Oracle® Fusion Middleware Release Notes for Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.7.0) Part Number E28975-02 |
|
|
PDF · Mobi · ePub |
These release notes provide current information on the date they are published. If the English version of the release notes has a more recent publication date, it might be updated with more current information that is not provided in other language versions. Consult the English version of the release notes for the most current information.
This chapter contains the following sections:
When you preload the entry cache, the server saves the entries in cache at shutdown, and then loads these entries at startup. This allows the server to start up with recently-used entries already in cache. Preloading the entry cache is useful for arriving at reproducible results when testing, and for measuring and analyzing potential optimizations.
For more information about entry cache preloading, see the Administrator's Guide for Oracle Directory Server Enterprise Edition
By default, the entry cache is now completely managed by the server, depending upon the load. LDAP Client operations per seconds are monitored and the entry cache resized according to how many requests can be handled by the server. Some operations are inherently slower than others (groupsprocessing, for example). You may want to evaluate your load with the default settings, and then resize the entry cache manually if performance is inadequate.
For more information about entry cache sizing, see the following:
Reference for Oracle Directory Server Enterprise Edition
Administrator's Guide for Oracle Directory Server Enterprise Edition
The following ciphers for attribute encryption are new in this release:
aes128 -
AES 128 bit block cipher
aes256
- AES 256 bit block cipher
camellia128 -
Camellia 128 bit block cipher
camellia256
- Camellia 256 bit block cipher
For more information about configuring attribute encryption, see the Administrator's Guide for Oracle Directory Server Enterprise Edition
SHA384 and SSHA384 password storage schemes are now supported options for the pwd-supported-storage-scheme
property.
For more information, see the Man Page Reference for Oracle Directory Server Enterprise Edition
The new convert-pwp-opattr-to-DS6
flag for the dsadm rewrite
subcommand enables automatic entry updates during password policy migration. Moving from DS5-compatible-mode
to DS6-mode
occurs in two phases, which includes an intermediate stage in DS6-migration-mode.
For more information about password policy compatibility and migration, see the Administrator's Guide for Oracle Directory Server Enterprise Edition
The attribute backlogsum
describes total time in seconds spent by the worker threads from the moment an operation is received to the start of its processing. This parameter is not available on Windows.
For more information on Directory Server monitoring attributes, see the Reference for Oracle Directory Server Enterprise Edition
The new dsadm list-instance-dirs
lists all directories comprising a Directory Server instance. You can then use its output as input for whatever archive utility you would like to use. This enables you to back up and to restore the service from scratch.
You can now enable control OIDs to be logged as part of LDAP operations and results in the access log. For more information about configuring Directory Server control OIDs in the access log, see the Administrator's Guide for Oracle Directory Server Enterprise Edition.
SNMP support has been revised. SNMP is now available only through the new SNMP Agent.
The entry cn=snmp,cn=monitor
now contains counters for all protocols. Searches must be run with scope base to get only this entry.
Plugin signatures are now verified on Linux.
The output for dsadm show-cert
is now more compact. Use certutil
to have more information on certificates.
The dsmig
subcommand now migrates only 5.2 instances; dsmig
will not migrate a 6.x instance. See the Upgrade and Migration Guide for Oracle Directory Server Enterprise Edition.
The dsconf reindex
subcommand now puts the suffix in referral mode. Local data is not available until reindex
finishes.
When you click the Online Help button, you are directed to the webpage for the Oracle Directory Server Enteprise Edition Documentation Library.
Directory Server chaining is deprecated and no longer ships with ODSEE. Chaining is not configurable through Directory Service Control Center, nor is chaining configurable through the new command line tools. Most deployments enabled by chaining are now enabled using features of Directory Proxy Server. For example, data distribution, global account lockout across an entire replication topology, and merging directory information trees can be done with Directory Proxy Server.
Commands that were available in previous versions of Directory Server Enterprise Edition, but whose functions are now provided by other commands, are described in Command Line Changes in Upgrade and Migration Guide for Oracle Directory Server Enterprise Edition
Commands that were removed from Directory Server Enterprise Edition, are described in Command Line Changes in Upgrade and Migration Guide for Oracle Directory Server Enterprise Edition.
Before you stop Directory Proxy Server, or begin any Directory Proxy Server maintenance operation, you can reduce the risk of disrupting active server connections by enabling the quiesce mode. When quiesce mode is enabled, Directory Proxy Server immediately refuses client requests for new connections. As clients close their connections, Directory Proxy Server gradually transitions to an administrative state in which no open connections remain.
For information about enabling the quiesce mode, see the Administrator's Guide for Oracle Directory Server Enterprise Edition
At startup, Directory Proxy Server automatically re-encrypts configuration data previously encrypted with 3DES. The configuration data is re-encrypted with the AES-128 algorithm for additional security. The key used for 3DES is kept, but the key is not used afterwards. A new key is generated for AES-128.
When a client modifies a password, Directory Proxy Server applies the encryption policy defined by the db-pwd-encryption
property of the data view. In this release, the Crypt encryption policy is a new option on Solaris and Linux platforms.
For more information about password encryption and verification, see the Reference for Oracle Directory Server Enterprise Edition
This feature enables Directory Proxy Server to use in its access log the same identifier as Directory Server uses in its own access log. (Directory Proxy Server will still prefix the identifier with the data source's name). This simplifies the task of tracking the connections.
For more information about connection tracking, see the Reference for Oracle Directory Server Enterprise Edition.
You now can enable controls to be logged in all OPERATION and all SERVER_OP entries, both for requests and responses. By default, control OIDs are logged in the access log only in the OPERATION category for all operations other than extended, unbind and abandon.
For more information about configuring Directory Proxy Server control OIDs in the access log, see the Administrator's Guide for Oracle Directory Server Enterprise Edition
The Cacao-based common container and Cacao agent no longer exist in ODSEE. So to start a Directory Server instance using the console, for example, you no longer provide an OS-based login to authenticate to Cacao in addition to the administrative username and password you provide to authenticate to DSCC. Instead, you provide only your DSCC administrative username and password. ODSEE then uses the new DSCC agent to delegate authentication to the DSCC registry.
See the following for more information about the DSCC agent:
You can designate a specific user, whose entry is contained in the Directory Server, to act as a Directory Service Manager. A user who acts as a Directory Service Manager is called an Administrative User. The Administrative User can log in to DSCC using his or her own username or DN.
For more information about the Administrative User, see the Administrator's Guide for Oracle Directory Server Enterprise Edition
The SNMP monitoring model is streamlined in this release, using a new SNMP agent. For more infomation about the new SNMP monitoring information flow, see the Reference for Oracle Directory Server Enterprise Edition
The dsccagent
command was added to the ODSEE command-line utility. The new command creates and configures the new DSCC agent. The dsccagent
command has the following subcommands: dsccagent create
, dsccagent delete
, dsccagent start, dsccagent stop
, dsccagent list-running-instances
, dsccagent enable-service
, dsccagent disable-service
, dsccagent enable-snmp
, and dsccagent disable-snmp
. The subcommands enable-service
and disable-service
are available only on Solaris and Windows. On other operating systems, for example on Linux, contact your system administrator to develop scripts or configuration for the platform service management.
For more information about the dsccagent
command, see the Man Page Reference for Oracle Directory Server Enterprise Edition
You can now use the dsccreg
command to register a new DSCC agent with the DSCC registry. The dsccreg
command now includes the following subcommands: dsccreg add-agent
, dsccreg list-agents
, and dsccreg remove-agent
.
For more information about dsccreg,
see the Man Page Reference for Oracle Directory Server Enterprise Edition