|Skip Navigation Links|
|Exit Print View|
|Oracle Directory Server Enterprise Edition Release Notes 11g Release 1 (220.127.116.11.0)|
This section lists known problems and limitations at the time of release.
This section lists product limitations.
Changes to file permissions for installed Directory Server Enterprise Edition product files can in some cases prevent the software from operating properly. Only change file permissions when following instructions in the product documentation, or following instructions from Oracle support.
To workaround this limitation, install products and create server instances as a user having appropriate user and group permissions.
When creating a self-signed server certificate, make sure you specify a validity long enough that you do not have to renew the certificate.
To ensure atomicity, do not use the join data view for write operations. If you perform write operations on join data view, use an external mechanism to prevent or detect inconsistencies. You can monitor inconsistencies by monitoring Directory Proxy Server error log.
The log-buffer-size (5dpconf) man page displays the wrong default size of the access log buffer. The default buffer size for access log is 1M.
The man pages for pattern matching distribution algorithm incorrectly show the respective properties as single-valued. The properties are multi-valued.
Oracle handles an empty string as NULL. The empty string and NULL are both valid values for an LDAP entry, but it is not possible to distinguish the two in Oracle. This issue was corrected for other JDBC sources in issue 6766175, as noted in Bugs Fixed in This Release.
This section lists the known issues that are found at the time of Directory Proxy Server 11g Release 1 (18.104.22.168.0) release.
The modify DN operation is not supported for LDIF, JDBC, join and access control data views.
Currently, getEffectiveRight control is supported only for LDAP data views and does not yet take into account ACIs local to the proxy.
After configuring alerts, you must restart Directory Proxy Server for the change to take effect.
After installation and after server instance creation on Windows systems, the file permissions to the installation and server instance folder allow access to all users.
To work around this issue, change the permissions on the installations and server instance folders.
After enabling or disabling non secure LDAP access for the first time, you must restart Directory Proxy Server for the change to take effect.
Time limit and size limit settings work only with LDAP data sources.
If the Directory Proxy Server configuration property allow-bind-operations is set to false, it is not possible to connect on an SSL port using the dpconf command line argument with the -–secure-port option. Connection by Start TLS (default) or by clear connection (the -–unsecured option) are still possible.
If a Directory Proxy Server instance has only secure-listen-socket/port enabled through DSCC, and if the server certificate is not the default (for example, if it is a certificate-Authority-signed certificate), DSCC cannot be used to manage the instance.
To work around this problem, unregister the proxy server instance and then register it again. Alternatively, update the userCertificate information for the proxy server instance in the DSCC registry, using the server certificate.
The Directory Proxy Server does not support IPv6 on windows.
The attr-value-mapping transformation comparisons are case-sensitive.
The dpconf command binds as anonymous first when an SSL port is used. This may prevent the command from working in deployments where anonymous binds are rejected by the server.
If you do not provide a subject DN when creating a certificate request (using dpadm request-cert or DSCC), the default subject DN is cn=value,cn=value. The certificate request is issued without a warning, but the request is not accepted by most certificate authorities.
Similarly, if you do not provide a valid ISO 3166 country code when creating a certificate request (using dpadm request-cert or DSCC), the certificate request is issued without a warning, but the request is not accepted by the certificate authority.