test

Oracle Fusion Middleware Release Notes for Oracle Directory Server Enterprise Edition

Bugs Fixed in This Release

This section lists the bugs fixed in Directory Server 7.0 and Directory Server 11g Release 1 (11.1.1).

Table 4–1 Bugs Fixed in Directory Server 11g Release 1 (11.1.1)

Bug ID 

Description 

4987124 

UIDs for entries are not required to be unique. 

5087249 

Network connections remain established regardless of the settings of the tcp_keepalive_interval and tcp_ip_abort_interval attributes.

6181237 

The message WARNING<1028> — Replay of an already seen operation occurs frequently in the error log.

6192090 

The insync command cannot parse a host specification provided to it if the host specification contains an at sign (@).

6250000 

Non-unique values of nsuniqueid can be added to a replication topology and cause replication to fail.

6283810 

Using the ldapmodify command to delete an attribute can cause replication to fail.

6292310 

Modifying an entry's RDN at the same time as modifying an attribute value of the entry's parent puts the directory server in deadlock. 

6295323 

A memory leak occurs in searches that return virtual attributes. 

6299664 

Performing a modify operation using replace with a value of 0 for the first time on an attribute results in a NULL value.

6340125 

If a change log is created and read simultaneously, the directory server can fail. 

6341382 

Read errors can occur when SASL security is enabled. 

6356373 

The indirect Class of Service feature does not support multiple templates as documented. 

6374916 

The start-tls operation sometimes causes a server crash.

6382134 

The ldapcompare command can fail if a Class of Service is configured.

6386671 

ou=groups can contain duplicate data.

6479754 

Replication can fail after SSL is configured as documented. 

6490419 

The ldapsearch command can return inconsistent results.

6497556 

On Windows installations, the dsadm info command can display the incorrect owner of ns-slapd.

6498501 

On HP-UX installations, the dsadm stop and restart commands can behave inconsistently when the monitoring plug-in is enabled.

6499077 

The warning message for an unregistered suffix contains extra characters. 

6500908 

Certificates with names that contain localized characters cannot be listed or deleted correctly. 

6504891 

The dsadm autostart command can return incorrect error messages.

6506019 

On HP-UX installations, the directory server can fail when the GNU debugger (GDB) releases the ns-slapd process.

6536777 

On UNIX installations, the JVM of the Application Server must be started with -Djava.awt.headless=true to enable replication topology rendering.

6542953 

Multiple ZIP installations do not manage all CACAO ports correctly. 

6548467 

The DSCC cannot be accessed through its URL when a previous connection is still open. 

6550543 

DSCC can return errors when run with Java 1.6. 

6551672 

The Application Server returns an Unable to create SASL client conn for auth mechanism message and cannot communicate with CACAO.

6557499 

Registering and deploying JESMF creates defunct processes. 

6561787 

DSCC parses dsinstancemain.confirmreadonly incorrectly.

6562921 

Data passed to Windows service management must maintain the correct character case. 

6572853 

The Class of Service statistics monitor reports results incorrectly. 

6579286 

On Windows installations, the dsrepair command fails because of a missing directory in the PATH environment variable.

6579820 

On Windows installations, the plcheck command fails.

6582585 

DSCC cannot access the log files when the instance path contains multi-byte characters. 

6586725 

A memory leak occurs in multi-master replication over SSL. 

6593775 

DSCC does not display all suffixes. 

6594285 

DSCC fails to support RBAC. 

6617936 

When the repldisc command encounters an error connecting to a replica over SSL, its credentials are not properly handled.

6620846 

The repldisc command in interactive mode should not request the host name and port number.

6620851 

The repldisc command in interactive mode should not request replicas that cannot be connected.

6634048 

External use of the reversible password plug-in can cause replication to fail. 

6640285 

No trimming occurs when dsconf is used to set the nsslapd-changelogmaxage for the retro change log.

6640806 

Re-indexing requires too much time to complete. 

6641259 

The DSCC displays a message that describes the Replication Settings tab incorrectly. 

6642364 

Some password policy updates appear in replicated audit logs but not in the local audit log. 

6644137 

The DSCC displays a message that describes the Promote/Demote Suffix function incorrectly. 

6644368 

The repldisc command fails to compare host names correctly.

6645742 

Replication stops between servers of different versions after a failed login of a known user with an incorrect password. 

6646794 

The DSCC ACI wizard produces invalid ACIs when multiple targetattr values are selected.

6650039 

A replication master can fail when replication stops normally. 

6651645 

Passwords cannot be changed through proxied authorization when pwdReset is set to true.

6659728 

Performance can be degraded when the access log is enabled. 

6662669 

The dsconf set-log-prop command does not change permissions on log files in a timely manner.

6663324 

Time-based log rotation stops when the machine time is set back. 

6663553 

Extra spaces in an ACI string can cause incorrect ACI evaluations. 

6670977 

The DSCC fails to display a long ACI. 

6675384 

Complex Class-of Service deployments can cause the directory server to fail. 

6680142 

Several text files require correction. 

6680718 

Rotation can become deadlocked. 

6683182 

A user password can become expired even if passwordMaxAge is set to a high value.

6683870 

The DSCC can corrupt entries with binary attributes during modification. 

6684993 

Under certain circumstances, the password policy attribute pwdMinLength is not enforced.

6686131 

The DSCC displays some links incorrectly. 

6686199 

The directory server can fail if the uniqueness-among-attribute-set plug-in is configured.

6686632 

The directory server fails if a pre-op plug-in performs an access control check on an entry before deleting it. 

6687304 

Changes to client authentication made with the DSCC do not become effective until the directory server is restarted. 

6688454 

Pass-through authentication can prevent the directory server from stopping correctly. 

6688891 

The audit log contains old passwords. 

6689290 

DSCC can display incorrect message text when starting and stopping the directory server. 

6689454 

Errors can occur if a database is restored and the backup has a very large change log. 

6690684 

A server instance bound to a specific IP address can fail to become registered. 

6700232 

The directory server can become deadlocked when accessing the change log. 

6704259 

Replication operations require too much time. 

6704261 

A multiple-pass LDIF import operation can produce an incorrect index. 

6704754 

The Logging property rotation-time cannot be set to undefined even though it is listed as an allowed value

6705319 

DSCC does not disable a referral completely. 

6706009 

The DSCC does not handle subtype attributes correctly when editing entries. 

6707089 

The directory server can fail when evaluating an ACI. 

6707164 

A binary restore of the database recreates the replication change log. 

6708194 

The DSCC cannot set the time-base log rotation and deletion policy to Do Not Automatically Rotate/Delete. 

6708615 

The directory server fails when stopping the server when indexing is active. 

6711123 

Backup and export files can become invalid if infrequently updated masters receive updates. 

6712614 

The starttls command runs slowly.

6715303 

The directory server fails when fetching values of a virtual attribute. 

6715911 

The directory server can fail when creating a new suffix in the Top entry if the name of the suffix contains a back slash (\).

6716661 

The repl-schedule property should be multivalued.

6717507 

Enabling replication can incorrectly update VLV indexes 

6718308 

The DSCC does not log all messages when restoring the database. 

6721412 

Certain substring filters do not work when searching localized attributes. 

6723208  

The DSCC corrupts mailSieveRuleSource when it updates a user.

6726890 

The change log is not always trimmed correctly. 

6731941  

The number of simultaneous pass-through authentications cannot be limited. 

6735966  

On Windows installations, the directory server can fail under load when encryption is disabled. 

6736172  

The directory server can add the cACertificate and crossCertificatePair properties twice.

6737227  

The directory server can fail under load during DN normalization. 

6737235 

The targetscope keyword is sometimes handled incorrectly for anonymous ACIs.

6739300  

The retro change log can grow very large when managing large static groups. 

6740791  

A memory leak can occur in the directory server when binding users whose password policy is assigned in a Class of Service. 

6742347  

In Windows installations, the directory server does not stop during shutdown when registered as a service. 

6746125  

The ldapsearch command can return incorrect results for a search of certificateRevocationList with non-existent subtypes.

6746574  

When set to on, nsslapd-return-exact-case does not work correctly for certificateRevocationList.

6748713 

The directory server can close a connection before idletimeout has elapsed.

6750238  

In Windows installations, the first attempt of the directory server to restart after the system is rebooted can fail with System Event ID 7022. 

6750240  

des-plugin.so is not signed.

6751358  

Prioritized replication does not work as designed. 

6751952  

Replication stops and restarts when a send update now operation occurs. 

6752586  

Identity Synchronization for Windows plug-in does not start. 

6752738  

An exported LDIF can include an entry's Replica Update Vector. 

6753742  

Upgrading a multi-master replication topology can fail. 

6755852  

The directory server cannot be installed on some Japanese Windows systems. 

6756240  

The directory server can fail because of polling issues. 

6759200  

directory server can fail because of binding with SASL. 

6759886 

DEL operations are replicated in a multi-master topology, modifiersname is logged incorrectly in the audit log of the consumer.

6763091  

The password policy assigned to a user entry through a role is not effective until the directory server is restarted. 

6764616  

Replication can fail if the suffix name contains a space. 

6768405 

The dsconf command does not correctly handle a hyphen (-).

6771728  

Replication can fail if a MOD CSN (Change Sequence Number) is smaller than the previous ADD CSN. 

6772760  

The directory server can fail if it is stopped immediately after it is started. 

6772870  

A consumer can become unsynchronized when ds-polling-thread-count is greater than 1.

6772918  

The dsconf info command does not always detect the directory server's version number.

6773132  

The dsconf export command does not log an error when it fails because the target file system is full.

6774167 

Unable to replace an SHA-encoded userpassword attribute value.

Although this issue is fixed in this release, the fix is not complete until all Directory Server instances in your topology have been upgraded to version 11g R1 (11.1.1). Until all Directory Server instances have been upgraded, you must delete the userpassword attribute and then add it again before you attempt to add a new value or values. (You cannot simply delete an existing value if you do not know the unencrypted value of the attribute.)

To delete the userpassword attribute and all password values, use the following command: 


$ /opt/dsee7/dsrk/bin/ldapmodify -D cn=admin,cn=Administrators,cn=config -w -
Enter bind password:
dn: uid=Aaron.Atrc,ou=People,dc=example,dc=com
changetype: modify
delete: userpassword

modifying entry uid=Aaron.Atrc,ou=People,dc=example,dc=com

$

When you have deleted the userpassword attribute, you can add it again with the password values that you wanted to keep.


$ /opt/dsee7/dsrk/bin/ldapmodify -D cn=admin,cn=Administrators,cn=config -w -
Enter bind password: 
dn: uid=Aaron.Atrc,ou=People,dc=example,dc=com
changetype: modify
add: userpassword
userpassword: {SSHA}F/F+lmDvsWnS5XIpblmgtExK8Ve2flhjWn6kVQ==

modifying entry uid=Aaron.Atrc,ou=People,dc=example,dc=com

$

6777643  

The insync operation can fail.

6779940  

The dsconf matching-rule property for indexes should be multi-valued.

6779962  

The dsadm export command cannot index collation plug-in matching rules.

6783425  

The searchrate command can fail when processing a complex filter.

6784701 

Substring searches are unindexed if an equality index is not present. 

6785664 

Running the server as a Windows service is not completely compliant with Microsoft requirements. 

6789448  

An error can occur when the pwd-accept-hashed-pwd-enabled property is set.

6790060  

ACI evaluation during unindexed searches can require too much time. 

6791372  

The directory server can fail when the authrate command is running.

6793557  

The directory server can fail when the DSML plug-in receives a corrupted DSML message. 

6796266  

The directory server can fail when it is stopped if the memberof plug-in is not completely preloaded.

6797187  

The dsadm add-selfsign-cert command adds self-inconsistent certificates to the database.

6798026  

On Windows installations, the directory server can crash during search operations. 

6802840 

On Solaris systems, log rotation stops after running dsconf with the rotate-log-now option.

6806271  

In multi-master replication topologies, the directory server can fail to detect duplicate values for attributes with more than eight values. 

6809149  

Recovery from a database failure can cause the heap to be corrupted. 

6821219 

ACI evaluation incorrectly uses cached results. 

6821682  

The dsconf command does not handle the dsml-min-parser-count and dsml-max-parser-count properties correctly.

6827661 

On some Windows installations, the dsadm stop command does not stop the directory server.

6834291  

The sequence of plug-in operation should be reordered. 

6834783 

With VLV indexes configured, VLV errors are seen shortly after an import operation. 

6835539  

The DSCC can encounter an error when creating or modifying a specialized password policy. 

6835550  

In multi-master replication topologies, replication can fail after importing a replica. 

6836463 

The retro change log reports a large number of error 32 errors after a server restart.

6837200  

The change log trimming thread can cause the directory server to fail at startup. 

6837808  

ACI evaluation during a modify operation can corrupt the heap. 

6838287 

On Windows systems, dsadm and DSCC logs are an hour behind during daylight savings time.

6844176 

Memory leaks can occur when using CoS. 

6846588 

On Windows systems, the server stops responding to SSL requests under certain NSS/NSPR version conditions. 

6846693  

The directory server can crash after importing new entries. 

6846934  

ACIs with the ip keyword are not always evaluated correctly.

6848272 

Macro ACIs do not handle DNs that include brackets. 

6849485 

The server crashes during a DSML search if the bind password needs to be changed. 

6849658 

The Uniqueness plug in does not handle subtypes during add operations. 

6849928  

Importing can fail to create a replica correctly. 

6850042  

The ZIP distribution of the directory server should use non-default port numbers. 

6850537  

Search requests should return binary attributes in accordance with RFC 4522. 

6851491  

The directory server can crash during Class of Service operations. 

6852119  

A memory leak can occur when importing an LDIF with replication meta-data. 

6852500 

When a uniquemember is deleted from a group, the deleted group member is not displayed in the retro change log entry.

6853884 

The dsmig migrate-config command logs a configuration warning for the Strong Password Check plug-in.

6853981 

The first pwdFailureTime value is deleted when the pwdLockoutDuration has passed.

6856557 

The passwordexpirationtime attribute should be ignored by the password policy when the server is in DS6–mode.

6859942 

A strong password policy handles extended ASCII incorrectly. 

6861340 

Inconsistent search results are produced when searching multi-valued attributes with a range filter, if an equality index exists. 

6867669 

Running a dsmlmodify operation causes the server to crash.

6867812 

ACIs that include wild cards do not work correctly in certain cases. 

6873828 

Stopping a server instance using a dsadm command from a different installation does not work.

6878311 

The UID Uniqueness plug in cannot handle more than one + symbol in a dn or uid.

6881605 

A deadlock situation can occur on server shutdown when SMF is used. 

6887642 

Proxy authorization does not recognize grace logins for password changes. 

6892914 

A memory leak occurs in the CoS plug in. 

6894059 

Under certain conditions, fractional replication only evaluates updates from a subset of replicas. 

6896757 

The minimum-search-filter-substring-length of a resource limit policy does not work on complex search filters.

6900781 

Performing a restore by using dsadm should place the database in referral mode.

6900955 

Consecutive password changes cause the passwordexpirationtime attribute to be removed from the second master in a two-way multimaster topology.

6902119 

A memory leak occurs in the mapping tree code. 

6902127 

A memory leak occurs in the id2entry code.

6904986 

dsccsetup —V returns unexpected null in output.

6902477 

No recovery is performed when the server is restarted after a crash. 

6905595 

Frozen mode does not return referrals as expected. 

6906234 

The audit log does not contain the entire change when binary attributes are modified. 

6908622 

The insync command dumps core if uppercase characters are used in the hostname, with the option -S.

6908942 

In a replicated topology with DSEE 6.x servers, the server sometimes crashes when replaying certain operation to the DSEE 6.x servers. 

6912294 

The RUV cannot be updated for the first change on a master. 

6915746 

When sending specifically crafted LDAP messages, the server can crash. 

6918089 

Running a dsadm reindex on the vlv attribute can cause the server to crash.

6920416 

When modifying entries under cn=config, a comma is appended after the etime.

6920520 

Bind DNs in cn=config can cause a deadlock in the server.

6920573 

Running a reindex can leave the entryDN and parentID indexes in an inconsistent state.

6921014 

Memory leaks can occur in the retro change log. 

6921222 

The state information for the change of an rdn attribute is missing in certain cases.

6923243 

Running a vlv reindex operation does not work as expected.

6927120 

Reindexing a VLV index hangs. 

6927881 

Running the directory server as a Windows service can disable other services. 

6939218 

The server crashes if asynchronous searches are performed after a GSSAPI SASL bind. 

6940840 

On Windows systems, the server crashes when running multiple root DSE searches. 

6944409 

In the zh_CN locale, an exception is generated when attempting to view the error, access, or audit logs.

6949107 

Setting the ds-gather-filter-stats property to on can crash the server.

6949854 

The command dsadm —A 1d does not return the most recent logs.

6950645 

When deploying DSCC on a machine with no default locale, several log messages stating couldn't set locale correctly are generated.

6960494 

The server occasionally crashes when filter statistics are enabled and a filter with more than three different filter elements is used.