This section lists product limitations. Limitations are not always associated with a change request number.
Changes to file permissions for installed Directory Server Enterprise Edition product files can in some cases prevent the software from operating properly. Only change file permissions when following instructions in the product documentation, or following instructions from Sun support.
To workaround this limitation, install products as a user having appropriate user and group permissions.
Although nothing prevents you from setting up replication for the cn=changelog suffix, doing so can interfere with replication. Do not replication the cn=changelog suffix.
Instead, when running on Windows 2003 in the German locale, install from native packages using the Java ES distribution.
When Directory Server runs on Sun Cluster, and nsslapd-db-home-directory is set to use a directory that is not shared, multiple instances share database cache files. After a failover, the Directory Server instance on the new node uses its potentially outdated database cache files.
To work around this limitation, either use a directory for nsslapd-db-home-directory that is shared, or systematically remove the files under nsslapd-db-home-directory at Directory Server startup.
When LD_LIBRARY_PATH contains /usr/lib, the wrong SASL library is used, causing the dsadm command to fail after installation.
An LDAP modify operation on cn=config can only use the replace sub-operation. Any attempt to add or delete an attribute will be rejected with DSA is unwilling to perform, error 53. While Directory Server 5 accepted adding or deleting an attribute or attribute value, the update was applied to the dse.ldif file without any value validation, and the DSA internal state was not updated until the DSA was stopped and started.
The cn=config configuration interface is deprecated. Where possible use the dsconf command instead.
To work around this limitation, the LDAP modify replace sub-operation can be substituted for the add or delete sub-operation. No loss in functionality occurs. Furthermore, the state of the DSA configuration is more predictable following the change.
This issue affects server instances on Windows systems only. This issue is due to performance on Windows systems when Start TLS is used.
To work around this issue, consider using the -P option with the dsconf command to connect using the SSL port directly. Alternatively, if your network connection is already secured, consider using the -e option with the dsconf command. The option lets you connect to the standard port without requesting a secure connection.
After you remove a replicated Directory Server instance from a replication topology, replication update vectors can continue to maintain references to the instance. As a result, you might encounter referrals to instances that no longer exist.
To work around this issue when installing from native packages, use the cacaoadm enable command as root.
Directory Server now updates the pwdChangedTime operational attribute whenever a password is modified. As this attribute is updated even before you enable password expiration, old passwords expire immediately when you enable password expiration.
An additional condition can cause immediate expiration when you run Directory Server in version 5 password policy mode. If you enabled password expiration in the past, and then turned expiration off, Directory Server still has timestamps on passwordExpirationTime operational attributes. Therefore, when you enable password expiration again, passwords with old passwordExpirationTime operational attributes can expire immediately.
You can give users grace logins to change their password with pwdGraceAuthNLimit. Alternatively, when running Directory Server in version 5 compatible mode for password policy, you can configure Directory Server to warn users before their passwords expire. Set passwordExpireWithoutWarning to off. Also, set passwordWarning appropriately.
The Directory Server configuration property max-thread-per-connection-count does not apply for Windows systems.
A Microsoft Windows 2000 Standard Edition bug causes the Directory Server service to appear as disabled after the service has been deleted from Microsoft Management Console.