iPlanet Directory Server 5.1
Release Notes

Updated June 28, 2004

 

These release notes contain important information available at the time of the release of iPlanet Directory Server 5.1. New features and enhancements, known limitations, and other late-breaking issues are addressed here. Read this document before you begin using iPlanet Directory Server 5.1.

An electronic version of these release notes can be found at the iPlanet documentation web site:

http://docs.iplanet.com/docs/manuals/directory.html

Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.

These release notes contain the following sections:

For information on hardware and software requirements, refer to the iPlanet Directory Server Installation Guide.





What's New in iPlanet Directory Server 5.1

iPlanet Directory Server 5.1 contains the following new features and enhancements:

  • Updated and improved management console. The new Directory Server Console offers an improved dialog for configuring replication, and a new directory browser. In this release, the Directory tab has several layout options for navigating the directory tree: as before with leaf entries in right-hand pane, as a single tree in a single pane, or with attributes for the selected entry displayed on the right. For details, refer to Chapter 1 of the iPlanet Directory Server Administrator's Guide.

  • Performance Improvements over Directory Server 5.0. This new release of Directory Server offers increased performance over Directory Server 5.0 and 4.x.

  • Support for IPv6. Directory Server 5.1 can accept incoming connections from IPv6 clients. Currently the Directory Server cannot interpret IPv6 addresses in access control instructions, or use IPv6 connections for operations such as replication and chaining. The Administration Console cannot be used on networks supporting only IPv6.

  • Improved scalability and performance of Roles and Class of Service. Roles and Class of Service, introduced in iPlanet Directory Server 5.0, have been enhanced in this release to increase scalability.

  • Support for the Plug-In API. If you need to create custom plug-in functions you can also contact the iPlanet Professional Services organization at:

    http://www.iplanet.com/services/professional_services_3_3.html

  • Schema Documentation. A new document, iPlanet Directory Server Schema Reference, describes the schema provided with Directory Server 5.1. The document focuses on schema objects useful to support your directory information.

Due to architectural changes made in iPlanet Directory Server, some features that were previously available are no longer included. These are:

  • NT Sync Service. You can no longer create NT accounts through the directory console. When you right click an entry under the Directory tab in the directory console and select New > User to display the Create New User dialog box, you still see the option NT User. As the NT Sync Service is no longer available, the NT User you create remains an entry in the directory only. No new NT account is created.

  • Database Backend Plug-in Interface. The enhanced pre-operation interfaces may be used instead of the database backend plug-in interface, to implement plug-ins that are designed to provide access to alternative directory data stores.

  • Directory Server Gateway. The Directory Server Gateway is no longer delivered with iPlanet Directory Server 5.1. We recommend that you investigate LDAP Tag Library, scheduled to be available as part of the iPlanet Directory Server Resource Kit 5.1, as a good Directory Server Gateway replacement. For further information see:

    http://www.iplanet.com/downloads/developer





Supported Platforms for iPlanet Directory Server 5.1

iPlanet Directory Server 5.1 is supported on the following platforms:

  • Sun Solaris 8 for UltraSPARC (32 and 64-bit) operating environment

  • Microsoft Windows NT 4.0 Server SP 6A (x86 only)

  • Microsoft Windows 2000 Server and Advanced Server SP 2 (x86 only)

  • Hewlett-Packard HP-UX 11.0 (PA-RISC 1.1 or 2.0)

  • IBM AIX 4.3.3 (Power PC)

This release of iPlanet Directory Server is not supported on Sun Solaris 2.6 or Sun Solaris 7. You must upgrade to Sun Solaris 8 prior to upgrading to or installing iPlanet Directory Server 5.1.

iPlanet Directory Server 5.1 requires specific operating system patches or service packs to be installed before iPlanet Directory Server can be installed. Installation of iPlanet Directory Server 5.1 may fail if the recommended patches or service packs are not present.

On operating environments other than Windows, you must run the idsktune utility prior to installing iPlanet Directory Server 5.1. After you expand the product package, you will find the idsktune utility in the same directory as the setup program. Install the patches recommended by the idsktune utility. For further information, refer to the iPlanet Directory Server Installation Guide.

You may obtain Sun Solaris patches from:

http://sunsolve.sun.com





Enhancements and Problems Corrected in iPlanet Directory Server 5.1

iPlanet Directory Server 5.1 includes enhancements and fixes to the following known problems that occurred in earlier releases of iPlanet Directory Server:

  • A previous release of iPlanet Directory Server included a security vulnerability in iPlanet Web Server 4.1. (535057) iPlanet Directory Server 5.1 uses iPlanet Web Server 6 in which this vulnerability has been fixed.

  • Server restart is no longer required after a change to the components allowed to chain. (528617)

  • In a previous version of iPlanet Directory Server, the console supported smart referrals only when the DN in the referral matches the DN of the entry containing the referral. (490281) Updated functionality in the console has removed this limitation and enhanced smart referral support.

  • With a previous release of iPlanet Directory Server, after changing the Directory Manager credentials, you were required to exit Directory Server Console and restart it for the change to be taken into account. (538549) This limitation has been removed.

  • The behavior of multiple qualifiers with cosAttribute in a CoS definition is no longer undefined.

  • With a previous release of iPlanet Directory Server, you were required to authorize client IP access to the Administration Server from the machine running Directory Server Console. This limitation has been removed.

  • When a delete operation is performed, the audit log now displays the DN identity of the operator. The additional information appears in the audit log as modifiersName: DN, where DN is the identity used to perform the delete operation.

  • The newrdn and newsuperior operations are now recorded in the access log and any errors are described in the error log. (547272)

  • Schema is now replicated during a total update operation. (541599)

    If you modify your schema on a server and then create a new replica, the initialization of this replica automatically updates the schema on the consumer server. Previously, the schema was not replicated when the replica was initialized, but instead with the first incremental update of the replica.

  • In previous releases of iPlanet Directory Server, changes to the nsslapd-dbcachesize attribute value under cn=config, were not always correctly taken into account. (539845, 539847) This condition is corrected in iPlanet Directory Server 5.1. The server writes an error message in the error log if the new value you provide is not within the permitted boundaries.

  • In previous releases of iPlanet Directory Server, deleting a role did not update the nsRoleDN attribute for each role member (533695). In iPlanet Directory Server 5.1, the Referential Integrity plug-in is configured to manage the nsRoleDN attribute. However, you must enable the Referential Integrity plug-in. By default, this plug-in is disabled.





Known Limitations

This section lists known limitations present for iPlanet Directory Server 5.1 and their workarounds. The areas with known limitations are as follows:


Installation




Caution

We strongly recommend that no other iPlanet product (such as iPlanet Web Server) be installed into the same Unix directory path as the iPlanet Directory Server product, as this may disable critical functionality required for the correct operation of the directory server.

In addition, on a Windows NT or Windows 2000 machine, the directory server should be installed independently of any other iPlanet product to avoid conflicts with DLLs.




  • On Windows 2000, setup -f does not work without the -s option (4524708). If you perform installation using a configuration file on Windows 2000, it must be silent. For example:

    setup -s -f filename

  • On Windows, the domain name for your host machine must be correctly configured prior to installing iPlanet Directory Server 5.1. To configure the domain name for your host:

    • (On NT) Open the Control Panel and run the Network utility. Select the Protocols tab, select TCP/IP Protocol from the list, and open the Properties dialog box. Correctly fill the fields under the DNS tab.

    • (On 2000) Click right on My Computer, then select Properties. Under the Network Identification tab, select Properties, click More, and correctly fill the Primary DNS suffix of this computer field.

  • If you are running iPlanet Directory Server 5.1 on a 64-bit Sun Solaris 8 UltraSPARC machine, it will run as a 32-bit application.

  • The directory path where you install iPlanet Directory Server 5.1 must not contain space characters.

  • If your suffix contains space characters, correct the suffix generated at installation time to remove the spaces. (4526501) Using the console, select the top directory entry in the left-hand navigation pane of the Servers and Applications tab, edit the suffix in the User directory subtree field, and then click OK to save the changes.

  • Do not install iPlanet Directory Server 5.1 on top of an existing Directory Server installation. If you already have Directory Server 4.x or 5.0, install iPlanet Directory Server 5.1 in a separate directory. After migrating your 4.x or 5.0 directory data to your 5.1 directory and testing the results, remove your 4.x or 5.0 Directory Server.

  • On Windows, always use the latest version of DLL files. Do not overwrite the more recent DLL files with those delivered with iPlanet Directory Server 5.1.

  • Use UTF-8 character set encoding when entering Distinguished Names during installation. Other encodings such as ISO-8859-1 are not supported. Installation operations do not convert data from local character set encoding to UTF-8 character set encoding.

    LDIF files used to import data must also use UTF-8 character set encoding. Import operations do not convert data from local character set encoding to UTF-8 character set encoding.

  • Be aware of the DNS naming resolution issue on systems using NIS. (4526504) During installation, setup detects a default host and domain name. If your NIS domain is different from your DNS domain, the fully qualified host and domain name presented by the installer is incorrect. These values must be corrected to use the DNS domain name.

  • (4527593) AIX fixes have moved from:

    http://server.software.ibm.com/cgi-bin/support/rs6000.support/downloads

    as indicated in the iPlanet Directory Server Installation Guide to:

    http://techsupport.services.ibm.com/server/fixes

  • On AIX, you must install the X11.adt package in order for the console to function. This package is not part of the standard bundle.


Uninstallation
  • You will not receive a warning before proceeding with the uninstallation of the iPlanet Directory Server 5.1 containing your configuration information under the o=NetscapeRoot suffix. This is the first Directory Server you installed. We strongly recommend that it be the last one you uninstall.

  • On Windows 2000, after uninstallation of directory components installed with silent installation (setup -s -f filename) reinstallation always places directory components in the original install folder. (4526014) You can avoid this problem by removing all *.inf files in the \Documents and Settings\Administrator\Local Settings\Temp folder on the system disk drive after uninstallation.


Migration
  • The Directory Server 4.x and 5.0 attributes accesslog-maxlogdiskspace, accesslog-maxlogsize, auditlog-maxlogdiskspace, auditlog-maxlogsize, errorlog-maxlogdiskspace, and errorlog-maxlogsize must be migrated manually. (4529536) Update these values for the Logs entries in the Directory Server Console under the Configuration tab. In each case, *log-maxlogsize values must remain smaller than *log-maxlogdiskspace values for the attributes to remain coherent. For further information, refer to the instructions on monitoring server and database activity in the iPlanet Directory Server Administrator's Guide.

  • The migration procedure may attempt to restart the server while the server is already running. (4529552) Ignore error messages concerning attempts to restart the server by migrateInstance5.

  • On systems other than Windows, migration from iPlanet Directory Server 5.0 to 5.1 may fail if the PATH environment variable does not contain . (4529657) If necessary update your PATH appropriately. For example:

    (ksh) $ export PATH=$PATH:.

    (csh) % setenv PATH ${PATH}:.


Windows NT / Windows 2000
  • Avoid using stdin and stdout on NT with the ldapmodify command-line utility, particularly with non-ASCII data. We strongly recommend you always use the -f option to specify the file containing the LDIF update statements (-f new_file) as this prevents the statements being read from stdin.

  • On Windows NT 4.0, the maximum address space an application can use is 2 GB. As iPlanet Directory Server 5.1 cannot use more than 2 GB of virtual memory, the sum of all caches configured for the server must be strictly less than 2 GB. If the size of the entry caches and of the database cache exceed this limit, Directory Server will exit with an error message. For more information on cache limits on NT4, and on Windows 2000, refer to the iPlanet Directory Server Installation Guide.

  • On Windows 2000, the default font used by the console does not allow you to input Japanese characters. To avoid this issue, change the font. You can change the console font by selecting Preferences from the Edit menu in the directory console, and then changing the font through the interface under the Fonts tab.


Security
  • Deployments that use SSL for connection confidentiality across open networks that are subject to possible active attacks against the SSL connection should not use server certificates issued by one of the public Certification Authority (CA) organizations. (4615324)
  • To ensure that an attacker with a certificate issued by a public CA cannot use that certificate to impersonate a directory server, the certificate databases of LDAP clients a nd of directory servers establishing outgoing SSL connections for replication or chaining must contain only the certificate of the non-public CA which issued the certificates to the servers which will be contacted; all other CA certificates of public CAs must be removed from the LDAP client or directory server’s certificate database.

    Deployments thta are not subject to active attacks or deployments that use additional security mechanisms (such as a VPN when connections traverse the Internet) are not required to use a non-public Certification Authority to obtain a server certificate.

  • Directory Server does not correctly parse ACI target entry DNs containing quotes. (4529541) The following example causes a syntax error:




    dn:o=mary\"red\"doe,o=iplanet.com,o=isp
    changetype:modify
    add:aci
    aci:(target="ldap:///o=mary\"red\"doe,o=example.com,o=isp")(targ etattr="*")
    (version 3.0; acl "test"; allow (all) userdn ="ldap:///self";)



  • Use of semicolons in ACI permissions can cause the directory server to crash. (4527617)

  • As the server does not enforce read-only permissions on SSL-enabled servers for certificate database files, key database files and PIN files, check that the file permissions on UNIX and ACLs on Windows protect the sensitive information contained in these files.

  • If you have enabled certificate-based authentication in the Directory Server, do not map your certificate to a distinguished name under cn=config or cn=monitor. (4529535) If you do so, bind attempts fail. Instead, map your certificate to an entry located elsewhere in the directory information tree.

  • On Windows NT and Windows 2000, a user on the console can shut down Directory Server. Care should be taken to restrict console access to computers running Directory Server.

  • To explicitly deny MODRDN rights using ACIs, you must target the relevant entries but omit the targetattr keyword. (4529533) The following example ACI prevents the cn=helpDeskGroup,ou=groups,o=sun.com group from renaming any entries in the set specified by the pattern cn=*, ou=people,o=sun.com:




    aci: (target="ldap:///cn=*,ou=people,o=sun.com")
    (version 3.0; acl "Deny modrdn rights to the helpDeskGroup";
    deny(write)
    groupdn="ldap:///cn=helpDeskGroup,ou=groups,o=sun.com";)



  • If the account locking mechanism of the password policy is enabled, once a user is locked out on a read-only replica, the account cannot be unlocked. (4527608) To work around the issue, use the ldapmodify utility to set the passwordLockoutDuration attribute to 120 (seconds) and the passwordUnlock attribute to on in cn=config.

  • Macro ACIs do not work if the subject is one of the constant types such as all or anyone. (4529529)

  • Account lockout remains in effect even after the user password is changed. (4527623) To work around this issue, reset the lockout attributes accountUnlockTime, passwordRetryCount, and retryCountResetTime to unlock the account.

  • When the password policy is enabled, setting the passwordHistory attribute to a value lower than the number of times a user password has already been modified may cause the server to crash. (4530739) The default passwordHistory value is set to 6 when the password policy is enabled. To avoid this issue, do not reduce the value of passwordHistory after enabling the password policy.


Schema
  • The schema provided with iPlanet Directory Server 5.1 differs from that specified in RFC 2256 for the groupOfNames and groupOfUniquenames object classes. In the schema provided, the member and uniquemember attribute types are optional, while RFC 2256 specifies that at least one value for these types must be present in the respective object class.

  • The LDAP RFCs (and X.500 standards) allow for an object class to have more than one superior. This behavior is not currently supported by Directory Server.

  • If you add more than 1 000 attributes to a single object class, the server displays configuration errors and fails to start.

  • Note that the aci attribute is now an operational attribute. It is not returned in a search unless you explicitly request it.


Chaining
  • If chaining is configured between a 5.1 multiplexor and a 4.x farm server, add the nsuniqueid attribute to the 4.x farm server schema If the nsuniqueid attribute is not added to the 4.x Directory Server schema, the 5.1 multiplexor does not find the entry it expects, so chaining fails. To add the attribute type to the 4.x schema add the following line to the 4.x farm server slapd-user_at.conf file under /usr/netscape/server4/slapd-serverID/config:




    attribute nsuniqueid nsuniqueid 2.16.840.1.113730.3.1.542 int single operational



  • No explicit error message is sent to the user when an attempt to bind to a farm server during chaining fails because the password policy has expired. (4529539)

  • If the first farm server fails and returns an operations error when using a failover server for database chaining, retry the operation to chain successfully. (4529537) Should the first farm server fail when using a failover server for database chaining, the client receives an operations error if it tries to read information from the multiplexor. The multiplexor does not process this operations error which prevents the next failover farm server from being contacted, and as a result, chaining fails. However, if you retry the exact same operation, chaining succeeds.


Replication
  • If you change the port number on a supplier server, the changelog database is cleared and replication will halt. In this case all consumers, hubs and suppliers must be reinitialized before replication can continue.

  • In the iPlanet Directory Server Administrator's Guide the section "Configuring Directory Server 5.1 as a Consumer of a Legacy Directory Server" incorrectly states that you do not need to specify a Supplier DN when configuring the consumer settings (step 7.) This is incorrect. When you configure the consumer settings, you must specify the Supplier DN that the legacy supplier server will use to bind. If you do not, you will not be able to save the consumer configuration.

  • Multi-master replication (MMR) is supported in a single data-center deployment. Master Directory Servers must be connected via a high-speed, low-latency network, (with minimum connections speeds of 100Mb/second) to achieve full MMR support. MMR is not supported on a network where the bandwidth between Master Directory Servers is less then 1Mb/second and the latency is greater than 10ms, or on a network that might experience significant packet loss; which is the throughput and conditions that you might experience over a wide area network.

    Support for wide area network (WAN) deployments is slated for a future release of iPlanet Directory Server.

  • When configuring a multi-master replication deployment, the referential integrity plug-in must be enabled on all masters. The Deployment and Administrator's Guides erroneously state that only one of the masters requires this plug-in.

  • Replication configured over SSL with certificate-based authentication will not work if the supplier's certificate is a self-signed one or if the supplier's certificate is only capable of behaving as an SSL server certificate, that is, unable to play the role of the client during an SSL handshake.

  • If you need to change a replica role, you must disable replication, change the replica role, and then enable replication again. (4527621)

  • Local schema modifications may be overwritten when a consumer database is created. (4529530)


Directory Server Console
  • Trailing spaces are not preserved during a remote console import operation. Trailing spaces are preserved during both local console and ldif2db import operations. (4529532)

  • Creating a Directory Server instance using the console creates a server in a different time zone on HP and IBM AIX. (4529531) To synchronize the instance for replication, restart the server using the restart-slapd command-line script. For further information concerning restart-slapd, refer to the iPlanet Directory Server Configuration, Command, and File Reference.

  • Users without read access to configuration information cannot see the directory suffix in the directory browser of the console. (4525360) To allow such users read access, add it through ACI. Refer to the iPlanet Directory Server Administrator's Guide for instructions.

  • On HP-UX, the JAVA_FONTS environment variable must be correctly set to enable use of Japanese characters in the console. For example:

    JAVA_FONTS=/opt/asx/lib/X11/fonts/ttfjpn.st/typefaces

    Adjust the path accordingly for your environment.

  • Hubs cannot be modified through the directory console. (4527619) Modify the appropriate supplier instead.

  • Users and roles cannot be created through the console as inactivated. (4521017) Inactivate the user or role after you create it instead.


Core Server
  • The slapd process does not automatically start when the system boots. On UNIX systems write an rc script to start the slapd process at boot time.

  • Stopping the server during export, backup, restore, or index creation causes it to crash.

  • On Windows NT and AIX platforms, do not set Memory available for Cache in the Database Settings to a value greater than 1073741824 bytes (1GB).

  • AIX applications have a restrictive memory model. The AIX ns-slapd executable is created with a value of maxdata=0x50000000 to permit both the entry cache size (nsslapd-cachesize attribute) and database cachesize (nsslapd-dbcachesize attribute) to be up to 1GB each. Raising the maxdata value increases the maximum entry cache size but lowers the maximum database cache size by the same amount, and vice versa. Contact your iPlanet support representative if you need to adjust the maxdata value.

  • Initializing the database with a file that is not accessible causes the server to crash. (4523595)

  • A backup performed on a new database immediately after adding and initializing it cannot be restored. (4531022) To work around this issue, stop and restart the server after adding and initializing the database but before performing the backup.


Server Plug-ins
  • iPlanet Directory Server 5.1 provides the UID Uniqueness plug-in. By default the plug-in is not activated. To ensure attribute uniqueness for specific attributes, create a new instance of the Attribute Uniqueness plug-in for each attribute. For more information on the Attribute Uniqueness plug-in, refer to the iPlanet Directory Server Administrator's Guide.

  • The Referential Integrity plug-in is now off by default. The Referential Integrity plug-in should only be enabled on one master replica in a multi-master replication environment to avoid conflict resolution loops. Before enabling the Referential Integrity plug-in on servers issuing chaining requests, analyze your performance resource, time and integrity needs. Integrity checks can consume significant memory and CPU resources.

  • The Access Control Plug-in does not use the value specified by the nsslapd-groupevalnestlevel attribute to specify the number of levels of nesting access control performs for group evaluation. Instead, levels of nesting is hard coded as 5. (4529540)

  • When disk space is filled, the directory server crashes and does not restart. (4527611)


Roles and Class of Service
  • The nsRoleDN attribute is used to define a role. It should not be used for evaluating role membership in a user's entry. When evaluating role membership, look at the nsrole attribute instead.

  • The behavior for negative CoS template priority values is not defined in the server and cosPriority is not supported by Indirect CoS. Do not enter negative values. Note Indirect CoS does not support cosPriority.


Indexing
  • VLV indexes do not work correctly if they encompass more than one database.


Miscellaneous
  • Do not set command path and library path variables for executing command line utilities and Perl scripts. Instead change to the directory where they are stored. Although it is possible to set command path and library path variables to execute the utilities and scripts, this is not the recommended procedure because you run the risk, particularly when you have more than one server version installed, not only of disrupting the correct execution of other commands utilities and scripts, but also of compromising the security of the system.

  • Sun Solaris only. The idsktune utility reports as missing any patches in the Sun recommended patch list that are not installed on the system, even if those patches relate to packages you have not installed.

  • Note the LDAP utility manpages on the Sun Solaris platforms do not document the iPlanet version of the LDAP utilities ldapsearch, ldapmodify, ldapdelete and ldapadd.For information regarding these utilities, refer to the iPlanet Directory Server Configuration, Command, and File Reference.

  • On Sun Solaris, you can monitor only one Directory Server instance at a time with SNMP. (4529542)

  • You cannot read logs through the Directory Server Console if the server is not running. Instead, browse the iPlanet Console page at

    http://hostname:administration_server_port_number

    Select the iPlanet Administration Express link, and then login as admin.

  • For security reasons, many command line scripts written in Perl can now read the bind password interactively (-w - option). This functionality requires the Term::ReadKey Perl module, available separately. You can download this module from:

    http://www.perl.com/CPAN/CPAN.html

    All other script functionality remains available without this module. After installing the Term::ReadKey Perl module, enable the Perl scripts to read the bind password interactively by editing each script, uncommenting the appropriate lines.

  • Some of the script and command-line usage information is not up to date.

  • Unsynchronized server configuration information can cause restores to fail. Immediately after changing the configuration, back up all files under configuration directory, install-dir/slapd-serverid/config, including the dse.ldif file.

  • Changing the maximum size of the transaction log file has no effect if log files already exist in the database directory. (4523783) Instead, stop the server, modify nsslapd-db-logfile-size in dse.ldif manually, remove all log.* files from the database directory, and then restart the server.

  • The iPlanet Directory Server Adminstrator's Guide incorrectly suggests stopping the directory server before running ldapmodify to change the transaction log directory. (4525267) Instead, stop the server, modify nsslapd-db-logdirectory in dse.ldif manually, and then restart the server.

  • The server does not support LDAP search requests containing a filter that references virtual attributes. (4527614)

  • bak2db can restore a database only to the default location. (4522793) Create the database remotely and add it with ldapmodify.

    To create a database remotely, create an LDIF file:




    dn: cn=databasename,cn=ldbm database,cn=plugins,cn=config
    changetype: add
    objectclass: top
    objectclass: extensibleObject
    objectclass: nsBackendInstance
    cn: databasename
    nsslapd-suffix: o=databasename
    nsslapd-directory: /path/to/databasename

    dn: cn="o=databasename",cn=mapping tree,cn=config
    changetype: add
    objectclass: top
    objectclass: extensibleObject
    objectclass: nsMappingTree
    cn: "o=databasename"
    nsslapd-state: backend
    nsslapd-backend: databasename



    Next, use the ldapmodify utility to add the database:

    ldapmodify -D "cn=Directory Manager" -w password -f /path/to/databasename

    To move an existing database to another file system location, dump the database to LDIF format using the db2ldif utility, follow the instructions provided in the iPlanet Directory Server Administrator's Guide to delete the database, create the database at the new location, and then use the ldif2db utility to restore the database you dumped to LDIF format.

    After the database has been relocated, backups made from the old locations with the db2bak utility are no longer valid. Attempts to restore them may render the server unusable.





Accessing Online Help and Online Documentation

The online documentation files are installed with your Directory Server and can be found with your browser.

If you are working on under Windows NT or have installed iPlanet Directory Server 5.1 in a different location than /usr/iplanet/servers, adapt the following URLs accordingly.

Documentation Home Page:

file:///usr/iplanet/servers/manual/en/slapd/dochome.htm

iPlanet Directory Server Installation Guide:

file:///usr/iplanet/servers/manual/en/slapd/install/contents.htm

iPlanet Directory Server Deployment Guide :

file:///usr/iplanet/servers/manual/en/slapd/deploy/contents.htm

iPlanet Directory Server Administrator's Guide:

file:///usr/iplanet/servers/manual/en/slapd/ag/contents.htm

iPlanet Directory Server Configuration, Command, and File Reference:

file:///usr/iplanet/servers/manual/en/slapd/cli/contents.htm

iPlanet Directory Server Schema Reference:

file:///usr/iplanet/servers/manual/en/slapd/schema/contents.htm





How to Report Problems

For general information on iPlanet Directory Server 5.1, you can refer to:

http://www.iplanet.com/directory

iPlanet Support maintains the online Knowledge Base containing technical articles and technotes about common iPlanet product issues. This repository is available at:

http://www.iplanet.com/support/knowledge_base_10_1.html

If you have any questions or issues to raise regarding iPlanet Directory Server 5.1, subscribe to the following newsgroup:

iplanet.server.directory

If you experience issues with iPlanet Directory Server 5.1, refer to iPlanet Technical Support:

http://www.iplanet.com/support/support_services_10_0.html





For More Information

Useful iPlanet information can be found at the following Internet locations:

 


Third-Party License Acknowledgements

===================================================================

Copyright (c) 1989 The Regents of the University of California. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
    This product includes software developed by the University of California, Berkeley and its contributors.
  4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSEARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

========================================================================

Copyright (C) 1987, 1988 Student Information Processing Board of the Massachusetts Institute of Technology.

Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.

========================================================================

This product contains the following software derived from RSA Data Security, Inc.

  • MD5 Message-Digest Algorithm

========================================================================

The source code to the Standard Version of Perl can be obtained from CPAN sites, including http://www.perl.com/.

========================================================================

This product incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code; the original compression sources are freely available from:

ftp://ftp.cdrom.com/pub/infozip/