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.
As a workaround, go to the URL: http://host:port/odsm, where host and port specify the location where ODSM is running, for example, http://myserver.example.com:7005/odsm. You can then use the ODSM window to log in to a server.
For certain platforms command ldapdelete considers everything after -v, as parameter. A typical ldapdelete command looks like this:
ldapdelete -h hostname -p portname -v 's' -D cn=orcladmin -w welcome1
For Linux x86-64 and Microsoft Windows x64 the command mentioned here works fine. However, for Solaris Operating System (SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium platforms the above command fails.
Use the flag -v as the last parameter when running the ldapdelete command. For example:
ldapdelete -h hostname -p portname -D cn=orcladmin -w welcome1 -v 's'
If Oracle Internet Directory is using Oracle Database 11g Release 1 (11.1.0.7.0), you might see ORA-600 errors while performing bulkmodify operations. To correct this problem, apply the fixes for Bug 7019313 and Bug 7614692 to the Oracle Database.
If Application Server 10.1.2.0.2 LDAP port number is less then 1024, then perform the following steps before running Upgrade Assistant:
Change the permission of the following files:
cd $ORACLE_HOME/bin "AS11G ORACLE_HOME" chmod 0710 oidmon # only owner and group has execute permission chmod u+s oidmon chown root oidldapd # make oidldapd setuid root for security chmod 4710 oidldapd # only owner and group has execute permission
Upgrade infrastructure by deselecting the "retain ports from source Oracle Home" option in Upgrade Assistant.
If required, re-configure the necessary 10g configset properties in 11g Oracle Internet Directory (OID) instance, by following the instructions mentioned in Chapter 9 "Managing System Configuration Attributes" of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.
Restart OPMN processes.
Due to a bug, Oracle Internet Directory cannot handle the upper-case dotted I character in the Turkish character set correctly. This can cause problems in Oracle Directory Services Manager and in command-line utilities.
By default, the oidcmprec tool excludes operational attributes during comparison.That is, oidcmprec does not compare the operational attributes values in source and destination directory entries. During reconciliation of user defined attributes however, operational attributes might be changed.
The oidrealm tool supports creation, but not deletion, of a realm. A procedure for deleting a realm is provided in Note 604884.1, which is available on My Oracle Support at https://support.oracle.com/.
If you use Oracle Database 11.2.0.1.0 with Oracle Internet Directory, apply Patch 11.2.0.1.3 PSU to Oracle Database. Purge jobs do not function properly without this patch.
The SQL of an OPSS one level ldapsearch operation, with filter "orcljaznprincipal=value" and required attributes, might take unreasonably high %DB CPU. If this search performance impacts the overall performance of the machine and other processes, you can alleviate the issue by performing the following steps in the Oracle Database:
Log in to the Oracle Database as user ODS and execute the following SQL:
BEGIN
DBMS_STATS.GATHER_TABLE_STATS(OWNNAME=>'ODS',
TABNAME=>'CT_ORCLJAZNPRINCIPAL',
ESTIMATE_PERCENT=>DBMS_STATS.AUTO_SAMPLE_SIZE,
CASCADE=>TRUE);
END;
/
Flush the sharedpool.
If you start the replication server by using the command line, stop it by using the command line. If you attempt to stop it by using Oracle Enterprise Manager Fusion Middleware Control, the attempt fails.
This section describes configuration issues and workarounds. It includes the following topics:.
Section 39.2.1, "Re-Create Wallet After Moving Oracle Internet Directory from Test to Production"
Section 39.2.2, "Directory Server Might Crash if Configured with More Than One Cipher Suite"
If you configure Oracle Internet Directory to use SSL in server authentication mode or mutual authentication mode on your test machine, and then move Oracle Internet Directory to a production machine, re-create the Oracle Internet Directory wallet on the production machine.
The old wallet contains the hostname of the original machine as the DN in the certificate. This host name in the DN is not changed during the test to production move. Re-create the wallet on the production machine to avoid SSL communication issues.
The Oracle Internet Directory 11g (11.1.1.4) server sometimes crashes if it is configured with more than one cipher suite. This does not occur in the default configuration.
To fix this problem, apply the patch for Bug 11070732. For more information, see Note 1283579.1: OID Processes Crash After Installation of Patchset 3 (11.1.1.4) on My Oracle Support at https://support.oracle.com.
This section describes documentation errata. It includes the following topics:
Section 39.3.1, "Bulkdelete Deletes Entries, not Attributes"
Section 39.3.2, "ODSM Section Should Refer to Oracle Internet Directory"
Section 39.3.3, "Incorrect Bug Numbers in Prerequisites for Rolling Upgrade"
The section on bulkdelete in the "Performing Bulk Operations" chapter of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory is entitled "Deleting Entries or Attributes of Entries by Using bulkdelete." This title is misleading. You can only use bulkdelete to delete entire entries or subtrees. The first sentence in that section is also misleading and should be ignored.
The Chapter 7 section of Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory entitled "Single Sign-On Integration with Oracle Directory Services Manager" contains references to Oracle Virtual Directory. It should actually refer to Oracle Internet Directory.
The bug fix numbers listed in the Prerequisites section of the "Performing Rolling Upgrades" appendix to Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory are incorrect. They should be as follows:
If you have Oracle Internet Directory Version 11.1.1.2.0, apply the fix for bug number 10431688 on each Middleware Oracle home.
If you have Oracle Internet Directory Version 11.1.1.3.0, apply the fix for bug number 10431664 on each Middleware Oracle home.
In Oracle Internet Directory 11g (11.1.1.3) and (11.1.1.4), the default value of orclcryptoscheme is SSHA. The documentation is incorrect in the following places:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Table 9-3, "Attributes of the DSE."
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Chapter 30, "Managing Password Verifiers," in the section "Hashing Schemes for Creating Userpassword Verifiers."
Oracle Fusion Middleware Reference for Oracle Identity Management, Chapter 8, "LDAP Attribute Reference," entry for orclcryptoscheme.