If you make the root suffix a domain, Delegated Administrator functions do not work. (6321748)
By default, when Access Manager is installed, the root suffix is not installed as a domain. That is, the root suffix does not contain the sunPreferredDomain attribute. If the root suffix is turned into a mail domain, problems occur in Delegated Administrator.
Use the same default domain that you set up for Messaging Server. If you have not installed Messaging Server, make sure that the default domain is created one level below the root suffix in the DIT.
When you create a group with no services using the command-line utility (commadmin group create) and then assign a service package to the group in the Delegated Administrator console, you are not prompted to enter any Mail Service details. (6317925)
This issue occurs when you create a group with commadmin group create without adding any services to the group, and then use the Delegated Administrator console to assign a service package to the group. You can assign a mail service package to the group using the Assign Service Package wizard, but you are not prompted to enter information in the Mail Service Details panel. A message informs you that the mail service package was assigned successfully. If you open the group's Properties page, the group members are listed, but you cannot edit these fields or enter an email address for the group.
Use the commadmin group modify command to add mail service and an email address to the group. For example:
./commadmin group modify -D <TLA> -w <TLA_password> -G Group0 -S mail -E Group0@<domain> -d <domain>
Attributes passed with the —A option of the commadmin command are ignored if the command also calls an input file containing attributes passed with —A. (6317850)
This issue occurs if you run a commadmin command such as this one:
./commadmin user create -D tla -w pass -d <domain> -F test -L User -W pass -i /tmp/comm.in -A preferredlanguage:es
and the input file, comm.in, contains attributes passed with the -A option. The result is that the -A option in the command line is ignored. In the example shown above, the preferredlanguage:es is not added.
If any attributes are passed in the input file with the -A option, pass all values of -A in the input file. Do not also use -A in the command line.
An Organization Administrator (OA) can remove himself as an OA by modifying the organization Properties page. (6314711)
If you log into the Delegated Administrator console as an OA, you can go to the organization's Properties page and remove yourself from the list of users with OA rights. No error occurs, and you can continue using the console. You should either be unable to remove yourself as an OA or be logged out as soon as you remove yourself.
An inappropriate error message is displayed when you use a domain name that conflicts with the name of a deleted domain. (6309418)
This issue occurs if you create an organization with a domain name that is the same as the name of a deleted domain. (The organization name is different than the name of the deleted organization.) The following error message appears: Attribute uniqueness violated.
Specify a new domain name.
The Delegated Administrator console writes icsAllowRights values to the directory that are different than the values documented in the Schema Reference. (6308579)
This issue occurs when you set Advanced Rights in an organization that has Calendar service allocated to it. If you open the Properties page for the organization, navigate to the Calendar Service section, and click the Advanced Rights button, the Advanced Rights properties are displayed. These properties are stored with the icsAllowRights attribute in the directory.
In the Delegated Administrator console, if you set the Advanced Rights properties to “No,” the icsAllowRights value in the directory is saved as 0. However, the Schema Reference documents that the value 0 means that the property is allowed.
Note also that the Advanced Rights properties in the Delegated Administrator console are set to “No” by default, even if these values conflict with the corresponding values in the ics.conf file. The values set by Delegated Administrator override the values in the ics.conf file.
When you use commadmin group create to create a group, you can add only one dynamic membership filter (LDAP URL) with the —f option. (6303551)
The commadmin group create command allows you to use the -f option multiple times to construct dynamic membership filters (LDAP URLs) for the group. However, only the last filter is saved in the LDAP directory.
Run the commadmin group modify command multiple times, once for each filter you wish to add.
When you add Dynamic members to a group In the Delegated Administrator console, you cannot test a manually constructed LDAP URL. (6300923)
When you create a new group and add dynamic members to the group, you can either manually construct an LDAP URL or use the fields available in the drop-down menus to construct the LDAP URL. If you use the drop-down menus, you can click the Test LDAP URL button. If you manually construct the LDAP URL, this feature is disabled.
Using the browser's Back button in the Delegated Administrator console can cause unexpected pages to be displayed. (6292610)
Navigate only by using the tabs and navigation links provided on the page itself.
The number of service packages assigned to groups in an organization can exceed the number allocated to that organization. (6285713)
After you allocate a specified number of service packages for groups in an organization, you can assign an unlimited number of service packages to the groups in the organization. The allocation limits are not enforced.
For example, if you allocate 20 service packages for groups in an organization, you can assign service packages to more than 20 groups in the organization.
An incorrect error message is displayed when you create a new user with a Login ID that is already in use. (6283567)
When you create a new user with a unique email address but a login ID that is already used, the user is not created (which is the correct behavior), but the following error message is displayed: “Cannot create user — mail address already used.” The error message should say that the login ID is already used.
You cannot create users in a domain that includes an underscore in its name. (6281261)
Do not include an underscore in the domain name.
On Linux, you cannot use the commadmin utility to add certain service object classes. (6280807)
This issue occurs when you run commadmin with the -A option to add particular service object classes. For example, if you run the following command:
/opt/sun/comms/commcli/bin/commadmin user modify -D admin -n <domain> -w <password> -p81 -X localhost -d <domain> -l test -A +objectclass:sunportalgatewayaccessservice
Delegated Administrator is unable to get the service object classes.
Manually add the required object class for the user in Directory Server through the Administration Console, or by using the ldapmodify command.
Searching for organizations by service name, service package name, and mail host does not work. (6277314)
In the Organization list page, if you use the drop-down menu to search for organizations by service name, service package name, or mail host, and then enter a search string, the search result includes all organizations.
You cannot create an organization with a comma in the organization name. (6275439)
If you use the Create Organization wizard to create an organization and specify an organization name containing a comma, an error is displayed and the organization is not created.
Do not put a comma in an organization name.
If you delete a domain with the commadmin domain delete command, you cannot use commadmin to purge the domain. (6245878, 6203605)
If you use commadmin domain delete to delete an organization with mail service, the inetDomainStatus is set to deleted . If you then use msuserpurge to remove users from the message store and commadmin domain purge to purge the domain, the domain remains in the LDAP directory. The mailDomainStatus value for the domain does not equal removed.
The same issue exists if you use commadmin domain delete to delete an organization with Calendar service, then use csclean to remove the calendar, and then use commadmin domain purge to purge the domain. The icsStatus is not marked as removed in LDAP.
Use ldapmodify to set the mailDomainStatus or icsStatus to removed. Then use commadmin domain purge.
The Domain Disk Quota value is lost if you change the Domain status or Mail Service status of a full organization. (6239311)
This problem occurs if you edit a full organization with a Domain Disk Quota value set to any numeric value, and you change the Domain Status or Mail Service Status from Active to any other value (such as Inactive or Hold).
A message indicates that the properties of the organization have been successfully modified, but the value of the Domain Disk Quota field is set to unlimited, and the LDAP attribute (mailDomainDiskQuota) is lost for the organization.
This issue is fixed in the latest Delegated Administrator patch. Download the patch, as described in Recommended Patch.
Or: Reset the value of the Domain Disk Quota field and save the properties of the organization again.
No indication when a User, Organization, or Group list page has finished loading. (6234660)
If you click a button while a list page is loading, an error occurs.
While the page is loading, a message asks you to wait. Do not click any buttons or links until the page is ready.
The commadmin user modify command fails if you assign both the sunpresenceuser and sunimuser object classes to a user entry. (6214638)
A newly created user does not inherit the domain’s timezone (TZ). (6206160)
If you create a domain with a non-default timezone, and then create a new user without explicitly using the -T <timezone > option, the user is given the default timezone (America/Denver).
For example, assume you create a domain named sesta with a timezone of Europe/Paris. Next, create a new user in sesta. The user is given the default timezone, America/Denver.
When you create or modify a user, pass -T < timezone> explicitly to the commadmin user create or commadmin user modify command.
You need to save the Organization Properties page to successfully add an administrator. (6201912)
If you open the Organization Properties page and assign an administrator role to a specified user, you must then save the Organization Properties page to add the administrator successfully. If you log out after assigning the new administrator, the administrator is not added.
New non-ascii organizations cause an error because the default administrator’s email address cannot be specified. (6195040)
The default administrator’s uid defaults to “admin_ new_organization_name.” If the new organization name contains non-ascii characters, the email address that uses this uid is invalid.
You cannot edit a user’s login ID in this release of Delegated Administrator. (6178850)
If the root suffix name is the same as an organization domain name, the Delegated Administrator utility does not work. (5107441)
If you create the root suffix name that is the same as your domain name (for example, if the root suffix is o=example.com and the domain is example.com), the commadmin utilities do not work.
Avoid using the same name for the root suffix and another domain in the directory. (The o=name values must be different.)
The advanced search feature does not return correct results for organizations. (5094680)
This issue occurs if you perform the following steps:
Select the Advanced Search feature.
Select “Organizations” from the drop-down list.
Click the Match All or Match Any radio button.
Select an organization name from the drop-down list.
Enter valid values in the text field.
Instead of returning only the organizations that match the search criteria, Delegated Administrator displays all organizations.
The Summary page in the New Organization wizard does not display all the organization details. (5087980)
When you create a new organization with the New Organization wizard, certain details, such as Disk Domain Quota and Mail Service Status, are not displayed in the wizard’s Summary page.
Cannot modify non-ASCII groups. (4934768)
If a group is created with a group name that contains non-ASCII characters, it cannot be modified with the commadmin group modify command.
For example, if a group with the non-ASCII characters XYZ is specified with the -G option in the commadmin group create command, an email address of XYZ is automatically added to the group’s LDAP entry. Since non-ASCII characters are not allowed in email addresses, modifying the group with commadmin group modify fails.
Use the -E email option when creating a group. This option will specify the group’s email address. For example: commadmin group create -D admin -w password -d siroe.com -G XYZ -S mail -E email@example.com .
Creating a group with multiple -f options adds only one attribute. (4931958)
If you specify multiple -f options for creating dynamic groups in the commadmin group create command, only the value specified with the last -f option is added to the LDAP entry. The other values are not added.
Do not specify the -f option multiple times when using the commadmin group create command.