This chapter describes runtime issues that are known to be problems.
The following hardware–related issue and bugs apply to the Solaris 9 9/05 release.
This Solaris release supports both USB 1.1 and USB 2.0 devices. The following table is a summary of USB devices that work in specific configurations. Connection types can either be direct to the computer or through a USB hub. Note that USB 1.1 devices and hubs are low speed or full speed. USB 2.0 devices and hubs are high speed. For details about ports and speeds of operation, see the System Administration Guide: Devices and File Systems.
Table 2–1 USB Devices and Configurations| USB Devices | Connection Types | 
|---|---|
| USB 2.0 storage devices | Direct, USB 1.1 hub, USB 2.0 hub | 
| USB 1.1 devices except audio | Direct, USB 1.1 hub, USB 2.0 hub | 
| USB 1.1 audio devices | Direct, USB 1.1 hub | 
| USB 2.0 audio devices | Not supported | 
Extended Display Identification Data (EDID) on the PGX32TM frame buffer might not immediately appear when the monitor is switched from a power-managed state. The monitor is no longer in power-managed state. However, the output that is generated by the command fbconfig -prconf continues to show EDID data fields as “Not Available.” The data become available when you type the command again after a delay of several seconds.
Workaround: None.
Systems with certain USB 2.0 hardware might frequently hang or panic when running this Solaris release. These problems are associated with USB 2.0 devices that are not based on the NEC chip set. When these problems occur, the system generates error messages that involve Enhanced Host Controller Interface (EHCI).
Workaround: Depending on your system's hardware configuration, choose one of the following options:
Replace the USB 2.0 host controller hardware with hardware that is based on the NEC chip set. USB 2.0 hardware that is based on the NEC chip set is known to work well with the Solaris OS.
On systems whose USB 2.0 host controller hardware is built into the motherboard and that have spare PCI slots, perform the following steps:
Add a PCI-based USB 2.0 card that is based on the NEC chip.
Become superuser.
Disable USB 2.0 on the motherboard and enable USB 2.0 support only through the PCI card. Issue the following commands:
| # update_drv -d -i '"pciclass,0c0320"' usba10_ehci # update_drv -a -i '"pci1033,e0"' usba10_ehci # reboot | 
For faster operation, connect your USB 2.0 devices to the card's ports instead of the original ports on the motherboard.
Even if you cannot add new USB hardware to your system, you can still disable your system's EHCI by performing the following steps:
Become superuser.
Issue the following commands:
| # update_drv -d -i '"pciclass,0c0320"' usba10_ehci # reboot | 
USB 2.0 ports are operated by two companion hardware pieces:
EHCI for the high-speed piece
Either Open Host Controller Interface (OHCI) or Universal Host Controller Interface (UHCI) for the low-speed and full-speed piece
On x86 based systems, drivers for both OHCI and UHCI exist. On SPARC based systems, only OHCI USB 1.1 host controller hardware is supported. Therefore, only USB hardware with OHCI companion controllers continue to work on SPARC systems whose companion EHCI controller is disabled. Ports of the USB hardware remain operational even with EHCI disabled, provided that your system has the proper OHCI or UHCI drivers. USB 2.0 devices that are connected to these ports run only as fast as a USB 1.1 device.
To verify whether EHCI and OHCI host controllers exist on your SPARC based systems, type:
# prtconf -D
Check the output for EHCI entries next to one or more OHCI entries, similar to the following example:
| pci, instance #0 (driver name: pci_pci) usb, instance #0 (driver name: usba10_ohci) usb, instance #1 (driver name: usba10_ohci) usb, instance #0 (driver name: usba10_ehci) | 
The following Smart Card bugs apply to the Solaris 9 9/05 OS.
If ocfserv terminates and the display is locked, the system remains locked even when a smart card is inserted or removed.
Workaround: Perform the following steps to unlock your system:
Perform a remote login to the machine on which the ocfserv process was terminated.
Become superuser.
Kill the dtsession process by typing the following in a terminal window.
| # pkill dtsession | 
ocfserv restarts and smart card login and capability are restored.
The Edit Config File menu item in the Smartcards Management Console does not edit smart card configuration files that are located in /etc/smartcard/opencard.properties . If the menu item is selected, a warning is displayed which indicates not to continue unless requested by technical support.
Workaround: Do not use the Edit Config File menu item in the Smartcards Management Console. For information on smart card configuration, see the Solaris Smartcard Administration Guide.
The following CDE bugs apply to the Solaris 9 9/05 OS.
The following UTF-8 locales are missing when the login server starts and the Common Desktop Environment (CDE) login service is launched:
ar_SA.UTF-8
el_GR.UTF-8
nl_BE.UTF-8
nl_NL.UTF-8
pt_PT.UTF-8
Workaround: To use these locales, log in to any other UTF-8 locale. Then, set the LC_ALL variable at the command line. For example:
export LC_ALL=ar_SA.UTF-8
The workaround applies only to SPARC based systems. These locales are unavailable in x86 based systems.
The Removable Media auto run capability in the CDE desktop environment has been temporarily removed from the Solaris 9 9/05 software.
Workaround: To use the auto run function for a CD-ROM or another removable media volume, you must do one of the following:
Run the volstart program from the top level of the removable media file system.
Follow the instructions that are included with the CD for access from outside of CDE.
dtmail crashes after connecting with the IMAP server if the FontList option is specified when dtmail is launched from the command line. See the following example:
| /usr/dt/bin/dtmail -xrm "Dtmail*FontList: -*-r-normal-*:" | 
The following error message is displayed:
| Segmentation Fault | 
This problem occurs in both the C and ja locales.
Workaround: Do not specify the FontList option when you launch dtmail from the command line.
If you try to read an email message with many long lines in any of the Solaris 9 9/05 Unicode or UTF-8 locales, CDE Mailer (dtmail) appears to hang. The message does not display immediately.
Workaround: Choose one of the following workarounds:
Enlarge the dtmail Mailbox window to accommodate 132 columns.
Disable the Complex Text Layout feature by following these steps:
Become superuser.
Change directories to your system's locale directory.
| # cd /usr/lib/locale/locale-name | 
In the previous example, locale-name refers to the name of your system's Solaris 9 9/05 Unicode or UTF-8 locale.
Rename the locale layout engine category.
| # mv LO_LTYPE LO_LTYPE- | 
Rename the category for the locale layout engine to the original name (LO_LTYPE) before you apply any patches to the locale layout engine.
After you delete the last item from the desktop, the item is restored from the handheld device to the desktop when you synchronize your handheld device. Examples of items that you might delete, and then have restored, are the last appointment in your Calendar or the last address in the Address Manager.
Workaround: Manually delete the last entry from the handheld device prior to synchronization.
If you exchange multibyte data between a PDA device and Solaris CDE, the data might be corrupted in both environments.
Workaround: Back up your data on your personal computer with the PDA backup utility before you run the SolarisTM PDASync application. If you accidentally exchange multibyte data and corrupt that data, restore your data from the backup.
The following information pertains to the GNOME 2.0 desktop.
For release notes and troubleshooting information for the GNOME 2.0 desktop, see the following documents at http://docs.sun.com:
GNOME 2.0 Desktop for the Solaris Operating Environment Release Notes
GNOME 2.0 Desktop for the Solaris Operating Environment Troubleshooting Guide
The following System Administration bugs apply to the Solaris 9 9/05 release.
A system panic that occurs while you are performing a suspend-and-resume ( cpr) cycle might cause the system to hang. More typically, this problem is observed in Sun BladeTM 2000 workstations that have the XVR-1000 graphics accelerator installed. Rarely, other SPARC based systems might similarly hang during a panic. When the panic occurs, the core dump is not saved, and no prompt appears on the console. The problem might be more prevalent if the kernel debugger (kadb) is active.
Workaround: To restore the system to a usable state, manually reboot the system.
If you attempt to stop the system by pressing keyboard sequences such as Stop-A or L1-A, the system might panic. An error message similar to the following example is displayed:
| panic[cpu2]/thread=2a100337d40: pcisch2 (pci@9,700000): consistent dma sync timeout | 
Workaround: Do not use keyboard sequences to force the system to enter OpenBootTM PROM.
The Universal Serial Bus Architecture (USBA) Modular DeBugger (mdb ) commands might not be automatically configured on some x86 systems.
Workaround: To access the USBA mdb commands, run the following command to load the usba mdb module manually after starting mdb:
| > ::load usba | 
After the usba mdb module is loaded, you can obtain a list of all the USB commands by running the following command:
| > ::dcmds ! grep usb | 
The Locale Administrator tool (localeadm) fails to set up new locales if you use the Solaris Installation CDs to install the necessary packages. The failure occurs as you are installing packages from the Solaris Software 1 of 2 CD. The tool does not automatically eject the 1 of 2 CD. Consequently, you cannot insert the next CD to continue the installation.
Workaround: To install the packages for your locale, use the Solaris DVD or a network installation image. If neither is available, then perform the following steps:
Obtain the list of the Solaris packages that are needed to set up the locale you are installing.
% localeadm -v -q option
option is the name of the region or locale that you are setting up. For example, for the Western European region, type weu for the option.
A list of packages is displayed in the order in which these packages are found in the Installation CDs, as follows:
Solaris Software 1 of 2 CD
Solaris Software 2 of 2 CD
Languages CD
Copy the listed packages from the respective CDs to a directory on the machine or the network. To determine the exact path to these packages in each CD, use the find command.
Rerun the localeadm command to install these packages. The source directory is the directory to which you copied the packages in the previous step.
You are booting a Sun LX50 which has a Service partition and the Solaris 9 9/05 (x86 Platform Edition) software is installed. Pressing the F4 function key to boot the Service partition, when given the option, causes the screen to go blank. The system then fails to boot the Service partition.
Workaround: Do not press the F4 key when the BIOS Bootup Screen is displayed. After a time-out period, the Current Disk Partition Information screen is displayed. Select the number in the Part# column that corresponds to type=DIAGNOSTIC. Press the Return key. The system boots the Service partition.
The Solaris WBEM Services 2.5 daemon cannot locate providers that are written to the com.sun.wbem.provider interface or to the com.sun.wbem.provider20 interface. Even if you create a Solaris_ProviderPath instance for a provider that is written to these interfaces, the Solaris WBEM Services 2.5 daemon does not locate the provider.
Workaround: To enable the daemon to locate such a provider, stop and restart the Solaris WBEM Services 2.5 daemon.
| # /etc/init.d/init.wbem stop # /etc/init.d/init.wbem start | 
If you use the javax API to develop your provider,
you do not need to stop and restart the Solaris WBEM Services 2.5 daemon. The Solaris
WBEM Services 2.5 daemon dynamically recognizes javax providers.
If you choose to use the com.sun application programming
interface rather than the javax application
programming interface to develop your WBEM software, only Common Information Model
(CIM) remote method invocation (RMI) is fully supported. Other protocols, such as
XML/HTTP, are not guaranteed to work completely with the com.sun application
programming interface.
The following table lists examples of invocations that execute successfully under RMI but fail under XML/HTTP:
| Method Invocation | Error Message | 
|---|---|
| CIMClient.close() | NullPointerException | 
| CIMClient.execQuery() | CIM_ERR_QUERY_LANGUAGE_NOT_SUPPORTED | 
| CIMClient.getInstance() | CIM_ERR_FAILED | 
| CIMClient.invokeMethod() | XMLERROR: ClassCastException | 
The Solaris Management Console Mounts and Shares tool cannot modify mount options on system-critical file systems such as root (/), /usr, and /var.
Workaround: Choose one of the following workarounds:
Use the remount option with the mount command.
| # mount -F file-system-type -o remount, additional-mount-options \ device-to-mount mount-point | 
Mount property modifications that are made by using the -remount option with the mount command are not persistent. In addition, all mount options that are not specified in the additional-mount-options portion of the previous command inherit the default values that are specified by the system. See the man page mount_ufs(1M) for more information.
Edit the appropriate entry in the /etc/vfstab file to modify the file-system mount properties, then reboot the system.
The following Solaris Volume Manager issue applies to the Solaris 9 9/05 release.
If you have a Solaris Volume Manager mirrored root (/) file system in which the file system does not start on cylinder 0, all submirrors you attach must also not start on cylinder 0.
If you attempt to attach a submirror starting on cylinder 0 to a mirror in which the original submirror does not start on cylinder 0, the following error message is displayed:
| can't attach labeled submirror to an unlabeled mirror | 
Workaround: Choose one of the following workarounds:
Ensure that both the root file system and the volume for the other submirror start on cylinder 0.
Ensure that both the root file system and the volume for the other submirror do not start on cylinder 0.
By default, the JumpStart installation process starts swap at cylinder 0 and the root (/) file system somewhere else on the disk. Common system administration practice is to start slice 0 at cylinder 0. Mirroring a default JumpStart installation with root on slice 0, but not cylinder 0, to a typical secondary disk with slice 0 that starts at cylinder 0, can cause problems. This mirroring results in an error message when you attempt to attach the second submirror. For more information about the default behavior of Solaris installation programs, see the Solaris 9 9/04 Installation Guide.
The following Solaris Volume Manager bugs apply to the Solaris 9 9/05 release.
In non-English locales, the Solaris Volume Manager metassist command fails to create volumes. For example, if LANG is set to ja (Japanese), the following error message is displayed:
| xmlEncodeEntitiesReentrant : input not UTF-8 Syntax of value for attribute read on mirror is not valid Value "XXXXXX"(unknown word) for attribute read on mirror is not among the enumerated set Syntax of value for attribute write on mirror is not valid Value "XXXXXX"(Parallel in Japanse) for attribute write on mirror is not among the enumerated set metassist: XXXXXX(invalid in Japanese) volume-config | 
Workaround: As superuser, set the LANG variable to LANG=C.
For the Bourne, Korn, and Bash shells, use the following command:
| # export LANG=C | 
For the C shell, use the following command:
| # setenv LANG C | 
If you create a Solaris Volume Manager RAID-1 (mirror) or RAID-5 volume in a disk set that is built on top of a soft partition, hot spare devices do not work correctly.
Problems that you might encounter include, but are not limited to, the following:
A hot spare device might not activate.
A hot spare device status might change, indicating the device is broken.
A hot spare device is used, but resynced from the wrong drive.
A hot spare device in use encounters a failure, but the broken status is not reported.
Workaround: Do not use this configuration to create a Solaris Volume Manager RAID-1 or RAID-5 volume in disk sets.
You cannot replace a failed drive with a drive that has been configured with the Solaris Volume Manager software. The replacement drive must be new to Solaris Volume Manager software. If you physically move a disk from one slot to another slot on a Sun StorEdgeTM A5x00, the metadevadm command fails. This failure occurs when the logical device name for the slice no longer exists. However, the device ID for the disk remains present in the metadevice replica. The following message is displayed:
| Unnamed device detected. Please run 'devfsadm && metadevadm -r to resolve. | 
You can access the disk at the new location during this time. However, you might need to use the old logical device name to access the slice.
Workaround: Physically move the drive back to its original slot.
If you remove and replace a physical disk from the system, and then use the metarecover -p -d command to write the appropriate soft partition specific information to the disk, an open failure results. The command does not update the metadevice database namespace to reflect the change in disk device identification. The condition causes an open failure for each such soft partition that is built on top of the disk. The following message is displayed:
| Open Error | 
Workaround: Create a soft partition on the new disk instead of using the metarecover command to recover the soft partition.
If the soft partition is part of a mirror or RAID 5, use the metareplace command without the -e option to replace the old soft partition with the new soft partition.
| # metareplace dx mirror or RAID 5 old_soft_partition new_soft_partition | 
The following Networking bug applies to the Solaris 9 9/05 release.
If you configure multiple IP tunnels between two IP nodes, and enable ip_strict_dst_multihoming or other IP filters, packet loss might result.
Workaround: Choose one of the following:
First, configure a single tunnel between the two IP nodes. Add addresses to the tunnel by using the ifconfig command with the addif option.
Do not enable ip_strict_dst_multihoming on tunnels between two IP nodes.
The following Standards bug applies to the Solaris 9 9/05 release.
The dflcn.h header file displays symbols in /usr/include/sys/auxv.h that are not permitted in UNIX(R) 98 or UNIX 03. If you compile UNIX 98 or UNIX 03 applications that include this header file, the compiler generates syntax errors. Consquently, the compilation is not completed.
You can avoid the errors by using compilers other than c89 or c99 compiler utilities. However, the compiled applications will not be compliant with UNIX 98 or UNIX 03. Furthermore, even if you use the cc compiler utility, compilation also fails if the -D_XOPEN_SOURCE flag is defined.
For example, if you compile an application that uses the -D_XOPEN_SOURCE=600 compiler flag, the following error message is displayed:
| "/usr/include/sys/auxv.h", line 45: syntax error before or at: "a_type unprotected" "/usr/include/sys/auxv.h", line 45: warning: syntax requires ";" after last struct/union member "/usr/include/sys/auxv.h", line 54: zero-sized struct/union "/usr/include/sys/auxv.h", line 54: warning: syntax error: empty declaration "/usr/include/sys/auxv.h", line 55: warning: old-style declaration or incorrect type for: auxv_t | 
Workaround: Apply either of the following patches:
For SPARC based systems: Patch ID 112963-23
For x86 based systems: Patch ID 113986-19
The following Documentation CD issues apply to the Solaris 9 9/05 release.
In the iPlanetTM Directory Server 5.1 Collection (Solaris Edition), links titled DocHome do not work. In addition, links between separate books do not work. If you select these links, your browser displays a Not Found error.
Workaround: To navigate between iPlanet Directory Server 5.1 documents on your system, go to the iPlanet Directory Server 5.1 Collection (Solaris Edition) page at http://docs.sun.com. Click the link to the document you want to view.
If you remove the SUNWsdocs package, then try to remove other documentation packages, the removal fails. This problem occurs because the SUNWsdocs package is installed with any collection and provides the browser entry point.
Workaround: If you removed the SUNWsdocs package, reinstall the SUNWsdocs package from the documentation media and then remove the other documentation packages.
The following Documentation CD bugs apply to the Solaris 9 9/05 release.
In the Solaris 9 9/05 software and other systems based on UNIX, PDF documents on the Solaris 9 9/05 Documentation 1 of 2 CD are not accessible in the following European locales:
de (German)
es (Spanish)
fr (French)
it (Italian)
sv (Swedish)
This problem occurs because of a limitation with Adobe Acrobat Reader. For more information on this problem, see the Adobe Technote site at http://www.adobe.com:80/support/techdocs/294de.htm.
Workaround: Choose one of the following workarounds.
In the Solaris 9 9/05 software and other systems based on UNIX, set the environment variable LC_ALL to C acroread. For example, in the C shell, type the following command in a terminal window:
| % env LC_ALL=C acroread | 
For systems that are not based on UNIX, upgrade to Adobe Acrobat Reader 5.0 or a later version.
Some Solaris 9 9/05 documentation collections might be unexpectedly removed from your system under the following circumstances:
You install both the Solaris 9 9/05 Documentation 1 of 2 and 2 of 2 CDs on your system.
You then use the prodreg utility or the Solaris 9 9/05 Documentation CD installer program to remove certain documentation packages.
The Solaris 9 9/05 Documentation CD 1 of 2 and 2 of 2 have three collections in common. If you remove the packages that contain these collections from either of the Solaris 9 9/05 Documentation 1 of 2 or 2 of 2 CD installations, the package is removed for both installations.
The following table lists the packages that might be removed unexpectedly.
Table 2–2 Solaris 9 9/05 Documentation Packages Contained on Both Solaris 9 9/05 Documentation CDs| HTML Package Names | PDF Package Names | Collection Description | 
|---|---|---|
| SUNWaadm | SUNWpaadm | Solaris 9 System Administrator Collection | 
| SUNWdev | SUNWpdev | Solaris 9 Developer Collection | 
| SUNWids | SUNWpids | iPlanet Directory Server 5.1 Collection | 
Workaround: Choose one of the following workarounds:
If the uninstall process unexpectedly removed these documentation packages, and you want these packages on your system, reinstall the packages from the Solaris 9 9/05 Documentation 1 of 2 or 2 of 2 CDs.
To avoid this problem, use the pkgrm utility to remove the packages that you want to eliminate from your system.
The following is a Localization issue that applies to the Solaris 9 9/05 release.
Software support for three additional keyboard layouts has been added to the Solaris 9 software for this release: Estonian keyboard Type 6, French Canadian keyboard Type 6, and Polish programmers keyboard Type 5.
This software gives users in Estonia, Canada, and Poland greater flexibility for keyboard input by modifying standard U.S. keyboard layouts to their own language needs.
Currently, no hardware is available for the three additional keyboard layout types.
Workaround: To take advantage of this new keyboard software, modify the /usr/openwin/share/etc/keytables/keytable.map file in one of the following ways:
For the Estonian Type 6 keyboard, make the following changes:
Change the US6.kt entry to Estonia6.kt in the /usr/openwin/share/etc/keytables/keytable.map file. The modified entry should read as follows:
| 6 0 Estonia6.kt | 
Add the following entries to the /usr/openwin/lib/locale/iso8859-15/Compose file:
| <scaron> | : "/xa8" | scaron | 
| <scaron> | : "/xa6" | scaron | 
| <scaron> | : "/270" | scaron | 
| <scaron> | : "/264" | scaron | 
Reboot the system for the changes to take effect.
For the French Canadian Type 6 keyboard, make the following changes:
Change the US6.kt entry to Canada6.kt in the /usr/openwin/share/etc/keytables/keytable.map file. The modified entry should read as follows:
| 6 0 Canada6.kt | 
Reboot the system for the changes to take effect.
If you are using the existing Polish Type 5 keyboard layout, make the following changes:
Change the Poland5.kt entry to Poland5_pr.kt in the /usr/openwin/ share/etc/keytables/keytable.map file. The modified entry should read as follows:
| 4 52 Poland5_pr.kt | 
If you are using a keyboard with dip-switches, make sure the switches are set to the correct binary value for the Polish keytable entry (binary 52) before rebooting the system.
If you are using a standard U.S. Type 5 keyboard, change the US5.kt entry to Poland5_pr.kt in the /usr/openwin/share/etc/keytables/keytable.map file. The modified entry should read as follows:
| 4 33 Poland5_pr.kt | 
Reboot the system for the changes to take effect.
The following Localization bugs apply to the Solaris 9 9/05 release.
The sort capability in the European UTF-8 locales does not work properly.
Workaround: Before you attempt to sort in a FIGGS UTF-8 locale, set the LC_COLLATE variable to the ISO–1 equivalent.
| # echo $LC_COLLATE > es_ES.UTF-8 # LC_COLLATE=es_ES.IS08859-1 # export LC_COLLATE | 
Then start sorting.
The following Sun ONE Application Server bugs apply to the Solaris 9 9/05 release.
When you attempt to use the Sun ONE Application Server Administrative UI with the Solaris 9 9/05 software default browser, the following error message is displayed:
| Unsupported Browser: Netscape 4.78 It is recommended that you upgrade your browser to Netscape 4.79 or Netscape 6.2 (or later) to run the Sun One Application Server Administrative UI. Those who choose to continue and not upgrade may notice degraded performance or unexpected behavior. | 
If you are running the version of Sun ONE Application Server Administrative UI that is included in the Solaris 9 9/05 release, use Netscape 4.79 or Netscape 7.0 software.
Workaround: Use /usr/dt/appconfig/SUNWns/netscape instead of /usr/dt/bin/netscape.
The following issues pertains to the Sun ONE Directory Server processes and tasks.
When typing a Distinguished Name (DN) during installation, use the UTF-8 character set encoding. Other encodings are not supported. Installation operations do not convert data from local character set encoding to UTF-8 character set encoding. Lightweight Directory Interchange Format (LDIF) files that are used to import data must also use UTF-8 character set encoding. Import operations do not convert data from local character set encoding to UTF-8 character set encoding.
The schema provided with the Sun Open Net Environment (Sun ONE) Directory Server (formerly iPlanet Directory Server) 5.1 differs from the schema that is specified in RFC 2256 for the groupOfNames and groupOfUniquenames object classes. In the schema provided, the member and uniquemember attribute types are optional. RFC 2256 specifies at least one value for these types must be present in the respective object class.
The aci attribute is an operational attribute that is not returned in a search, unless you explicitly request the attribute.
Multimaster replication over a wide area network (WAN) is currently not supported.
Sun ONE Directory Server 5.1 provides the user identification number (UID) Uniqueness plug-in. By default, the plug-in is not activated. To ensure attribute uniqueness for specific attributes, create a new instance of the Attribute Uniqueness plug-in for each attribute. For more information on the Attribute Uniqueness plug-in, refer to the iPlanet Directory Server 5.1 Administrator's Guide at http://docs.sun.com.
The Referential Integrity plug-in is now off by default. To avoid conflict resolution loops, the Referential Integrity plug-in should only be enabled on one master replica in a multimaster replication environment. Before enabling the Referential Integrity plug-in on servers that issue chaining requests, analyze your performance resource, time, and integrity needs. Integrity checks can consume significant memory and CPU resources.
The nsRoleDN attribute is used to define a role. This attribute should not be used for evaluating role membership in a user's entry. When evaluating role membership, look at the nsrole attribute.
If virtual list view (VLV) indexes encompass more than one database, the VLV indexes do not work correctly.
The following Sun ONE Directory Server bugs apply to the Solaris 9 9/05 release.
If you launch the Sun ONE Directory Server 5.1 Console and create a new user or new role as inactive, the newly created user or newly created role is not inactivated. Users and roles cannot be created through the Console as inactive.
Workaround: To create an inactive user or inactive role, follow these steps:
Create the new user or new role.
Double-click the newly created user or newly created role. Or, select the newly created user or newly created role. Click the Properties item from the Object menu.
Click the Account tab.
Click the Inactivate button.
Click OK.
The newly created user or newly created role is inactivated.
If you specify a base DN that contains a space, for example, o=U.S. Government,C=US at Sun ONE Directory Server 5.1 configuration time, the resulting DN is truncated to Government,C=US. At configuration time, the DN should be typed as o=U.S.%20Government,C=US.
Workaround: To correct the base DN entry, follow these steps:
Select the top directory entry in the left side of the navigation pane of the Servers and Applications tab on the Console.
Edit the suffix in the User directory subtree field.
Click OK.
If Account Lockout is effective and the user password is changed, Account Lockout remains effective.
Workaround: Reset the accountUnlockTime , passwordRetryCount, and retryCountResetTime lockout attributes to unlock the account.
If you install the Sun ONE Directory Server 5.1, start the console, initialize the directory with an LDIF file, and then back up the server, the Console reports the backup was successful. However, the backup has actually failed.
Workaround: Perform the following tasks from the Console after you initialize the database:
Stop the server.
Restart the server.
Perform the backup.
You cannot use the LDAP naming services to create automount path names that are identical, with the exception of case results in nonunique path names. The directory server does not allow creation of entries if the naming attribute is defined with case-sensitive syntax, and an entry already exists with the same name, but a different case.
For example, /home/foo and /home/Foo paths cannot coexist.
If entry attr=foo,dc=mycompany,dc=com exists, the server does not allow the creation of attr=Foo,dc=mycompany,dc=com. A corollary of this problem is when LDAP naming services are used, automount path names have to be unique, regardless of their case.
Workaround: None.
If the server is stopped during export, backup, restore or index creation, the server crashes.
Workaround: Do not stop the server during these types of operations.
If you attempt to configure replication over SSL with certificate-based authentication, replication does not work if either of the following conditions exist:
The supplier's certificate is self-signed.
The supplier's certificate is only capable of behaving as an SSL server certificate that is unable to play the role of the client during an SSL handshake.
Workaround: None.
The following security issue applies to the Solaris 9 9/05 release.
After the account management PAM module for LDAP (pam_ldap) is enabled, users must have passwords to log in to the system. Consequently, nonpassword-based logins fail, including those logins that use the following tools:.
Remote shell (rsh)
Remote login (rlogin)
Secure shell (ssh)
Workaround: None.
The following UFS File System bugs apply to the Solaris 9 9/05 release.
Using the fssnap command to create a snapshot of a UFS file system that is greater than 1 Tbyte in size is not supported in the Solaris 9 9/05 release. The following error message is displayed:
| fssnap: Fatal: File system /dir/snapshot0 support large files. | 
Workaround: None.