27 Oracle Directory Integration Platform

This chapter describes issues associated with Oracle Directory Integration Platform. It includes the following topics:

27.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

27.1.1 Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded Source Directory

If the source directory is heavily-loaded, a race condition may occur where database commits cannot keep pace with updates to the lastchangenumber. If this race condition occurs, Oracle Directory Integration Platform may not be able to synchronize some of the changes.

To work around this issue, perform the following steps to enable database commits to keep pace with the lastchangenumber:

  1. Increase the value of the synchronization profile's Scheduling Interval.

  2. Control the number of times the search is performed on the source directory during a synchronization cycle by setting the searchDeltaSize parameter in the profile. Oracle suggests starting with a value of 10, then adjusting the value as needed.

27.1.2 Inconsistent Levels of Information Appear in the Oracle Directory Integration Platform Application's Logs

When a synchronization profile is initialized, the debugging log level for the Oracle Directory Integration Platform application is set to the debugging log level configured for that synchronization profile. If you have synchronization profiles configured with different debugging log levels, you may see various levels of information in the Oracle Directory Integration Platform application's logs.

To work around this issue, set the debugging log level in all synchronization profiles to the same level.

27.1.3 Synchronization Continues After Stopping Oracle Directory Integration Platform

If you stop the Oracle Directory Integration Platform application during synchronization, the synchronization process that the Quartz scheduler started will continue to run.

To work around this issue, restart the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform or redeploy the Oracle Directory Integration Platform application.

27.1.4 Synchronization Profile Initialization Fails if Change Log is Not Enabled in Third-Party Directory Server

When synchronizing from Sun Java System Directory Server (iPlanet) or IBM Tivoli Directory Server, if the change log is not enabled in these third-party directory servers, the manageSyncProfiles utility may fail to register synchronization profiles and the Profile Initialization Failure message may appear.

If you encounter this issue while attempting to update or register synchronization profiles for Sun Java System Directory Server (iPlanet) or IBM Tivoli Directory Server, ensure the change log is enabled in the third-party directory server.

27.1.5 syncProfileBootstrap Not Supported for SSL Mode 2 Server-Only Authentication

The syncProfileBootstrap utility, which performs the initial migration of data between a connected target directory and Oracle Internet Directory based on a synchronization profile or LDIF file, is not supported for SSL mode 2 (Server-Only Authentication).

The syncProfileBootstrap utility is supported only for SSL mode 0 (No SSL) and SSL mode 1 (No Authentication).

27.1.6 DIP Tester Utility Not Currently Supported for 11g Release 1 (11.1.1)

At the time of publication of these Release Notes, the DIP Tester utility is not supported for Oracle Directory Integration Platform 11g Release 1 (11.1.1).

Monitor My Oracle Support (formerly MetaLink) for updates regarding DIP Tester support for Oracle Directory Integration Platform 11g Release 1 (11.1.1). You can access My Oracle Support at http://metalink.oracle.com.

While the DIP Tester utility is not currently supported for Oracle Directory Integration Platform 11g Release 1 (11.1.1), you can use the manageSyncProfiles command and its testProfile operation to test a disabled synchronization profile to ensure it will successfully perform synchronization. Refer to the "Managing Synchronization Profiles Using manageSyncProfiles" section in the Oracle Fusion Middleware Integration Guide for Oracle Identity Management for more information about the testProfile operation.

27.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

27.2.1 Do Not Use localhost as Oracle Internet Directory Hostname When Configuring Oracle Directory Integration Platform

When configuring Oracle Directory Integration Platform against an existing Oracle Internet Directory—using either the installer's Install and Configure installation option or the Oracle Identity Management 11g Release 1 (11.1.1) Configuration Wizard—you must specify the hostname for Oracle Internet Directory using only its fully qualified domain name (such as myhost.example.com). Do not use localhost as the Oracle Internet Directory hostname even if Oracle Directory Integration Platform and Oracle Internet Directory are collocated on the same host.

If you use localhost as the Oracle Internet Directory hostname, you will not be able to start the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform.

27.2.2 Foreign Security Principal File for Microsoft Active Directory Not Included

The foreign security principal file for Microsoft Active Directory, activeimp.cfg.fsp, that was included in Oracle Directory Integration Platform Release 10g, is not included in 11g Release 1 (11.1.1). This file is required if you are synchronizing entries from multiple domain controllers and also global groups involving foreign security principals as members. The activeimp.cfg.fsp should be in the $ORACLE_HOME/ldap/odi/conf/ directory.

To work around this issue, create the activeimp.cfg.fsp file by opening a text file and entering the following information

Note:

In the following example, DOMAIN_B and DOMAIN_C represent the trusted domains for DOMAIN_A. PROFILE_NAME_FOR_DOMAIN_B and PROFILE_NAME_FOR_DOMAIN_C represent the profiles used to synchronized domains B and C respectively.
[INTERFACEDETAILS]
Reader: oracle.ldap.odip.gsi.ActiveReader
[TRUSTEDPROFILES]
prof1: PROFILE_NAME_FOR_DOMAIN_B
prof2: PROFILE_NAME_FOR_DOMAIN_C
[FSPMAXSIZE]
val: 1000
* 

27.3 Documentation Errata

There are no known documentation issues at this time.