What's New in Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1)

Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1) is a rebranded release of Sun Directory Server Enterprise Edition 7.0. This release is equivalent to a patch release. It contains no new functionality but does fix important security issues and certain other issues that have been integrated in previously released patches and hot fixes. For more information, see Chapter 4, Directory Server Bugs Fixed and Known Problems, Chapter 5, Directory Proxy Server Bugs Fixed and Known Problems and Bugs Fixed in Identity Synchronization for Windows 6.0 Service Pack 1 in Installation Instructions for Identity Synchronization for Windows 6.0 Service Pack 1.

This release also aligns the list of supported platforms with most other Oracle Fusion Middleware products. For details of the changes to supported platforms, see Platform Support, System Virtualization Support, and Operating System Requirements.

You can configure an Oracle Virtual Directory LDAP adaptor to work with Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1). For more information, see “LDAP Adapter Templates” in the Administrator's Guide for Oracle Virtual Directory.

Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1) can also be synchronized with other directory servers by using the Oracle Directory Integration Platform. For more information see “Configuring Directory Synchronization” in the Administrator's Guide for Oracle Directory Integration Platform.

This release incorporates the NSS 3.12.6 library, which fixes an important security bug around SSL renegotiation of security parameters. NSS 3.12.6 is, however, incompatible with previous versions of NSS regarding the renegotiation fix. Therefore, to take advantage of the safe renegotiation fix, you must upgrade to NSS 3.12.6 on all servers in your topology. A topology with mixed NSS versions will function as expected, provided renegotiation is not used. If safe renegotiation is requested in a mixed topology, however, encrypted traffic will be stopped between servers that have different versions of the NSS library.

In some instances, both in the documentation and in the product, you might still see references to Sun Microsystems. These can be read to mean Oracle Corporation in most cases. You might also see references to version 7.0.1. This was the internal version of the product, which can be read to mean 11g Release 1 (11.1.1) or version 11.1.1.3.0 in all cases.

These Release Notes no longer list the known issues in Identity Synchronization for Windows. For a complete list of known issues, and for a description of bugs fixed in the latest service pack, see Known Issues and Limitations in Installation Instructions for Identity Synchronization for Windows 6.0 Service Pack 1.

The remainder of this section refers to new features that were provided in Sun Directory Server Enterprise Edition 7.0.

New Features in Directory Server

This section describes the new features that were provided in Directory Server 7.0.

New DB Entry Format

To reduce the database entry size, the existing database entry format is changed. The internal representation of an entry changed from an ASCII LDIF format to a tagged binary format. The data stored in the database does not have the characteristic starting of dn: anymore, the first byte of an entry being a value bigger than 0xE0 (hence all values 0xE0 to 0xFF are to be considered reserved for internal use).

For compatibility reasons entries can be a mix of LDIF and binary representations, but any modification will write the entry in binary format.

Suffix entries data can be compressed when written to disk to minimize their disk footprint. Compression is enabled according to the settings of the compression-mode and compression-entries properties,

For additional information, refer to the Chapter 8, Writing Entry Store and Entry Fetch Plug-Ins, in Oracle Fusion Middleware Developer’s Guide for Oracle Directory Server Enterprise Edition.

Copyless Restore

To save disk space, you can restore a server by moving files in place of copying them. You can perform the copyless restore by setting a flag with the restore command.

For more information, see Binary Restore in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

IPv6 Support on Windows

Server instances installed on Windows systems now support Internet Protocol version 6, as do instances installed on other supported operating systems.

New Command for Account Management

The dsutil command now performs the functions formerly provided by the ns-activate, ns-inactivate, and ns-accountstatus commands.

New Backup Feature

Backup operations perform a database verify on archived data when the --flags verify-db option is specified.

Index Filter Analyzer

The index filter analyzer identifies index lists where the number of entries exceeds the maximum number of indexable entries (the ALLID threshold) and monitors user searches using such index lists. To enable the index filter analyzer, use the dsconf enable-index-filter-analyzer command.

New Features in Directory Proxy Server

This section describes the new features that were provided in Directory Proxy Server 7.0.

Entry Aggregation

Entry aggregation enables the following:

• Optimization of queries to a secondary data view

• Searching on a secondary data view first, if required

• Improved handling of large result sets (VLV control)

• Request grouping to secondary data source

JDBC Data View

The JDBC data view now supports Date and Blob.

Optimized Monitoring and Logging

Directory Proxy Server now uses a new logging engine implementation that performs more efficiently on multi-core systems.

Connection Handlers

• New criteria based on LDAP groups

• Management of the maximum throughput per second

Coordinator Data View

New type of data view to address more use cases, for example, company mergers.

For more information, see Creating and Configuring Coordinator Data Views in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition.

Distribution Algorithm

An enhanced regex distribution algorithm is added, as described in Configuring Pattern Matching Distribution Algorithm in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition.

Join Data View Searches

To optimize the performance of searches of a join data view, Directory Proxy Server makes use of Virtual List View (vlv) indexes. It helps you to avoid the scenario where search hits the size limits due to the lots of entries from one data source and very few from the others. To use VLV indexes, see Browsing Index in Oracle Fusion Middleware Reference for Oracle Directory Server Enterprise Edition.