Skip Headers
Oracle® Fusion Middleware Release Notes
11g Release 1 (11.1.1) for IBM AIX on POWER Systems

Part Number E14771-32
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

26 Oracle Internet Directory

This chapter describes issues associated with Oracle Internet Directory. It includes the following topics:

26.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topic:

26.1.1 ODSM Browser Window Becomes Unusable

Under certain circumstances, after you launch ODSM from Fusion Middleware Control, then select a new ODSM task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.

As a workaround, go to the URL: http://host:port/odsm, where host and port specify the location where ODSM is running, for example, http://myserver.example.com:7005/odsm. You can then use the ODSM window to log in to a server.

26.1.2 In ldapdelete Command -V Should Be The Last Parameter

For certain platforms command ldapdelete considers everything after -v, as parameter. A typical ldapdelete command looks like this:

ldapdelete -h hostname  -p portname  -v 's' -D cn=orcladmin -w welcome1

For Linux x86-64 and Microsoft Windows x64 the command mentioned here works fine. However, for Solaris Operating System (SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium platforms the above command fails.

Workaround

Use the flag -v as the last parameter when running the ldapdelete command. For example:

ldapdelete -h hostname  -p portname -D cn=orcladmin -w welcome1   -v 's'

26.1.3 Bulkmodify Might Generate Errors

If Oracle Internet Directory is using Oracle Database 11g Release 1 (11.1.0.7.0), you might see ORA-600 errors while performing bulkmodify operations. To correct this problem, apply the fixes for Bug 7019313 and Bug 7614692 to the Oracle Database.

26.1.4 Upgrading from 10.1.2.0.2 Infrastructure to Application Server 11g Infrastructure

If Application Server 10.1.2.0.2 LDAP port number is less then 1024, then perform the following steps before running Upgrade Assistant:

  1. Change the permission of the following files:

    cd $ORACLE_HOME/bin "AS11G ORACLE_HOME"
    chmod 0710 oidmon         # only owner and group has execute permission 
    chmod u+s  oidmon 
    chown root oidldapd       # make oidldapd setuid root for security 
    chmod 4710 oidldapd       # only owner and group has execute permission
    
  2. Upgrade infrastructure by deselecting the "retain ports from source Oracle Home" option in Upgrade Assistant.

  3. If required, re-configure the necessary 10g configset properties in 11g Oracle Internet Directory (OID) instance, by following the instructions mentioned in Chapter 9 "Managing System Configuration Attributes" of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

  4. Restart OPMN processes.

26.1.5 Turkish Dotted I Character is Not Handled Correctly

Due to a bug, Oracle Internet Directory cannot handle the upper-case dotted I character in the Turkish character set correctly. This can cause problems in Oracle Directory Services Manager and in command-line utilities.

26.1.6 OIDCMPREC Might Modify Operational Attributes

By default, the oidcmprec tool excludes operational attributes during comparison.That is, oidcmprec does not compare the operational attributes values in source and destination directory entries. During reconciliation of user defined attributes however, operational attributes might be changed.

26.1.7 OIDREALM Does Not Support Realm Removal

The oidrealm tool supports creation, but not deletion, of a realm. A procedure for deleting a realm is provided in Note 604884.1, which is available on My Oracle Support at https://support.oracle.com/.

26.1.8 Apply Patch to Oracle Database 11.2.0.1.0 to Fix Purge Job Problem

If you use Oracle Database 11.2.0.1.0 with Oracle Internet Directory, apply Patch 11.2.0.1.3 PSU to Oracle Database. Purge jobs do not function properly without this patch.

26.1.9 SQL of OPSS ldapsearch Might Take High %CPU

The SQL of an OPSS one level ldapsearch operation, with filter "orcljaznprincipal=value" and required attributes, might take unreasonably high %DB CPU. If this search performance impacts the overall performance of the machine and other processes, you can alleviate the issue by performing the following steps in the Oracle Database:

  1. Log in to the Oracle Database as user ODS and execute the following SQL:

    BEGIN
    DBMS_STATS.GATHER_TABLE_STATS(OWNNAME=>'ODS',
                                  TABNAME=>'CT_ORCLJAZNPRINCIPAL',
                                  ESTIMATE_PERCENT=>DBMS_STATS.AUTO_SAMPLE_SIZE,
                                  CASCADE=>TRUE);
    END;
    /
    
  2. Flush the sharedpool.

26.1.10 If you Start the Replication Server by Using the Command Line, Stop it Using the Command Line

If you start the replication server by using the command line, stop it by using the command line. If you attempt to stop it by using Oracle Enterprise Manager Fusion Middleware Control, the attempt fails.

26.1.11 Users with Non-ASCII Names Might Encounter Problems when Using ODSM with SSO

When ODSM is configured to use Oracle Access Manager 11g Release 1 (11.1.1.2) for single sign-on, a user whose name contains non-ASCII characters might observe the following issues after logging in:

  • The user name displayed on the Home page is garbled.

  • Single sign-on connections to Oracle Virtual Directory servers do not appear in the list of connections.

26.2 Configuration Issues and Workarounds

This section describes configuration issues and workarounds. It includes the following topics:.

26.2.1 Re-Create Wallet After Moving Oracle Internet Directory from Test to Production

If you configure Oracle Internet Directory to use SSL in server authentication mode or mutual authentication mode on your test machine, and then move Oracle Internet Directory to a production machine, re-create the Oracle Internet Directory wallet on the production machine.

The old wallet contains the hostname of the original machine as the DN in the certificate. This host name in the DN is not changed during the test to production move. Re-create the wallet on the production machine to avoid SSL communication issues.

26.2.2 oracleRoot.sh Fails with Syntax Error During Oracle Internet Directory Configuration

When you configure Oracle Internet Directory (OID) for privileged ports as mentioned in Section "Configure the First Oracle Internet Directory Instance" of Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management, the config wizard prompts the following when you run oracleRoot.sh:

Do you want to run oidRoot.sh to configure OID for privileged ports? (yes/no)

If you select yes, the script execution fails with the following error:

/u01/app/fmw/idm/oracleRoot.sh: line 47: syntax error: unexpected end of file

To workaround this issue, modify oracleRoot.sh file located in the ORACLE_HOME directory. Modify the following line:

fi# This command path is not already provided in the existing root.sh:

TO

fi
# This command path is not already provided in the existing root.sh:

Rerun oracleRoot.sh to continue configuring Oracle Internet Directory.

26.3 Documentation Errata

This section describes documentation errata. It includes the following topics:

26.3.1 Bulkdelete Deletes Entries, not Attributes

The section on bulkdelete in the "Performing Bulk Operations" chapter of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory is entitled "Deleting Entries or Attributes of Entries by Using bulkdelete." This title is misleading. You can only use bulkdelete to delete entire entries or subtrees. The first sentence in that section is also misleading and should be ignored.

26.3.2 ODSM Section Should Refer to Oracle Internet Directory

The Chapter 7 section of Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory entitled "Single Sign-On Integration with Oracle Directory Services Manager" contains references to Oracle Virtual Directory. It should actually refer to Oracle Internet Directory.

26.3.3 Incorrect Bug Numbers in Prerequisites for Rolling Upgrade

The bug fix numbers listed in the Prerequisites section of the "Performing Rolling Upgrades" appendix to Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory are incorrect. They should be as follows:

  • If you have Oracle Internet Directory Version 11.1.1.2.0, apply the fix for bug number 10431688 on each Middleware Oracle home.

  • If you have Oracle Internet Directory Version 11.1.1.3.0, apply the fix for bug number 10431664 on each Middleware Oracle home.

26.3.4 Default orclcryptoscheme Value is SSHA

In Oracle Internet Directory 11g (11.1.1.3) and (11.1.1.4), the default value of orclcryptoscheme is SSHA. The documentation is incorrect in the following places:

  • Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Table 9-3, "Attributes of the DSE."

  • Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, Chapter 30, "Managing Password Verifiers," in the section "Hashing Schemes for Creating Userpassword Verifiers."

  • Oracle Fusion Middleware Reference for Oracle Identity Management, Chapter 8, "LDAP Attribute Reference," entry for orclcryptoscheme.

26.3.5 Setting Up Oracle Internet Directory SSL Mutual Authentication

Neither Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory nor Oracle Fusion Middleware Administrator's Guide describes how to set up Oracle Internet Directory SSL Client and Server Authentication. This information is provided in Note 1311791.1, which is available on My Oracle Support at:

https://support.oracle.com/

26.3.6 ODSM Schema Tab is Available to Non-Super User

Section 7.4.1.2, "Non-Super User Access to Oracle Directory Services Manager," in Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory, states that if you log in as a user other than the super user, you can access only the Home and Data Browser tabs. Actually, you can access the Schema tab as well.

26.3.7 Wrong Command and Path in Appendix P of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory

Two errors have been noted in Appendix P, "Starting and Stopping the Oracle Stack."

In Step 2 of P.1 "Starting the Stack,"

MW_HOME/user_projects/domains/DOMAIN_NAME/bin/startManagedWebLogic.sh

should be

MW_HOME/user_projects/domains/DOMAIN_NAME/bin/startWebLogic.sh

In Step 3 of P.1 "Starting the Stack,"

MW_HOME/user_projects/domains/DOMAIN_NAME/bin/startNodeManager.sh

should be

MW_HOME/wlserver_10.3/server/startNodeManager.sh

26.3.8 Missing Option to opmnctl updatecomponentregistration in Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory

In Chapter 10, "Managing IP Addresses," the opmnctl updatecomponentregistration command is missing the -Sport option. Both -Port and -Sport are required for this command.

26.3.9 Update Component Registration Whenever You Change Certain Instance-Specific Attributes

You must update the registration of an Oracle Internet Directory component in a registered Oracle instance by running opmnctl updatecomponentregistration whenever you change any of the following instance parameters:

Table 26-1 Attribute Changes Requiring Update of Component Registration

Attribute Section of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory

orclhostname

"Attributes of the Instance-Specific Configuration Entry" in Chapter 9

orclnonsslport

"Attributes of the Instance-Specific Configuration Entry" in Chapter 9

orclsslport

"Attributes of the Instance-Specific Configuration Entry" in Chapter 9

userpassword

"Changing the Password for the EMD Administrator Account" in Chapter 12


In versions of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory released in January, 2011 or earlier, there are several statements to the effect that you do not need to run opmnctl updatecomponentregistration if you use Oracle Enterprise Manager Fusion Middleware Control or WLST to change the parameter. This is not true. You must always run the command after changing any of these parameters. See "Updating the Component Registration of an Oracle Instance by Using opmnctl" in the "Managing Oracle Internet Directory Instances" chapter of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directoryfor more information.