Directory Proxy Server Limitations

This section lists product limitations. Limitations are not always associated with a change request number.

Do not change file permissions by hand.

Changes to file permissions for installed Directory Server Enterprise Edition product files can in some cases prevent the software from operating properly. Only change file permissions when following instructions in the product documentation, or following instructions from Sun support.

To workaround this limitation, install products as a user having appropriate user and group permissions.

Self-signed server certificates cannot be renewed.

When creating a self-signed server certificate, make sure you specify a validity long enough that you do not have to renew the certificate.

Directory Proxy Server enables SSLv2 by default.

SSLv2 is the oldest of the SSL/TLS family of security protocols. Although SSLv2 was considered a large step forward in security protocols when it was new, it is now widely regarded as comparatively weak and obsolete. Use of SSLv2 is supported, but discouraged. Directory Proxy Server leaves SSLv2 enabled by default. To disable SSLv2 for Directory Proxy Server, set the enabled-ssl-protocols property to include only SSLv3 and TLSv1, for example.

$ dpconf get-server-prop -w /tmp/dps.pwd supported-ssl-protocols supported-ssl-protocols : SSLv2Hello supported-ssl-protocols : SSLv3 supported-ssl-protocols : TLSv1 $ dpconf set-server-prop -w /tmp/dps.pwd enabled-ssl-protocols:SSLv3 enabled-ssl-protocols:TLSv1 $ dpconf get-server-prop -w /tmp/dps.pwd enabled-ssl-protocols enabled-ssl-protocols : SSLv3 enabled-ssl-protocols : TLSv1

On Windows 2003 systems, do not use software installed with dsee_deploy from the zip distribution in the German locale.

Instead, when running on Windows 2003 in the German locale, install from native packages using the Java ES distribution.