Oracle® Fusion Middleware Release Notes for Oracle Unified Directory 11g Release 2 (11.1.2) Part Number E23738-02 |
|
|
PDF · Mobi · ePub |
Oracle Unified Directory is a comprehensive, high-performance, highly-extensible next generation directory service that supports large-scale deployments and is easy to deploy, manage, and monitor.
This chapter introduces Release Notes for the Oracle Unified Directory 11g Release 2 (11.1.2) software and contains the following topics:
Section 1.3, "Overview of Oracle Unified Directory 11g Release 2 (11.1.2)"
Section 1.5, "Software Environment Limitations and Recommendations"
This document is accurate at the time of publication. Oracle will update the release notes periodically after the software release. You can access the latest information and additions to these release notes on the Oracle Technology Network at:
http://www.oracle.com/technetwork/indexes/documentation/index.html
This document contains the release information for Oracle Unified Directory 11g Release 2 (11.1.2).
Oracle recommends you review its contents before installing, or working with the product.
Oracle Unified Directory is the newest member of the Oracle Directory Server product family. This next-generation directory server is designed for performance (fast reads and writes), scalability (vertical and horizontal), ease of use, robust availability, extensibility (numerous plug-in points), security, and maintenance.
Oracle Unified Directory 11g Release 2 (11.1.2) can function in one of the three modes:
As an LDAP directory server, which contains data.
As an LDAP proxy server, where the server acts as an interface between the client and the directory server that contains the data.
As a replication gateway between Oracle Unified Directory and Oracle Directory Server Enterprise Edition.
For specific information about installing the Oracle Unified Directory 11g Release 2 (11.1.2) software, see Oracle Fusion Middleware Installation Guide for Oracle Unified Directory.
Oracle Directory Integration Platform consists of a set of services and interfaces that facilitates synchronization and provisioning solutions between the directory and other repositories.
If you want to use Directory Integration Platform to enable synchronization for Oracle Unified Directory, you need to enable the Oracle Unified Directory changelog. For more information about how to enable the changelog in Oracle Unified Directory, see Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.
Directory Integration Platform synchronization can be described as follows:
Section 1.3.1.1, "Synchronization between Oracle Unified Directory and Oracle Internet Directory"
Section 1.3.1.2, "Synchronization between Oracle Unified Directory and Third-Party Directories"
Oracle Directory Integration Platform 11.1.1.5 and higher supports synchronization between Oracle Internet Directory and Oracle Unified Directory. For more information about the synchronization procedure, see the chapter, Integrating with Oracle Directory Server Enterprise Edition in the Directory Integration Platform Administrator's guide. Oracle Directory Server Enterprise Edition was formerly known as the Sun Java System Directory Server. You need to replace all references of SJSDS
in the guide to OUD
for synchronization to work accurately.
To enable synchronization of data between Oracle Unified Directory and third-party directories, you need to integrate Oracle Directory Integration Platform with Oracle Unified Directory. You can obtain Oracle Directory Integration Platform by installing Oracle Identity Management release 11.1.1.6.0.
Oracle Unified Directory installation and configuration will not complete successfully unless users meet the hardware and software prerequisite requirements before installation.
To ensure optimal server performance, your system must meet the following requirements:
Section 1.4.5, "File Descriptor Requirements (Linux Systems)"
Section 1.4.6, "Specific Requirements for Installation in Solaris Zones,"
For optimal performance, your system must have sufficient RAM memory for the JVM heap and database cache. For more information about setting the JVM heap and database cache, see "Configuring the JVM, Java Options, and Database Cache" in Oracle Fusion Middleware Installation Guide for Oracle Unified Directory.
On Solaris systems, the operating system should be configured to have at least twice as much virtual memory as JVM heap. To achieve this, you might need to increase the size of the operating system swap space.
Your system should also have enough disk space to store the generated log files. The server log files can consume up to 1 GB of disk space with default server settings. In replicated environments, the change log database can grow up to 30-40 GB with loads of 1000 mods/sec. For information about setting the log file size, see "Configuring Log Rotation Policies" in Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.
You can configure Oracle Unified Directory in such a way that it uses substantially less, or more, disk space depending on your application and performance needs. Any setup considerations must determine the amount of memory for the server's database and log files.
As a general guideline, the following hardware is recommended:
Hardware Component | Requirement |
---|---|
RAM |
Evaluation purposes: At least 256 MB of free memory for a small database. Production: Minimum of 2 GB. Note: For large databases or large global index catalogs that require more than 4 GB of RAM, your system should use 64–bit architectures. |
Local disk space |
Evaluation purposes: For a small database and sufficient space for log files, your system should have at least 100 MB of free local disk space. Preferably, you should have at least 1 GB of disk space. Production: For a typical production deployment with a maximum of 250,000 entries and no binary attributes, such as images, 4 GB of disk space might be sufficient for the database only. You might need an additional 1 GB of disk space for log files. You need to determine disk space for the change log database (DB), which is dependent on the load (updates per second) and on the replication purge delay (that is, the time the server should keep information about internal updates). The change log DB can grow up to 30-40 GB with loads of 1000 modifications per second. When you use global index replication, ensure that you have enough disk space for the replication change logs. By default, the change log stores changes from the last 24 hours. The configuration should be based on the expected size of the service. For example, you would need 150 GB for 5000 modify/seconds. The directory server does not support databases and logs installed on NFS-mounted file systems. Sufficient space should be provided for the database on a local file system, for example, in |
For information about certified Operating Systems for Oracle Unified Directory 11g Release 2 (11.1.2) refer to the certification matrix on the following Web page
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
The following table outlines the Operating System requirements.
Item | Requirement |
---|---|
Operating System TCP/IP Ports |
The directory server uses the following ports by default:
|
File Descriptor Limits |
On some Linux systems, the default file descriptor limit is set to 1024. This value might be too small when processing the total number of client connections, database files, and log files that the directory server requires to operate. It is strongly advised to increase the file descriptor limit to 64K or (65536 field descriptors). |
For information about certified Java version for each Java implementation, refer to the following Web page
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
The issue described in this section affects Linux systems only. All other supported platforms are unaffected.
To ensure optimal server performance, the total number of client connections, database files, and log files must not exceed the maximum file descriptor limit on the operating system (ulimit
-n
). By default, the directory server allows an unlimited number of connections but is restricted by the file descriptor limit on the operating system. Linux systems limit the number of file descriptors that any one process may open to 1024 per process.
After the directory server has exceeded the file descriptor limit of 1024 per process, any new process and worker threads will be blocked. For example, if the directory server attempts to open a Oracle Berkeley JE database file when the operating system has exceeded the file descriptor limit, the directory server will no longer be able to open a connection that can lead to a corrupted database exception. Likewise, if you have a directory server that exceeds the file descriptor limit set by the operating system, the directory server can become unresponsive as the LDAP connection handler consumes all of the CPU's processing in attempting to open a new connection.
To fix this condition, set the maximum file descriptor limit to 65535
per process on Linux machines.
To view the maximum file descriptor limit, run the following command:
/sbin/sysctl -a | grep file-max
If the file-max
value is lower than 65535,
then perform the following steps:
Using any text editor, create or edit the /etc/sysctl.conf
file, and add or edit lines similar to the following:
fs.file-max = 6815744
Enter the following command to change the current values of the kernel parameters:
/sbin/sysctl -p
Enter the command /sbin/sysctl -a | grep file-max
to confirm that the values are set correctly.
Using any text editor, edit the /etc/security/limits.conf
file, and add the following lines:
soft nofile 1024 hard nofile 65535
Note:
When you specify the values in the /etc/sysctl.conf
or /etc/security/limits.conf
file, they persist when you restart the system.
The Oracle Unified Directory software treats global, full local, and sparse zones as an independent physical system. Installing the server in any type of Solaris zone is therefore like installing on an independent system. The software does not share services or file locations with other zones.
Before you begin the installation procedure, you must read the certification matrix to ensure that your environment meets the minimum installation requirement for each component.
For more information about certified application servers, refer to the certification matrix on the following Web page
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
Oracle Unified Directory 11g Release 2 (11.1.2) is certified for the following languages:
Chinese (Simplified)
Chinese (Traditional)
French
German
Italian
Japanese
Korean
Spanish
Portuguese (Brazilian)
Note:
Certain error messages (specifically, the SEVERE and FATAL messages) are displayed in English only.
The Oracle Unified Directory 11g Release 2 (11.1.2) software has some limitations that might affect the initial deployment of your directory server. Follow the recommendations for deployments in this section.
Administrators also should appropriately tune the Oracle Unified Directory directory server and its Java Virtual Machine (JVM) to ensure that adequately sized hardware is made available to support heavy write operations. For more information, see "Configuring the JVM, Java Options, and Database Cache" in Oracle Fusion Middleware Installation Guide for Oracle Unified Directory.
This section describes the following topics:
Section 1.5.1, "Oracle Unified Directory 11g Release 2 (11.1.2) Limitations"
Section 1.5.2, "Oracle Unified Directory Software Recommendations"
This section lists the limitations of Oracle Unified Directory 11g Release 2 (11.1.2). They are as follows:
The Oracle Unified Directory directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.
To maximize performance when running the server as a proxy, you should restrict queries so that the proxy returns only the required attributes rather than all the attributes of an entry.
This section lists the recommendations for using Oracle Unified Directory 11g Release 2 (11.1.2). They are as follows:
The directory server provides better performance when the database files are cached entirely into memory.
The default settings of the Oracle Unified Directory directory server are targeted initially at evaluators or developers who are running equipment with a limited amount of resources. For this reason, you should tune the Java virtual machine (JVM) and the directory server itself to improve scalability and performance, particularly for write operations. For more information, see "Configuring the JVM, Java Options, and Database Cache" in Oracle Fusion Middleware Installation Guide for Oracle Unified Directory.
If you want to import large LDIF files by using the import-ldif
command, then it is recommended that you use the --skipDNvalidation
option. However, if you are not certain that the LDIF file is valid, using this option is not advised.