These release notes contain important information available at the time of the release of Sun[tm] ONE Directory Server (formerly iPlanet Directory Server) 5.1 Service Pack 2. New features and enhancements, known limitations, and other late breaking issues are addressed here. Read this document before you begin using iPlanet Directory Server 5.1 Service Pack2.
An electronic version of these release notes can be found at the iPlanet documentation web site:
http://docs.sun.com/coll/S1_ipDirectoryServer_51Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up to date release notes and manuals.
These release notes contain the following sections:
- What's New in iPlanet Directory Server 5.1
- Supported Platforms for iPlanet Directory Server 5.1 Service Pack 2
- Installation procedures for iPlanet Directory Server 5.1 Service Pack 2
- Problems Corrected in iPlanet Directory Server 5.1 Service Pack 2
- Enhancements and Problems Corrected in iPlanet Directory Server 5.1
- Known Limitations
- Accessing Online Help and Online Documentation
- How to Report Problems
- For More Information
- Third Party License Acknowledgments
For information on hardware and software requirements, refer to the iPlanet Directory Server Installation Guide.
What's New in iPlanet Directory Server 5.1iPlanet Directory Server 5.1 contains the following new features and enhancements:
Due to architectural changes made in iPlanet Directory Server, some features that were previously available are no longer included. These are:
- Updated and improved management console. The new Directory Server Console offers an improved dialog for configuring replication, and a new directory browser. In this release, the Directory tab has several layout options for navigating the directory tree: as before with leaf entries in the right-hand pane, as a single tree in a single pane, or with attributes for the selected entry displayed on the right. For details, refer to Chapter 1 of the iPlanet Directory Server Administrator's Guide.
- Performance Improvements over Directory Server 5.0. This new release of Directory Server offers increased performance over Directory Server 5.0 and 4.x.
- Support for IPv6. Directory Server 5.1 can accept incoming connections from IPv6 clients. Currently the Directory Server cannot interpret IPv6 addresses in access control instructions, or use IPv6 connections for operations such as replication and chaining. The Administration itConsole cannot be used on networks supporting only IPv6.
- Improved scalability and performance of Roles and Class of Service. Roles and Class of Service, introduced in iPlanet Directory Server 5.0, have been enhanced in this release to increase scalability.
- Support for the plug-in API. If you need to create custom plug-in functions you can also contact the iPlanet Professional Services organization at: http://www.sun.com/service/sunps/sun one/index.html.
- Schema Documentation. A new document, iPlanet Directory Server Schema Reference, describes the schema provided with Directory Server 5.1. The document focuses on schema objects useful to support your directory information.
- NT Sync Service. You can no longer create Windows NT accounts through the directory console. When you right click an entry under the Directory tab in the directory console and select New>User to display the Create New User dialog box, you still see the NTUser tab in the left-hand column. Since the Windows NT Sync Service is no longer available,using the fields of the NT User tab will create an entry in the directory only. No new Windows NT account is created.
- Database Backend Plug-in Interface. The enhanced pre-operation interfaces may be used instead of the database backend plug-in interface, to implement plug-ins that are designed to provide access to alternative directory data stores.
- Directory Server Gateway. The Directory Server Gateway is no longer delivered with iPlanet Directory Server 5.1. We recommend that you investigate LDAP Tag Library, scheduled to be available as part of the iPlanet Directory Server Resource Kit 5.1, as a good Directory Server Gateway replacement. For further information see:
http://wwws.sun.com/software/download/< /ul>
Supported Platforms for iPlanet Directory Server 5.1 ServicePack 2iPlanet Directory Server 5.1 Service Pack 2 is supported on the following platforms:
This release of iPlanet Directory Server is not supported on Sun Solaris 2.6 or Sun Solaris 7. You must upgrade to Sun Solaris 8 prior to upgrading to or installing iPlanet Directory Server 5.1 Service Pack 2.
- Sun Solaris 9 for SPARC (32 and 64-bit) operating environment
- Sun Solaris 8 for UltraSPARC (32 and 64-bit) operating environment
- Sun Linux 5.0 for the Sun LX50 Server
- Microsoft Windows NT 4.0 Server, SP 6a (x86 only)
- Microsoft Windows 2000 Server and Advanced Server SP 2 (x86 only)
- Hewlett-Packard HP-UX 11.0/11i (PA-RISC 1.1 or 2.0)
- IBM AIX 4.3.3 (Power PC)
- Red Hat Linux 7.2 (IA-32)
iPlanet Directory Server 5.1 Service Pack 2 requires specific operating system patches or service packs to be installed before iPlanet Directory Server can be installed. Installation of iPlanet Directory Server 5.1 Service Pack 2 may fail if the recommended patches or service packs are not present.
On operating environments other than Windows, you must run the idsktune utility prior to installing iPlanet Directory Server 5.1 Service Pack 2. After you expand the product package, you will find the idsktune utility in the same directory as the setup program. Install the patches recommended by the idsktune utility. For further information, refer to the iPlanet Directory Server Installation Guide.
You may obtain Sun Solaris patches from:
- http://sunsolve.sun.com
Installation Procedures for iPlanet Directory Server 5.1 Service Pack 2
Note If you run Administration Server as root, all commands initiated by the administration user will also be run as root. Therefore you must apply the same rules of confidentiality and security to the administration password as you would to the root password of your server.
- If you are performing a new installation, please refer to the iPlanet Directory Server Installation Guide.
- If you are upgrading from iPlanet Directory Server 5.1 or 5.1 SP1:
Important: iPlanet Directory Server 5.1 is bundled with Solaris 9. If you are running the bundled version, for example if packages such as IPLTdscon, IPLTdsman, IPLTdsr, and IPLTdsu are installed, then do not install this Service Pack. Instead, install the appropriate patch for your system. The following are the 5.1 Service Pack 2 Patch IDs for Solaris 9:
- SPARC: 113859-02
- Intel: 114273-02
It is possible to install Service Pack 2 on top of an existing, unbundled iPlanet Directory Server 5.1 installation by performing the following steps:
- Be sure the Administration Server is running.
- Be sure the iPlanet Directory Server 5.1 is running.
- See the "Installation" section of the Known Limitations for instructions that apply to certain configurations. In particular, you must turn off the password history and disable the "check password history" features before installing Service Pack 2.
- Follow the "Typical installation" procedures in Chapter 3, "Using Express and Typical Installation," of the iPlanet Directory Server Installation Guide.
NOTE: In step 10, be sure to use the full path to the location where you originally installed Directory Server 5.1.
- iPlanet Directory Server 5.1 Service Pack 2 can also be installed on top of a running, localized, version of iPlanet Directory Server 5.1. The Service Pack 2 only delivers objects (binary, java file for example) which are not involved in the localization mechanism.
- On HP-UX 11.0/11 only, to be able to install iPlanet Directory Server 5.1 Service Pack 2, you must check that the number of file descriptors is less or equal to 2048. Please refer to the "Installation" section of the "Known Limitations" for more details.
- If you are migrating from Netscape Directory Server 4.x or iPlanet Directory Server 5.0, please refer to Chapter 6, Migrating From Previous Versions in the iPlanet Directory Server Installation Guide. Also, see the relevant installation and migration paragraphs in the "Known Limitations" section of this document.
Problems Corrected in iPlanet Directory Server 5.1 ServicePack 2iPlanet Directory Server 5.1 Service Pack 2 includes fixes to the following known problems that occurred in earlier releases of iPlanet Directory Server:
- Replication
- Delete operation was not propagated to the consumer in cascading replication (4550044)
- On Windows platforms, an optimization test aborted replication processing (4616579)
- nsTombstone entries were not purged (4617521)
- Directory server encountered many tombstone errors (4633404)
- Replication supplier was disabled and could not restart when the RUV database was corrupted (4533706)
- Replication became unsynchronized and stopped (4617085)
- Changing case sensitive attribute values failed in MMR (4624693)
- Replication supplier crashed after deleting attribute (4627443)
- Directory crashed or hung when replication was enabled (4643122)
- Replication broke when migrating consumer from 5.0 and subsequent Service Packs (4646392)
- Replication failed to restart from supplier to consumer (4658810)
- Replication between 4.x and 5.1 halted when updating operational attributes (4665571)
- Directory server crashed when some replication agreement attributes were missing (4672889)
- Turning system time backwards halted replication (4672960)
- Consumer chained a database initialisation request when distribution plug-in was enabled (4684519)
- Could not monitor the replication update vector in the replica object (4691101)
- During data import the changelog database could get corrupted and replication failed (4711201)
- Replication stalled for 10 minutes and server was inaccessible (4711202)
- Referrals for modifying entries failed, due to the DN being trimmed at the space (4627760) (4743633)
- Tombstone entries were not deleted if one master was never updated. (4639560)
- Accounts could not be unlocked on non-master 5.0 servers. (4527608)
- An invalid replication configuration caused the consumer to crash (4742450)
- Disabling and re-enabling replication stopped the replication on one master in a multi-master configuration. (4748399)
- In certain cases, a replication configuration in which a 5.1 Directory server accepted updates from a legacy master, caused the server to crash (within ruv_init_from_slapi_attr_and_check_purl() function) (4675387)
- Replication was unreliable with MODRDN operations from a 4.16 supplier Directory Server. (4778334)
- Changelog was not purged properly when the consumer was stopped before any change were replicated (4758387)
- Changelog trimming did not take place in a multimaster environment. (4780230)
- Configuring nsslapd-changelogmaxage replaced the "top" objectclass of cn=changelog5,cn=config entry with indecipherable binary value. (4704039)
- During replication, modifications could be missing on a consumer (4786475)
- Legacy Replication failed when Password policy was enabled on 4.x (4767182)
- CSN value generating process has been improved to avoid a time skew (4695152)
- Replication wouldn't restart after restoring database with the bak2db utility. (4689805)
- Replication broke when initialization occured from both supplier servers (4797685)
- Deadlock occured on ns-slapd server due to a cross locking problem in the entry cache (4786154)
- Issuing two total updates on a server at the same time caused the first server to be unable to complete the operation. (4773823)
- Console
- The Replica ID was not displayed correctly on Windows platforms (4589224)
- Could not use special character in console administrator password (4672914)
- Could not access user data in a remote directory server with SSL enabled (4663658)
- Console modifications for RDN caused exception violations when saved (4668480)
- Console did not display time correctly (4615165)
- Bold Japanese characters were displayed as square boxes (4645544)
- Removal of CA certificates failed (4658787)
- Default install parameter for "Number of file descriptors" was out of range (4592931)
- Console could not display the user menu if there were more than 35 users (4749234)
- It was not possible to set/unset HUB radio-button through the Console(4538268)
- The console failed to load the jss library on Linux (4704635)
- iPlanet Administration Express tool was unable to display data if the installation path was too long (4738639)
- Console startup failed on Windows 2000 if the installation path contained spaces (4789601)
- Console did not allow the addition of a member to a group which contained a double-quote in the DN. (4683476)
- Console performed a modrdn operation if *no* change was made in the Console Property Editor window and the OK button was pressed (4669525)
- Directory server hung when a backup task was issued from the Console. (4735919)
- The indexes screen from the DS Console (Configuration Tab, data subtree, userRoot database, Indexes Tab) appeared as a blank screen. (4530509)
- The Console did not update the modified/removed entry names. (4614559)
- Database
- Old data could be written back into the current database (4638816)
- The ns-slapd process crashed during import (4623119)
- The maximum number of object locks was not set to the correct scaled value and caused error message "libdb: Lock table is out of available locks" (4651972)
- Issuing the command db2ldif.pl -s "suffix" could lead the replication to halt and the server to hang due to a database lock never unlocked (4802963)
- Within a multi-master replication configuration, the error : "_cl5GetNextEntry: failed to get entry; db error - 12 Not enough space" was possible. (4652031)
- The database indexes got set to ALLIDS inappropriately. (4705641)
- Plug-ins
- In a replication setup, when the retro changelog plug-in was enabled, changelog trimming occurred every five minutes, regardless of the nsslapd-changelogmaxage value. (4652859) (4809504)
- Only the first modification in the attribute to check was taken into account by both the 7 bit checking plug-in and uid uniqueness plug-in. (4754469)
- The 7 bit checking plug-in did not check the correct attribute. (4786547)
- The distribution plug-in did not handle internal operations correctly. (4684519)
- The certificate mapping plug-in was not loaded on Linux platforms. (4778128)
- Security
- The process of finding the password attribute has been changed (4619976)
- Directory server did not verify the SSL peer hostname (4615324)
- Password expiration was inconsistent (4532757)
- A security problem concerning the retro-changelog plug-in has been fixed (4618824)
- The number of unsuccessful attempts not reset after a successful bind (4645887)
- Illegal SNMP PDU caused the Master agent to fail - CERT Advisory CA-2002-03 (4532320)
- Server was failing to detect all the "empty string cases" for aci definitions. This caused a core dump. (4719564)
- A security hole in 5.x Directory Admin Server (iWS 6.0SP1 and iWS 6.0SP2) is fixed. (4707395)
- ACI for 'Directory Administrators Group' has been fixed. (4713256)
- ACI evaluation was done incorrectly for parent rules. (4753087)
- ACI evaluation wasn't correctly applied to recursive deletion of entries. (4795280)
- User password was still in clear after running the ldif2db command utility with the passwordStorageScheme set to SSHA. (4669879)
- Directory Server instance hung when the SSL bound application was suspended. (4786504)
- The delete operation based on an entry DN containing numerous commas crashed the server. (4735062)
- The Directory Server perl scripts exposed the user DN password. (4732352)
- Recovery
- Directory Server instance did not restart after a system crash. (4620546)
- Directory Server crashed when client abandoned a persistant search operation. (4640273)
- Connection
- Connections were sometimes closed eventhough they were not idle for the specified idletimeout. (4791877)
- LDAP access
- Directory search failed on Replica with scope of "one" (4614741)
- Directory crashed (SIGBUS) during a search (4639232)
- "bind timeout" was ignored for non responding host (4639408)
- Directory responded incorrectly to an unbind request (4623308)
- ldapmodify incorrectly interpreted base64 encoded values (4665564)
- Directory crashed when binding to an entry that was being created (4674387)
- Search was giving wrong results for specific order of search filters containing not operators (4715955)
- A range search for an empty range like (&(uid>=7)(uid<=9)) crashed the server. (4708296)
- Issuing an ldap delete command with a very large DN may caused the Directory to crash (4735062)
- Substring search did not work correctly on integer syntax attributes. (4717121)
- Directory Server was accepting multiple additions of identical attribute value pairs. (4722987)
- "numsubordinates assertion failure" error occured when adding a child entry to a parent entry on one master while deleting the same parent entry from another master at the same time. (4709128)
- Directory crashed when filters were nested too deeply. (4621920)
- Directory could crash when performing an internal modification while attributes were being deleted. (4759670)
- Directory could crash when binding with an entry that had two or more virtual attribute values. (4787220)
- It was possible to create an entry with duplicate objectclass values. (4761010)
- Performance
- Enabling the retro-changelog plug-in caused performance issues (4639310)
- A looping thread increased CPU consumption (4629441)
- Memory leak in the CoS plug-in has been fixed (4630124)
- Memory leak in schema search has been fixed (4682961)
- The fix for bugid #4705601 introduced a performance drawback : ldif2db was hangging during data import (4738221)
- ldif import crashed if entries have a large number of attributes (more than 128) (4723630)
- ldif2db crashed when importing an ldif file that contained entries with several values for an attribute, and these values were not continuous. (4737978)
- If the server was in the tombstone purging loop it did not react to the stop signal until it had completed. Thus, the server could take a long time to stop. (4646350)
- A memory leak existed during replication synchronization of two replicas. (4756215)
- A memory leak existed in password modification. (4773751)
- A memory leak existed in persistent search. (4777358)
- A memory leak existed in LDAP COMPARE operation. (4765575)
- Directory Server appeared to hang when an unindexed attributes in the referential integrity plug-in was present and the plug-in was enablee during update operation. This bug is fixed for all new instances using nsroledn attribute. (4754595)
- Directory Server sometimes crashed during the import of a database. (4742083)
- Conformance
- Default schema contained extra definitions not in RFC2307 (4629102)
- A DN that contained several escaped characters was wrongly normalized (4535845)
- A DN with white spaces did not conform to RFC2252 (4687038)
- Subtyped attributes were not stored in the directory, as RFC2256 mandated (4622371)
- SNMP
- SNMP could crash on the HP-UX platform. (4743796)
- Log
- On UNIX platforms, the detection of a large BER encoded operation was logged in the error logfile if Replication log level was activated. (4778154)
- Directory Server did not rotate the log files correctly. (4628444)
- Miscellaneous
- The most recent version of idsktune was not shipped in iDS 5.1 (4623199)
- Multiple Attribute uniqueness plug-ins forced uniqueness BETWEEN each other (4649615)
- timestamps in log files were stored incorrectly when the directory server shutdown (4656846)
- htmladmin.exe crashed when secured admin server was stopped (4529402)
- iPlanet Directory Access Router 5.0 was not able to share the same admin server <ServerRoot> as iPlanet Directory Server 5.1 (4692956) (fixed on solaris only)
- db2ldif -r command utility created cache files as root and did not clean them up properly. (4656657) (4653016)
- ns-slapd dbtest tool was not working. (4781823)
- ldapsearch with sort option did not obtain expected results. (4776001)
- A 2-pass ldif2db did not merge the indexes correctly. (4783910)
- VLV searches sometimes produced "Server reported sorting error". (4715065)
- Directory Server sometimes crashed while restoring the database. (4714196)
- The restore operation failed after the server creation until it has been restarted. (4714358)
Enhancements and Problems Corrected in iPlanet Directory Server 5.1iPlanet Directory Server 5.1 includes enhancements and fixes to the following known problems that occurred in earlier releases of iPlanet Directory Server:
- A previous release of iPlanet Directory Server included a security vulnerability in iPlanet Web Server 4.1. (535057) iPlanet Directory Server 5.1 uses iPlanet Web Server 6, in which this vulnerability has been fixed.
- Server restart is no longer required after a change to the components allowed to chain. (528617)
- In a previous version of iPlanet Directory Server, the console supported smart referrals only when the DN in the referral matches the DN of the entry containing the referral. (490281) Updated functionality in the console has removed this limitation and enhanced smart referral support.
- In a previous release of iPlanet Directory Server, after changing the Directory Manager credentials, you were required to exit Directory Server Console and restart it for the change to be taken into account. (538549) This limitation has been removed.
- The behavior of multiple qualifiers with cosAttribute in a CoS definition is no longer undefined.
- In a previous release of iPlanet Directory Server, you were required to authorize client IP access to the Administration Server from the machine running Directory Server Console. This limitation has been removed.
- When a delete operation is performed, the audit log now displays the DN identity of the operator. The additional information appears in the audit log as modifiersName: DN, where DN is the identity used to perform the delete operation.
- The newrdn and newsuperior operations are now recorded in the access log and any errors are described in the error log. (547272)
- Schema is now replicated during a total update operation. (541599)
If you modify your schema on a server and then create a new replica, the initialization of this replica automatically updates the schema on the consumer server. Previously, the schema was not replicated when the replica was initialized, but instead with the first incremental update of the replica.
- In previous releases of iPlanet Directory Server, changes to the
nsslapd-dbcachesize
attribute value undercn=config,
were not always correctly taken into account. (539845, 539847) This condition is corrected in iPlanet Directory Server 5.1. The server writes an error message into the error log if the new value you provide is not within the permitted boundaries.
- In previous releases of iPlanet Directory Server, deleting a role did not update the
nsRoleDN
attribute for each role member (533695). In iPlanet Directory Server 5.1, the referential integrity plug-in is configured to manage the nsRoleDN attribute. However, you must enable the referential integrity plug-in. By default, this plug-in is disabled. Also, add an equality index on nsRoleDN. Refer to the iPlanet Directory Server Administrator's Guide for details on creating indexes.
Known LimitationsThis section lists known limitations in iPlanet Directory Server 5.1 Service Pack 2 and their workarounds. The areas with known limitations are as follows:
- Installation
- Uninstallation
- Migration
- Windows NT / Windows 2000
- Security
- Schema
- Chaining
- Replication
- Directory Server Console
- Core Server
- Server plug-ins
- Roles and Class of Service
- Indexing
- Conformance
- Compatibility
- Miscellaneous
Installation
Caution We strongly recommend that no other iPlanet product (such as iPlanet Web Server) be installed into the same Unix directory path as the iPlanet Directory Server product, as this may disable critical functionality required for the correct operation of the directory server.
In addition, on a Windows NT or Windows 2000 machine, the directory server should be installed independently of any other iPlanet product to avoid conflicts with DLLs.
- Before upgrading from Directory Server 5.1 or 5.1 SP1, you must set your password policy to not check password syntax nor password history (4830364). Follow the procedures in the Administrator's Guide to turn off these two features.
- On performing an upgrade from iPlanet Directory Server 5.1 to iPlanet Directory Server 5.1 Service Pack 2 on Unix, the administration port identifier will be changed. If restoration of the old administration port identifier value is required, the command admconfig can be used.
The port identifier can be found in:
% <ServerRoot>/admin-serv/config/adm.conf
The following example changes the port number to 63333 and restarts the admin server (note that the verbose level will be set to 5):
% <ServerRoot>/bin/admin/admconfig -server orange.iplanet.com:67891 -user chlee:password -verbose 5 -setPort 63333 -restart
- On performing an upgrade from iPlanet Directory Server 5.1 (also 5.1 Service Pack1 and 5.1 SP1 HOTFIX2) to iPlanet Directory Server 5.1 Service Pack 2, the following warning message will be logged : add value to attribute type aci in entry o=NetscapeRoot failed: duplicate value
This is a normal message since the aci value for entry o=NetscapeRoot is already set.
- iPlanet Directory Server cannot be installed properly through Microsoft Terminal Services.
- On Windows 2000, setup -f does not work without the -s option (4524708). If you perform installation using a configuration file on Windows 2000, it must be silent. For example:
setup -s -f filename
- On HP-UX only, before installing iPlanet Directory Server 5.1 Service Pack 2 as fresh installation or upgrading a 5.1 version, you must verify that the number of file descriptors is less or equal to 2048 otherwise the installation failed with the error :
[slapd-nikoid]: starting up server ...
[slapd-nikoid]: [03/Jan/2003:16:58:00 +0100] - iPlanet-Directory/5.1 Service Pack 2 20030103 B2002.161.2250 starting up
[slapd-nikoid]: [03/Jan/2003:16:58:38 +0100] - slapd started. Listening on all interfaces port 29000 for LDAP requests
Your new directory server has been started.
error: can't bind to server:Unable to bind to server. (Can't contact LDAP server (81) returned from
ldap_simple_bind_s(cn=Directory Manager))
system_errno:9
ERROR. Failure installing iPlanet Directory Server. Do you want to continue [n]?
This problem is described into bugid #4756839.
To prevent the failure during the Service Pack 2 installion, please launch the command ulimit -n and depending on the result (value<=2048) enter the command ulimit -n 2048.
- On Windows, the domain name for your host machine must be correctly configured prior to installing iPlanet Directory Server 5.1 Service Pack 2. To configure the domain name for your host:
- (On Windows NT) Open the Control Panel and run the Network utility.
Select the Protocols tab.
Select TCP/IP Protocol from the list.
Open the Properties dialog box.
Complete the fields under the DNS tab.
- (On Windows 2000) Right-click on My Computer and select Properties.
On the Network Identification tab, select Properties.
Click More and complete the Primary DNS suffix of this computer field.- If you are running iPlanet Directory Server 5.1 Service Pack 2 on a 64-bit Sun Solaris 8 UltraSPARC machine, it will run as a 32-bit application.
- Do not install iPlanet Directory Server 5.1 Service Pack 2 on top of an existing 4.x or 5.0 Directory Server installation. If Directory Server 4.x or 5.0 is already installed, install iPlanet Directory Server 5.1 Service Pack 2 in a separate directory. After migrating your 4.x or 5.0 directory data to your 5.1 Service Pack 2 directory and testing the results, remove your 4.x or 5.0 Directory Server.
- On Windows, always use the latest version of DLL files. Do not overwrite the more recent DLL files with those delivered with iPlanet Directory Server 5.1 Service Pack 2.
- Use UTF-8 character set encoding when entering Distinguished Names during installation. Other encodings such as ISO-8859-1 are not supported. Installation operations do not convert data from local character set encoding to UTF-8 character set encoding.
LDIF files used to import data must also use UTF-8 character set encoding. Import operations do not convert data from local character set encoding to UTF-8 character set encoding.
- Be aware of the DNS naming resolution issue on systems using NIS. (4526504) During installation,
setup
detects a default host and domain name. If your NIS domain is different from your DNS domain, the fully qualified host and domain name presented by the installer is incorrect. These values must be corrected to use the DNS domain name.
- (4527593) AIX fixes have moved from:
http://server.software.ibm.com/cgi-bin/support/rs6000.support/downloads
to
http://techsupport.services.ibm.com/se rver/fixes
as indicated in the iPlanet Directory Server Installation Guide
- On AIX, you must install the
X11.adt
package in order for the console to function. This package is not part of the standard bundle.
- You will not receive a warning before proceeding with the uninstallation of the iPlanet Directory Server 5.1 Service Pack 2 containing your configuration information under the o=NetscapeRoot suffix. This is the first Directory Server you installed. We strongly recommend that it be the last one you uninstall.
- On Windows 2000, after uninstallation of directory components installed with silent installation (setup -s -ffilename) reinstallation always places directory components in the original install folder. (4526014) You can avoid this problem by removing all *.inf filesin the \Documents and Settings\Administrator\Local Settings\Temp folder on the system disk drive after uninstallation.
- The Directory Server4.x and 5.0 attributes accesslog-maxlogdiskspace, accesslog-maxlogsize, auditlog-maxlogdiskspace,auditlog-maxlogsize, errorlog-maxlogdiskspace, and errorlog-maxlogsize must be migrated manually. (4529536) Update these values for the Logs entries in the Directory Server Console under the Configuration tab. In each case, *log-maxlogsize values must remain smaller than *log-maxlogdiskspace values for the attributes to remain coherent. For further information, refer to the instructions on monitoring server and database activity in the iPlanet Directory Server Administrator's Guide
- The migration procedure may attempt to restart the server while the server is already running. (4529552) Ignore error messages concerning attempts to restart the server by migrateInstance5
- On systems other than Windows, migration from iPlanet Directory Server 5.0 to 5.1 Service Pack 2 may fail if the PATH environment variable does not contain . (4529657) If necessary update your PATH appropriately. For example:
(ksh) $ export PATH=$PATH:.
(csh) % setenv PATH ${PATH}:.
- Avoid using stdin and stdout on NT with the ldapmodify command-line utility, particularly with non-ASCII data. We strongly recommend you always use the -f option to specify the file containing the LDIF update statements (-f new_file) as this prevents the statements being read from stdin.
- On Windows NT 4.0, the maximum address space an application can use is 2 GB. As iPlanet Directory Server 5.1 Service Pack 2 cannot use more than 2 GB of virtual memory, the sum of all caches configured for the server must be strictly less than 2 GB. If the size of the entry caches and of the database cache exceed this limit, Directory Server will exit with an error message. For more information on cache limits on Windoes NT, and on Windows 2000, refer to the iPlanet Directory Server Installation Guide.
- On Windows 2000, the default font used by the console does not allow you to input Japanese characters. To avoid this issue, change the font. You can change the console font by selecting Preferences from the Edit menu in the directory console, and then changing the font through the interface under the Fonts tab.
- On Windows, when managing directory server SNMP subadgent all operations (start/stop/restart) return a failure (like "An error occurred when...").
Actually the requested operation succeeds but the result returned to the console is incorrect.- On Windows NT / Windows 2000, the detection of a too large BER encoded operation will NOT be logged in the error logfile even if Replication log level is activated.
- On Windows NT / Windows 2000, stopping then starting the Admin Server from the iPlanet Directory Server 5.1 Service Pack 2 will log an event stated as error in the Application log (Settings > Control Panel > Administrative Tools > Event Viewer). The description of the event is the following :
The description for Event ID ( 0 ) in Source ( admin51-serv ) cannotThis is a warning message since the Admin Server is correctly started. (4794690)
be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. The following information is part of the event:
startup: server started successfully,
Security
- Deployments that use SSL for connection confidentiality across open networks that are subject to possible active attacks against the SSL connection should not use server certificates issued by one of the public Certification Authority (CA) organizations. (4615324)
- In 5.1 Service Pack 1, a bug has been introduced which suppressed the ;binary from the attribute userCertificate. This is solved with 5.1 Service Pack 2.
Now all new added entries keep the ;binary in the attribute. Old entries (i.e added with Service Pack 1 - which lost the ;binary) need to be corrected. This can be done via :
- run db2ldif
- edit the ldif file and substitute all userCertificate:: by userCertificate;binary::
- run ldif2db
- To always receive a warning message before the password expires, attribute passwordExpireWithoutWarning has to be set to "off". (4532757)
- The correct procedure to change the administrator password in iPlanet Directory Server 5.x. (4708944) is as follows:
- Log in to the Console as "cn=Directory Manager".
- Under the Users & Groups tab, change the admin user password in LDAP.
- Open the Administration Server Console.
- Select Configuration, Access.
- Change the admin password.
(This password is stored in the admpw file.)- Return to the Users & Groups tab.
- Click the Directory button.
- Change the User Directory Subtree to "o=NetscapeRoot".
- Search for "admin" (this is the Configuration Administrator).
- Change the password.
- To ensure that an attacker with a certificate issued by a public CA cannot use that certificate to impersonate a directory server, the certificate databases of LDAP clients and of directory servers establishing outgoing SSL connections for replication or chaining must contain only the certificate of the non-public CA which issued the certificates to the servers which will be contacted; all other CA certificates of public CAs must be removed from the LDAP client or directory servers certificate database.
- Deployments that are not subject to active attacks or deployments that use additional security mechanisms (such as a VPN when connections traverse the Internet) are not required to use a non-public Certification Authority to obtain a server certificate.
- Directory Server does not correctly parse ACI target entry DNs containing quotes. (4529541) The following example causes a syntax error:
dn:o=mary\"red\"doe,o=iplanet.com,o=isp
changetype:modify
add:aci
aci:(target="ldap:///o=mary\"red\"doe,o=example.com,o=isp")(targetattr="*")
(version 3.0; acl "test"; allow (all) userdn ="ldap:///self";)
- Use of semicolons in ACI permissions can cause the directory server to crash. (4527617)
- As the server does not enforce read-only permissions on SSL-enabled servers for certificate database files, key database files and PIN files, check that the file permissions on Unix and ACLs on Windows protect the sensitive information contained in these files.
- If you have enabled certificate-based authentication in the Directory Server, do not map your certificate to a distinguished name under
cn=config
orcn=monitor
. (4529535) If you do so, bind attempts fail. Instead, map your certificate to an entry located elsewhere in the directory information tree.- On Windows NT and Windows 2000, a user on the console can shut down Directory Server. Care should be taken to restrict console access to computers running Directory Server.
- To explicitly deny
MODRDN
rights using ACIs, you must target the relevant entries but omit thetargetattr
keyword. (4529533) The following example ACI prevents thecn=helpDeskGroup,ou=groups,o=sun.com
group from renaming any entries in the set specified by the patterncn=*,ou=people,o=sun.com
:
aci:(target="ldap:///cn=*,ou=people,o=sun.com")
(version 3.0; acl "Deny modrdn rights to the helpDeskGroup";
deny(write)
groupdn="ldap:///cn=helpDeskGroup,ou=groups,o=sun.com";)- If the account locking mechanism of the password policy is enabled, once a user is locked out on a read-only replica, the account cannot be unlocked. (4527608) To work around the issue, use the ldapmodify utility to set the passwordLockoutDuration attribute to 120 (seconds) and the passwordUnlock attribute to on in cn=config.
- Macro ACIs do not work if the subject is one of the constant types such as all or anyone. (4529529)
- Account lockout remains in effect even after the user password is changed. (4527623) To work around this issue, reset the lockout attributes
accountUnlockTime
,passwordRetryCount
, andretryCountResetTime
to unlock the account.- When the password policy is enabled, setting the
passwordHistory
attribute to a value lower than the number of times a user password has already been modified may cause the server to crash. (4530739) The defaultpasswordHistory
value is set to6
when the password policy is enabled. To avoid this issue, do not reduce the value ofpasswordHistory
after enabling the password policy.
- The schema provided with iPlanet Directory Server 5.1 differs from that specified in RFC 2256 for the
groupOfNames
andgroupOfUniquenames
object classes. In the schema provided, themember
anduniquemember
attribute types are optional, while RFC 2256 specifies that at least one value for these types must be present in the respective object class.- The LDAP RFCs (and X.500 standards) allow for an object class to have more than one superior. This behavior is not currently supported by Directory Server.
- If you add more than 1,000 attributes to a single object class, the server displays configuration errors and fails to start.
- Note that the
aci
attribute is now an operational attribute. It is not returned in a search unless you explicitly request it.Chaining
- If chaining is configured between a 5.1 multiplexor and a 4.x farm server, add the
nsuniqueid
attribute to the 4.x farm server schema. If thensuniqueid
attribute is not added to the 4.x Directory Server schema, the 5.1 multiplexor does not find the entry it expects, so chaining fails. To add the attribute type to the 4.x schema add the following line to the 4.x farm serverslapd-user_at.conf
file under/usr/netscape/server4/slapd-serverID/config
:
attribute nsuniqueid nsuniqueid 2.16.840.1.113730.3.1.542 int single operational
- No explicit error message is sent to the user when an attempt to bind to a farm server during chaining fails because the password policy has expired. (4529539)
- If the first farm server fails and returns an operations error when using a failover server for database chaining, retry the operation to chain successfully. (4529537) Should the first farm server fail when using a failover server for database chaining, the client receives an operations error if it tries to read information from the multiplexor. The multiplexor does not process this operations error which prevents the next failover farm server from being contacted, and as a result, chaining fails. However, if you retry the exact same operation, chaining succeeds.
Replication
- If you change the port number on a supplier server, the changelog database is cleared and replication will halt. In this case all consumers, hubs and suppliers must be reinitialized before replication can continue.
- In the iPlanet Directory Server Administrator's Guide the section "Configuring Directory Server 5.1 as a Consumer of a Legacy Directory Server" incorrectly states that you do not need to specify a Supplier DN when configuring the consumer settings (step 7.) This is incorrect. When you configure the consumer settings, you must specify the Supplier DN that the legacy supplier server will use to bind. If you do not, you will not be able to save the consumer configuration.
- Multi-master replication (MMR) is supported in a single data-center deployment. Master Directory Servers must be connected via a high-speed, low-latency network, (with minimum connections speeds of 100Mb/second) to achieve full MMR support. MMR is not supported on a network where the bandwidth between Master Directory Servers is less then 1Mb/second and the latency is greater than 10ms, or on a network that might experience significant packet loss; which is the throughput and conditions that you might experience over a wide area network.
MMR support for wide area network (WAN) deployments is slated for a future release of iPlanet Directory Server.
- When configuring a multi-master replication deployment, the referential integrity plug-inmust be enabled with the same configuration on all masters. The Deployment and Administrator's Guides incorrectly state that only one of the masters requires this plug-in.
- Replication configured over SSL with certificate-based authentication will not work if the supplier's certificate is self-signed or if the supplier's certificate is only capable of behaving as an SSL server certificate, that is, unable to play the role of the client during an SSL handshake.
- To change a replica role, you must disable replication, change the replica role, and then reenable replication. (4527621)
- Local schema modifications may be overwritten when a consumer database is created. (4529530)
- Monitoring the replication update vector (RUV) for a replica object was adversely affected by a timing issue. It is now possible to monitor the RUV directly from the replica by doing the following search:
ldapsearch -h <hostname> -p <port number> -D <directory manager> -w <password> -b "cn=config" objectclass=nsds5Replica" nsds50ruv
- In a topology, where an iPlanet Directory Server 5.1 Service Pack 2 is a Dedicated consumer of a 4.x directory server supplier (4665571), messages of the following type will be written to the error log:
NSMMReplicationplug-in - csnplCommit: can't find csn 3d0f496f0001ffff0000
NSMMReplicationplug-in - ruv_update_ruv: cannot commit csn 3d0f496f0001ffff0000
NSMMReplicationplug-in - replica_update_ruv: unable to update RUV for replica <suffix> csn = 3d0f496f0001ffff0000To prevent such a situation from occuring, configure the iPlanet Directory Server 5.1 Service Pack 2 instance as a Single Master (because a 5.x master may also be a consumer).
- Trailing spaces are not preserved during a remote console import operation. Trailing spaces are preserved during both local console and
ldif2db
import operations. (4529532)- Creating a Directory Server instance using the console creates a server in a different time zone on HP and IBM AIX. (4529531) To synchronize the instance for replication, restart the server using the
restart-slapd
command-line script. For more information concerningrestart-slapd
, refer to the iPlanet Directory Server Configuration, Command, and File Reference.- Users without read access to configuration information cannot see the directory suffix in the directory browser of the console. (4525360) To allow such users read access, add it through ACI. Refer to the iPlanet Directory Server Administrator's Guide for instructions.
- On Linux, an SNMP subagent cannot be started using the console (4738032). As a workaround, start the subagent from the command line as follows:
# cd ServerRoot/bin/slapd/serverid
# ./ns-ldapagt -d ServerRoot/slapd-serverIDNote: The SNMP master agent must be configured and working.
- On HP-UX, the
JAVA_FONTS
environment variable must be correctly set to enable use of Japanese characters in the console. For example:
JAVA_FONTS=/opt/asx/lib/X11/fonts/ttfjpn.st/typefaces
Adjust the path accordingly for your environment.
- Users and roles cannot be created through the console as inactivated. (4521017) Inactivate the user or role after you create it instead.
Core Server
- The
slapd
process does not automatically start when the system boots. On Unix systems write an rc script to start theslapd
process at boot time.- Stopping the server during export, backup, restore, or index creation causes it to crash.
- On Windows NT and AIX platforms, do not set
Memory available for Cache
in theDatabase Settings
to a value greater than 1073741824 bytes (1GB).- AIX applications have a restrictive memory model. The AIX
ns-slapd
executable is created with a value ofmaxdata=0x50000000
to permit both the entry cache size (nsslapd-cachesize
attribute) and database cachesize (nsslapd-dbcachesize
attribute) to be up to 1GB each. Raising themaxdata
value increases the maximum entry cache size but lowers the maximum database cache size by the same amount, and vice versa. Contact your iPlanet support representative if you need to adjust themaxdata
value.- Initializing the database with a file that is not accessible causes the server to crash. (4523595)
- iPlanet Directory Server 5.1 Service Pack 2 provides the UID Uniqueness plug-in. By default the plug-in is not activated. To ensure attribute uniqueness for specific attributes, create a new instance of the Attribute Uniqueness plug-in for each attribute. For more information on the Attribute Uniqueness plug-in, refer to the iPlanet Directory Server Administrator's Guide.
- The referential integrity plug-in is now off by default. Refer to "Maintaining Referential Integrity" in Chapter 2 of the iPlanetDirectory Server Administrator's Guide for instructions on enabling and configuring the referential integrity plug-in.
However, the documentation incorrectly states that the referential integrity plug-in should be enabled only on one master server. In multi-master replication environments, you must enable the plug-in with an identical configuration on all master servers.
The previous version of these release notes also incorrectly stated that the referential integrity plug-in should be enabled only on one master replica.
- When enabling the referential integrity plug-in, in the iPlanet Directory Server 5.1 Service Pack 2, if an unindexed attribute is present in the RI plug-in attribute list, the server may encounter performance issues. (4754595)
- The Access Control plug-in does not use the value specified by the
nsslapd-groupevalnestlevel
attribute to specify the number of levels of nesting access control performs for group evaluation. Instead, levels of nesting is hard coded as 5. (4529540)- When disk space is filled, the directory server crashes and does not restart. (4527611)
- The
nsRoleDN
attribute is used to define a role. It should not be used for evaluating role membership in a user's entry. When evaluating role membership, look at thensrole
attribute instead.- The behavior for negative CoS template priority values is not defined in the server. Do not enter negative values. Note that Indirect CoS does not support
cosPriority
.
- VLV indexes do not work correctly if they encompass more than one database.
- If extreme index key fragmentation occurs (which can be caused by frequent add and delete operations) and you have not adjusted the value of
ns-slapd-db-idl-divisor
, it is possible that extra entry IDs will be maintained in the index key (up to a maximun of 2029 extra entries). This can occur because Directory Server does not count all the entry IDs againstAllidsthreshold
until an index block becomes full. To remedy this, rundb2index
on an index. This will correct the index fragmentation and set the key toALLIDS
.
- By default iPlanet Directory Server 5.1 Service Pack 2 does not conform to RFC2252 when handling:
- DNs with multiple white spaces (4687038)
- DNs with multiple escaped characters(4535845)
To enforce conformance with RFC2252, do the following:
- Create a file <ServerRoot>/slapd-<ServerInstance>/config/newnormdn
- Restart the directory instance
- Rebuild the index databases, either by doing a
db2ldif
andldif2db
, or by rebuilding any index with DN syntax (e.g. entryDN) (see Chapter 10, Managing Indexes in the iPlanet Directory Server Administrator's Guide)
- Some performance issues have been observed when 5.x retro-changelog functionality is used (Meta Directory) (4639310). iPlanet Directory Server 5.1 Service Pack 2 fixes these performance issues by preventing internal attributes from being logged. To activate the fix, import the following LDIF file (through the console or using
ldapmodify
):
dn: cn=Retro Changelog plug-in,cn=plug-ins,cn=config
changetype: modify
add: nsslapd-plug-inarg0
nsslapd-plug-inarg0: -ignore_attributes
add: nsslapd-plug-inarg1
nsslapd-plug-inarg1: copyingFrom- On Windows platforms, iPlanet Directory Access Router 5.0 is not able to share the same admin server <ServerRoot> as iPlanet Directory Server 5.1(4692956).
- Do not set command path and library path variables for executing command line utilities and Perl scripts. Instead change to the directory in which they are stored. Although it is possible to set command path and library path variables to execute the utilities and scripts, this is not the recommended procedure because you run the risk, particularly when you have more than one server version installed, not only of disrupting the correct execution of other commands utilities and scripts, but also of compromising the security of the system.
- On Sun Solaris only, the
idsktune
utility reports as missing any patches in the Sun recommended patch list that are not installed on the system, even if those patches relate to packages you have not installed.- Note the LDAP utility manpages on the Sun Solaris platforms do not document the iPlanet version of the LDAP utilities
ldapsearch
,ldapmodify
,ldapdelete
, andldapadd
. For information regarding these utilities, refer to the iPlanet Directory Server Configuration, Command, and File Reference.- On Sun Solaris, you can monitor only one Directory Server instance at a time with SNMP. (4529542)
- You cannot read logs through the Directory Server Console if the server is not running. Instead, browse the iPlanet Console page at:
http://hostname:administration_server_port_number
Select the iPlanet Administration Express link, and log in as
admin
.- For security reasons, many command line scripts written in Perl can now read the bind password interactively (
-w-
option). This functionality requires theTerm::ReadKey
Perl module, available separately. You can download this module from:
http://www.perl.com/CPAN/CPAN.html
All other script functionality remains available without this module. After installing the
Term::ReadKey
Perl module, enable the Perl scripts to read the bind password interactively by editing each script, uncommenting the appropriate lines.- Some of the script and command-line usage information is not up to date.
- Unsynchronized server configuration information can cause restores to fail. Immediately after changing the configuration, back up all files under the configuration directory,
install-dir/slapd-serverid/config
including thedse.ldif
file.- Changing the maximum size of the transaction log file has no effect if log files already exist in the database directory. (4523783) Instead, stop the server, modify
nsslapd-db-logfile-size
indse.ldif
manually, remove alllog.*
files from the database directory, and restart the server.- The iPlanet Directory Server Adminstrator's Guide incorrectly suggests stopping the directory server and using
ldapmodify
to change the transaction log directory. (4525267) Instead, stop the server, modify thensslapd-db-logdirectory
attribute in thedse.ldif
file using a text editor, and restart the server.- The server does not support LDAP search requests containing a filter that references virtual attributes. (4527614)
bak2db
can restore a database only to the default location. (4522793) To work around this, create the database remotely and add it withldapmodify
. To create a database remotely:
- Create an LDIF file:
- Use the
ldapmodify
utility to add the database:
ldapmodify -D "cn=Directory Manager" -w password -f /path/to/databasename
To move an existing database to another file system location:
- Export the database to LDIF format using the
db2ldif
utility.- Follow the instructions provided in the iPlanet Directory Server Administrator's Guide to delete the database.
- Create the database at the new location.
- Use the
ldif2db
utility to restore the database you exported to LDIF format.Note that once the database has been relocated, backups made from the old locations with the
db2bak
utility are no longer valid. Attempts to restore them may render the server unusable.- The Sun ONE DS 5.1 Admin Guide in section Configuring the Directory Manager, states "The password for this user is defined in the nsslapd-rootdn attribute". Actually this is a mistake, it should be written nsslapd-rootpw instead of nsslapd-rootdn.
Accessing Online Help and Online DocumentationThe online documentation files are installed with your Directory Server and can be found with your browser.
If you are working under Windows NT or have installed iPlanet Directory Server 5.1 Service Pack 2 in a location other than
/usr/iplanet/servers
, adapt the following URLs accordingly:Documentation Home Page:
file:///usr/iplanet/servers/manual/en/ slapd/dochome.htm
iPlanet Directory Server Installation Guide:
file:///usr/iplanet/servers/m anual/en/slapd/install/contents.htm
iPlanet Directory Server Deployment Guide :
file:///usr/iplanet/servers/ma nual/en/slapd/deploy/contents.htm
iPlanet Directory Server Administrator's Guide:
file:///usr/iplanet/servers/manual /en/slapd/ag/contents.htm
iPlanet Directory Server Configuration, Command, and File Reference:
file:///usr/iplanet/servers/manua l/en/slapd/cli/contents.htm
iPlanet Directory Server Schema Reference:
file:///usr/iplanet/servers/ma nual/en/slapd/schema/contents.htm
How to Report ProblemsFor general information on iPlanet Directory Server 5.1 Service Pack 2, you can refer to:
Sun ONE Support maintains an online Knowledge Base containing technical articles and technotes about common iPlanet product issues. Search SunSolve at:
http://wwws.su n.com/software/products/directory_srvr/home_directory.html
If you experience issues with iPlanet Directory Server 5.1 Service Pack 2, refer to iPlanet Technical Support:
http://sunsolve.Sun.COM/pub-cgi/sho w.pl?target=home
http://www.sun.com/service/sunone /software/index.html
For More InformationUseful iPlanet information can be found at the following URLs:
- iPlanet and Sun ONE release notes and other documentation
http://docs.sun.com/db/prod/s1dirsrv- Sun ONE product status
http://www.sun.com/service/sunone /software/index.html- Sun ONE Professional Services information
http://www.sun.com/service/sunps/sun one/index.html- Sun ONE developer information
http://developer.iplanet.com/- Sun ONE learning solutions
http://www.sun.com/supportraining/- Sun ONE product data sheets
http://wwws.sun.com/software- Sun Certified Engineer training
http://wwws.sun.com/ software/training/certification/directory.html
Third-Party License Acknowledgements
Copyright � 1989 The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSEARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- All advertising materials mentioning features or use of this software must display the following acknowledgements:
This product includes software developed by the University of California, Berkeley and its contributors.- Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
Copyright � 1987, 1988 Student Information Processing Board of the Massachusetts Institute of Technology.
Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. and the M.I.T. S.I.P.B. make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
This product contains the following software derived from RSA Data Security, Inc.
- MD5 Message-Digest Algorithm
The source code to the Standard Version of Perl can be obtained from CPAN sites, including http://www.perl.com/.
This product incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code; the original compression sources are freely available from:
ftp://ftp.cdrom.com/pub/infozip/
Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.