Skip Headers
Oracle® Fusion Middleware Release Notes for Oracle Directory Server Enterprise Edition
11g Release 1 (

Part Number E28975-02
Go to Documentation Home
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
PDF · Mobi · ePub

5 Directory Proxy Server Bugs Fixed and Known Problems

This chapter contains important, product-specific information available at the time of release of Directory Proxy Server.

This chapter contains the following sections:


Bug information has been migrated from one database to another. If a bug number contains 8 digits, then the detailed bug information is currently stored in the Oracle bug database BugDB. If a bug number contains 7 digits, then the detailed bug information originated in the legacy Sun bug database Bugster. In these Release Notes, a bug number may be listed using the form BugDB#/Bugster#.

5.1 Directory Proxy Server Bugs Fixed in This Release

The following table summarizes all bug fixes contained in Directory Proxy Server 11g Release 1 (

Table 5-1 Directory Proxy Server Bugs Fixed in This Release

Bug ID Description


Client connections hang, the following is reported in the DPS error log: ERROR - Fatal uncaughtException in Worker Thread 29.


Commands dpconf get-ldap-data-view-prop and dpconf set-ldap-data-view-prop throw errors when executed for the Views, and has Regexes set for pattern matching properties.


Directory Proxy Server property attr-name-mappings does not work as designed.


Bind fails. OutOfMemory error indicates err=48.


Uncaught NullPointerException in


Directory Proxy Server does not normalize a correctly escaped DN.


In the Directory Proxy Server, the connection identifier is duplicated among different clients.


The group-search-bind-dn search fails under heavy load. Significant decrease in performance occurs.


When you use the attr-value-mapping operation to replace a physical value with a virtual value, the results using ODSEE are different from the results using DSEE


On Directory Proxy Server, on the SQL backend, search fails if the basesearch contains uppercase letters.


Proxy cannot be registered when listenAddress is set to an IP address in conf.ldif.


On Directory Proxy Server, when data-view-use-internal-client-identity: true, the incorrect connection handler is used for the rebind.


When Virtual Transformation attributes are used, the Directory Proxy Server does not send the correct search filter to the Directory Server backend; expected search results are not returned.


When setting a resource policy within DSCC, client-side size limits are ignored.


On Directory Proxy Server, searches using uppercase or mixed-case base DNs to a backend SQL database fail.


Directory Proxy Server does not properly execute virtual transformations on multiple objectclasses.


On Directory Proxy Server, the Directory Server monitoring thread fails, resulting in a flood of monitoring searches.


Issue with mechanism for displaying error message produces exception messages


On Directory Proxy Server, connectionidletimeout is not set correctly for the resource limit policy.


Directory Proxy Server fails to answer client requests.


On revert-add-on-failure error, Directory Proxy Server error message wrongly removes added entry.


The dpconf utility does not support multiple-values for pattern matching attributes.


Directory Proxy Server closes incoming connections before processing LDAP_BIND().


When implementing the policy to follow referrals, Directory Proxy Server returns a wrong DN.


When implementing the policy to follow referrals, Directory Proxy Server returns a wrong DN.


The affinitydataview setting of a client connection to an invalid dataview results in a load-balancing issue.


Directory Proxy Server instances hang on the majority of new incoming SSL connections.


Updated support controls are not shown in the root DSE entry.


Potential denial of service with Directory Proxy Server after applying patch


LDAP control changes do not display until server is restarted.


When accessing Directory Proxy Server through LDAPS over a slow network connection, the client request hangs or times out.


When a virtual transformation is used that impacts DN, search entries are dropped because the search filter does not recognize the virtual transformation.


When searching the entire LDAP directory, the ldapsearch process hangs and displays multiple "Unsolicited Responses."


Connection handler thread is blocked in disconnect(). New operations are not handled by the Directory Proxy Server.

5.2 Known Directory Proxy Server Limitations

SSLv2Hello Protocol is Not Enabled in Directory Proxy Server

If you are using Java 7 (which is the default case), the SSLv2Hello protocol is disabled. So any client trying to negotiate with SSLv2Hello will fail to establish a connection with Directory Proxy Server. This impacts dpconf and DSCC if they are using Java 6 and using the SSLv2Hello protocol.

To work around this problem, do one of the following: Run dpconf or DSCC in Java 7, or enable the SSLv2Hello protocol in Directory Proxy Server.

Do not change file permissions by hand.

Changes to file permissions for installed Directory Server Enterprise Edition product files can in some cases prevent the software from operating properly. Only change file permissions when following instructions in the product documentation, or following instructions from Oracle support.

To workaround this limitation, install products and create server instances as a user having appropriate user and group permissions.

Self-signed server certificates cannot be renewed.

When using dsadm and dpadm to create a self-signed server certificate, be sure you specify a validity long enough that you do not have to renew the certificate. For more information, see the Administrator's Guide for Oracle Directory Server Enterprise Edition.

Directory Proxy Server does not ensure atomicity with the join data view write operations.

To ensure atomicity, do not use the join data view for write operations. If you perform write operations on join data view, use an external mechanism to prevent or detect inconsistencies. You can monitor inconsistencies by monitoring Directory Proxy Server error log.

Wrong default value in man pages

The log-buffer-size (5dpconf) man page displays the wrong default size of the access log buffer. The default buffer size for access log is 1M.

The man pages for pattern matching distribution algorithm incorrectly show the respective properties as single-valued. The properties are multi-valued.

When Oracle is the JDBC source, the ldapsearch command does not return an attribute with an empty value.

Oracle handles an empty string as NULL. The empty string and NULL are both valid values for an LDAP entry, but it is not possible to distinguish the two in Oracle. This issue was corrected for other JDBC sources in issue 6766175, as noted in Directory Proxy Server Bugs Fixed in This Release.

5.3 Known Directory Proxy Server Bugs

This section lists the known issues that are found at the time of Directory Proxy Server 11g Release 1 ( release.


When changing the Directory Proxy Server certificate using DSCC, DSCC is no longer able to connect to the Directory Proxy Server. The Directory Proxy Server status indicates "Inaccessible."

As a workaround, go to the Proxy tab. Select and un-register the inaccessible server. Then register the server again.


If you do not provide a subject DN when creating a certificate request (using dpadm request-cert or DSCC), the default subject DN is cn=value,cn=value. The certificate request is issued without a warning, but the request is not accepted by most certificate authorities.

Similarly, if you do not provide a valid ISO 3166 country code when creating a certificate request (using dpadm request-cert or DSCC), the certificate request is issued without a warning, but the request is not accepted by the certificate authority.


The dpconf command binds as anonymous first when an SSL port is used. This may prevent the command from working in deployments where anonymous binds are rejected by the server.


The attr-value-mapping transformation comparisons are case-sensitive.


The Directory Proxy Server does not support IPv6 on windows.


If a Directory Proxy Server instance has only secure-listen-socket/port enabled through DSCC, and if the server certificate is not the default (for example, if it is a certificate-Authority-signed certificate), DSCC cannot be used to manage the instance.

To work around this problem, unregister the proxy server instance and then register it again. Alternatively, update the userCertificate information for the proxy server instance in the DSCC registry, using the server certificate.


If the Directory Proxy Server configuration property allow-bind-operations is set to false, it is not possible to connect on an SSL port using the dpconf command line argument with the -–secure-port option. Connection by Start TLS (default) or by clear connection (the -–unsecured option) are still possible.


Time limit and size limit settings work only with LDAP data sources.


After enabling or disabling non secure LDAP access for the first time, you must restart Directory Proxy Server for the change to take effect.


During installation on Windows systems, ODSEE relies on Windows permissions settings for file protection. Be sure your permissions are set appropriately.

To work around this issue, change the permissions on the installations and server instance folders.


After configuring alerts, you must restart Directory Proxy Server for the change to take effect.


Currently, GetEffectiveRights control is supported only for LDAP data views and does not yet take into account ACIs local to the proxy.


The modify DN operation is not supported for LDIF, JDBC, join and access control data views.