Release 9.0.3.0.0 for Linux
Part Number B10231-01
 Contents |
| Oracle Collaboration Suite Release Notes Release 9.0.3.0.0 for Linux Part Number B10231-01 |
|
This chapter summarizes management and security issues associated with Oracle9i Application Server. Topics include:
This section contains the following topics:
This section describes known issues associated with Oracle Collaboration Suite Search.
If a user performs more than one search at a time, then the searches are not executed in parallel, but rather in sequence, one at a time. Users do not see the results of a second search until the first search completes.
Action: None
With search criteria returning many results, it is possible that an Oracle Email or Web site search takes an extraordinary amount of time to complete. In these cases, the search never times out. Regardless of any subsequent user actions, the database continues performing the search until it completes, which can capture valuable CPU time on the database server.
Action: None
The Oracle Collaboration Suite Web searching component is configured to search Web sites that have been crawled by Oracle Ultra Search. The Oracle Collaboration Suite Web searching component is not configured to search other repositories crawled by Oracle Ultra Search, such as generic database tables, Oracle Portal, or e-mail repositories. Although Oracle Collaboration Suite Search does search Oracle Email.
This section describes known issues associated with globalization.
Oracle Collaboration Suite fully supports deployment with global users using multiple languages. The single exception is the Oracle Calendar Server, which supports only Western European languages.
Oracle Collaboration Suite user interface is available in ten languages: English, Brazilian Portuguese, French, German, Italian, Japanese, Korean, Spanish, Simplified Chinese, and Traditional Chinese.
Perform the following steps to globally deploy Oracle Collaboration Suite:
runInstallerNLS
$ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst d 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst e 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst f 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst i 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst ptb 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst ja 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst ko 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst zhs 1 $ORACLE_HOME $ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/sso/lib/ossoca.jar langinst zht 1 $ORACLE_HOME
runInstallerNLS
$ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang d -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang e -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang f -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang i -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang ptb -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang ja -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang ko -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang zhs -available -silent -m portal -verbose $ORACLE_HOME/assistants/opca/ptlasst.csh -mode LANGUAGE -s PORTAL -c myhost.domain.com:1521:iasdb -lang zht -available -silent -m portal -verbose
It asks for the Portal schema password. It can be retrieved in Internet Directory, with dn:
OrclResourceName=portal_user,orclReferenceName=sid.myhost.domain.com,cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext
myhost.domain.com:1521:iasdb specifies the connect string to the infrastructure database. The format should be host name:port:sid. Default port and SID are 1521 and iasdb respectively.
When starting installation, install all language translations:
runInstallerNLS
Use the default files or the UM storage database, or create custom databases with UTF8 character set.
This section describes known issues associated with Oracle Portal.
If a user is a member of a group whose GUID is not visible to the Portal application, then the user is unable to login. A numeric or value error is raised during wwsec_oid.update_flat_table. This is because the procedure assumes that a GUID exists for every group that is returned by dbms_ldap_utl.get_group_membership. If a subsequent call to dbms_ldap_utl.get_property_names returns no property names then the procedure raises the numeric or value exception.
This section describes known issues associated with Oracle Internet Directory.
Delegated Administration Services (DAS) hangs whenever the Oracle Internet Directory server is down or restarted because of a process crash or administrative maintenance routine.
Workaround: Restart the Delegated Administration Services (DAS), using opmnctl tool.
The Oracle Internet Directory server crashes intermittently during heavy loads.
Workaround: Apply the RDBMS patch for bug 2514005.
If Oracle Internet Directory is configured to use e-mail addresses as the nickname, then Oracle Files users cannot use Web Folders to access Oracle Files.
Action: Configure Oracle Internet Directory to use the Common Name (cn) attribute as the OrclCommonNicknameAttribute.
The Files Oracle Internet DirectoryUserSynchronizationAgent synchronizes new Oracle Internet Directory users into Oracle Files by querying for all the users in Oracle Internet Directory. The agent fails if the Oracle Internet Directory Query Entry Return Limit parameter is set to a number less than the total number of users in the subscriber.
Action: Set the Query Entry Return Limit parameter to a value larger than the number of users.
In this release, the following directory information tree elements are created by default:
cn=OracleContext. This is the container where Oracle products store enterprise-wide configuration data.
dc=dns_domain_of_machine,dc=com. This is an approximation of the enterprise DIT structure. This is the container under which Oracle products expect to find users and groups in the enterprise. For example, if Oracle9i Application Server is being installed on a machine whose host name is: machine1.us.acme.com, then the default subscriber tree created by Oracle9i Application Server installation would be dc=acme,dc=com. Oracle products expect to find all users under the container cn=users,dc=acme,dc=com and all groups under cn=groups,dc=acme,dc=com. In addition to creating the default subscriber entry, the Oracle9i Application Server Configuration Assistant stores a pointer to it in the Root Oracle Context so that other Oracle9i Application Server enabled components can bootstrap themselves.
For enterprises that have already rolled out a directory, the default subscriber may not match the actual enterprise directory information tree requirements. For example, if a company wants to store all of it's users in a different container like o=acme,c=us, then the default tree that is created by Oracle9i Application Server installation is not sufficient.
To designate an alternate entry in Oracle9i Application Server as the default subscriber, perform the following tasks
oidca to configure the enterprise-specific directory entry as the default subscriber. To do this, use the following arguments:
$ORACLE_HOME/bin/oidca /createDefaultSubscriber [/help] - optional to show usage /host oid_host /port oid_port /userDN bindDN /userPwd bindDN_password
/subscriberDN subscriber_DN_to_be_turned_into_a_default_subscriber
Oracle Internet Directory Release 9.0.2.1.0 is certified against Oracle9i Database Server Release 1 (9.0.1.2.0) only.
Oracle Directory Manager 9.0.2.1.0 is certified to work against Oracle9i Application Server Release 9.0.2.1.0 servers. Older versions of Oracle Directory Manager may also function against the new release of the server, but new functionality is not accessible from these older clients.
The database used as the data store for Oracle9i Application Server should be dedicated to Oracle9i Application Server. Because Oracle9i Application Server itself accesses its backend database as a regular database user, using LDAP-enabled features in some other Oracle products can cause circular dependencies. Oracle Corporation recommends that you not use the following database access mechanisms for Oracle9i Application Server database connections:
You can now run multiple instances of the directory server on the same computer, each in its own distinct ORACLE_HOME directory. For example, one instance can run in SSL mode while the other can run in non-SSL mode (although with Oracle9i Application Server Release 9.0.2.1.0, separate instances are not necessary to do this).
If you are using the Oracle9i Application Server server software binaries on a computer other than the one where your database binaries are located, then all directory server instances using a given database instance must be co-located.
For example, running a directory server instance on Computer A and another on Computer B, both using a common SID defined on Computer C is not supported. However, running two distinct directory server instances on Computer A against a database on Computer B is supported.
These configurations require two separate installations of the complete Oracle9i Application Server component on both the intended LDAP server computer and the database computer. On the LDAP server computer, the database installed with it is never used and, after installation, can be safely removed. On the database computer, the LDAP server binaries are never used and, after installation, can also be safely removed.
If you use the Oracle Directory Integration Platform in a replicated environment consisting of more than one Oracle9i Application Server server nodes, then you must set the orcldiprepository attribute in the DSE root to 1. This enables the server to generate the change log entries for changes coming from the other Oracle9i Application Server nodes. By default, the server does not generate these change log entries. The change log entries are required for directory data to be synchronized with third-party directories and metadirectories.
Binary attributes cannot be imported or exported from the directory.
When synchronizing user data, the iPlanet connector does not synchronize the schema changes automatically. To perform this synchronization, you use $ORACLE_HOME/bin/schemasync.
The SSL mode between the Oracle directory integration server and the iPlanet Directory is not supported in Release 9.0.2.1.0. However, the SSL mode is supported in this release between the Oracle directory integration server and Oracle9i Application Server. Because the Oracle directory integration server can be run from anywhere, it can be co-hosted with the iPlanet Directory.
The iPlanet connector comes with default import and export profiles that are used for synchronization. Before using the iPlanet export connector, you must subscribe to Oracle9i Application Server change events. Otherwise, the change events are purged before they are used by the iPlanet connector.
To subscribe to change events, the default export profile requires setting the orclsubscriberdisable flag to FALSE. By default, this flag is set to TRUE. To set the orclsubscriberdisable flag to FALSE, use the ldapmodify command-line tool with the LDIF file in ORACLE_HOME/ldap/odi/conf/iplpurgedisable.ldif.
If the iPlanet connector is deployed for a two-way synchronization between Oracle9i Application Server and iPlanet Directory Server, then deletion of entries in the iPlanet Directory originally created in Oracle Internet Directory are not propagated to Oracle9i Application Server. Such entries must be deleted in Oracle9i Application Server.
Configset0 for Starting Oracle Directory Integration Server Is Reserved For Oracle Provisioning Integration Service
If you use Oracle directory integration server for synchronization--for example, with an iPlanet Directory Server--then use any configuration set entry except configset0 when you start the directory integration server. Configset0 is reserved for running Oracle directory integration server for the Oracle Provisioning Integration Service.
The data interface type, which indicates the type of interface used for synchronization between Oracle9i Application Server and a connected directory, provides a DB option in the user interface. However, selecting the DB option evokes an error message that states that the option is not supported in the directory server.
While configuring a directory integration profile, a hostname attribute, indicating the host on which the agent is to be run, is shown in Oracle Directory Manager. The value given in that field has no impact on the execution of the agent.
In the upgrade process, the Oracle Directory Integration Platform does not come up by default. The Oracle directory integration server needs to be registered and started explicitly after an Oracle9i Application Server upgrade.
To upload mapping and configuration information for Oracle Directory Integration Platform agents into Oracle9i Application Server connector profile entries, use ldapUploadAgentFile.sh. The following table lists and describes the arguments.
The following table has two columns, one heading row, and eight body rows. Each body row provides an argument in the left column and a description of that argument in the right column.
The Oracle directory server and database tools are no longer restricted to run on a UTF8 database. However, if the character set of the data in the client request differs from that in the directory server database, and if that client data cannot be mapped to the database character set, then there may be data loss during LDAP add, delete, modify, or modifydn operations. Oracle Corporation recommends that the client and database character sets be the same if the database underlying the Oracle directory server is not UTF8.
oidstats Must Be Run
If bulkload.sh is not used to populate the directory, then $ORACLE_HOME/ldap/admin/oidstats.sh must be run. Otherwise, significant search performance degradation may occur.
The DBMS_STATS() PL/SQL package may be used instead of the oidstats.sh script.
Oracle9i Application Server supports failover in a clustered environment by using logical hosts described in "Managing Failover in Clusters" in the Oracle Internet Directory Administrator's Guide Use of logical hosts in a replication environment requires a fresh installation of Oracle9i Application Server. It also requires the use of logical host names while configuring the replication agreement. If you are upgrading from an existing pre-3.0.1 replication environment where host names in the existing replication agreement differ from the logical host names, then replication fails.
In Oracle9i Application Server Release 9.0.2.1.0, connection-time failover works. Transparent application failover does not always work, but, when it fails, it falls back to connection-time failover.
You cannot use catalog.sh to create an index on an attribute if the attribute has more than 28 characters in its name.
You must assign a matching rule supported by Oracle9i Application Server to any new attribute definition before indexing that attribute. See the Oracle Internet Directory Administrator's Guide for more details on using the catalog.sh utility and on supported matching rules and their syntax.
When an attribute with integerMatch for EQUALITY is indexed by using catalog.sh, the matching rule of the attribute operates like a string rather than an integer.
Oracle9i Application Server Release 9.0.2.1.0 supports entry alias de-referencing in LDAP operations, but not attribute de-referencing.
The Oracle directory server does not verify the syntax of the attribute values entered by users during entry addition and modification.
LDAP clients using SSL Version 2 can sporadically experience Can't Contact LDAP server errors when attempting to bind to Oracle9i Application Server servers.
In Oracle9i Application Server Release 9.0.2.1.0, the directory server replication processes can use SSL (Mode 1 - No Authentication) to connect to SSL-based directory server processes. Previous releases of Oracle9i Application Server did not have this capability.
This is because the greatest entry cache performance improvements are achieved when the "working set " of entries in a deployment are up to a few 100k of entries, and client concurrency of up to a 1000 clients--that is, when the "working set" of entries are completely cached and a single server can handle all the concurrent clients.
The OIDCTL command-line tool takes an SSLAUTH argument whenever server=odisrv is specified. Contrary to the documentation, the legal values for sslauth are 0, 1, and 2, corresponding to the meanings in the following table.
The following table has two columns, one heading row, and three body rows. The third body row contains several paragraphs in the cell in its right column. Each row provides an argument in the left column (0, 1, or 2) and an explanation of that argument in the right column.
With Oracle Internet Directory Release 9.0.2.1.0, the use of plain wallets--that is, unencrypted ewallets--is no longer supported. These are replaced by local or encrypted wallets--that is, cwallet.sso wallets that are encrypted on the file system. Because they are not encrypted, plain wallets require a user name and password. By contrast, local wallets, which store their own passwords in encrypted form, do not require passwords for their owners to open them. When the operating system user who created the local wallet opens it, the wallet password is decrypted and used to read the wallet contents.
The local wallet is encrypted by using operating system-specific data, including the user name and host name, and only the system user who created it can open it. For this reason, Oracle9i Application Server server-side wallets specified in the SSL configuration set entry (or in the flags passed to OIDCTL and ODISRV) must be created by the same operating system user who owns the Oracle9i Application Server executables. Otherwise, SSL-enabled Oracle9i Application Server listeners cannot use them for two-way SSL authentication.
Chapter 11 of the Oracle Internet Directory Administrator's Guide states that the default port for non-SSL LDAP processes is 839. This should read 389 as stated elsewhere in the documentation.
Entries under Root Oracle Context are excluded from any password policy.
If a subscriber does not specify its user search base, then the Root Oracle Context password policy applies to all users in the domain of that subscriber. If a user search base in specified by the subscriber, then the password policy under the Subscriber Oracle Context applies to all of its users.
During upgrade from any 9i version of Oracle9i Application Server, the existing password policy is moved to the Root Oracle Context.
Oracle9i Application Server password policies do not apply to the Oracle9i Application Server authpassword and orclpasswordverifier verifier attribute types.
When Oracle9iAS Portal is installed, a user entry is created under the default user creation base for the default subscriber, cn=PUBLIC,cn=users,o=mycompany,dc=com. This entry represents any unauthenticated user, and is required for proper operation of Oracle9iAS Portal and Oracle9iAS Single Sign-On. This user account should not be removed. If this user entry is missing, then significant performance degradation can occur in the directory server because of repeated attempts to locate the entry.
If you are configuring Oracle9iAS to use an existing directory information tree (DIT), then be sure that the default user search base includes a user named PUBLIC for this purpose. For a user base of cn=users,o=oracle,dc=com, this entry has the following definition:
dn: cn=PUBLIC,cn=users,o=oracle,dc=com cn: PUBLIC sn: PUBLIC objectclass: top objectclass: person objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: orclUser objectclass: orclUserV2
Whenever you change the Oracle9i Application Server database user ODS password by using the OIDpasswd utility, run the new OIDemdpasswd utility. This enables the Oracle Enterprise Manager Daemon to properly cache the ODS password. Without this step, the Oracle Enterprise Manager Daemon cannot contact the ODS schema, and you cannot monitor Oracle9i Application Server processes from the Oracle Enterprise Manager.
To run any bulk tools, first disable the entry cache. Otherwise results returned for subsequent queries will be incorrect.
The section in the Oracle Internet Directory Administrator's Guide about creating new directory replication groups (DRGs) assumes that there is no pre-existing directory data on any of the nodes being used for the DRG.
In Oracle Internet Directory Release 9.0.2.1.0, you cannot create a directory replication group from an existing, non-replicating single Oracle9i Application Server node by using the documented "add a node" procedure. That procedure assumes you have an existing DRG and wish to increase the number of participating nodes by one. In this case, you need to ensure that there is no pre-existing data on the new node. Any pre-existing data is not replicated back to the other participants in the existing DRG. If it is necessary to replicate pre-existing data, then do the following:
-L option.
Once a directory server instance is participating in a replication agreement, do not use bulkload.sh to add data into the node. Use ldapadd instead.
The directory replication server does not always preserve the spaces between RDN components in the DN during entry replication. In some rare cases, it may not preserve the case of the letters in the DN.
Data for server configuration, replication agreement, audit log, directory server statistics, event, and DSE root-specific data are not replicated between servers in a directory replication group.
Oracle9i Application Server components output their log and trace information to log files in the ORACLE_HOME environment. The following table lists the components and the corresponding names and locations of the log files for these components.
The following table has two columns, one heading row, and nine body rows. Each body row provides an Oracle9i Application Server component in the left column and an associated log file location (directory path) and name in the right column.
Approximate matching, also called fuzzy matching, of entries is not supported.
To generate LDIF-formatted output from the ldapsearch command-line tool, use the -L flag.
The Catalog Index Management tool (catalog.sh) enables you to:
Be careful not to use the catalog.sh -delete option to remove indexes on attributes unless you are absolutely sure that the indexes were not created by the base schema installed with Oracle9i Application Server. Removing indexes from base schema attributes can adversely impact the operation of Oracle9i Application Server. Also see the server side limitations on indexed attributes in Sections through. You must restart the instances of the Oracle directory server process to recognize the newly cataloged attribute.
-r Option Is Not Supported
Using the ldapadd utility with the -r option should replace the entry if there is an entry with the same DN already in the directory. An Object already exists message is evoked when an entry of the same distinguished name already exists in the directory information tree.
The Oracle Directory Manager provides an easy-to-use graphical user interface for administering data and policies in Oracle9i Application Server. It can be launched through the command-line invocation oidadmin.
The version of Oracle Directory Manager shipped with Release 9.0.2.1.0 works with only the following versions of the Oracle9i Application Server server:
Administering LDAP directories other than Oracle9i Application Server with Oracle Directory Manager is not supported.
Oracle Directory Manager Shows Timestamp Properties Incorrectly for Operational Attributes (Bug 1477787)
All operational timestamp attributes are stored in server as GMT timestamp. But Oracle Directory Manager displays them as local timezone-based.
Oracle Directory Manager Cannot Be Used to Add Object Classes to Existing Entries.
Oracle9i Application Server allows existing entries to be extended--that is, support additional attributes--by adding object classes to their objectClass attribute. You cannot perform this form of schema extension by using Oracle Directory Manager. Rather, you can do it can only by using command-line tools. Be careful never to create schema inconsistencies--for example, an attribute that does not contain a required value. To avoid inconsistencies when extending entries, use auxiliary object classes with only optional attributes.
Moving the Scroll Bar on The Help Window Sometimes Crashes the Oracle Directory Manager Session
Oracle Directory Manager online help scrolling can cause the crash of the Java Virtual Machine in a simplified Chinese environment. This problem is seen only on some computers. If you encounter this problem, then replace the contents of the Chinese help to English in the jar file. To achieve this, enter the following commands:
cd /tmp jar xf $ORACLE_HOME/ldap/oidadmin/osdadminhelp.jar mv -f oracle/ldap/admin/help/ldap/* oracle/ldap/admin/help/ldap_zh_CN/ mv -f $ORACLE_HOME/ldap/oidadmin/osdadminhelp.jar $ORACLE_HOME/ldap/oidadmin/osdadminhelp.jar.bak jar cf $ORACLE_HOME/ldap/oidadmin/osdadminhelp.jar oracle jar tf $ORACLE_HOME/ldap/oidadmin/osdadminhelp.jar
During "User Delete" confirmation message, the browser refresh gives Null exception (bug 2035381).
The Cancel button must be used to exit Edit User page (bug 2288441).
If the Cancel button is not used to exit from the Edit User page in the Delegated Administration Service, then incorrect user data may be displayed the next time the Edit User page is displayed.
The online help available on the Delegated Administration Service home page is available only in English (bug 2268393).
Uploading JPEG photographs for users fails when there are multibyte characters in the user name (bug 2154745).
Deselecting the Enable Subscriber Logo check box does not work (bug 2285575).
This section describes known issues with Oracle Workflow.
To integrate Oracle Workflow with Oracle Internet Directory, Oracle9iAS Single Sign-On, and Oracle Files, complete the following steps.
$ORACLE_HOME/wf/install/wfinstallNOTE:
The following table has two columns, one heading row, and eight body rows. Each body row provides a descriptor property in the left column and a corresponding property selection in the right column.
http://<server_name>[:<portID>]/pls/<your workflow DAD>/wfa_html.home
Alias /OA_JAVA/ "<$ORACLE_HOME>/wf/java/" Alias /OA_MEDIA/ "<$ORACLE_HOME>/wf/java/oracle/apps/fnd/wf/icons/" Alias /OA_DOC/ "<$ORACLE_HOME>/wf/doc /"
LDAP HOST - <oid hostname> LDAP PORT - <oid port> LDAP ADMIN - usually cn=orcladmin LDAP ADMINPWD - <above admin's passwd usually ias_admin passwd> CHANGELOG LOCATION - usually cn=changelog USER BASE DIRECTORY - cn=users,dc=us,dc=oracle,dc=com
wfsecs.pls wfsecssb.pls WFLDAPB.pls
$ORACLE_HOME/wf/sql/wfdircsv.sql
ORACLE.APPS.WF.PUBLIC.USER.CHANGE.
wf_ldap.synch_all
This is the PL/SQL procedure to sync all Oracle Internet Directory users.
wf_ldap.synch_changes
This is the PL/SQL procedure that allows you to specify how often to sync Oracle Internet Directory and Oracle Workflow users.
<Location <dad of workflow> > require valid-user AuthType Basic </Location>
PlSqlDatabaseUserName - usually owf_mgr PlSqlDatabasePassword - <wf_schema_password>
This section describes known issues associated with Oracle9i Application Server.
If you make manual changes to the configuration files for these components:
Your changes will not be reflected in the DCM repository.
To propagate your manual edits back to the DCM repository, run the following command after making any edits, either manually or through the Oracle Enterprise Manager.
dcmctl updateconfig ohs dcmctl updateconfig oc4j
This is also the case if you created, modified, or deleted DADs or modified the mod_plsql cache setting using the Oracle Enterprise Manager.
If you change the ias_admin password using emctl, then you must restart the Oracle Enterprise Manager Web Site with the following commands:
> emctl stop > emctl start
The configuration file for OPMN, opmn.xml, is in UTF-8 encoding. The code that parses opmn.xml is written in C, and the data in opmn.xml is handled as UTF-8 bytes. This causes problems when the data is not converted to the right encoding. For example, if the default encoding of your operation system is EUC-JP, the directory is created using UTF-8 data. The multibyte instance name then becomes inaccessible.
As a workaround, avoid using multibyte characters for contents such as instance names and environment variables in opmn.xml.
Several Oracle9iAS components require the clocks on the machines on which they run to be synchronized. You can synchronize the clocks by running the Network Time Protocol (NTP) daemon on these machines. You do this by starting xntpd or a similar daemon process.
There are several ways to configure how to load an application.
When the Oracle Enterprise Manager Home Page is opened, the OC4J metrics are not displayed. Refresh the page in order to see the metrics.
You cannot change the ias_admin password using a translated version of the Enterprise Manager Web site. This is because the Preferences link on the Instance Home Page is disabled.
You can change the ias_admin password using the following command:
ORACLE_HOME/bin/emctl set password new_password
If you run opmnctl restart or restart OC4J by other means, and EMD is running, then you might see the following error messages in the ORACLE_HOME/Apache/Apache/error_log file:
[Wed Apr 3 12:09:50 2002] [error] MOD_OC4J_0082: Failed to call gethostbyname() for host name: UNAVAILABLE. [Wed Apr 3 12:09:50 2002] [error] MOD_OC4J_0019: Failed to resolve network address of worker: home_15's host: UNAVAILABLE and port: 3003. [Wed Apr 3 12:09:50 2002] [error] [client 130.35.92.190] MOD_OC4J_0138: Failed tovalidate network worker: home_15 with host: UNAVAILABLE and port: 3003. [Wed Apr 3 12:09:50 2002] [error] [client 130.35.92.190] MOD_OC4J_0141: Failed to validate host: UNAVAILABLE and port 3003 for network worker: home_15.
You can ignore these error messages. They will not cause any problems.
In attributes that specify paths, make sure that the paths are relative to Oracle home. Otherwise, your cluster members may not run properly.
Oracle Enterprise Manager does not support multiple locales. The following components use the browser's locale when displaying pages in Oracle Enterprise Manager:
All other management pages use the Java default locale when displaying pages.
BC4J JSP, UIX JSP, and UIX XML applications from JDeveloper that are deployed to Oracle9iAS through the Enterprise Manager deployment functionality runtime will result in a runtime rendering data access error. This happens only if data source information is added subsequently through Enterprise Manager and not pre-packaged already in the EAR file from JDeveloper.
If the EAR file generated from JDeveloper does not package the data source information, or if the "deploy to EAR files" option is chosen instead of "deploy to connection," and if that information is subsequently added through the Enterprise Manager through the edit data sources functionality, then the UIX/JSP and UIX/XML applications cannot run successfully due to runtime rendering error.
To avoid the error, do not add the data sources information after deployment through EM. Instead, package the EAR file with the data sources information from JDeveloper prior to deployment through EM. While creating the UIX/JSP or the UIX/XML application from JDeveloper, instead of just deploying to an EAR file, deploy to any existing connection, including dummy connections. That process will create an EAR file with the data sources information packaged.
If deploying to a dummy connection, then although the process will result in deployment errors in JDeveloper, it will create an EAR file that includes the data source information that can be successfully deployed to Oracle9iAS.
If the user manager for OC4J is changed from JAZN LDAP to JAZN XML, the change is not picked up dynamically. OC4J continues to use JAZN LDAP as the user manager.
In order to effect the change to JAZN XML, restart the OC4J instance.
Oracle Enterprise Manager web pages may show an incorrect status of Oracle Internet Directory (OID). The status may show that OID is down when it is actually up and running. This problem is caused by the Perl executable not being in the /usr/local/bin directory. It can be solved as follows:
which command. For example:
> which perl
A full path name is displayed. Assume /perl_path/perl for this discussion
/usr/local/bin/perl as follows:
> ln -s /perl_path/perl /usr/local/bin/perl
To configure JAAS, perform the following tasks:
ORACLE_HOME/sysman/j2ee/config/jazn.xml in a text editor.
jazn.xml file:
<property name="ldap.service" value="ldap://localhost:389"/> <property name="ldap.user" value="cn=oracladmin"/> <property name="policymgr.provider" value="LDAP"/>
If "localhost" does not work in your environment, then you may need to replace it with the actual name of your Oracle Internet Directory (OID) server. Similarly, you may need to replace the port number if your OID server does not use the default port of 389.
ldap.password property by entering the password you used for OID server login. Be sure to include an exclamation point (!) before the password to encrypt it. For example:
<property name="ldap.password" value="!manager1234"/>
jazn.xml file and restart the Enterprise Manager Web site.
A condition has been discovered that will cause the Wireless status to be displayed (in Oracle Enterprise Manager) as Down, even though it is in fact Up. This occurs when more than one Oracle home directory exists on a single machine.
If you have more than one Oracle Home directory on a single machine, then make the following changes to the Oracle9iAS Middle Tier (including Oracle Wireless) installation:
ORACLE_HOME/Wireless/sample/runpanamaserver.sh, just after the first line ("#!/bin/sh"):
ORACLE_HOME=${1}
ORACLE_HOME\Wireless\samplerunpanamaserver.bat:
set ORACLE_HOME=%1
If the language environment is non-English, and the /usr/local/lib/tcl8.2/encoding/*.enc Tcl interpreter encoding definition files are installed on the node, OEM Intelligent Agent may not work properly with non-English characters. As a result, OEM jobs may fail to execute or return corrupted strings. If the above encoding definition files are not present, this problem should not occur.
The solution to this problem is to create empty Tcl interpreter encoding definition files at the following location:
$ORACLE_HOME/lib/tcl8.2/encoding/*.enc
To do so, perform the following steps:
% cd $ORACLE_HOME/lib % mkdir tcl8.2 % cp -pr /usr/local/lib/tcl8.2/encoding tcl8.2 % cd tcl8.2/encoding
% agentctl stop % agentctl start
Note that the NLS_LANG and LANG environment variables must be defined with appropriate values before Oracle Intelligent Agent is restarted.
Concurrent administrative operations on a cluster are not supported in Oracle9iAS Release 9.0.2.1.0. Configuration information for clusters is stored in a central repository. All members of the cluster have access to this repository. This keeps configuration consistent across the cluster. Because the objects in the repository are shared across the cluster, concurrent write access to these objects is not allowed.
You cannot log on to OEM of a secondary instance after it is made active during deinstall of first instance. As a workaround, perform the following steps:
ORACLE_HOME/bin and issue "emctl set password..."command with a new password.
emctl. In addition, "emctl stop" will not work as the password will not be accepted. When you issue "emctl start" directly, assuming the OEM service is up and running, the following option appears:
An instance of EMD is already running. Do you want to shut it down first [Y or N]
Select "Y" and click enter.
The status shows is:
Waiting for EM to initialize... Started.
In addition, use this workaround before any subsequent installs on the same host.
Using Microsoft Internet Explorer 5.5 in a Simplified Chinese environment, you are unable to go to the next step, or edit/delete "Attribute" on "Configure User Attribute" page. For example:
hostname>:<port>/oiddas/
The workaround is to use Netscape 4.7 to access the DAS component in a simplified Chinese environment.
Japanese text is not readable when running in a Japanese environment. This affects three help modules:
The workarounds are as follows:
For Oracle Internet Directory Server Manageability:
jar xvf ORACLE_HOME/sysman/webapps/emd/online_help/oidsm/oidsm_help_ja.jar oidsm.hs
Shift_JIS":
<xml version='1.0' encoding="Shift_JIS">
oidsm.hs from "EUC" format to "SJIS" format.
jar uvf ORACLE_HOME/sysman/webapps/emd/online_help/oidsm/oidsm_help_ja.jar oidsm.hs
For Discoverer Oracle Enterprise Manager Help System:
jar xvf ORACLE_HOME/sysman/webapps/emd/online_help/disco/disco_help_ja.jar disco.hs jar xvf ORACLE_HOME/sysman/webapps/emd/online_help/disco/disco_help_ja.jar toc.xml
Shift_JIS":
<xml version='1.0' encoding="Shift_JIS">
disco.hs and toc.xml from "unicode" format to "SJIS" format.
jar uvf ORACLE_HOME/sysman/webapps/emd/online_help/disco/disco_help_ja.jar disco.hs jar uvf ORACLE_HOME/sysman/webapps/emd/online_help/disco/disco_help_ja.jar toc.xml
.jar file, and add the following line to each file, within the <head> section:
<meta http-equiv=content-type content="text/html; charset=Shift_JIS">
For BC4J:
jar xvf ORACLE_HOME/sysman/webapps/emd/online_help/bc4j/bc4j_help_ja.jar bc4j.hs
<view>
<label>index</label> <type>oracle.help.navigator.keywordNavigator.KeywordNavigator</type> <data engine="oracle.help.engine.XMLIndexEngine">index.xml</data>
</view> Add the following lines.
<view>
<label>contents</label> <type>oracle.help.navigator.tocNavigator.TOCNavigator</type> <data engine="oracle.help.engine.XMLTOCEngine">toc.xml</data>
</view>
jar uvf ORACLE_HOME/sysman/webapps/emd/online_help/bc4j/bc4j_help_ja.jar bc4j.hs
With the default logging level, some of the Oracle Enterprise Manager Web Site log files become very large.
As a workaround, edit the logging properties configuration file and increase the logging level used by the Enterprise Manager software. The logging level can be set to INFO, WARN, or ERROR. When it is set to INFO, all informational messages are saved in the log files. When it is set to WARN, all warning messages are saved to the file. To reduce the amount of disk space required by the log files, do the following:
logging.properties file, which is located in <ORACLE_HOME>/sysman/config/logging.properties.
INFO" and "WARN" to "ERROR".
Each OC4J instance has a global application called "default" that is the parent application of all applications deployed to the instance. This will use jazn-xml as the user manager by default.
If the user manager for this application is changed to "principals", and you attempt to deploy an application using Oracle Enterprise Manager, then the deployment will fail if changes are made on the "Select User Manager" page.
Thus, if the user manager for the default application of an OC4J instance is changed to be "principals", then for future application deployments using Oracle Enterprise Manager, you should not visit the "Select User Manager" page in the wizard. The application will then be deployed successfully - with principals as its user manager. However, the summary screen of the deployment wizard will show jazn-xml as the user manager. Any changes that you wish to make to the application's user manager can then be completed by drilling down to the application properties page.
Language help files are missing for APAC, OC_4J, and IASTOP_HELP.jar. Instead of Japanese files, Enlist help files are included in the following jar:
ORACLE_HOME/sysman/webapps/emd/online_help/apch/apch_help_ja.jar ORACLE_HOME/sysman/webapps/emd/online_help/oc_4j/oc_4j_help_ja.jar ORACLE_HOME/sysman/webapps/emd/online_help/iastop/iastop_help_ja.jar
Concurrent administrative operations on a cluster are not supported in Oracle9iAS. Configuration information for clusters is stored in a central repository. All members of the cluster have access to this repository. This keeps configuration consistent across the cluster. Because the objects in the repository are shared across the cluster, concurrent write access to these objects is not allowed.
When you logon to the Oracle9iAS home page on host "xyz.oracle.com", you may not see the rollup stats. Also, you may not see metrics on the Oracle HTTP Server and OC4J instance pages.
As a workaround, edit targets.xml and set all instances of hostname "xyz" to the complete host and domain name, such as "xyz.oracle.com". The metrics and rollup data should be visible once you restart EMD.
You should use either dcmctl or EMD to manager your Oracle9iAS installation, not both concurrently. Concurrency issues arise when both dcmctl and EMD are used to manage the same Oracle9iAS instance.
The following are known issues associated with Oracle Collaboration Suite security.
If a wallet contains a user certificate as a trustpoint for a server, then a core dump occurs when the user connects to the server.
Oracle Corporation recommends not adding user certificates to trustpoints or trusted certificate lists in the Oracle wallet. Instead, install the certificate authority (CA) signers' certificate as a trustpoint.
Users that install Oracle9iAS Web Cache may gain root privileges by running the root.sh because the webcachectl executable triggers the setuid to obtain root access.
To restrict root privileges, remove setuid from the webcachectl executable. Note that setuid is required in the following cases:
webcachectl user does not match the configured user in the Process Identity page (Cache-Specific Configuration > Process Identity) of Oracle9iAS Web Cache Manager.
If the user manager for the default application for an OC4J instance is changed to JAZN LDAP, then the JAZN demo data needs to be loaded into the specified LDAP database. (This is documented in the README file in $ORACLE_HOME/j2ee/home/jazn/install.) Additionally, the default @ realm needs to be specified as "jazn.com".
If the above is not done, then deployment of the demos through EM or dcmctl will fail with an error in looking up java:comp/ServerAdministrator.
In the Oracle9iAS Infrastructure and the Oracle Collaboration Suite installations, the Java Security Configuration Assistant occasionally reports a failure even if it has completed its configuration tasks successfully. This error can be ignored. You can retry the failed assistant from the Configuration Tools screen from the Oracle Universal Installer to display that the configuration was successful.
Perform the following steps to verify that Java Security has been setup correctly:
$ORACLE_HOME/j2ee/home/config/jazn.xml file. Verify that the provider property of the jazn/ element is set to LDAP, and the location property of the same element is set to the host and port of the Oracle Internet Directory that is used for the Oracle Collaboration Suite applications.
Open the $ORACLE_HOME/j2ee/home/config/jazn-data.xml file. Verify that the credentials for the users defined in the file are disabled.
To run the Oracle HTTP Server with SSL server correctly after installation in Oracle9iAS, you should create a wallet and have the certificates contained within it signed by the proper Certificate Authorities. Make sure that the SSLWallet directive in httpd.conf points to this new wallet rather than the default wallet provided by the installation. Oracle HTTP Server will not start if you fail to do one of the following:
iasobf -p password root
and place this obfuscated password in httpd.conf file using the Wallet Password directive (for example "WalletPassword obfuscatedPassword"). You can always choose to put the wallet password in httpd.conf in clear text but this is not recommended by Oracle Corporation.
|
 Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|