Sun Java System Directory Server Release Notes for HP-UX

Sun Java™ System Directory Server Release Notes for HP-UX

Version 5.2 2005Q4

Part Number 819-4252-10

These Release Notes contain important information available at the time of release of Sun Java System Directory Server 5.2 2005Q4 for HP-UX. Known issues and limitations, and other information are addressed here. Read this document before you begin using Directory Server 5.2.

The most up-to-date version of these release notes can be found at the Sun Java System documentation web site: http://docs.sun.com/app/docs/prod/entsys.05q4. Check the web site prior to installing and setting up your software. Then check the web site periodically thereafter to view the most up-to-date release notes and product documentation.

These release notes contain the following sections:

Third-party URLs are referenced in this document and provide additional, related information.


Note

Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources.



Release Notes Revision History

Table 1  Revision History 

Date

Description

February 2006

Revenue release.

November 2005

Beta release.


About Directory Server 5.2 2005Q4

Directory Server 5.2 2005Q4 is part of the Sun Java Enterprise System that delivers an integrated, core set of industry-leading enterprise network services that virtually all businesses need today.

The features of Directory Server are:

The Directory Server commands and Administration Server commands are now documented as man pages. For more information, see Documentation Notes.

This section includes:

What’s New in This Release

The following new features have been introduced in the Directory Server 5.2 2005Q4:

The following feature was available in Directory Server 4.x but is not available in Directory Server5.2:

Database Backend Plug-in Interface. The enhanced pre-operation interfaces may be used instead of the database backend plug-in interface, to implement plug-ins that are designed to provide access to alternative directory data stores.

Hardware and Software Requirements

The following software is required for Directory Server 5.2 2005Q4.

Table 2  HP-UX Hardware and Software Requirements 

Component

Platform Requirement

Operating System

HP-UX 11i v1

RAM

128 Mbytes

Disk Space

256 Mbytes

Java

Java Runtime Environment 1.4.1.03


Note

Directory Server 5.2 has been validated with HP-UX.



Bugs Fixed in This Release

Table 3  Fixed Bugs in Directory Server 5.2 2005Q4

Bug Number

Bug Synopsis

4817331

allow “Administrators” to reset the password

4972234

Account validation via LDAP bind without user password

5010313

DS 5.2. db2ldif -r removes the guardian file

5049830

Deletion operation is not flagged as dependent of a previous modification

5072212

MMR+SSL: Can’t stop or use master after total update that failed

5100203

Add the rc code inside the could not be logged in the Changelog error

5103276

Hub not replicating due to Wrong ReplicaId 65535 in the Hub RUV

5106142

lack of out of disk space causes looping in db2bak internal TASK

6174806

Huge memory leak on mixed 5.1/5.2 topology (5.1 protocol)

6195685

DS 5.2patch2/aci returns incorrect results when fix for 4886766 is applied

6197763

fix 4974942 (in 5.2patch2) is wrong and can lead to a race condition when closing the connections

6199981

Memory leak in search "cn=config"

6200727

Memory leak in each replication session coming from a hub

6208161

Online indexation task request + search (evaluating role aci) -> DS deadlock hang

6209991

bad server side sorting performances when data contains a lot of identical values

6212643

ns-slapd Memory leak when dn_normalization failed

6213363

Index corruption

6216291

passwordRetryCount does not get incremented when passwordResetFailureCount is set to 0

6218066

performance degradation in sub string searches using P2

6221840

DS5.2: Memory leak in Individual Password Policies

6224967

performance problems when doing searches with the en-US collation rule

6229360

Random crash with DSML pdu larger than 2K

6233091

memory leak with virtual attributes

6236844

add/delete of an attribute in one ldapmodify is not replicated correctly

6237734

multivalued substring index of DN syntax gets corrupted if value deleted

6239107

fildif is not able to work with files larger than 2GB (CU LDIF export file in this case is 28GB)

6242270

Retro Changelog plugin fails to record changes if "regular" replication is disabled

6242420

Deleting multivalued attribute(s) in directory server 5.2 patch2 results in high etimes

6242741

Directory server crashes while processing ldapmodify with Retro Changelog plugin turned on

6252050

DS exits when acllas__handle_group_entry()tries to allocate 4GB

6245092

Directory Server hangs when running stop-slapd command

6252452

db2ldif.pl -r may hangs the server

6255151

duplicate nsunique ids can be generated

6255780

COS doesn’t get effective for sub-sub-org. cos attributes are empty for a user in sub-sub-org

6261456

DS 5.2 P2 forces a checkpoint at the specified checkpoint interval even when no mods performed

6262066

On UNIX, Directory Server may crash if #fd resource limit is dynamically increased

6267280

Error during the creation of subsuffix or clone under a search workload

6267965

Searches for subtype attributes does not work correctly with nsslapd-search-tune enabled

6275420

Deadlock in database while evaluating the acls in a modify operation

6276993

DS 5.2p3 : crash in is_pending_value_mods because of uid uniqness plugin

6281506

Replication may be slow to restart after a network outage

6282564

Restart of a Fractional Consumer breaks replication with WARNING<10271> - Partial Config Error

6283105

DS5.2 Patch3 Core Dumps within ids_sasl_check_bind due to NPE

6283717

A consumer does not detect there is pending operation and when closing an ’idle’ replication cnx

6283860

DS5.2p3: modification lost when using ldapmodify

6285785

ds5ReplicaConsumerTimeout cannot be configured

6288249

Directory Server can hang if replication agreement is being initialized from another master

6290059

Performance issue when deleting non existent attribute

6343255

Remove time bomb in ns-slapd


Important Information

This section covers the following topics:

Installation Notes

For information about patch requirements and installation, see the following sections:

Patch Requirement Information

The following table gives the numbers and minimum versions for the alignment patches. All patches referred to in this section are the minimum version number required for upgrade. It is possible that a new version of the patch has been issued since this document was published. A newer version is indicated by a different version number at the end of the patch. For example: 123456-04 is a newer version of 123456-02 but they are the same patch ID. Refer to the README file for each patch listed for special instructions.

To access the patches, go to http://sunsolve.sun.com.

Table 4  Directory Server 5.2 2005Q4 Alignment Patches Required For HP-UX

Patch Number

Patch Description

121515-01

HP-UX 11.11: Sun Java™ System Administration Server 5 2005Q4

121933-01

HP-UX 11.11: Sun Java™ System Administration Server 5 2005Q4 (Localization Patch)

121393-01

HP-UX 11.11: Sun Java™ System Directory Server 5 2005Q4

121931-01

HP-UX 11.11: Sun Java™ System Directory Server 5 2005Q4 (Localization Patch)

For detailed information about Upgrade procedure of the Directory Server from JES3 to JES4 refer Sun Java Enterprise System 2005Q4 Upgrade Guide for HP-UX located at http://docs.sun.com/app/docs/doc/819-4460.

Pre-requisites

In addition to the above mentioned system level and application level patches, Directory Server and Administration Server releases call for the installation of the following software:

For more information about the Sun Java Enterprise System, see http://www.sun.com/software/learnabout/enterprisesystem/index.html.

General Installation Information

Documentation Notes

Help Files

Directory and Administration Server releases have been featured with the Online Help facility, that is delivered in the following formats:

Man Pages

Directory Server commands and Administration Server commands are now documented as man pages as well and delivered in the following formats:

  To Access the Man Pages

  1. Ensure that the man page package contents [man1m & man1 directories] are installed in the following default locations:
  2. sun-dirsvr-dsvmn in /opt/sun/directory-server/5.2/man

  3. Update your MANPATH environment variable:
  4. Run the following command:

    $ export MANPATH=${MANPATH}:/opt/sun/directory-server/5.2/man

Product Version Number

In some parts of the Directory Server documentation and console, the version number of the product is referred to as 5.2.

Localized Documentation

Localized documentation is posted to http://docs.sun.com/ as it becomes available.

Accessibility Features for People With Disabilities

To obtain accessibility features that have been released since the publishing of this media, consult Section 508 product assessments available from Sun upon request to determine which versions are best suited for deploying accessible solutions. Updated versions of applications can be found at http://sun.com/software/javaenterprisesystem/get.html.

For information on Sun’s commitment to accessibility, visit http://sun.com/access.


Known Issues and Limitations

This section describes the known issues and limitations of Sun Java System Directory Server 5.2 2005Q4 for HP-UX. The issues are grouped into the following categories:

Installation, Uninstallation, and Migration

Cannot Install Directory Server when the Root Suffix Contains Spaces (4526501)

A root suffix cannot contain space characters.

Workaround

If your root suffix contains space characters, correct the suffix generated at installation time to

remove the spaces:

  1. In the Sun Java System Server console, select the top directory entry in the left-hand navigation pane of the Servers and Applications tab.
  2. Click Edit and modify the suffix in the User directory subtree field.
  3. Click OK to save the change.

Error Message When Running migrateInstance5 Script (4529552)

When the migrateInstance5 script is run with the error logging feature disabled, a message indicates that the migration procedure is attempting to restart the server while the server is already running.

Workaround

Duplicate Value Error Logged in the Configuration Directory Server During Installation (4841576)

During configuration of Directory Server, an ACI on the server group entry for each new server installation is added. If the entry already exists and the ACI value already exists on the entry (which is the case when Administration Server is installed after Directory Server), then the following error is logged in the Configuration Directory Server:

Workaround

Ignore the error message.

Only use the restart-admin command on the active node in a cluster-enabled environment (4862968)

Cannot Use Multibyte Characters for Installation of Traditional Chinese (zh_TW) Version (4882801)

If multibyte characters are entered as the suffix name during installation of the traditional Chinese (zh_TW) version, the suffix name does not display correctly in the console. This issue is restricted to 32-bit and 64-bit installations from Solaris packages on SPARC processors.

Workaround

  1. Create a monobyte suffix at installation. Once installation is complete, create the desired multibyte suffix using the console.
  2. Upgrade your JRE to version 1.4.1 or later.

Cannot Use Multibyte Characters at Installation of AS and DS (4882927)

At installation, using multibyte characters for anything other than the suffix name causes Directory Server and Administration Server configuration to fail.

Workaround

Use monobyte characters for all fields other than the suffix name.

Loop Results From the Use of an Incorrect Password During Command Line Installation (4885580)

If you enter an incorrect password during command-line installation, you enter a loop.

Workaround

When you are prompted for the password again, type “<“to return to the previous input item, and then press return to keep the previous choice. When you are asked for the password again, enter the correct password.

Warning About Missing Character Sets During Uninstallation (4887423)

When you perform an uninstallation by using the console, you can dismiss the uninstallation logs by using the OK button. When you use this OK button, you might be warned about missing character sets.

Workaround

None. Ignore these warning messages.

Configuration of Directory Server Fails When Using a Remote Configuration Directory (4931503)

When configuring Directory Server by using a remote configuration directory, configuration fails if the administration domain of the remote directory does not match the administration domain in the setup procedure.

Workaround

When configuring Directory Server by using a remote configuration directory, use the same administration domain as defined in the remote configuration directory.

Some Plug-Ins Are Not Migrated From Directory Server 4.x to Directory Server 5.x (4942616)

During migration from Directory Server 4.x to Directory Server 5.x, not all plug-ins are migrated.

Workaround

In the 4.x slapd.ldbm.conf configuration file, insert quotation marks around the plug-in path for the plug-in to be migrated.

For example change the plug-in post-operation referential integrity from

Modifications to Default Index Attributes Are Not Migrated From DS 5.1 to DS 5.2 (5037580)

Modifications to the default index attributes are not migrated when you migrate from Directory Server 5.1 to Directory Server 5.2.

Workaround

None

Installation Fails When the Base DN Contains a White Space (5040621)

During installation, if the base DN contains a white space (for example, o=example east) the directoryURL entry is incorrectly parsed for the UserDirectory global preferences. Consequently, all operations to the userDirectory fail to find the entries in user/groups in the console.

Workaround

Modify the base DN value in one of the following ways:

nsSchemaCSN Has Multiple Values After upgrade of AS and DS (5041885)

After upgrade of Administration Server or Directory Server, the nsSchemaCSN attribute has several values. This issue occurs because the 60iplanet-calendar.ldif file and the 99user.ldif file both contain the nsSchemaCSN attribute. The nsSchemaCSN attribute should be in the 99user.ldif file only.

Workaround

  1. Remove the nsSchemaCSN attribute from 99user.ldif file and the 60iplanet-calendar.ldif file.
  2. Rename the script from
  3. <server_root>/slapd-<instance>/schema_push.pl

    to

    <server_root>/slapd-<instance>/schema_push.pl.ref

  4. Copy the template file from
  5. <server_root>/bin/slapd/admin/scripts/template-schema_push.pl

    to

    <server_root>/slapd-<instance>/schema_push.pl

  6. Edit the new schema_push.pl file as follows:
    1. Replace {{PERL-EXEC}} by !/<server_root>/bin/slapd/admin/bin/perl
    2. Replace {{MY-DS-ROOT}} by <server_root>/slapd-<instance>
    3. Replace {{SEP}} by "/"
  7. Add the execute mode to the schema_push.pl file.
  8. Force the schema replication by running the script, as follows:
  9. <server_root>/schema_push.pl

  10. Confirm that the nsSchemaCSN attribute has been added to 99user.ldif file.

To backout, restore the original schema_push.pl file under <slapd-instance>.

migrate5xto52 Script Breaks Replicated Topologies (6207013)

When you use the migrate5xto52 script to migrate a 32-bit Directory Server 5.x replica to 64-bit Directory Server 5.2, the script converts replica values for nsState incorrectly. Consequently, it can be necessary to re initialize the entire replicated topology.

Workaround

Before running the migrate5xto52 script, comment out the following two lines of the newLDIFReplica Perl subroutine in the <ServerRoot>/bin/slapd/admin/bin/migrate5xto52 file:

Entries With Password Expiration Cannot be Replicated to Older Versions of Directory Server (6209543)

The pwdChangedTime attribute and usePwdChangedTime attribute are defined in Directory Server 5.2 2004Q2 and later versions. These attributes are not defined in Directory Server 5.2 2003Q4 or earlier versions.

When an entry is defined with password expiration in Directory Server 5.2 2004Q2 or later versions, the entry contains the pwdChangedTime attribute and usePwdChangedTime attribute. When that entry is replicated to a supplier running Directory Server 5.2 2003Q4 or an earlier version, the supplier cannot process any modifications to that entry. A schema violation error occurs because the supplier does not have the pwdChangedTime attribute in its schema.

Workaround

Define the pwdChangedTime attribute and usePwdChangedTime attribute in the 00core.ldif file for all servers in the replication topology that are running Directory Server 5.2 2003Q4 or an earlier version.

During installation of Directory Server With Access Manager the Index Is Corrupted (6305723)

During installation of Directory Server, the Access Manager adds indexes for the’ou’ attribute if they don’t exist. When the tool comms_dssetup.pl is run, the index is corrupted.

Workaround

Reindex the Directory Server.

Security

Bind With Zero-Length Password Is Treated as an Anonymous Bind (4703503)

If you use a zero-length password to bind to a directory, your bind is an anonymous bind - it is not a simple bind. Third party applications that authenticate users by performing a test bind might exhibit a security hole if they are not aware of this behavior.

Workaround

Ensure that you client applications are aware of this feature.

DNS keyword in ACIs (4725671)

If the DNS keyword is used in an ACI, any DNS administrator can access the directory by modifying a PTR record, and can thereby provide the privileges granted by the ACI.

Workaround

Use the IP keyword in the ACI, to include all IP addresses in the domain.

LDAP Modify Operations Through SSL Fail When Referred to Master Replica From Consumer Replica (4922620)

ldapmodify update operations over SSL fail when they are referred to a master replica from a consumer replica.

Error Message At Startup When passwordisglobalpolicy Is Enabled (4964523)

When the passwordisglobalpolicy attribute is enabled on both masters in a 2-master, multi-master replication topology it works correctly but can generate the following incorrect error message:

Workaround

Ignore the incorrect error message.

Invalid Values Are Accepted for passwordMinLength in Individual Password Policies (4969034)

The passwordMinLength attribute in individual password policies is 2 - 512 characters. However, values outside of this range are accepted when an individual password policy is configured.

Workaround

Configure individual password policies with passwordMinLength attribute of 2 - 512 characters.

Replication

Addition of Entries with objectClass=nsTomstone Can Cause Replication to Fail (2122375/5021269)

Adding an entry with objectClass=nstombstone can cause the replication to fail.

Workaround

Do not add entries with objectClass=nstombstone

Local Schema Modifications Can Be Overwritten When a Consumer Database Is Created (4537230)

The replication monitoring tools rely on read access to cn=config to obtain the replication status. This should be taken into account when replication is configured over SSL.

In Directory Server 5.2, the schema file 11rfc2307.ldif has been altered to conform to rfc2307. If replication is enabled between 5.2 servers and 5.1 servers, the rfc2307 schema MUST be corrected on the 5.1 servers, or replication will not work correctly.

Workaround

To ensure correct replication between Directory Server 5.2 and Directory Server 5.1, perform the following tasks:

Initially, certain schema attributes may be replicated between the servers as they synchronize other schema elements but this is benign and will not cause any problems. See the Installation Notes for details on how the schema has changed.

Replication Monitoring Tools Do Not Support LDAP URLs That Contain Literal IPv6 Addresses (4702476)

The replication monitoring tools entrycmp, insync, and repldisc do not support LDAP URLs that contain literal IPv6 addresses.

Workaround

None

Multi-Master Replication Over SSL With Certificate-Based Client Authentication Does Not Work If Preceded by SSL With Simple Authentication (4727672)

In a multi-master replication scenario, if replication is enabled over SSL by using simple authentication, it is not possible to enable replication between the same servers over SSL by using certificate-based client authentication.

Workaround

To enable replication over SSL using certificate-based client authentication, restart at least one of the servers.

After Aborting a Total Update Cannot Restart a Total Update or Re-enable Replication on the Suffix (4741320)

Workaround

Do not abort a total update while it is in progress.

Reports of Replication Delays With the insync Command and Fractional Replication (4856286)

The insync command-line tool has no concept of fractional replication. If fractional replication is configured, false reports of replication delays can be produced.

Workaround

None

Schema Modifications Are Not Replicated in Incremental Updates (4868960)

If you modify the schema without making any other non schema-related modifications, your schema modifications will not be replicated immediately.

Workaround

Wait for five minutes for your schema modifications to be replicated, or force replication by using the Send Updates Now option in the Directory Server Console.

Errors in Multi-Master Replication When nsslapd-lastmod Attribute Set to OFF (5010186)

The nsslapd-lastmod attribute specifies whether Directory Server maintains the modification attributes for Directory Server entries. When this attribute is set to OFF errors occur in multi-master replication.

Workaround

When using multi-master replication, leave the nsslapd-lastmod attribute set to ON.

During Replication an Error Message Is Written Frequently to the Error Log (5029597)

During replication the following error message can be written frequently to the error log:

This error message increases the size of the error log file.

Workaround

Ignore this error message.

passwordExpirationTime Attribute Is Unsynchronized After First Password Expiration Warning (5102180)

The passwordExpirationTime attribute is reset on the master when the first password expiration warning is given to the consumer. This attributes is not reset on the consumer and is therefore out of sync after the first password expiration warning.

Workaround

Ignore this error message.

Updates to the Retro Change Log on a Master Server Can be Lost (6178461)

When a master server crashes, changes made to the retro change log on that server can be lost.

Workaround

Do not to use the retro change log on a master server. Instead, use the retro change log on the consumer server. If you are implementing failover of the retro change log, ensure that you have at least two consumer servers with enabled retro change logs.

Directory Server Can Crash If Backoff Timer Expires When Replication Agreement Detects an External Event (6272611)

If the backoff timer set by the replication agreement expires at the same time the replication agreement receives an external event, a race condition occurs that might cause the Directory Server to crash.

The issue can occur in the following scenarios:

Workaround

None

Conformance

DN Normalization Code Does Not Treat Case Sensitive Attributes Properly (4933500)

DN normalization code puts attribute names in lower case. The DN normalization code does not take into account the attribute syntax and the associated matching rule.

Workaround

None

Console Does Not Support the Management of External Security Devices (4795512)

The console does not support the management of external security devices, such as Sun Crypto Accelerator 1000 Board.

Workaround

Manage external security devices by using the command line.

Directory Server Console

Directory Server start/stop via console reports failure and leaves server in a strange state (6371286)

Workaround

Use CLI commands start-slapd and stop-slapd from this directory /opt/sun/mps/serverroot/slapd-<machine> instead of GUI controls to start/stop Directory Server instance.

Directory Console user interface displays garbage for zh_CN.utf8/zh_TW.utf8 fonts (6367545)

The console shows blank plain boxes for the above mentioned fonts.

Workaround

Replace the font zh_CN.utf8 with zh_CN.hp15CN by using the following command:

$export LANG=zh_CN.hp15CN

Replace the zh_TW.utf8 with zh_TW.big5 or zh_TW.eucTW by using the following commands:

$export LANG=zh_TW.big5

$export LANG=zh_TW.eucTW

Internal Search Causes Directory Server Console to Display a Yellow Warning Flag (2113362/4983539)

In some search contexts a yellow warning flag is displayed. The yellow flag indicates that the Directory Server internal search mechanism has encountered an All IDs Threshold / Sorting issue. This flag does not represent a problem.

Workaround

Either ignore the flag or create a browsing index (VLV index) to prevent the flag from occurring.

Console Does Not Support Passwords That Contain a Colon “:” (4535932)

The console does not support passwords that contain a colon “:”.

Workaround

Do not use a colon in a password.

German Entries Are Sorted Incorrectly in Directory Server Console (4889951)

In the Directory Server console some german characters are sorted incorrectly. See the following examples:

Workaround

None

LDIF Files Exported by Using the Tasks Tab on the Console Contain Additional Unnecessary Information for Backup (6197903)

This issue concerns LDIF files exported by using the Export to LDIF button in Tasks tab on the console. When a server is configured as a supplier or a hub, an exported LDIF file starts to collect replication information to initialize consumers. The exported LDIF file cannot be used with the Import from LDIF button in Tasks tab on the console.

Workaround

Select one of the following workarounds:

Server Console Help Index Search Does Not Work in Traditional Chinese (zh_TW) (6205531)

Cannot Add a New objectclass By Using the Console After Migrating From Directory Server 4 (6246753)

After migrating from Directory Server 4x to Directory Server 5x you cannot add a new object classes by using the console. This feature occurs because migrated users contain ntUser attributes with the old NtSyncTool for Windows.

Workaround

Use the ldapmodify command to add object classes.

Core Server

Server Crashes When Stopped During Export, Backup, Restore, or Index Creation (4678334)

Stopping the server during export, backup, restore, or index creation can cause it to crash.

Backend Instances Called “Default” Do Not Work (2122630/4966365)

Backend instances, or databases, called “Default” do not work.

Workaround

Do not name a database “Default”.

Database Becomes Unavailable if LDIF File Is Inaccessible During Import (2126979/4884530)

If a non-existent file is specified for an online import, the server still deletes the existing database.

Installing 64-bit packages locks out the 32-bit Directory Server databases (4786900)

When indexes are configured with nsMatchingRule, db2ldif and ldif2db issue an “unknown index rule” warning which means that the index created does not include the matching rule (4995127)

Workaround

Use db2ldif.pl and ldif2db.pl instead of db2ldif and ldif2db as they do not issue “unknown index rule” warnings and create the index with the matching rule.

tcp_keepalive_interval and tcp_ip_abort_interval Configuration Attributes Cannot be Used for Timeout (5087249)

The tcp_keepalive_interval and tcp_ip_abort_interval configuration attributes cannot be used to close idle connections on Directory Server.

Workaround

Use the nsslapd-idletimeout configuration attribute to close idle connections.

Directory Server Plug-ins

When the Pass-Through Authentication plug-in (PTA plug-in) detects that a suffix configured for pass-through authentication is local to the machine, the plug-in is not automatically disabled (4938821)

If the plug-in configuration entry attribute values in the dse.ldif end with extra blank spaces, Directory Server will either fail to start or behave in unexpected ways (4986088)

Post Operation Plug-In Function Not Called When Search Operation on Non-Existent Base DNs (5032637)

The post operation plug-in function for a search operation is not called if the search is performed on a non-existent base DN. This is inconsistent with the description of post-operation plug-ins in “Extending Client Request Handling” in the Directory Server Plug-in Developer’s Guide.

Workaround

None

Error Message When ACL Plug-In Unable to Normalize Attribute Value (5089207)

The ACL plug-in normalizes attribute values in order to compare them with DN provided in the ACL rules. If an attribute value is not a DN, an error message is logged.

Workaround

If you have two Directory Server instances, DS1 and DS2, with your Configuration Directory Server installed on DS1, and you subsequently replicate the o=NetscapeRoot configuration information to DS2, as opposed to automatically disabling the PTA plug-in will continue to point to DS1for any o=NetscapeRoot relevant searches despite the fact that the information is now local.


Miscellaneous

Statistics for SNMP subagents (4529542)

On UNIX platforms, statistics are generated only for the last SNMP subagent that is started. This implies that you can monitor only one Directory Server instance at a time with SNMP.

International substring search on unaccented characters returns only unaccented characters(4955638)

Instead of returning the unaccented character and all of its possible accented variants, which would seem to be the logical approach, a search on an unaccented character only returns the unaccented character in question. Searching for an accented character however, returns not only that character but all other variants.

Certain error messages reference a database error guide which does not exist (4979319)

Missing chown/chgroup When an Instance Of Directory Server Is Created With Another User (4995286)

With Directory Server and Administration Server installed and configured to run as root, when the console is used to create another instance of Directory Server which you specify to run as a user other than root, that instance is successfully created but many of the files pertaining to that instance are not owned by the same user.

Workaround

Change the ownership of the files and directories manually.

Cannot Create a Chained Suffix With an IPv6 Address by Using the Console (5019414)

When you create a new chained suffix with an IPv6 address by using the New Chained Suffix window of the console the Testing connection parameters popup window does not close automatically and the validity of the IPv6 address is not tested. Although the local configuration of the chained suffix is successful, the validity of the IPv6 address is not assured.

Workaround

Do not use the Test connection option when you configure a chaining suffix with an IPv6 address.

Command Line Tools

The db2ldif -s Command Causes Errors on Suffixes With a Subtree (2122385/4889077)

When the db2ldif -s command is run on a suffix with one or more subtrees, errors occur. Also, all entries under the suffix are exported, including entries under subtree. This can cause problems if the ldif2db command is used on the exported LDIF file to re-initialize the suffix.

Workaround

Do not use the db2ldif -s command on a suffix with one or more subtrees. Instead, use the db2ldif -n command as shown here:

Incorrect Error Message When Exporting a Subtree by Using the db2ldif -s Option (2122386/4925250)

When the db2ldif -s command is run on a suffix to export a subtree, the following incorrect error message can be generated:

Workaround

Ignore this error message.

Absolute Paths Must be Specified for the Following Commands: db2bak, db2bak.pl, bak2db, and bak2db.pl (4897068)

db2ldif Command Creates an Output File In an Incorrect Directory (5029598)

The db2ldif command creates output LDIF files in an incorrect default directory when the file name only is specified. The db2ldif command should create output LDIF files in this directory:

Workaround

Specify the absolute path to the file name of the output LDIF file.

mmldif Command Crashes (6205803)

The mmldif command crashes when used.

Workaround

None

createtimestamp and modifytimestamp not Generated During ldif Import (6235452)

When an ldif file is imported to directory server by using the ldif2db.pl script, the createtimestamp and modifytimestamp are not generated. Note that this feature does not occur for online adds done by LDAP clients like ldapmodify.

Workaround1

Edit the LDIF source file before import. This workaround works for LDIF input files that do not contain any entry with createtimestamp or modifytimestamp values.

Substitute ALL empty lines in the LDIF source file with the following 3 lines:

Then import the file into the Directory Server.

Workaround2

Import the source file by using ldapmodify instead of ldif2db. This workaround is slower than Workaround 1 but it works for LDIF input files with entries with createtimestamp or modifytimestamp values.

  1. Export the contents of your Directory Server by using db2ldif:
  2. db2ldif -n $instance -a /tmp/exported.ldif

  3. Copy the first entry of /tmp/exported.ldif into a new file named
  4. /tmp/rootsuffix.ldif

  5. Re-import back the database only with the root suffix:
  6. ldif2db -n $instance -i /tmp/rootsuffix.ldif

  7. Add all of the entries in /tmp/rootsuffix.ldif by using the ldapmodify command:
  8. ldapmodify -a -c -h <host> -p <port> -D "cn=Directory Manager" -w & lt;password> -f /tmp/exported.ldif

ldapdelete Command hangs when NDS Plug-in returns a Non-zero Value (6301267)

When the pre-operation plug-in for schema deletion returns a non-zero value, the ldapdelete command hangs.

Workaround

Ensure that the pre-operation plug-ins (except abandon and unbind) send back a result (by using slapi_send_ldap_result) before returning a non zero status.


Redistributable Files

Sun Java System Directory Server 5.2 2005Q4 does not contain any files which you can redistribute.


How to Report Problems and Provide Feedback

If you have problems with Sun Java System Directory Server, contact Sun customer support using one of the following mechanisms:

So that we can best assist you in resolving problems, please have the following information available when you contact support:

You might also find it useful to subscribe to the following interest groups, where Sun Java System Directory Server topics are discussed:

http://swforum.sun.com.

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions.

To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the document title and part number. The part number is a seven-digit or nine-digit number that can be found on the title page of the guide or at the top of the document.


Additional Sun Resources

Useful Sun Java System information can be found at the following Internet locations:


Copyright � 2006 Sun Microsystems, Inc. All rights reserved.

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.

SUN PROPRIETARY/CONFIDENTIAL.

U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.

Use is subject to license terms.

This distribution may include materials developed by third parties.

Portions may be derived from Berkeley BSD systems, licensed from U. of CA.

Sun, Sun Microsystems, the Sun logo, Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries.


Copyright � 2006 Sun Microsystems, Inc. Tous droits r�serv�s.

Sun Microsystems, Inc. d�tient les droits de propri�t� intellectuels relatifs � la technologie incorpor�e dans le produit qui est d�crit dans ce document. En particulier, et ce sans limitation, ces droits de propri�t� intellectuelle peuvent inclure un ou plus des brevets am�ricains list�s � l'adresse http://www.sun.com/patents et un ou les brevets suppl�mentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.

Propri�t� de SUN/CONFIDENTIEL.

L'utilisation est soumise aux termes du contrat de licence.

Cette distribution peut comprendre des composants d�velopp�s par des tierces parties.

Des parties de ce produit pourront �tre d�riv�es des syst�mes Berkeley BSD licenci�s par l'Universit� de Californie.

Sun, Sun Microsystems, le logo Sun, Java et Solaris sont des marques de fabrique ou des marques d�pos�es de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.

Toutes les marques SPARC sont utilis�es sous licence et sont des marques de fabrique ou des marques d�pos�es de SPARC International, Inc. aux Etats-Unis et dans d'autres pays.