Sun ONE Directory Proxy Server Release Notes
Version 5.2
816-6392-10
Updated June, 2003
These release notes contain important information available at the time of the version 5.2 release of Sun ONE Directory Proxy Server. New features and enhancements, installation notes, known problems, and other late-breaking issues are addressed here. Familiarity with iPlanet Directory Access Router 5.0[sp1] is assumed. Read these release notes before you begin using Sun ONE Directory Proxy Server 5.2.
An electronic version of these release notes can be found at the Sun ONE documentation web site: http://docs.sun.com/doc/816-6392-10. Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.
These release notes contain the following sections:
Revision History
Date
|
Description of changes
|
June 13, 2003
|
Initial release of these release notes
|
What's New in Directory Proxy Server, Version 5.2
-
SSL support is now provided by incorporating the NSS facility. Benefits include wizard manipulation for certificates and reduction of erroneous CERT warnings. See the Directory Proxy Server Administrator's Guide for details.
-
Improved detection of up/down status (heartbeat) for SSL-only Directory Servers.
-
Improved Sun ONE stack integration.
-
Support for Solaris 8, 9 (32 bit SPARC), Solaris 9 (X86), Linux for Sun 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Redhat Linux 7.2.
-
Logfile rotation based on size of log file.
Supported Platforms
Sun ONE Directory Proxy Server is available on the following platforms:
-
Sun Solaris 8 or 9 for SPARC (32 bit) operating environment
-
Sun Solaris 9 for x86
-
Windows 2000 Server and Advanced Server with Windows 2000 Service Pack 3
-
Redhat Linux 7.2
-
Linux for Sun 5.0
Specific operating system patches or service packs may need to be installed before Directory Server 5.2 can be installed. For further information, refer to the Sun ONE Directory Server Installation and Tuning Guide. You can obtain Solaris patches from http://sunsolve.sun.com.
Accessing Product Documentation
The online documentation files are contained on the product CD and can be accessed via a browser. In addition, you can download the entire documentation set, in HTML format.
Once you have downloaded this file, extract it to the following location:
ServerRoot/manual/en/dps
The documentation set can then be accessed from:
ServerRoot/manual/en/dps/index.html
or from the Directory Proxy Server Console, by selecting Documentation Home from the Help menu.
Installation Notes
Note the following:
-
Installation and uninstall must be done as an Administrator (or equivalent) on Windows. Use root (superuser) when installing native packages on Solaris. Any user can install and uninstall on other Unix systems. See the Sun ONE Directory Proxy Server Installation Guide for further information.
-
Software and hardware requirements and installation instructions are documented in the Sun ONE Directory Proxy Server Installation Guide.
-
If you have an existing installation of Directory Proxy Server, before installing this version of Directory Proxy Server, save any configuration files in the file system to a place outside of the Directory Proxy Server install directory. Then uninstall the existing Directory Proxy Server unless your intent is to install a Directory Proxy Server patch.
Configuring Directory Proxy Server For SSL/Certificates
Chapter 5, "Configuring System Parameters" and Chapter 11, "Configuring Security" of the Directory Proxy Server Administrator's Guide document how to set up Directory Proxy Server for SSL-enabled communication. See Appendix A in the Sun ONE Directory Proxy Server Installation Guide for information on migrating from earlier versions.
Installation Log Files
This section describes the locations of registry and installation log files for various platforms.
Installers generate log and registry files in the following locations:
Platform
|
Product Registry
|
Log (administrator/root)
|
Log (User)
|
Solaris |
/var/sadm/install |
/var/sadm/install/logs |
/var/tmp |
Linux for Sun |
/var/tmp |
/var/tmp |
/var/tmp |
Windows |
%SYSTEM_DIR%/system32 |
%TEMP% |
|
RedHat Linux |
/var/tmp |
/var/tmp |
/var/tmp |
Known Problems and Limitations
This section lists known problems and provides workarounds for some of the problems that you may encounter with the product. Numbers enclosed within square brackets, for example, [4756553], are bug numbers. Bug numbers are useful when discussing issues with Technical Support or Professional Services. This section contains:
Installation
-
On Windows 2000 platforms only one instance of Directory Proxy Server can be installed on a given host.
-
Sun ONE Administration Server that ships with Directory Proxy Server cannot be installed on the same server root as a Sun ONE Web Server 6.0 installation.
-
Directory Proxy Server 5.2 and iPlanet Directory Access Router 5.0 can share a configuration directory but Directory Proxy Server 5.2 installation disrupts access to iPlanet Directory Access Router 5.0 from the console point of view, on all platforms.
-
Use ldapsearch commands to modify Directory Access Router 5.0 configurations in mixed configurations. Or consider exporting the Directory Access Router 5.0 configuration to a file and change your 5.0 instance(s) to use that exported file.
-
Should the setup installer encounter an error as it is deploying, or configuring, a Directory Proxy Server instance, it will attempt to uninstall what it had been able to install prior to the failure. The work done in an aborted installation can amount to be more work than the originally predicted effort. In such cases, the progress bar's percentage complete can reflect a value larger than 100 (indicating that setup has had to do the extra uninstallation work). [4842983]
-
dpsconfig2ldif may encounter an exception if the instance entry has a value for the attribute ids-proxy-sch-rule-base but no value for the attribute ids-proxy-sch-action-base. In some rare cases, this may occur after migration from iPlanet Directory Access Router 5.0. Note that the daemon will continue to function correctly. [4876469] The following procedure will fix the problem with dpsconfig2ldif.
-
Find the instance entry. The instance entry's DN is written in tailor.txt file located in <install-root/<server-instance/etc/directory. It is the DN written after the host name and port number of the configuration directory server as the value of the configuration_url attribute in the above mentioned file.
-
Add attribute ids-proxy-sch-action-base to this entry. The value of this attribute is a DN. Specify the same value as of the attribute ids-proxy-sch-rule-base but change the RDN component ou=rules to ou=actions.
-
Create the entry for the DN specified for attribute you created in step 2. Model this entry exactly as ou=rules entry specified by the value of the attribute ids-proxy-sch-rule-base.
-
The dpsconfig2ldif utility may fail to accurately export a configuration if the given configuration possesses a non US ASCII characters (for example: character sets that require UTF-8 encoding.) 4862842
-
The option -cid of the script quickstart.tcl should be mandatory (and not optional) otherwise, the configuration of the Directory Proxy Server instance may not start.
Miscellaneous
-
Directory Proxy Server 5.2 supports a maximum of 32 back end directory servers across any single group.
-
In the case where one of the back-end LDAP directory server hosts becomes unreachable from the host on which Directory Proxy Server 5.2 is running, clients that were virtually connected to that host may seem to hang as they wait for Directory Proxy Server to time out its back-end connection. A fail over is performed by Directory Proxy Server when the connection gets timed out. The time-out period is modifiable on Solaris systems. (Check the details about the idsktune utility. The utility gets installed at <server-root>/shared/bin and is explained in section "Operating System Requirements" of Chapter 2, "Computer System Requirements" in the Directory Proxy Server Installation Guide.)
-
If multiple instances of Directory Proxy Server are installed under the same server-root, the uninstaller is only capable of removing the last installed instance. Further, the uninstaller removes itself thereby requiring the remaining instance to be removed manually. Note, this occurs only on Solaris, non root installations. [4866646]
-
On Windows 2000 platforms, reverse lookup may fail if the client connects as localhost (127.0.0.1). This may cause the client to be refused access to the server. Two possible workarounds exist:
-
Configure client not to connect as 127.0.0.1.
-
Turn off reverse lookup on the server. See the Directory Proxy Server Administration Guide for further information.
-
It is possible that the console may refuse to save an object with an object name that you just deleted, reverted or edited. Choosing another name or restarting the console will fix this problem. [4863003]
-
The daemon may not start when SSL configured and token requested on command-line.(Seen on Windows and Solaris x86 only.) When SSL is configured, you are requested to enter the token password to start SSL. If you provide the password when requested either on the command line for Solx86, or in the Password Solicitor for Windows, the server fails to restart. [4874761]
-
Create a dps-<instance name>-pin.txt file in the alias directory of server root, and put the password inside with the following syntax:
-
Internal (Software) Token:password
UI (Console Interface)
-
On Unix variants, the Console's "helper" functions used to determine if Directory Proxy Server is up and running won't see Directory Proxy Server if the ldapfwd executable is referenced by Directory Proxy Server through a symbolic link. This is only an issue if Directory Proxy Server installation scripts have been manually manipulated post installation. (In other words, do not rename the Directory Proxy Server executable or convert it to a symbolic link.)
-
When you start Directory Proxy Server, the message that Sun ONE Directory Proxy Server has started appears. This does not mean that Directory Proxy Server is listening on the network. If SSL mode is activated, you are asked to provide the token and password to start SSL after the message is displayed. Once the token request has been satisfied, then Directory Proxy Server will listen on the network. [4818122]
-
If Directory Proxy Server is installed on a Windows 2000 system that contains a previously installed Directory Access Router 5.0 instance, then the Directory Access Router 5.0 will no longer fully function due to Administration Server restrictions.
-
Directory Proxy Server online help is delivered by any Directory Proxy Server installation that is registered with the same Configuration Directory. If one of these installations is not functioning properly, the delivery of online help may be affected resulting in a HTTP error (unreachable host). To workaround this problem, a user may try directly logging into the Administration Server which is hosting the Directory Proxy Server instance whose settings he/she wishes to modify.[4869580]
-
The Server Configuration Log Settings panel may occasionally display duplicate tabs. Restarting the console normally corrects the problem. [4864081]
Uninstallation
-
You must uninstall Directory Proxy Server as Administrator (or equivalent) on Windows. For Unix systems see the Sun ONE Directory Proxy Server Installation Guide.
-
To successfully run rminstance.tcl on UNIX platforms, verify that the Administration Server, and its watchdog process, are running by the user ID that owns the server root. Otherwise, rminstance.tcl will yield a cryptic error message when it fails in its attempt to restart the Administration Server. If you can start the Administration Server from the console, then rminstance.tcl can restart it as well as they both use the same restart mechanism. [4876618]
Resolved Bugs
This section contains the list of bugs that have been resolved in this release of Directory Proxy Server version 5.2:
Bug Number
|
Description
|
4756553 |
GUI: Attribute renaming doesn't update properly |
4762435 |
issue to set correctly the "SSL/TLS Version" with the console |
4763734 |
The size of the log file is limited to 2GB |
4771165 |
Trying anonymous access when forbidden returns LDAP_OPERATIONS_ERROR |
4776242 |
Renaming attributes works partially |
4777966 |
GUI: the "Maximum Refcount" is never updated |
4784192 |
add BelongsTo attribute to all Configuration Directory objects |
4790649 |
Attribute names need to be US ascii |
4816254 |
Unbounded memory growth when a slopw client downloads large numbers of entries |
4846653 |
Attribute ids-proxy-can-allow-null-in-sadl missing from schema files |
4852835 |
Install logs must not reveal clear text passwords |
4853471 |
Change groups does not correctly update group connection statistics |
4538454 |
Console will not start on server roots with embedded spaces in their path names. |
Unresolved Bugs
This section contains the list of unresolved issues that may still be observed in Directory Proxy Server 5.2.
Bug Number
|
Description
|
4791343 |
Cannot reinstall if setup is interrupted - if the installation is interrupted very late, it is possible that it will fail but the registry will be updated, thereby precluding a reinstall. Workaround is to run the uninstaller, which will back out any registry changes, before attempting a reinstall. |
4842218 |
Cannot communicate with a local host client on a Windows machine while reverse-lookup is on. |
4818122 |
When you start Directory Proxy Server, you receive the message Sun ONE Directory Proxy Server started. It doesn't mean that Directory Proxy Server is listening on the network. Specially if the SSL mode is activated, you'll be asked to provide the token/password to start SSL after this message was displayed. |
4866646 |
If multiple instances of Directory Proxy Server are installed in the same server root, uninstaller is only capable to remove the last one. Furthermore, the uninstaller is removed and prevents to have a way to automatically remove the other (left) instances. User has to remove manually. Note, this occurs only on Solaris, non root installations. |
4842983 |
Stopping installation uninstalls components multiple times during clean up. |
4869580 |
Wrong web server requested to display on-line help |
4863003 |
Cannot rename an object with previously used id |
4864081 |
LogProperty panel problem |
4870271 |
Directory Proxy Server topology configurations do not display help under certain conditions. |
How to Report Problems and Provide Feedback
If you have problems with Directory Proxy Server version 5.2, contact Sun ONE customer support using one of the following mechanisms:
Sun Welcomes Your Comments
Sun is interested in improving its documentation and welcomes your comments and suggestions. Email your comments to Sun at this address:
docfeedback@sun.com
Please include the part number (816-6392-10) of the document in the subject line of your email.
For More Information
Useful Sun ONE information can be found at the following Internet locations:
Use of Sun ONE Directory Proxy Server is subject to the terms described in the license agreement accompanying it.
Copyright © 2003 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Java, and all Sun and Java based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
Last Updated June 16, 2003