These release notes contain important information available at the time of the version 4.5 release of iPlanet Delegated Administrator. New features and enhancements, known problems, and other late-breaking issues are addressed here. Read this document before you begin using version 4.5.
An electronic version of these Release Notes can be found at the iPlanet documentation web site: http://docs.iplanet.com/docs/manuals/. Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.
For detailed installation instructions, see Chapter 3 of the Delegated Administrator Deployment and Customization Guide at http://docs.iplanet.com/docs/manuals/deladmin/45/html/03_instl.htm#11284.
These Release Notes contain the following sections:
The following features are new in iPlanet Delegated Administrator Version 4.5:
The current release removes a restriction present in previous versions that required the use of a specific fixed DIT structure and attribute for the relative distinguished name of the base suffix in the directory. Delegated Admin 4.5 may now be installed against a variety of DIT structures and base suffixes including "o=", "ou=", "dc=", "l=", and "c=".
Templates are available to support managing account options including access method (POP, IMAP, webmail), quota, vacation message, forwarding options, and end-user mailing list management. These templates are only installed when this option is chosen during installation.
Added support for customized administrative roles. New roles can be built by creating new HTML templates, and modifying the Directory Server ACIs.
Supports the ability to set the value of one or more directory attributes for large sets of users with a single write to the directory (for example, "email Bronze" sets those users up with 5mb mail quota and access to WebMail).
Many of the configuration options such as COS definitions and userid uniqueness can be set on a per-Organization (directory branch) basis.
SiteMinder/Messaging Server/Enterprise Web Server Issues
Current issues regarding configuration and access to configuration files are discussed in this section. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
Silent Install files for NT installations contain these additional entries that do not appear in Solaris installations:
Silent Install files for Solaris installations contain these additional entries that do not appear in NT installations:
Do not delete any of these entries from the Silent Install file. Delegated Administrator does not use these lines but the install.inf file is shared by other products, including Directory Server which updates these default values.(382889)
If Delegated Administrator is configured to use a configuration suffix that differs from the user suffix, Top-level and Organization Administrators can not access the configuration files. (451390)
Login and Start page customization
While customizing the Delegated Administrator login or start page on a per authentication domain basis, the var domain of the HTML page should be set to the complete domain distinguished name for the BaseSuffix. Failure to specify the complete DN will result in a login attempt against the BaseSuffix. (391045)
For Delegated Administrator running on the HP AIX operating system, the thread limit must be set higher than 64 or login will fail. (441369)
The Password Expiration feature must be configured the same in the Directory Server and Delegated Administrator. If the Password Expiration feature is enabled in the Directory Server it will over-ride the disabled Password Expiration feature in Delegated Administrator. (386267)
Client/Server Time Synchronization
If the system time in either the server or the client differ by more than the session time out value, the error message "Invalid Session, Session has timed out. Please reauthenticate" appears. (388396)
Class of Service attributes must be added manually to each individual user. Add these attributes to the directory server through Console. (391398)
Initial configuration of Class of Service Directory Server Plugins causes the error message "plugin init failed". This is normal behavior. It is simply stating that there are no Class of Service definitions in the directory at the time. (386064)
Current issues regarding Netscape Navigator and Internet Explorer browsers are discussed in this section. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
Delegated Administrator does not support 16 bit character set. Users accessing Delegated Administrator with16 bit character set enabled browsers, must reconfigure the browser to use a seven or eight bit character set. (496402)
Do not use the "Forward" or "Back" buttons in the browser tool bar to navigate to various organizations in Delegated Administrator. Use the Location Bar icons. (430309)
Default Browser Background Color
Using a non-default background color in the browser will create unpredictable visual results in the user interface. (431069)
Reloading Administration Pages
Do not reload administration pages with the reload button on the browser. Use the base suffix icon on the Location Bar. (433209)
Do not open more than one on-line help or dialog window of the same kind at one time. If you open an on-line help window, move it to the background and try to open the same window with the on-line help icon in the Delegated Administrator user interface, an error message will result. The same is true for dialog boxes. (433389)
Internet Explorer Help Windows and Dialog Boxes
To bring on-line help windows and dialog boxes to the foreground, use the Windows Status Bar. (359571)
Internet Explorer Internet Options
Internet Explorer users must change the settings for temporary internet files from the default "Automatic" to "Every visit to the page" or Delegated Administrator will generally not perform as designed. Without this change, the first user viewed by the browser remains in the cache and will not display subsequently selected users. To change the setting for temporary internet files in Internet Explorer, open the Tools and choose Internet Options. Click the General tab and select "Temporary Internet files". Select "Settings" and "New Versions of the Page". Select the radio button "Every visit to the page". (511835)
Do not resize windows while adding or modifying data in dialog boxes. Resizing causes the green arrow, indicating your position in the dialog box, to move to the first location edited. The red dot, indicating uncommitted changes, also disappears. (495703)
Current issues regarding optimum page handling and search performance are discussed in this section. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
Delegated Administrator performance drops if more than 100 organizations are created. The number of ACIs created to serve more than 100 organization taxes the resources of the Directory Server and results in extended login times and possible Directory Server time out. (389484)
The recommended setting for maximum search result is 150. Searches larger than 150 may cause the server to time out.(390261)
Generic Search: Server Times Out
When performing a generic or too broadly defined search on a large directory, Delegated Administrator will time out. You can optimize Delegated Administrator page handling and search performance by modifying the Directory Server configuration. See "Basic Installation and Configuration" in the Delegated Administrator Deployment and Customization Guide for further instruction. (362164)
The following measures are necessary when any organization in your directory exceeds 4000 users:
Group Administrators are unable to search for users if they have previously retrieved a search for groups within that group. There are two work arounds for this situation. (511748)
<ida_install_root>/nda/nda/default/en/templates/domain/DeptDeptSearchCriteria.html
<ida_install_root>/nda/nda/default/en/templates/isp/DeptDeptSearchCriteria.html
<ida_install_root>/nda/nda/default/en/templates/my-depts/DeptDeptSearchCriteria.html
<script language="JavaScript">
var cloc = top.BrandArea.getCurrentLocation();
if((null == cloc) || ("" == cloc)) {
if(currentView != top.BrandArea.getCurrentView()) {
var myOptions = document.searchForm.searchType;
for (i = 0; i < myOptions.length; ++i) {
if (myOptions[i].text == "Groups" && currentView !=
top.BrandArea.setCurrentLocation("/nda/default/en/templates/isp/DeptDeptSearchFrame.html");
top.BrandArea.setCurrentView("Groups");
top.LowerFrame.ContentFrame.Main.location =
"/nda/default/en/templates/my-depts/DeptDeptSearchFrame.html";
else if (myOptions[i].text == "Users" && currentView !=
top.BrandArea.setCurrentLocation("/nda/default/en/templates/isp/DeptUserSearchFrame.html");
top.BrandArea.setCurrentView("Users");
top.LowerFrame.ContentFrame.Main.location =
"/nda/default/en/templates/my-depts/DeptUserSearchFrame.html";
document.searchForm.actionButton.focus();
var loc = top.BrandArea.getCurrentLocation();
top.LowerFrame.ContentFrame.Main.location = loc;
top.BrandArea.setCurrentView(currentView);
document.searchForm.actionButton.focus();
If you use non-English character sets to specify "sounds like" parameters in the search interface, the search function may fail. There is no workaround for this problem at this time. (338580)
Current issues regarding 8 and 16 bit character set support for non-English characters are discussed in this section. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
Delegated Administrator does not support the European currency symbol. (398677) (398688)
Non-English Internal uid Format
By default, the internal uid format contains only uid. It may be configured to include the organization name. If you choose to include the organization name, insure that is not in a non-English format. Messaging Server does not support user IDs for organization names containing non-English characters. (348952)
Certificate Server: non-English Support
Certificate Server does not support non-English characters: 8 or 16 bit character sets. (484181) (484121)
Current issues regarding configuration and support for Delegated Administrator in the SiteMinder and Enterprise Server environments are discussed in this section. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
The current version of SiteMinder supports NT 4.0 and Solaris 2.6 only. (399939)
SiteMinder does not support 8 bit or 16 bit character sets. (402640) For further information, refer to SiteMinder documentation.
SSL LDAP Default Port in SiteMinder
Do not manually enter the default port number 636 for secure SSL LDAP connection in the LDAP settings tab of the SiteMinder Management Console and the SiteMinder Administration GUI. Port numbers other than the 636 must be specified in the SiteMinder Management Console and Administration GUI. (496322)
By default, Delegated Administrator uses a special Access Control Instruction (ACI) known as "anonymous access" to allow all users in a company intranet to search all of the User Directory. However, if anonymous access is disabled Certificate based authentication and SiteMinder setup for Delegated Administrator will not perform as designed. (399794)
Messaging Server and SSL with LDAP
Messaging Server does not support LDAP over an SSL connection at this time. (460849)
Stopping Web Server in the SiteMinder Environment
If Delegated Administrator is running in the SiteMinder environment and Delegated Administrator has a Siteminder web agent on the same web server instance, the web server must be stopped by killing the web server process. The web server may not respond to the stop-script or the stop button in the server administration UI. (495761)
Enterprise Server 4.1 sp2 on AIX
Delegated Administrator is certified with Enterprise Server 4.1 sp2 on Solaris, NT and HP-UX and with Enterprise Server 4.2 sp3 on AIX. The Enterprise Server 4.1 sp2 is not currently available on the AIX operating system. (512272)
Web Server and Delegated Administrator System Users Must be the Same
Default system user for the Web Server is nobody. Delegated Administrator must be installed by root. Web Server and Delegated Administrator must have the same system user configuration to function correctly. (491122) To remedy the conflict in a unix installation of Delegated Administrator you must chown the file resource.properties to nobody. These files are located in the Delegated Administrator Server root directory.
Current issues regarding creating and maintaining mail lists are discussed in this section. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
Do not use the following characters for the values of domains, mail lists or descriptions:
The Create Mail List check box located in the Basic Mail Information section of the Create New User and Edit User dialogs must be activated to enable end-users and Group Administrators to create mail lists. Top-level, Organization and Help Desk Administrators can create mail lists by default and do not need to activate the create mail list check box. (402041)
Manage Mail Lists: Top-level and Organization Administrators
Top-level and Organization Administrators must manage and subscribe or unsubscribe to mail lists in the Edit Mail List dialog box. All Help Desk Administrators, Group Administrators and End-users perform these task in the My Accounts dialog box. (401667)
Current issues regarding modifying and deleting user entries are discussed in this section. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
Deleted Users Retain Some Mail List Entries
When a user is deleted from the directory, some residual mail list entries remain. The deleted users must be manually deleted from the following mail list properties; Person for Bounced Messages, Users and Groups and Moderators. All other user occurrences of the deleted user in the mail list are automatically removed. (487921)
Deleting Top-level Administrator's Own Entries
Top-level Administrators removing their own entries from the Top-level Administration group must logout immediately after the action is completed. Top-level Administrators remaining logged in, after removal from the Top-level Administration group, have enduser privileges only and will receive error messages while attempting top-level activities. (353047)
Deleting Organizations of Top-level Administrators
Top-level Administrators must not delete organization of which they are a part. As expected, attempts to delete the organization will result in a "Failed: Insufficient `delete' privilege..." error and the organization becomes unstable. (495721)
Change Password: Top-level Administrators
When Top-level Administrators change their own password in must be done in the My Accounts interface. Top-level Administrators may use the Edit User interface to modify everything in their users accounts, except their passwords. (388887)
Fields in the New User dialog box for Basic Mail Information with asterisks next to them, must be filled before attempting to enter any other new user information in subsequent dialog boxes. (440009)
Multiple Telephone Numbers in Personal Information
Multiple telephone numbers separated by spaces in the Personal Information dialog box are not saved as separate attribute values in the directory. (496342)
If you have problems with iPlanet Delegated Administrator, contact iPlanet customer support using one of the following mechanisms:
So that we can best assist you in resolving problems, please have the following information available when you contact support:
Useful iPlanet information can be found at the following Internet locations:
iPlanet product data sheets --- http://www.iplanet.com/products/index.html
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Java, iPlanet, and all Sun, Java, and iPlanet based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the U.S. and other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape Communications Corporation, which may be registered in other countries.
Last Updated April 10, 2001