This chapter describes issues associated with Oracle Directory Integration Platform. It includes the following topics:
This section describes general issues and workarounds. It includes the following topics:
Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded Source Directory
Synchronization Continues After Stopping Oracle Directory Integration Platform
Certain Queries and Provisioning Profile Functionality may Fail on JDK 1.6 u 21
testProfile Command Option to Fail if the LDIF File has Native EncodingWhen running DIP Tester from a command-line, the manageSyncProfiles testProfile command will fail if the -ldiffile option is specified and the LDIF file contains non-ASCII characters.
Note that LDIF files with UTF-8 encoding are not impacted by this limitation. If an LDIF file containing multibyte characters cannot be saved with UTF-8 encoding, then use the following workaround:
From a command-line, add the entry using the ldapadd command and include the -E option to specify the locale. See the Oracle Fusion Middleware User Reference for Oracle Identity Management for the required command syntax.
Get the specific changeNumber for the last add operation.
Execute the testProfile command using the changeNumber from the previous step.
For more information, see "Section 7.1.5.2, Running DIP Tester From the WLST Command-Line Interface" in the Administrator's Guide for Oracle Directory Integration Platform.
If the source directory is heavily-loaded, a race condition may occur where database commits cannot keep pace with updates to the lastchangenumber. If this race condition occurs, Oracle Directory Integration Platform may not be able to synchronize some of the changes.
To work around this issue, perform the following steps to enable database commits to keep pace with the lastchangenumber:
Increase the value of the synchronization profile's Scheduling Interval.
Control the number of times the search is performed on the source directory during a synchronization cycle by setting the searchDeltaSize parameter in the profile. Oracle suggests starting with a value of 10, then adjusting the value as needed.
If you stop the Oracle Directory Integration Platform application during synchronization, the synchronization process that the Quartz scheduler started will continue to run.
To work around this issue, restart the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform or redeploy the Oracle Directory Integration Platform application.
If the Oracle Directory Integration Platform (DIP) server is configured with Sun JDK version 1.6.0_16+ or BEA JRockit version 1.6.0_14+, you may see the following PKCS11 exceptions intermittently in the wls_ods1.out log files under DIP server logs directory:
Exception in thread "Thread-236" java.security.ProviderException: doFinal() failed
at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:720)
at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:488)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
at sun.security.pkcs11.wrapper.PKCS11.C_DecryptFinal(Native Method)
at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:713)
Exception in thread "Thread-88" java.security.ProviderException: update() failed
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:548)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:448)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
at sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:501)
You can safely ignore these exception messages. They do not affect any functionality.
LDAP JNDI filter processing has been updated to be stricter in JDK 1.6 u21. Consequently, certain queries performed by Oracle Directory Integration Platform may fail on JDK 1.6 u21 and provisioning profile functionality may also be affected. To fix this issue, download and apply patch 10631569, which is available for download on My Oracle Support (formerly MetaLink). Access My Oracle Support at https://support.oracle.com.
Oracle strongly recommends that you download and apply patch 10631569 for Identity Management 11.1.1.4.0.
This section describes configuration issues and their workarounds. It includes the following topics:
When configuring Oracle Directory Integration Platform against an existing Oracle Internet Directory—using either the installer's Install and Configure installation option or the Oracle Identity Management 11g Release 1 (11.1.1) Configuration Wizard—you must specify the hostname for Oracle Internet Directory using only its fully qualified domain name (such as myhost.example.com). Do not use localhost as the Oracle Internet Directory hostname even if Oracle Directory Integration Platform and Oracle Internet Directory are collocated on the same host.
If you use localhost as the Oracle Internet Directory hostname, you will not be able to start the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform.
There are no known documentation issues at this time.