Chapter 2 Solaris Runtime Issues

This chapter describes runtime issues that are known to be problems.

The following runtime bug descriptions have been added to this chapter since this document was published on the Solaris 9 Documentation CD and in the Installation Kiosk on the Solaris 9 Installation CD.

• "Solaris Volume Manager metattach Command Might Fail"

• "Data Corruption on USB Hard Drives (4660516)"

• "Cannot Select Choose Host From List Option from CDE Login Screen After Selecting Enter Host Name Option (4667119)"

• "Detaching Submirror With metadetach Command Automatically Resizes Mirror (4678627)"

• "Solaris Volume Manager metahs -e Command Fails On Copper Cable Storage Boxes When Failed Hot Spare Disk Has Been Swapped Out (4644106)"

• "Solaris Volume Manager metadevadm Command Fails If Logical Device Name No Longer Exists (4645721)"

• "Solaris Volume Manager metarecover Command Fails to Update metadb Namespace (4645776)"

• "Solaris Volume Manager metareplace -e Command Fails to Enable Soft Partitions When Disks Are Removed and Replaced (4645781)"

• "Xsun Might Crash on Machines Without a Keyboard Attached (4651949)"

• "libresolv.so.2 Exhausts Swap File Space With Multithreaded Applications When DNS is Specified in /etc/nsswitch.conf (4646349)"

• "Idle Solaris PPP 4.0 Daemon Might Exit During Holdoff Period (4647938)"

• "Unlocking CDE Screenlock Removes Kerberos Version 5 Credentials (4674474)"

• "CDE Calendar Server Daemon Might Run Out of File Descriptors (4641721)"

• "Veritas Volume Manager Might Fail on Systems Running Solaris 9 Operating Environment (4642114)"

• "iPlanet Directory Server 5.1 Documentation Links Do Not Work Properly"

• "European Locale PDF Documents Available Only Through C Locale (4674475)"

• "Removing Solaris 9 Documentation Packages Might Unexpectedly Uninstall Some Solaris 9 Documentation Collections (4641961)"

• "iPlanet Directory Server Issues"

• "iPlanet Directory Server Bugs"

USB Device Support Bug

Data Corruption on USB Hard Drives (4660516)

If USB hard drives that are not Solaris Ready are used with the Solaris 9 operating environment, the result might be UFS panics and data corruption.

Workaround: Refer to http://www.sun.com/io_technologies/storagesolutions.html for a list of Solaris Ready products.

Smart Card Bugs

System Does Not Respond to Smart Card (4415094)

If ocfserv terminates and the display is locked, the system remains locked even when a smart card is inserted or removed.

Workaround: Perform the following steps to unlock your system.

1. Perform a remote login to the machine on which the ocfserv process terminated.

2. Become superuser.

3. Kill the dtsession process by typing the following in a terminal window.

   # pkill dtsession

Edit Config File Menu Item in Smartcards Management Console Does Not Work (4447632)

The Edit Config File menu item in the Smartcards Management Console does not edit smart card configuration files that are located in /etc/smartcard/opencard.properties. If the menu item is selected, a warning is displayed that indicates not to continue unless requested by technical support.

Workaround: Do not use the Edit Config File menu item in the Smartcards Management Console. For information on smart card configuration, see Solaris Smartcard Administration Guide.

Common Desktop Environment (CDE) Issues

Compiling Motif Programs on the Solaris 9 Operating Environment

A problem occurs when you compile a Motif program in the Solaris 9 operating environment under the following circumstances.

• You link to a shared library that has been compiled in the Solaris 2.4, 2.5, 2.5.1 or 2.6 operating environments

• The older library also uses the Motif application programming interface (API).

When he Motif program uses Motif version 2.1 and the old shared library uses Motif version 1.2, a core dump might occur. This is not a binary compatibility problem for applications that were compiled in the Solaris 2.4, 2.5, 2.5.1, and 2.6 operating environments, which should run correctly in the Solaris 9 operating environment.

Workaround: If you have an older shared library that links directly to the Motif library, and if you want to compile a program in the Solaris 9 operating environment that links to both Motif and that older shared library, use a line such as the following to compile:

cc foo.c -o program -DMOTIF12_HEADERS -I/usr/openwin/include 
-I/usr/dt/include -lXm12 -lXt -lX11

Common Desktop Environment (CDE) Bugs

Cannot Select Choose Host From List Option from CDE Login Screen After Selecting Enter Host Name Option (4667119)

If you choose the Remote Login option from the Options button on the CDE login screen, and then select Enter Host Name, the Choose Host From List option does not work for future remote login attempts.

Workaround: Use the Enter Host Name option for all remote login attempts.

CDE Mailer Appears to Hang While Displaying Email With Long Lines (4418793)

If you try to read an email message with many long lines in any of the Solaris 9 Unicode or UTF-8 locales, CDE Mailer (dtmail) appears to hang, and the message does not display immediately.

Workaround: Choose one of the following workarounds.

• Enlarge the dtmail Mailbox window to accommodate 132 columns.

• Disable the Complex Text Layout feature by following these steps.

  1. Become superuser.

  2. Change directories to your system's locale directory.

     # cd /usr/lib/locale/locale-name

     In the previous example, locale-name refers to the name of your system's Solaris 9 Unicode or UTF-8 locale.

  3. Rename the locale layout engine category.

     # mv LO_LTYPE LO_LTYPE-

     ---

     Note -

     Rename the locale layout engine category to the original name (LO_LTYPE) before you apply any patches to the locale layout engine.

     ---

PDASync Cannot Delete Last Entry From the Desktop (4260435)

After you delete the last item from the desktop, the item is restored from the handheld device to the desktop when you synchronize your handheld device. Examples of items that you might delete and have restored are the last appointment in your Calendar or the last address in the Address Manager.

Workaround: Manually delete the last entry from the handheld device prior to synchronization.

PDASync Does Not Support Data Exchange With the Multibyte Internationalized PDA Device (4263814)

If you exchange multibyte data between a PDA device and Solaris CDE, the data might be corrupted in both environments.

Workaround: Back up your data on your personal computer with the PDA backup utility before you run the PDASync application. If you accidentally exchange multibyte data and corrupt that data, restore your data from the backup.

System Administration Bugs

Solaris WBEM Services 2.5 Daemon Cannot Locate com.sun Application Programming Interface Providers (4619576)

The Solaris WBEM Services 2.5 daemon cannot locate providers that are written to the com.sun.wbem.provider interface or to the com.sun.wbem.provider20 interface. Even if you create a Solaris_ProviderPath instance for a provider that is written to these interfaces, the Solaris WBEM Services 2.5 daemon does not locate the provider.

Workaround: To enable the daemon to locate such a provider, stop and restart the Solaris WBEM Services 2.5 daemon.

# /etc/init.d/init.wbem stop

# /etc/init.d/init.wbem start

If you use the javax API to develop your provider, you do not need to stop and restart the Solaris WBEM Services 2.5 daemon, as the daemon dynamically recognizes javax providers.

Some com.sun Application Programming Interface Method Invocations Fail Under XML/HTTP Transport Protocol (4497393, 4497399, 4497406, 4497411)

If you choose to use the com.sun application programming interface rather than the javax application programming interface to develop your WBEM software, only CIM remote method invocation (RMI) is fully supported. Other protocols, such as XML/HTTP, are not guaranteed to work completely with the com.sun application programming interface.

The following table lists examples of invocations that execute successfully under RMI, but fail under XML/HTTP.

Cannot Modify File System Mount Properties With Solaris Management Console Mounts and Shares Tool (4466829)

The Solaris Management Console Mounts and Shares tool cannot modify mount options on system-critical file systems such as / (root), /usr, and /var.

Workaround: Choose one of the following workarounds.

• Use the remount option with the mount command.

  # mount -F file-system-type -o remount,additional-mount-options \ device-to-mount mount-point

  ---

  Note -

  Mount property modifications that are made by using the -remount option with the mount command are not persistent. In addition, all mount options that are not specified in the additional-mount-options portion of the previous command inherit the default values that are specified by the system. See the man page mount_ufs(1M) for more information.

  ---

• Edit the appropriate entry in the /etc/vfstab file to modify the file system mount properties, then reboot the system.

CIM_ERR_LOW_ON_MEMORY Error Occurs When Trying to Add Data With WBEM (4312409)

The following error message is displayed when memory is low:

CIM_ERR_LOW_ON_MEMORY

Workaround: To reset the CIM Object Manager Repository, follow these steps.

1. Become superuser.

2. Stop the CIM Object Manager.

   # /etc/init.d/init.wbem stop

3. Remove the JavaSpaces^TM log directory.

   # /bin/rm -rf /var/sadm/wbem/log

4. Restart the CIM Object Manager.

   # /etc/init.d/init.wbem start

When you reset the CIM Object Manager Repository, you lose any proprietary definitions in your data store. You must recompile the MOF files that contain those definitions by using the mofcomp command. For example:

# /usr/sadm/bin/mofcomp -u root -p root-password your-mof-file

Solaris Volume Manager Issue

Solaris Volume Manager metattach Command Might Fail

If you have a Solaris Volume Manager mirrored root file system in which the file system does not start on cylinder 0, all submirrors you attach must also not start on cylinder 0.

If you attempt to attach a submirror starting on cylinder 0 to a mirror in which the original submirror does not start on cylinder 0, the following error message displays:

can't attach labeled submirror to an unlabeled mirror

Workaround: Choose one of the following workarounds.

• Ensure that both the root file system and the volume for the other submirror start on cylinder 0.

• Ensure that both the root file system and the volume for the other submirror do not start on cylinder 0.

By default, the JumpStart installation process starts /swap at cylinder 0 and the root file system somewhere else on the disk. Common system administration practice is often to start slice 0 at cylinder 0. Mirroring a default JumpStart installation with root on slice 0, but not cylinder 0, to a typical secondary disk with slice 0 starting at cylinder 0, will result in the error message being displayed when attempting to attach the second submirror.

Solaris Volume Manager Bugs

Detaching Submirror With metadetach Command Automatically Resizes Mirror (4678627)

If you use the metadetach command to remove a submirror from a mirror, you might not be able to reattach the submirror. This problem occurs because the mirror is automatically resized after you detach the submirror.

Workaround: Before you use the metadetach command to detach a submirror, attach a submirror of equal size to the submirror you want to detach.

Solaris Volume Manager metareplace -e Command Fails to Enable Soft Partitions When Disks Are Removed and Replaced (4645781)

If you physically remove a soft partitioned disk from a system and then replace it with a new disk, the metareplace -e command fails to enable the soft partitions. This failure might occur whether or not you used the metarecover command prior to issuing the metareplace -e command to enable the soft partitions.

Workaround: Recreate the soft partitions on the new disk.

If the soft partitions are a part of a mirror or RAID5, use the metareplace command without the -e option to replace the old soft partition with the new soft partition.

# metareplace dx mirror or RAID5 old_soft_partition new_soft_partition

Solaris Volume Manager metahs -e Command Fails On Copper Cable Storage Boxes When Failed Hot Spare Disk Has Been Swapped Out (4644106)

The metahs -e command might fail if you encounter the following circumstances.

1. A hot spare device encounters a problem, such as an induced error using the metaverify test utility.

2. Solaris Volume Manager software attempts to activate the hot spare when an error occurs on a metadevice. The hot spare is marked broken.

3. The system is brought down and the failed disk containing the hot spare is replaced with a new disk at the same location.

4. The system is booted and Solaris Volume Manager software does not recognize the new hot spare.

5. The metahs -e command is issued to enable the hot spare on the new disk.

The following message is displayed.

WARNING: md: d0: open error of hotspare (Unavailable)

The failure occurs because the Solaris Volume Manager software does not internally recognize the new hot spare disk that was swapped into the same physical location. The Solaris Volume Manager software will continue to display the device ID of the disk that is no longer in the system.

This failure is not known to occur on a Photon or storage enclosures where the device number changes when a disk is replaced.

Workaround: Choose one of the following workarounds.

• Follow these steps to update the device ID for the hot spare disk in the Solaris Volume Manager state database.

  1. Become superuser.

  2. Type the following command to update the device ID for the hot spare disk.

     # metadevadm -u logical-device-name

  3. Type the following command to make the new hot spare disk available.

     # metareplace -e logical-device-name

• Follow these steps to manage the hot spares and hot spare pools on the system.

  1. Become superuser.

  2. Type the following command to delete the entry for the hot spare slice.

     # metahs -d hsphot-spare-pool-number logical-device-name

  3. Type the following command to create a new entry for the hot spare slice at the same location with the correct device ID.

     # metahs -a hsphot-spare-pool-number logical-device-name

Solaris Volume Manager metadevadm Command Fails If Logical Device Name No Longer Exists (4645721)

You cannot replace a failed drive with a drive that has been configured with the Solaris Volume Manager software. The replacement drive must be new to Solaris Volume Manager software. If you physically move a disk from one slot to another on a Photon, the metadevadm command might fail. This failure occurs when the logical device name for the slice no longer exists, but the device ID for the disk remains present in the metadevice replica. The following message is displayed.

Unnamed device detected. Please run 'devfsadm && metadevadm -r to resolve.

You can access the disk at the new location during this time, but you might need to use the old logical device name to access the slice.

Workaround: Physically move the drive back to its original slot.

Solaris Volume Manager metarecover Command Fails to Update metadb Namespace (4645776)

If you remove and replace a physical disk from the system, and then use the metarecover -p -d command to write the appropriate soft partition specific information to the disk, the command causes an open failure. The command does not update the metadevice database namespace to reflect the change in disk device identification. This condition causes an open failure for each such soft partition that is built on top of the disk. The following message is displayed.

Open Error

Workaround: Create a soft partition on the new disk instead of issuing the metarecover command to recover the soft partition.

If the soft partition is part of a mirror or RAID5, use the metareplace command without the -e option to replace the old soft partition with the new soft partition.

# metareplace dx mirror or RAID5 old_soft_partition new_soft_partition

Xserver Bug

Xsun Might Crash on Machines Without a Keyboard Attached (4651949)

If you start Xsun on a machine without a keyboard attached, Xsun might crash. A Segmentation Fault error message might display on the system console. If coreadm settings have been changed, Xsun might produce a core dump.

Workaround: To prevent Xsun from starting, follow these steps:

1. Access the machine on which the Xsun process terminated.

2. Become superuser.

3. Verify that the /etc/dt/config/Xservers file exists on your system.

   If the file does not exist, type the following command in a terminal window.

   # mkdir -p /etc/dt/config ; cp /usr/dt/config/Xservers /etc/dt/config/

4. Edit the /etc/dt/config/Xservers file by adding # to the beginning of the line that contains either of the following strings.

   • /usr/openwin/bin/Xsun

   • /usr/openwin/bin/X

5. Reset dtlogin.

   # /etc/init.d/dtlogin reset

Subsequent executions of Xsun do not require the above workaround.

Networking Bugs

libresolv.so.2 Exhausts Swap File Space With Multithreaded Applications When DNS is Specified in /etc/nsswitch.conf (4646349)

If DNS is specified for hosts or ipnodes lookup in the /etc/nsswitch.conf file, and your system is running multithreaded applications, the nscd daemon might crash. This problem occurs because the nscd daemon slowly grows in size, and can consume up to 4 Gbytes of swap space. If all swap space becomes exhausted, then nscd might crash, and other new processes might suffer from various random errors.

Workaround: To avoid this problem, modify the nscd settings by following these steps.

1. Become superuser.

2. Stop the nscd daemon.

   # /etc/init.d/nscd stop

3. Add or modify the following lines in the /etc/nscd.conf file.

   • keep-hot-count hosts 0

   • keep-hot-count ipnodes 0

4. Restart the nscd daemon.

   # /etc/init.d/nscd start

   ---

   Note -

   Not running the nscd will cause the same leak to appear in any multithreaded applications doing host lookups.

   ---

Idle Solaris PPP 4.0 Daemon Might Exit During Holdoff Period (4647938)

The Solaris Point-to-Point Protocol (PPP) 4.0 daemon (pppd) might unexpectedly exit under the following conditions.

• The pppd daemon is idle.

• The demand and holdoff options to the pppd daemon are enabled.

• A packet arrives during the holdoff period.

If the pppd daemon exits unexpectedly, a message similar to the following message is logged in the appropriate system log file.

current date hostname pppd[PID]: [ID 702911 daemon.error] unable
to set IP to pass: Invalid argument
current date hostname pppd[PID]: [ID 702911 daemon.error] unable to
enable IPCP

See the man page pppd(1M) for more information on the demand and holdoff options to the pppd daemon.

Workaround: Choose one of the following workarounds.

• If you do not need the pppd daemon to wait before the daemon tries to re-initiate links, do not use the holdoff option with the pppd daemon.

• Set the holdoff option value to 0.

• Run the pppd daemon from a loop script similar to the following Bourne shell script.

  #!/bin/sh
          while :; do
                  /usr/bin/pppd cua/b lock idle 60 demand nodetach noauth \
                          38400 10.0.0.1:10.0.0.2 holdoff 20
          done

Configuring Multiple Tunnels Between Two IP Nodes With Filtering Enabled Might Result in Packet Loss (4152864)

If you configure multiple IP tunnels between two IP nodes, and enable ip_strict_dst_multihoming or other IP filters, packet loss might result.

Workaround: Choose one of the following workarounds.

• Configure a single tunnel between the two IP nodes and add addresses to the tunnel by using the ifconfig command with the addif option.

• Do not enable ip_strict_dst_multihoming on tunnels between two IP nodes.

Security Bugs

Unlocking CDE Screenlock Removes Kerberos Version 5 Credentials (4674474)

If you unlock a locked CDE session, all your cached Kerberos Version 5 (krb5) credentials might be removed, and you might not be able to access various system utilities. This problem occurs under the following conditions.

• In the /etc/pam.conf file, the dtsession services for your system are configured to use the krb5 module by default.

• You lock your CDE session, and then try to unlock the session.

If this problems occurs, the following error message is displayed.

lock screen: PAM-KRB5 (auth): Error verifying TGT with host/host-name:
Permission denied in replay cache code

Workaround: Add the following non-pam_krb5 dtsession entries to the /etc/pam.conf file.

dtsession auth requisite pam_authtok_get.so.1
dtsession auth required  pam_unix_auth.so.1

With these entries in the /etc/pam.conf file, the pam_krb5 module does not run by default.

CDE Calendar Server Daemon Might Run Out of File Descriptors (4641721)

The CDE Calendar server daemon (rpc.cmsd) might run out of file descriptors. If this problem occurs, calendar users can view their calendar, but cannot add new appointments. An Unknown Error message is displayed.

Workaround: Choose one of the following workarounds.

• If this problem occurs, follow these steps.

  1. Become superuser on the calendar server.

  2. Kill the calendar server daemon.

     # pkill rpc.cmsd

     ---

     Note -

     By default, the rpc.cmsd service is enabled in the /etc/inetd.conf file, and does not need to be restarted. If the rpc.cmsd service is disabled on the calendar server, you must restart the rpc.cmsd daemon after you kill the daemon process.

     ---

• To avoid this problem, apply patch ID 112617-01.

  ---

  Note -

  See the SunSolve^SM Web site at http://sunsolve.sun.com for patches for previous releases of the Solaris operating environment.

  ---

CDE Removable Media Auto Run Functionality Removed From the Solaris 9 Operating Environment (4483353)

The Removable Media auto run functionality in the CDE desktop environment has been temporarily removed from the Solaris 9 operating environment to mitigate potential security issues.

To use the auto run functionality for a CD-ROM or another removable media volume, you must do one of the following:

• Run the volstart program from the top level of the removable media file system

• Follow the instructions included with the CD for access from outside of CDE

For the latest information on security issues and patches, check the SunSolve web site at http://sunsolve.sun.com. All security patches are available from the SunSolve site without a support contract.

cron, at, and batch Cannot Schedule Jobs for Locked Accounts (4622431)

In the Solaris 9 operating environment, locked accounts are treated in the same way as expired or nonexistent accounts. As a result, the cron, at, and batch utilities cannot schedule jobs on locked accounts.

Workaround: To enable locked accounts to accept cron, at, or batch jobs, replace the password field of a locked account (*LK*) with the string NP (for no password.)

Additional Software Bug

Veritas Volume Manager Might Fail on Systems Running Solaris 9 Operating Environment (4642114)

If you try to perform various tasks with Veritas Volume Manager on a system that is running the Solaris 9 operating environment, the vxddladm addjob or vxddladm addsupport utilities might core dump.

Workaround: Follow these steps.

1. Become superuser.

2. Verify that the /var/ld/ld.config file and /usr/bin/crle utility exist on the system.

3. Type the following commands in a terminal window.

   # /usr/bin/cp /var/ld/ld.config /var/ld/ld.config.save # /usr/bin/crle -E LD_LIBRARY_PATH=/usr/lib # appropriate-vxddladm-command # /usr/bin/mv /var/ld/ld.config.save /var/ld/ld.config

Documentation CD Issues

iPlanet Directory Server 5.1 Documentation Links Do Not Work Properly

In the iPlanet Directory Server^TM 5.1 Collection, links titled DocHome and links between separate books do not work. If you select these links, your browser displays a Not Found error.

Workaround: Choose one of the following workarounds.

• To navigate between iPlanet Directory Server 5.1 documents on your system, go to the iPlanet Directory Server 5.1 Collection page, then click the link to the document you want to view.

• View the iPlanet Directory Server 5.1 Collection on http://docs.sun.com.

SUNWsdocs Package Necessary to Remove Other Documentation Packages

If you remove the SUNWsdocs package, then try to remove other documentation packages, the removal fails. This problem occurs because the SUNWsdocs package is installed with any collection and provides the browser entry point.

Workaround: If you removed the SUNWsdocs package, reinstall the SUNWsdocs package from the documentation media and then remove the other documentation packages.

Documentation CD Bugs

European Locale PDF Documents Available Only Through C Locale (4674475)

In the Solaris 9 operating environment, and other UNIX based systems, PDF documents on the Solaris 9 Documentation 1 of 2 CD are not accessible in the following European locales.

• de (German)

• es (Spanish)

• fr (French)

• it (Italian)

• sv (Swedish)

This problem occurs because of a limitation with Adobe Acrobat Reader. For more information on this problem, see the Adobe Technote site at http://www.adobe.com:80/support/techdocs/294de.htm.

Workaround: Choose one of the following workarounds.

• In the Solaris 9 operating environment, and other UNIX based systems, set the environment variable LC_ALL to C acroread. For example, in the C shell, type the following command in a terminal window.

  % env LC_ALL=C acroread

• In non-UNIX based systems, upgrade to Adobe Acrobat Reader 5.0.

Removing Solaris 9 Documentation Packages Might Unexpectedly Uninstall Some Solaris 9 Documentation Collections (4641961)

Some Solaris 9 documentation collections might unexpectedly be removed from your system if the following occurs.

1. You install both the Solaris 9 Documentation 1 of 2 and 2 of 2 CDs on your system.

2. You then use the prodreg utility or the Solaris 9 Documentation CD installer program to remove certain documentation packages.

The Solaris 9 Documentation CD 1 of 2 and 2 of 2 have three collections in common. If you remove the packages that contain these collections from either the Solaris 9 Documentation 1 of 2 and 2 of 2 CD installations, the package is removed for both installations.

The following table lists the packages that might be removed unexpectedly.

Workaround: Choose one of the following workarounds.

• If the uninstall process unexpectedly removed these documentation packages and you want these packages on your system, reinstall the packages from the Solaris 9 Documentation 1 of 2 or 2 of 2 CDs.

• To avoid this problem, use the pkgrm utility to remove the packages you want to eliminate from your system.

Localization Bugs

AltGraph-E Does Not Produce Euro Character in en_US.UTF-8 Locale (4633549)

In the en_US.UTF-8 locale, you cannot input the Euro character by simultaneously pressing the AltGraph and E keys.

Workaround: Choose one of the following workarounds.

• Press and release the Compose key, then press and release the C key, then press and release the = key (Compose+C+=).

  ---

  Note -

  If your keyboard does not include the Compose key, then press the Control key while you press the Shift and T keys (Ctrl-Shift-T).

  ---

• Press the Alt key while you press the 4 key (Alt-4).

Shift-U Does Not Work as Expected in Arabic Locales (4303879)

To generate the diacritic character in Arabic locales, type the Arabic character, then Shift-U.

Sorting in the European UTF-8 Locales Does Not Function Correctly (4307314)

Sorting in the European UTF-8 locales does not work properly.

Workaround: Before you attempt to sort in a FIGGS UTF-8 locale, set the LC_COLLATE variable to the ISO-1 equivalent.

# echo $LC_COLLATE
>  es_ES.UTF-8
# LC_COLLATE=es_ES.IS08859-1
# export LC_COLLATE

Smartcard and Secure Shell Applications Are Not Fully Localized (4304495, 4680353)

Some parts of the Smartcard and Secure Shell applications are not localized, and cannot be fully translated.

iPlanet Directory Server Issues

Setup Issue

When entering Distinguished Names during installation, use the UTF-8 character set encoding. Other encodings are not supported. Installation operations do not convert data from local character set encoding to UTF-8 character set encoding. LDIF files used to import data must also use UTF-8 character set encoding. Import operations do not convert data from local character set encoding to UTF-8 character set encoding.

Schema Issues

The schema provided with the iPlanet Directory Server 5.1 differs from that specified in RFC 2256 for the groupOfNames and groupOfUniquenames object classes. In the schema provided, the member and uniquemember attribute types are optional. RFC 2256 specifies that at least one value for these types must be present in the respective object class.

The aci attribute is an operational attribute. It is not returned in a search unless you explicitly request it.

Replication Issue

Multi-Master Replication over WAN is currently not supported.

Server Plug-in Issues

iPlanet Directory Server 5.1 provides the UID Uniqueness plug-in. By default the plug-in is not activated. To ensure attribute uniqueness for specific attributes, create a new instance of the Attribute Uniqueness plug-in for each attribute. For more information on the Attribute Uniqueness plug-in, refer to the iPlanet Directory Server 5.1 Administrator's Guide.

The Referential Integrity plug-in is now off by default. The Referential Integrity plug-in should only be enabled on one master replica in a multi-master replication environment to avoid conflict resolution loops. Before enabling the Referential Integrity plug-in on servers issuing chaining requests, analyze your performance resource, time, and integrity needs. Integrity checks can consume significant memory and CPU resources.

Roles and Class of Service Issue

The nsRoleDN attribute is used to define a role. It should not be used for evaluating role membership in a user's entry. When evaluating role membership, look at the nsrole attribute.

Indexing Issue

If VLV indexes encompass more than one database, they do not work correctly.

iPlanet Directory Server Bugs

Cannot Inactivate Users Through Console (4521017)

If you launch the iPlanet Directory Server 5.1 Console and create a new user or role as inactive, the newly created user or role is not inactivated. Users and roles cannot be created through the Console as inactive.

Workaround: To create an inactive user or role, follow these steps:

1. Create a new user or role.

2. Double-click the newly created user or role (or select it and click the Properties item from the Object menu).

3. Click the Account tab.

4. Click the Inactivate button.

5. Click OK.

The newly created user or role is Inactivated.

Cannot Configure Directory With Root Suffix That Contains Spaces (4526501)

If the user specifies a base DN containing a space, for example, o=U.S. Government,C=US at iPlanet Directory Server configuration time, the resulting DN is truncated to Government,C=US. At configuration time, the DN should be entered as o=U.S.%20Government,C=US.

Workaround: To correct the base DN entry, follow these steps.

1. Select the top directory entry in the left-hand navigation pane of the Servers and Applications tab on the Console.

2. Edit the suffix in the User directory subtree field.

3. Click OK.

Password Policy Information Is Not Synchronized Between Servers (4527608)

If you update a non-master directory server with password policy information, that information will not be replicated to all other servers. This includes account lockouts.

Workaround: Manage password policy information manually on each server.

Account Lockout Remains in Effect After User Password Is Changed (4527623)

If Account Lockout is in effect and the user password is changed, Account Lockout remains in effect.

Workaround: Reset the accountUnlockTime, passwordRetryCount, and retryCountResetTime lockout attributes to unlock the account.

Console Backup Immediately After Install Fails (4531022)

If you install the iPlanet Directory Server, start the console, initialize the directory with an LDIF file and then backup the server, the Console reports the backup was successful, but it has actually failed.

Workaround: Perform the following tasks from the Console after you initialize the database:

1. Stop the server.

2. Restart the server.

3. Perform the backup.

Server Ignores Case Sensitive Syntax When Normalizing DN Attributes (4630941)

If you are using LDAP naming services, creating automount path names which are the same except for case will result in non-unique path names. The directory server does not allow creation of entries where the naming attribute is defined with a case-sensitive syntax and an entry already exists with the same name, but different case. For example, if entry attr=foo,dc=mycompany,dc=com exists, the server will not allow creation of attr=Foo,dc=mycompany,dc=com. A side effect of this problem is when LDAP naming services are used, automount path names have to be unique regardless of their case.

It is not possible to have /home/foo and /home/Foo paths.

Workaround: None.

Stopping Server During Export, Backup, Restore or Index Creation Crashes Server (4678334)

If the server is stopped during export, backup, restore or index creation, the server will crash.

Workaround: Do not stop the server during these types of operations.

Replication Unable to Use Self-Signed Certificate (4679442)

If the user attempts to configure replication over SSL with certificate-based authentication and the supplier's certificate is self-signed or the supplier's certificate is only capable of behaving as an SSL server certificate that is unable to "play" the role of the client during an SSL handshake, replication will not work.

Workaround: None.