Sun Java System Directory Server Release Notes for HP-UX |
Sun Java System Directory Server Release Notes for HP-UX
Version 5.2 2005Q4
Part Number 819-4252-10
These Release Notes contain important information available at the time of release of Sun Java System Directory Server 5.2 2005Q4 for HP-UX. Known issues and limitations, and other information are addressed here. Read this document before you begin using Directory Server 5.2.
The most up-to-date version of these release notes can be found at the Sun Java System documentation web site: http://docs.sun.com/app/docs/prod/entsys.05q4. Check the web site prior to installing and setting up your software. Then check the web site periodically thereafter to view the most up-to-date release notes and product documentation.
These release notes contain the following sections:
Third-party URLs are referenced in this document and provide additional, related information.
Release Notes Revision History
Table 1 Revision History
Date
Description
February 2006
Revenue release.
November 2005
Beta release.
About Directory Server 5.2 2005Q4Directory Server 5.2 2005Q4 is part of the Sun Java Enterprise System that delivers an integrated, core set of industry-leading enterprise network services that virtually all businesses need today.
The features of Directory Server are:
The Directory Server commands and Administration Server commands are now documented as man pages. For more information, see Documentation Notes.
This section includes:
What’s New in This Release
The following new features have been introduced in the Directory Server 5.2 2005Q4:
- Support for the modify DN operation provided by ldapv3.
- Enhancements to the retro change log.
- The Directory Server commands and Administration Server commands are now documented as man pages. For more information, see Documentation Notes.
- Directory Server 5.2 2005Q4 is now compatible to run as an application on 32-bit, as well as, 64-bit HP-UX operating systems.
The following feature was available in Directory Server 4.x but is not available in Directory Server5.2:
Database Backend Plug-in Interface. The enhanced pre-operation interfaces may be used instead of the database backend plug-in interface, to implement plug-ins that are designed to provide access to alternative directory data stores.
Hardware and Software Requirements
The following software is required for Directory Server 5.2 2005Q4.
Table 2 HP-UX Hardware and Software Requirements
Component
Platform Requirement
Operating System
HP-UX 11i v1
RAM
128 Mbytes
Disk Space
256 Mbytes
Java
Java Runtime Environment 1.4.1.03
Bugs Fixed in This Release
Important InformationThis section covers the following topics:
Installation Notes
For information about patch requirements and installation, see the following sections:
Patch Requirement Information
The following table gives the numbers and minimum versions for the alignment patches. All patches referred to in this section are the minimum version number required for upgrade. It is possible that a new version of the patch has been issued since this document was published. A newer version is indicated by a different version number at the end of the patch. For example: 123456-04 is a newer version of 123456-02 but they are the same patch ID. Refer to the README file for each patch listed for special instructions.
To access the patches, go to http://sunsolve.sun.com.
For detailed information about Upgrade procedure of the Directory Server from JES3 to JES4 refer Sun Java Enterprise System 2005Q4 Upgrade Guide for HP-UX located at http://docs.sun.com/app/docs/doc/819-4460.
Pre-requisites
In addition to the above mentioned system level and application level patches, Directory Server and Administration Server releases call for the installation of the following software:
For more information about the Sun Java Enterprise System, see http://www.sun.com/software/learnabout/enterprisesystem/index.html.
General Installation Information
- For information about the default installation location of the help files, see Documentation Notes.
- Installation paths that contain space characters are not supported. Do not use space characters in your installation path.
Documentation Notes
Help Files
Directory and Administration Server releases have been featured with the Online Help facility, that is delivered in the following formats:
- By default online-help files are installed at the following location, which the user can recall later from the Administration Console.
/opt/sun/admin-server/5.2/manual/en/admin/help
- The help files can be populated into the SERVER_ROOT during Configuration time.
Configuration Location: SERVER_ROOT/manual/help
Man Pages
Directory Server commands and Administration Server commands are now documented as man pages as well and delivered in the following formats:
- As HTML and PDF in the following new documents: Sun Java System Directory Server 5.2 2005Q1 Man Page Reference and Sun Java System Administration Server 5.2 2005Q1 Man Page Reference.
- As packages in the software distribution
To Access the Man Pages
- Ensure that the man page package contents [man1m & man1 directories] are installed in the following default locations:
sun-dirsvr-dsvmn in /opt/sun/directory-server/5.2/man
- Update your MANPATH environment variable:
Run the following command:
$ export MANPATH=${MANPATH}:/opt/sun/directory-server/5.2/man
Product Version Number
In some parts of the Directory Server documentation and console, the version number of the product is referred to as 5.2.
Localized Documentation
Localized documentation is posted to http://docs.sun.com/ as it becomes available.
Accessibility Features for People With Disabilities
To obtain accessibility features that have been released since the publishing of this media, consult Section 508 product assessments available from Sun upon request to determine which versions are best suited for deploying accessible solutions. Updated versions of applications can be found at http://sun.com/software/javaenterprisesystem/get.html.
For information on Sun’s commitment to accessibility, visit http://sun.com/access.
Known Issues and LimitationsThis section describes the known issues and limitations of Sun Java System Directory Server 5.2 2005Q4 for HP-UX. The issues are grouped into the following categories:
Installation, Uninstallation, and Migration
Cannot Install Directory Server when the Root Suffix Contains Spaces (4526501)
A root suffix cannot contain space characters.
Workaround
If your root suffix contains space characters, correct the suffix generated at installation time to
remove the spaces:
Error Message When Running migrateInstance5 Script (4529552)
When the migrateInstance5 script is run with the error logging feature disabled, a message indicates that the migration procedure is attempting to restart the server while the server is already running.
Workaround
Duplicate Value Error Logged in the Configuration Directory Server During Installation (4841576)
During configuration of Directory Server, an ACI on the server group entry for each new server installation is added. If the entry already exists and the ACI value already exists on the entry (which is the case when Administration Server is installed after Directory Server), then the following error is logged in the Configuration Directory Server:
Workaround
Ignore the error message.
Only use the restart-admin command on the active node in a cluster-enabled environment (4862968)
Cannot Use Multibyte Characters for Installation of Traditional Chinese (zh_TW) Version (4882801)
If multibyte characters are entered as the suffix name during installation of the traditional Chinese (zh_TW) version, the suffix name does not display correctly in the console. This issue is restricted to 32-bit and 64-bit installations from Solaris packages on SPARC processors.
Workaround
Cannot Use Multibyte Characters at Installation of AS and DS (4882927)
At installation, using multibyte characters for anything other than the suffix name causes Directory Server and Administration Server configuration to fail.
Workaround
Use monobyte characters for all fields other than the suffix name.
Loop Results From the Use of an Incorrect Password During Command Line Installation (4885580)
If you enter an incorrect password during command-line installation, you enter a loop.
Workaround
When you are prompted for the password again, type “<“to return to the previous input item, and then press return to keep the previous choice. When you are asked for the password again, enter the correct password.
Warning About Missing Character Sets During Uninstallation (4887423)
When you perform an uninstallation by using the console, you can dismiss the uninstallation logs by using the OK button. When you use this OK button, you might be warned about missing character sets.
Workaround
None. Ignore these warning messages.
Configuration of Directory Server Fails When Using a Remote Configuration Directory (4931503)
When configuring Directory Server by using a remote configuration directory, configuration fails if the administration domain of the remote directory does not match the administration domain in the setup procedure.
Workaround
When configuring Directory Server by using a remote configuration directory, use the same administration domain as defined in the remote configuration directory.
Some Plug-Ins Are Not Migrated From Directory Server 4.x to Directory Server 5.x (4942616)
During migration from Directory Server 4.x to Directory Server 5.x, not all plug-ins are migrated.
Workaround
In the 4.x slapd.ldbm.conf configuration file, insert quotation marks around the plug-in path for the plug-in to be migrated.
For example change the plug-in post-operation referential integrity from
Modifications to Default Index Attributes Are Not Migrated From DS 5.1 to DS 5.2 (5037580)
Modifications to the default index attributes are not migrated when you migrate from Directory Server 5.1 to Directory Server 5.2.
Workaround
None
Installation Fails When the Base DN Contains a White Space (5040621)
During installation, if the base DN contains a white space (for example, o=example east) the directoryURL entry is incorrectly parsed for the UserDirectory global preferences. Consequently, all operations to the userDirectory fail to find the entries in user/groups in the console.
Workaround
Modify the base DN value in one of the following ways:
nsSchemaCSN Has Multiple Values After upgrade of AS and DS (5041885)
After upgrade of Administration Server or Directory Server, the nsSchemaCSN attribute has several values. This issue occurs because the 60iplanet-calendar.ldif file and the 99user.ldif file both contain the nsSchemaCSN attribute. The nsSchemaCSN attribute should be in the 99user.ldif file only.
Workaround
- Remove the nsSchemaCSN attribute from 99user.ldif file and the 60iplanet-calendar.ldif file.
- Rename the script from
<server_root>/slapd-<instance>/schema_push.pl
to
<server_root>/slapd-<instance>/schema_push.pl.ref
- Copy the template file from
<server_root>/bin/slapd/admin/scripts/template-schema_push.pl
to
<server_root>/slapd-<instance>/schema_push.pl
- Edit the new schema_push.pl file as follows:
- Add the execute mode to the schema_push.pl file.
- Force the schema replication by running the script, as follows:
<server_root>/schema_push.pl
- Confirm that the nsSchemaCSN attribute has been added to 99user.ldif file.
To backout, restore the original schema_push.pl file under <slapd-instance>.
migrate5xto52 Script Breaks Replicated Topologies (6207013)
When you use the migrate5xto52 script to migrate a 32-bit Directory Server 5.x replica to 64-bit Directory Server 5.2, the script converts replica values for nsState incorrectly. Consequently, it can be necessary to re initialize the entire replicated topology.
Workaround
Before running the migrate5xto52 script, comment out the following two lines of the newLDIFReplica Perl subroutine in the <ServerRoot>/bin/slapd/admin/bin/migrate5xto52 file:
Entries With Password Expiration Cannot be Replicated to Older Versions of Directory Server (6209543)
The pwdChangedTime attribute and usePwdChangedTime attribute are defined in Directory Server 5.2 2004Q2 and later versions. These attributes are not defined in Directory Server 5.2 2003Q4 or earlier versions.
When an entry is defined with password expiration in Directory Server 5.2 2004Q2 or later versions, the entry contains the pwdChangedTime attribute and usePwdChangedTime attribute. When that entry is replicated to a supplier running Directory Server 5.2 2003Q4 or an earlier version, the supplier cannot process any modifications to that entry. A schema violation error occurs because the supplier does not have the pwdChangedTime attribute in its schema.
Workaround
Define the pwdChangedTime attribute and usePwdChangedTime attribute in the 00core.ldif file for all servers in the replication topology that are running Directory Server 5.2 2003Q4 or an earlier version.
attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME ’pwdChangedTime’ DESC ’Directory Server defined password policy attribute type’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-DS-USE ’internal’ X-ORIGIN ’Sun Directory Server’ )
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.597 NAME ’usePwdChangedTime’ DESC ’Directory Server defined attribute type’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-DS-USE ’internal’ X-ORIGIN ’Sun Directory Server’ )
During installation of Directory Server With Access Manager the Index Is Corrupted (6305723)
During installation of Directory Server, the Access Manager adds indexes for the’ou’ attribute if they don’t exist. When the tool comms_dssetup.pl is run, the index is corrupted.
Workaround
Reindex the Directory Server.
Security
Bind With Zero-Length Password Is Treated as an Anonymous Bind (4703503)
If you use a zero-length password to bind to a directory, your bind is an anonymous bind - it is not a simple bind. Third party applications that authenticate users by performing a test bind might exhibit a security hole if they are not aware of this behavior.
Workaround
Ensure that you client applications are aware of this feature.
DNS keyword in ACIs (4725671)
If the DNS keyword is used in an ACI, any DNS administrator can access the directory by modifying a PTR record, and can thereby provide the privileges granted by the ACI.
Workaround
Use the IP keyword in the ACI, to include all IP addresses in the domain.
LDAP Modify Operations Through SSL Fail When Referred to Master Replica From Consumer Replica (4922620)
ldapmodify update operations over SSL fail when they are referred to a master replica from a consumer replica.
Error Message At Startup When passwordisglobalpolicy Is Enabled (4964523)
When the passwordisglobalpolicy attribute is enabled on both masters in a 2-master, multi-master replication topology it works correctly but can generate the following incorrect error message:
Workaround
Ignore the incorrect error message.
Invalid Values Are Accepted for passwordMinLength in Individual Password Policies (4969034)
The passwordMinLength attribute in individual password policies is 2 - 512 characters. However, values outside of this range are accepted when an individual password policy is configured.
Workaround
Configure individual password policies with passwordMinLength attribute of 2 - 512 characters.
Replication
Addition of Entries with objectClass=nsTomstone Can Cause Replication to Fail (2122375/5021269)
Adding an entry with objectClass=nstombstone can cause the replication to fail.
Workaround
Do not add entries with objectClass=nstombstone
Local Schema Modifications Can Be Overwritten When a Consumer Database Is Created (4537230)
The replication monitoring tools rely on read access to cn=config to obtain the replication status. This should be taken into account when replication is configured over SSL.
In Directory Server 5.2, the schema file 11rfc2307.ldif has been altered to conform to rfc2307. If replication is enabled between 5.2 servers and 5.1 servers, the rfc2307 schema MUST be corrected on the 5.1 servers, or replication will not work correctly.
Workaround
To ensure correct replication between Directory Server 5.2 and Directory Server 5.1, perform the following tasks:
Initially, certain schema attributes may be replicated between the servers as they synchronize other schema elements but this is benign and will not cause any problems. See the Installation Notes for details on how the schema has changed.
Replication Monitoring Tools Do Not Support LDAP URLs That Contain Literal IPv6 Addresses (4702476)
The replication monitoring tools entrycmp, insync, and repldisc do not support LDAP URLs that contain literal IPv6 addresses.
Workaround
None
Multi-Master Replication Over SSL With Certificate-Based Client Authentication Does Not Work If Preceded by SSL With Simple Authentication (4727672)
In a multi-master replication scenario, if replication is enabled over SSL by using simple authentication, it is not possible to enable replication between the same servers over SSL by using certificate-based client authentication.
Workaround
To enable replication over SSL using certificate-based client authentication, restart at least one of the servers.
After Aborting a Total Update Cannot Restart a Total Update or Re-enable Replication on the Suffix (4741320)
Workaround
Do not abort a total update while it is in progress.
Reports of Replication Delays With the insync Command and Fractional Replication (4856286)
The insync command-line tool has no concept of fractional replication. If fractional replication is configured, false reports of replication delays can be produced.
Workaround
None
Schema Modifications Are Not Replicated in Incremental Updates (4868960)
If you modify the schema without making any other non schema-related modifications, your schema modifications will not be replicated immediately.
Workaround
Wait for five minutes for your schema modifications to be replicated, or force replication by using the Send Updates Now option in the Directory Server Console.
Errors in Multi-Master Replication When nsslapd-lastmod Attribute Set to OFF (5010186)
The nsslapd-lastmod attribute specifies whether Directory Server maintains the modification attributes for Directory Server entries. When this attribute is set to OFF errors occur in multi-master replication.
Workaround
When using multi-master replication, leave the nsslapd-lastmod attribute set to ON.
During Replication an Error Message Is Written Frequently to the Error Log (5029597)
During replication the following error message can be written frequently to the error log:
This error message increases the size of the error log file.
Workaround
Ignore this error message.
passwordExpirationTime Attribute Is Unsynchronized After First Password Expiration Warning (5102180)
The passwordExpirationTime attribute is reset on the master when the first password expiration warning is given to the consumer. This attributes is not reset on the consumer and is therefore out of sync after the first password expiration warning.
Workaround
Ignore this error message.
Updates to the Retro Change Log on a Master Server Can be Lost (6178461)
When a master server crashes, changes made to the retro change log on that server can be lost.
Workaround
Do not to use the retro change log on a master server. Instead, use the retro change log on the consumer server. If you are implementing failover of the retro change log, ensure that you have at least two consumer servers with enabled retro change logs.
Directory Server Can Crash If Backoff Timer Expires When Replication Agreement Detects an External Event (6272611)
If the backoff timer set by the replication agreement expires at the same time the replication agreement receives an external event, a race condition occurs that might cause the Directory Server to crash.
The issue can occur in the following scenarios:
- When a Directory Server 5.2 supplier or hub is replicating to Directory Server 5.1 consumer
- When a Directory Server 5.2 supplier or hub is replicating to Directory Server 5.2 consumer
- The Directory Server is stopped
- The replication agreements are disabled
- The replication agreements are modified to change the scheduled replication time.
- The replication breaks (the consumer fails to apply modifications, the consumer is not initialized, the last update to the consumer is too old...)
Workaround
None
Conformance
DN Normalization Code Does Not Treat Case Sensitive Attributes Properly (4933500)
DN normalization code puts attribute names in lower case. The DN normalization code does not take into account the attribute syntax and the associated matching rule.
Workaround
None
Console Does Not Support the Management of External Security Devices (4795512)
The console does not support the management of external security devices, such as Sun Crypto Accelerator 1000 Board.
Workaround
Manage external security devices by using the command line.
Directory Server Console
Directory Server start/stop via console reports failure and leaves server in a strange state (6371286)
Workaround
Use CLI commands start-slapd and stop-slapd from this directory /opt/sun/mps/serverroot/slapd-<machine> instead of GUI controls to start/stop Directory Server instance.
Directory Console user interface displays garbage for zh_CN.utf8/zh_TW.utf8 fonts (6367545)
The console shows blank plain boxes for the above mentioned fonts.
Workaround
Replace the font zh_CN.utf8 with zh_CN.hp15CN by using the following command:
$export LANG=zh_CN.hp15CN
Replace the zh_TW.utf8 with zh_TW.big5 or zh_TW.eucTW by using the following commands:
$export LANG=zh_TW.big5
$export LANG=zh_TW.eucTW
Internal Search Causes Directory Server Console to Display a Yellow Warning Flag (2113362/4983539)
In some search contexts a yellow warning flag is displayed. The yellow flag indicates that the Directory Server internal search mechanism has encountered an All IDs Threshold / Sorting issue. This flag does not represent a problem.
Workaround
Either ignore the flag or create a browsing index (VLV index) to prevent the flag from occurring.
Console Does Not Support Passwords That Contain a Colon “:” (4535932)
The console does not support passwords that contain a colon “:”.
Workaround
Do not use a colon in a password.
German Entries Are Sorted Incorrectly in Directory Server Console (4889951)
In the Directory Server console some german characters are sorted incorrectly. See the following examples:
Workaround
None
LDIF Files Exported by Using the Tasks Tab on the Console Contain Additional Unnecessary Information for Backup (6197903)
This issue concerns LDIF files exported by using the Export to LDIF button in Tasks tab on the console. When a server is configured as a supplier or a hub, an exported LDIF file starts to collect replication information to initialize consumers. The exported LDIF file cannot be used with the Import from LDIF button in Tasks tab on the console.
Workaround
Select one of the following workarounds:
- Workaround 1: Export the LDIF file for a suffix by using the Object/Export command from the console menu. In the Export suffix dialog box, do not tick the Export replication information box. The resulting LDIF file can be used by the Import from LDIF button in the Tasks tab and by the Object/Initialize command in the console menu.
- Workaround 2: Export the LDIF file without supplementary information by using the db2ldif command.
- Workaround 3: Import the LDIF file for a suffix by using the Object/Initialize command from the console menu. This command handles LDIF files correctly, with and without replication information. Note, to initialize the contents of a suffix, you require an LDIF file with replication information.
Server Console Help Index Search Does Not Work in Traditional Chinese (zh_TW) (6205531)
Cannot Add a New objectclass By Using the Console After Migrating From Directory Server 4 (6246753)
After migrating from Directory Server 4x to Directory Server 5x you cannot add a new object classes by using the console. This feature occurs because migrated users contain ntUser attributes with the old NtSyncTool for Windows.
Workaround
Use the ldapmodify command to add object classes.
Core Server
Server Crashes When Stopped During Export, Backup, Restore, or Index Creation (4678334)
Stopping the server during export, backup, restore, or index creation can cause it to crash.
Backend Instances Called “Default” Do Not Work (2122630/4966365)
Backend instances, or databases, called “Default” do not work.
Workaround
Do not name a database “Default”.
Database Becomes Unavailable if LDIF File Is Inaccessible During Import (2126979/4884530)
If a non-existent file is specified for an online import, the server still deletes the existing database.
Installing 64-bit packages locks out the 32-bit Directory Server databases (4786900)
When indexes are configured with nsMatchingRule, db2ldif and ldif2db issue an “unknown index rule” warning which means that the index created does not include the matching rule (4995127)
Workaround
Use db2ldif.pl and ldif2db.pl instead of db2ldif and ldif2db as they do not issue “unknown index rule” warnings and create the index with the matching rule.
tcp_keepalive_interval and tcp_ip_abort_interval Configuration Attributes Cannot be Used for Timeout (5087249)
The tcp_keepalive_interval and tcp_ip_abort_interval configuration attributes cannot be used to close idle connections on Directory Server.
Workaround
Use the nsslapd-idletimeout configuration attribute to close idle connections.
Directory Server Plug-ins
When the Pass-Through Authentication plug-in (PTA plug-in) detects that a suffix configured for pass-through authentication is local to the machine, the plug-in is not automatically disabled (4938821)
If the plug-in configuration entry attribute values in the dse.ldif end with extra blank spaces, Directory Server will either fail to start or behave in unexpected ways (4986088)
Post Operation Plug-In Function Not Called When Search Operation on Non-Existent Base DNs (5032637)
The post operation plug-in function for a search operation is not called if the search is performed on a non-existent base DN. This is inconsistent with the description of post-operation plug-ins in “Extending Client Request Handling” in the Directory Server Plug-in Developer’s Guide.
Workaround
None
Error Message When ACL Plug-In Unable to Normalize Attribute Value (5089207)
The ACL plug-in normalizes attribute values in order to compare them with DN provided in the ACL rules. If an attribute value is not a DN, an error message is logged.
Workaround
If you have two Directory Server instances, DS1 and DS2, with your Configuration Directory Server installed on DS1, and you subsequently replicate the o=NetscapeRoot configuration information to DS2, as opposed to automatically disabling the PTA plug-in will continue to point to DS1for any o=NetscapeRoot relevant searches despite the fact that the information is now local.
MiscellaneousStatistics for SNMP subagents (4529542)
On UNIX platforms, statistics are generated only for the last SNMP subagent that is started. This implies that you can monitor only one Directory Server instance at a time with SNMP.
International substring search on unaccented characters returns only unaccented characters(4955638)
Instead of returning the unaccented character and all of its possible accented variants, which would seem to be the logical approach, a search on an unaccented character only returns the unaccented character in question. Searching for an accented character however, returns not only that character but all other variants.
Certain error messages reference a database error guide which does not exist (4979319)
Missing chown/chgroup When an Instance Of Directory Server Is Created With Another User (4995286)
With Directory Server and Administration Server installed and configured to run as root, when the console is used to create another instance of Directory Server which you specify to run as a user other than root, that instance is successfully created but many of the files pertaining to that instance are not owned by the same user.
Workaround
Change the ownership of the files and directories manually.
Cannot Create a Chained Suffix With an IPv6 Address by Using the Console (5019414)
When you create a new chained suffix with an IPv6 address by using the New Chained Suffix window of the console the Testing connection parameters popup window does not close automatically and the validity of the IPv6 address is not tested. Although the local configuration of the chained suffix is successful, the validity of the IPv6 address is not assured.
Workaround
Do not use the Test connection option when you configure a chaining suffix with an IPv6 address.
Command Line Tools
The db2ldif -s Command Causes Errors on Suffixes With a Subtree (2122385/4889077)
When the db2ldif -s command is run on a suffix with one or more subtrees, errors occur. Also, all entries under the suffix are exported, including entries under subtree. This can cause problems if the ldif2db command is used on the exported LDIF file to re-initialize the suffix.
Workaround
Do not use the db2ldif -s command on a suffix with one or more subtrees. Instead, use the db2ldif -n command as shown here:
Incorrect Error Message When Exporting a Subtree by Using the db2ldif -s Option (2122386/4925250)
When the db2ldif -s command is run on a suffix to export a subtree, the following incorrect error message can be generated:
Workaround
Ignore this error message.
Absolute Paths Must be Specified for the Following Commands: db2bak, db2bak.pl, bak2db, and bak2db.pl (4897068)
db2ldif Command Creates an Output File In an Incorrect Directory (5029598)
The db2ldif command creates output LDIF files in an incorrect default directory when the file name only is specified. The db2ldif command should create output LDIF files in this directory:
Workaround
Specify the absolute path to the file name of the output LDIF file.
mmldif Command Crashes (6205803)
The mmldif command crashes when used.
Workaround
None
createtimestamp and modifytimestamp not Generated During ldif Import (6235452)
When an ldif file is imported to directory server by using the ldif2db.pl script, the createtimestamp and modifytimestamp are not generated. Note that this feature does not occur for online adds done by LDAP clients like ldapmodify.
Workaround1
Edit the LDIF source file before import. This workaround works for LDIF input files that do not contain any entry with createtimestamp or modifytimestamp values.
Substitute ALL empty lines in the LDIF source file with the following 3 lines:
Then import the file into the Directory Server.
Workaround2
Import the source file by using ldapmodify instead of ldif2db. This workaround is slower than Workaround 1 but it works for LDIF input files with entries with createtimestamp or modifytimestamp values.
- Export the contents of your Directory Server by using db2ldif:
db2ldif -n $instance -a /tmp/exported.ldif
- Copy the first entry of /tmp/exported.ldif into a new file named
/tmp/rootsuffix.ldif
- Re-import back the database only with the root suffix:
ldif2db -n $instance -i /tmp/rootsuffix.ldif
- Add all of the entries in /tmp/rootsuffix.ldif by using the ldapmodify command:
ldapmodify -a -c -h <host> -p <port> -D "cn=Directory Manager" -w & lt;password> -f /tmp/exported.ldif
ldapdelete Command hangs when NDS Plug-in returns a Non-zero Value (6301267)
When the pre-operation plug-in for schema deletion returns a non-zero value, the ldapdelete command hangs.
Workaround
Ensure that the pre-operation plug-ins (except abandon and unbind) send back a result (by using slapi_send_ldap_result) before returning a non zero status.
Redistributable FilesSun Java System Directory Server 5.2 2005Q4 does not contain any files which you can redistribute.
How to Report Problems and Provide FeedbackIf you have problems with Sun Java System Directory Server, contact Sun customer support using one of the following mechanisms:
- Sun Software Support services online at
http://www.sun.com/service/sunone/software
- The IT Resource Center website for HP-UX at
http://www1.itrc.hp.com- The telephone dispatch number associated with your maintenance contract
So that we can best assist you in resolving problems, please have the following information available when you contact support:
- Description of the problem, including the situation where the problem occurs and its impact on your operation
- Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
- Detailed steps on the methods you have used to reproduce the problem
- Any error logs or core dumps
You might also find it useful to subscribe to the following interest groups, where Sun Java System Directory Server topics are discussed:
Sun Welcomes Your Comments
Sun is interested in improving its documentation and welcomes your comments and suggestions.
To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the document title and part number. The part number is a seven-digit or nine-digit number that can be found on the title page of the guide or at the top of the document.
Additional Sun ResourcesUseful Sun Java System information can be found at the following Internet locations:
- Sun Java System Documentation
http://docs.sun.com/app/docs/prod/entsys.05q4- Java Enterprise System Software Services
http://www.sun.com/service/products/software/javaenterprisesystem- Sun Java System Software Products and Service
http://www.sun.com/software- Sun Java System Support and Knowledge Base
http://sunsolve.sun.com- Sun Java System Software Support Services
http://www.sun.com/support/- Sun Java System Consulting and Professional Services
http://www.sun.com/service/products/software/javaenterprisesystem- Sun Developer Information
http://developers.sun.com- Sun Developer Support Services
http://www.sun.com/developers/support- have Sun Software Data Sheets
http://wwws.sun.com/software- Directory Server Certified Engineer Training Program
http://training.sun.com/US/certification/middleware/dir_server.html
Copyright � 2006 Sun Microsystems, Inc. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
SUN PROPRIETARY/CONFIDENTIAL.
U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.
Use is subject to license terms.
This distribution may include materials developed by third parties.
Portions may be derived from Berkeley BSD systems, licensed from U. of CA.
Sun, Sun Microsystems, the Sun logo, Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries.
Copyright � 2006 Sun Microsystems, Inc. Tous droits r�serv�s.
Sun Microsystems, Inc. d�tient les droits de propri�t� intellectuels relatifs � la technologie incorpor�e dans le produit qui est d�crit dans ce document. En particulier, et ce sans limitation, ces droits de propri�t� intellectuelle peuvent inclure un ou plus des brevets am�ricains list�s � l'adresse http://www.sun.com/patents et un ou les brevets suppl�mentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.
Propri�t� de SUN/CONFIDENTIEL.
L'utilisation est soumise aux termes du contrat de licence.
Cette distribution peut comprendre des composants d�velopp�s par des tierces parties.
Des parties de ce produit pourront �tre d�riv�es des syst�mes Berkeley BSD licenci�s par l'Universit� de Californie.
Sun, Sun Microsystems, le logo Sun, Java et Solaris sont des marques de fabrique ou des marques d�pos�es de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.
Toutes les marques SPARC sont utilis�es sous licence et sont des marques de fabrique ou des marques d�pos�es de SPARC International, Inc. aux Etats-Unis et dans d'autres pays.