Oracle® Fusion Middleware Release Notes for Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.7.0) Part Number E28975-02 |
|
|
PDF · Mobi · ePub |
This chapter contains important, product-specific information available at the time of release of Directory Proxy Server.
This chapter contains the following sections:
Note:
Bug information has been migrated from one database to another. If a bug number contains 8 digits, then the detailed bug information is currently stored in the Oracle bug database BugDB. If a bug number contains 7 digits, then the detailed bug information originated in the legacy Sun bug database Bugster. In these Release Notes, a bug number may be listed using the form BugDB#/Bugster#.
The following table summarizes all bug fixes contained in Directory Proxy Server 11g Release 1 (11.1.1.7.0.
Table 5-1 Directory Proxy Server Bugs Fixed in This Release
Bug ID | Description |
---|---|
14598827 |
Client connections hang, the following is reported in the DPS error log: ERROR - Fatal uncaughtException in Worker Thread 29. |
14572322 |
Commands |
14474037 |
Directory Proxy Server property |
13932346 |
Bind fails. |
13904226 |
Uncaught NullPointerException in |
13897891 |
Directory Proxy Server does not normalize a correctly escaped DN. |
13859130 |
In the Directory Proxy Server, the connection identifier is duplicated among different clients. |
13824718 |
The |
13681900 |
When you use the |
13420539 |
On Directory Proxy Server, on the SQL backend, search fails if the basesearch contains uppercase letters. |
13414748 |
Proxy cannot be registered when |
13051513 |
On Directory Proxy Server, when |
13013661 |
When Virtual Transformation attributes are used, the Directory Proxy Server does not send the correct search filter to the Directory Server backend; expected search results are not returned. |
12940451 |
When setting a resource policy within DSCC, client-side size limits are ignored. |
12878532 |
On Directory Proxy Server 11.1.1.5.0, searches using uppercase or mixed-case base DNs to a backend SQL database fail. |
12830373 |
Directory Proxy Server does not properly execute virtual transformations on multiple objectclasses. |
12776191 |
On Directory Proxy Server, the Directory Server monitoring thread fails, resulting in a flood of monitoring searches. |
12746975 |
Issue with mechanism for displaying error message produces exception messages |
12736649 |
On Directory Proxy Server, |
12710604 |
Directory Proxy Server fails to answer client requests. |
12707840 |
On |
12553467 |
The |
12387921 |
Directory Proxy Server closes incoming connections before processing LDAP_BIND(). |
12379417 |
When implementing the policy to follow referrals, Directory Proxy Server returns a wrong DN. |
12379186 |
When implementing the policy to follow referrals, Directory Proxy Server returns a wrong DN. |
12329768 |
The |
12310346/7032421 |
Directory Proxy Server instances hang on the majority of new incoming SSL connections. |
12308911/7024244 |
Updated support controls are not shown in the root DSE entry. |
12308592/7022110 |
Potential denial of service with Directory Proxy Server after applying patch 6.3.1.1_CUMUL_2011_02_08. |
12308112/7019397 |
LDAP control changes do not display until server is restarted. |
12304016/7000801 |
When accessing Directory Proxy Server through LDAPS over a slow network connection, the client request hangs or times out. |
12287888/6924686 |
When a virtual transformation is used that impacts DN, search entries are dropped because the search filter does not recognize the virtual transformation. |
11908200 |
When searching the entire LDAP directory, the ldapsearch process hangs and displays multiple "Unsolicited Responses." |
11798767 |
Connection handler thread is blocked in |
If you are using Java 7 (which is the default case), the SSLv2Hello protocol is disabled. So any client trying to negotiate with SSLv2Hello will fail to establish a connection with Directory Proxy Server. This impacts dpconf
and DSCC if they are using Java 6 and using the SSLv2Hello protocol.
To work around this problem, do one of the following: Run dpconf
or DSCC in Java 7, or enable the SSLv2Hello protocol in Directory Proxy Server.
Changes to file permissions for installed Directory Server Enterprise Edition product files can in some cases prevent the software from operating properly. Only change file permissions when following instructions in the product documentation, or following instructions from Oracle support.
To workaround this limitation, install products and create server instances as a user having appropriate user and group permissions.
When using dsadm
and dpadm
to create a self-signed server certificate, be sure you specify a validity long enough that you do not have to renew the certificate. For more information, see the Administrator's Guide for Oracle Directory Server Enterprise Edition.
To ensure atomicity, do not use the join data view for write operations. If you perform write operations on join data view, use an external mechanism to prevent or detect inconsistencies. You can monitor inconsistencies by monitoring Directory Proxy Server error log.
The log-buffer-size (5dpconf) man page displays the wrong default size of the access log buffer. The default buffer size for access log is 1M
.
The man pages for pattern matching distribution algorithm incorrectly show the respective properties as single-valued. The properties are multi-valued.
ldapsearch
command does not return an attribute with an empty value.Oracle handles an empty string as NULL. The empty string and NULL are both valid values for an LDAP entry, but it is not possible to distinguish the two in Oracle. This issue was corrected for other JDBC sources in issue 6766175, as noted in Directory Proxy Server Bugs Fixed in This Release.
This section lists the known issues that are found at the time of Directory Proxy Server 11g Release 1 (11.1.1.7.0) release.
When changing the Directory Proxy Server certificate using DSCC, DSCC is no longer able to connect to the Directory Proxy Server. The Directory Proxy Server status indicates "Inaccessible."
As a workaround, go to the Proxy tab. Select and un-register the inaccessible server. Then register the server again.
If you do not provide a subject DN when creating a certificate request (using dpadm request-cert
or DSCC), the default subject DN is cn=value,cn=value
. The certificate request is issued without a warning, but the request is not accepted by most certificate authorities.
Similarly, if you do not provide a valid ISO 3166 country code when creating a certificate request (using dpadm request-cert
or DSCC), the certificate request is issued without a warning, but the request is not accepted by the certificate authority.
The dpconf
command binds as anonymous
first when an SSL port is used. This may prevent the command from working in deployments where anonymous binds are rejected by the server.
The attr-value-mapping
transformation comparisons are case-sensitive.
The Directory Proxy Server does not support IPv6 on windows.
If a Directory Proxy Server instance has only secure-listen-socket
/port
enabled through DSCC, and if the server certificate is not the default (for example, if it is a certificate-Authority-signed certificate), DSCC cannot be used to manage the instance.
To work around this problem, unregister the proxy server instance and then register it again. Alternatively, update the userCertificate
information for the proxy server instance in the DSCC registry, using the server certificate.
If the Directory Proxy Server configuration property allow-bind-operations
is set to false
, it is not possible to connect on an SSL port using the dpconf
command line argument with the -–secure-port
option. Connection by Start TLS (default) or by clear connection (the -–unsecured
option) are still possible.
Time limit and size limit settings work only with LDAP data sources.
After enabling or disabling non secure LDAP access for the first time, you must restart Directory Proxy Server for the change to take effect.
During installation on Windows systems, ODSEE relies on Windows permissions settings for file protection. Be sure your permissions are set appropriately.
To work around this issue, change the permissions on the installations and server instance folders.
After configuring alerts, you must restart Directory Proxy Server for the change to take effect.
Currently, GetEffectiveRights
control is supported only for LDAP data views and does not yet take into account ACIs local to the proxy.
The modify DN operation is not supported for LDIF, JDBC, join and access control data views.