This patch corrects issues only in the Directory Proxy Server component of the Directory Server Enterprise Edition product. It is designed to be applied on top of Directory Server Enterprise Edition 6.3.1. The Directory Server component of Directory Server Enterprise Edition 6.3.1 remains unchanged.
This update cannot be applied to versions of Directory Server Enterprise Edition earlier than 6.3.1. For directions to upgrade to version 6.3.1, see Table 2–1, “Upgrade Paths to Directory Server Enterprise Edition 6.3.1.”
This section discusses the following subjects:
This update is a minor release that primarily fixes the bugs described in Bugs Fixed in Directory Proxy Server 6.3.1 Update 1.
Directory Proxy Server 6.3.1 update 1 also introduces new behavior in persistent search operations. If a client application is very slow in reading the persistent search responses from the directory proxy server, the proxy server response queue becomes overloaded. In this case, the server can close the connection with the following client notification:
LDAP_NOTICE_OF_DISCONNECTION [ 1.3.6.1.4.1.1466.20036 ] |
An informative message similar to the following is also logged:
[11/Aug/2009:18:13:51 +0200] - DISCONNECT - INFO - conn=19 \ reason="admin limit exceeded" \ msg="client didn't read any data during 160 milliseconds." |
Directory Proxy Server 6.3.1 update 1 provides the following enhancements:
A pathname can be set for JAVA_HOME and take precedence over the value of JAVA_HOME defined in the environment, as shown in the following example:
$ dpadm set-flags instance-path jvm-path=/usr/jdk/latest/ |
The dpadm command changes the umask value, and at the next restart of the DPS instance, the configuration file's permissions are modified according with the new umask value. The log file's permission is also set similarly at the next file rotation. The following example shows a typical use:
$ dpadm set-flags instance-path umask=22 |
An administrator is now allowed to define different virtual transformations on the same MODEL, ACTION, ATTR_NAME.
Directory Proxy Server 6.3.1 update 1 also adds new properties and updates existing properties, as described in the following list. New properties are noted as “New.” Properties that are changed from their specification in DSEE 6.3.1 are noted as “Updated.”
Dynamic (no restart required)
Level: connection-handler
Type: boolean
Default: false
Description: Indicates whether the connection handler should close the client connection when no data source is available.
Dynamic (no restart required)
Level: connection-handler
Type: boolean
Default: false
Description: Indicates the need to not always use incoming client identity at binding to a remote LDAP server.
Documentation: This property is a flag indicating the need to not always use incoming client identity at binding to a remote LDAP server.
Dynamic (no restart required)
Level: jdbc-data-source
Type: enumeration
RDBMS back-end is MySQL.
RDBMS back-end is Apache Derby/Java DB.
RDBMS back-end is DB2.
RDBMS back-end is Oracle.
RDBMS back-end is Microsoft SQL Server.
RDBMS back-end is not defined. If possible, Directory Proxy Server determines the vendor name from the db-url defined in jdbc-data-source.
Default: generic
Description: Vendor name of the JDBC data source
Documentation: This property specifies the vendor name of the JDBC data source. This should be set if a third party IDBC driver other than the one provided by the database vendor is used to connect to the RDBMS back-end. This data is used to construct vendor-specific SQL statements when possible that might improve performance.
Dynamic (no restart required)
Level: jdbc-data-view, join-data-view, ldap-data-view, and ldif-data-view
New type: long
Old type (for DPS 6.0 to 6.3.1): integer
The other attributes remain the same as before.
Dynamic (no restart required)
Level: jdbc-data-view, join-data-view, ldap-data-view, and ldif-data-view
New type: long
Old type (for DPS 6.0 to 6.3.1): integer
The other attributes remain the same as before.
Static (restart required)
Level: ldap-data-source
Type: duration in seconds (lower bound: 1)
Default: inherited (value of monitoring-interval)
Description: Interval at which availability monitor polls failed connections to detect their recovery
Documentation: This property specifies the polling interval. When a connection is found to be down, the availability monitor polls the connection at this interval to detect its recovery. If not specified, the value of the monitoring-interval property is used.
Static (restart required)
Level: ldap-data-source
Type: integer (lower limit: 1)
Default: 3
Description: Number of retries to perform before flagging the connection as down
Documentation: This property specifies the number of times that the availability monitor polls the connection when it is first detected as down. This allows the connection to be flagged as up faster. If the connection still fails after the specified number of retries, the value of the down-monitor-interval property is then used as the polling interval.
Dynamic (no restart required)
Level: ldap-data-source
Type: boolean
Default: true
Description: Specifies whether SO_KEEPALIVE is enabled for connections between the server and the data source
Documentation: This property is a flag indicating whether or not SO_KEEPALIVE should be enabled for connections between the server and the data source.
Dynamic (no restart required)
Level: ldap-listener and ldaps-listener
Type: boolean
Default: true
Description: Specifies whether SO_KEEPALIVE is enabled for connections between clients and listener
Documentation: This property is a flag indicating whether or not SO_KEEPALIVE should be enabled for connections between clients and listener.
Dynamic (no restart required)
Level: server
Type: boolean
Default: true
New description: Indicates whether the server accepts unauthenticated operations
Old description (for DPS 6.0 to DPS 6.3.1): Indicates whether the server accepts operations from anonymous clients
New documentation: This property is a flag indicating whether or not Directory Proxy Server accepts unauthenticated operations. The mode used to tread the bind operation is specified by allow-unauthenticated-operations-mode
Old documentation (for DPS 6.0 to DPS 6.3.1): This property is a flag indicating whether or not Directory Proxy Server allows anonymous clients to perform operations.
Dynamic (no restart required)
Level: server
Type: enumeration
When no password is specified, only anonymous binds are allowed
When no password is specified, only binds with a DN specified are allowed
When no password is specified, anonymous binds and binds with a DN specified are allowed
Default: anonymous-and-dn-identified
Description: Mode to treat bind operations without password
Documentation: This property indicates how to Directory Proxy Server treats operations without bind password when allow-unauthenticated-operations is set to true.
Static (restart required)
Level: server
Type: duration in milliseconds
New default: 250
Old default (for DPS 6.0 to 6.3.1): 500
New documentation: This property specifies the time interval between consecutive system calls that retrieve time from the OS. For details about operations that take less than 250 milliseconds, reduce the time-resolution period or change the value of the time-resolution-mode property. If set to 0 milliseconds, the proxy behaves as if the value of the time-resolution-mode property was set to system-milli. This property is ignored when the value of the time-resolution-mode property is set to system-milli or system-micro.
Old documentation (for DPS 6.0 to 6.3.1): This property specifies the time interval between consecutive system calls that retrieve time from the OS. For details about operations that take less than 500 milliseconds, reduce the time-resolution period. If set to 0 milliseconds, the proxy systematically performs a system call to retrieve the current time. Otherwise the time is cached and retrieved only every time-resolution period. This time is displayed in the logs.
The description remains the same as before.
Static (restart required)
Level: server
Type: enumeration
Use a thread performing a system call every time-resolution milliseconds
Use a system call retrieving time in milliseconds
Use a system call retrieving time in microseconds
Default: custom-resolution
Description: Mode used to retrieve system time
Documentation: This property specifies the mode used to retrieve time from the OS.
Directory Proxy Server 6.3.1 update 1 is available for all supported Directory Server Enterprise Edition 6.3.1 platforms. For more information, see Hardware Requirements and Operating System Requirements.