Release Notes for Oracle Unified Directory
11g Release 2 (11.1.2.3)
E55519-02
January 2017
This document contains the release information for Oracle Unified Directory 11g Release 2 (11.1.2.3). It describes the difference between Oracle Unified Directory (OUD) and its documented functionality.
Oracle recommends you review its contents before installing or working with OUD.
This document is accurate at the time of publication. Oracle will update the Release Notes periodically after the software release. You can access the latest information and additions to these Release Notes on the Oracle Help Center for OUD 11g Release 2 (11.1.2.3) by searching for that release number in the library. You can access the Oracle Help Center at the following website:
These Release Notes include the following topics:
The following is a list of new features in the OUD 11g Release 2 (11.1.2.3):
Enhanced security:
Password Masking in Audit Log. For more information see, "Masking Attributes in the Audit Log" and "Support for Encryption in Replication Topology"
Support for Linux Crypt algorithm. For more information see, "Crypt Algorithm"
Password expiration available as a virtual attribute. For more information see, "Configuring Virtual Attributes"
Simplified deployment through:
OUD server metrics displayed in ODSM console. For more information see, "Viewing the Server Metrics"
Support for native replication with Sun DSEE 6.3. For more information see, "Exporting User Data from (O)DSEE to OUD"
Virtual Directory Capabilities:
Note:
To use the virtual directory capabilities described here, you must have a validOracle Directory Service Plus
license.Join between multiple backends. For more information see, "Using Entries from Multiple Directories" and "Configuring a Virtual Directory View of Your Repositories"
Database connector. For more information see, "Configuring Access to Identity Data Stored in an RDBMS"
Further performance and scalability:
Support for large static groups. For more information see, "Defining Groups" and "Additional Tuning Recommendations"
Reduced memory footprint through entry compaction and selective attribute caching. For more information see, "Configuring Selective Attribute Caching" and, "Saving Database Space Using Tokens for Attribute Values"
Note:
To use the virtual directory capabilities described here, you must have a validOracle Directory Service Plus
license.Table 1 lists the supported interfaces for virtualization workflow elements in this release:
Note:
The Dynamic Tree, and Flat Tree workflow elements are not supported in this release. If you encounter any functions in the interfaces for these workflow elements, do not execute them as they are not supported.Table 1 Oracle Unified Directory Virtualization Features
Workflow Element | Configure with Command Line | Configure with ODSM | Additional Information |
---|---|---|---|
Join |
Yes |
Yes |
See "Configuring a Virtual Directory View of Your Repositories" |
HideByFilter |
Yes |
No |
|
GetRidOfDuplicates |
Yes |
No |
See "Eliminating Duplicate Entries from Search Results Using the GetRidOfDuplicates" |
Active Directory Password Update |
Yes |
No |
|
RDBMS |
Yes |
No |
See "Configuring Access to Identity Data Stored in an RDBMS" |
VirtualMemberOf |
Yes |
No |
Before performing any installation, you should read the system requirements and certification documents to ensure that your environment meets the minimum installation requirements for the products you are installing. The following documents are available on Oracle Technology Network (OTN):
Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management
This document contains detailed information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches when installing OUD with other Oracle products.
Oracle Fusion Middleware Supported System Configurations
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
This landing page contains links to certification information for all products in Fusion Middleware suite. To view the certification matrix:
Access the Oracle Fusion Middleware Supported System Configurations landing page:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
Scroll down to System Requirements and Supported Platforms for Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0).
Click the xls link to view the certification matrix.
This document contains the most detailed information about supported application servers, supported clients, JDK requirements, and IPv4/IPv6 certifications for installing OUD. This document is updated as new information becomes available.
Oracle® Fusion Middleware Installing Oracle Unified Directory 11g Release 2 (11.1.2)
Chapter 1, "Before You Install Oracle Unified Directory" contains pre-installation system notes and other information you should review prior to OUD installation.
The following sections describe additional information specific to OUD installation requirements:
As a general guideline, the following hardware is recommended:
Hardware Component | Requirement |
---|---|
RAM |
Evaluation purposes: At least 256 MB of free memory for a small database. Production: Minimum of 2 GB. |
Local disk space |
Evaluation purposes: For a small database and sufficient space for log files, your system should have at least 100 MB of free local disk space. Preferably, you should have at least 1 GB of disk space. Production: For a typical production deployment with a maximum of 250,000 entries and no binary attributes, such as images, 4 GB of disk space might be sufficient for the database only. You might need an additional 1 GB of disk space for log files. You need to determine disk space for the change log database (DB), which is dependent on the load (updates per second) and on the replication purge delay (that is, the time the server should keep information about internal updates). The change log DB can grow up to 30-40 GB with loads of 1,000 modifications per second. When you use global index replication, ensure that you have enough disk space for the replication change logs. By default, the change log stores changes from the last 100 hours. The configuration should be based on the expected size of the service. For example, you would need 150 GB for 5,000 modify/seconds. |
For optimal performance, your system must have sufficient RAM memory for the JVM heap and database cache. The server also provides ready-to-use tuning. For more information about setting the JVM heap and database cache, see "Configuring the JVM, Java Options, and Database Cache" in Oracle Fusion Middleware Installing Oracle Unified Directory.
Your system should also have enough disk space to store the generated log files. The server log files can consume up to 1 GB of disk space with default server settings. In replicated environments, the change log database can grow up to 30-40 GB with loads of 1,000 mods/sec. For information about setting the log file size, see "Configuring Log Rotation Policies" in Oracle Fusion Middleware Administering Oracle Unified Directory.
You can configure Oracle Unified Directory in such a way that it uses substantially less, or more, disk space depending on your applications and performance needs. Any setup considerations must determine the amount of memory for the server's database and log files.
On Solaris and Linux systems, the operating system should be configured to have at least twice as much virtual memory as JVM heap. To achieve this, you might need to increase the size of the operating system swap space.
In addition to the operating system, application server, and JDK requirements described in this document:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
be sure to resolve the following operating system specific requirements:
Section 3.2.1, "File Descriptor Requirements (Linux Systems)"
Section 3.2.2, "Specific Requirements for Installation in Solaris Zones"
The recommendation described in this section affects Linux systems only. All other supported platforms are not impacted.
To ensure optimal server performance, the total number of client connections, database files, and log files must not exceed the maximum file descriptor limit on the operating system (ulimit
-n
). By default, the directory server allows an unlimited number of connections but is restricted by the file descriptor limit on the operating system. Linux systems limit by default the number of file descriptors that any one process may open to 1024 per process.
After the directory server has exceeded the file descriptor limit of 1024 per process, any new process and worker threads will be blocked. For example, if the directory server attempts to open an Oracle Berkeley Java Edition database file when the operating system has exceeded the file descriptor limit, the directory server will no longer be able to open a connection that can lead to a corrupted database exception. Likewise, if you have a directory server that exceeds the file descriptor limit set by the operating system, the directory server can become unresponsive as the LDAP connection handler consumes all of the CPU's processing in attempting to open a new connection.
To fix this condition, set the maximum file descriptor limit to 65535
per process on Linux machines.
To view the maximum file descriptor limit, run the following command:
/sbin/sysctl -a | grep file-max
If the file-max
value is lower than 65535,
then perform the following steps:
Using any text editor, create or edit the /etc/sysctl.conf
file, and add or edit lines similar to the following:
fs.file-max = 65536
Enter the following command to change the current values of the kernel parameters:
/sbin/sysctl -p
Enter the command /sbin/sysctl -a | grep file-max
to confirm that the values are set correctly.
Using any text editor, edit the /etc/security/limits.conf
file, and add the following lines:
soft nofile 1024 hard nofile 65535
Note:
When you specify the values in the/etc/sysctl.conf
or /etc/security/limits.conf
file, they persist when you restart the system.The Oracle Unified Directory software treats global, full local, and sparse zones as an independent physical system. Installing the server in any type of Solaris zone is therefore like installing on an independent system. The software does not share services or file locations with other zones.
Oracle Unified Directory 11g Release 2 (11.1.2.3) is certified for the following languages:
Chinese (Simplified)
Chinese (Traditional)
French
German
Italian
Japanese
Korean
Spanish
Portuguese (Brazilian)
Note:
Certain error messages (specifically, the SEVERE and FATAL messages) are displayed in English only.The Oracle Unified Directory 11g Release 2 (11.1.2.3) software has some limitations that might affect the initial deployment of your directory server. Follow the recommendations for deployments in this section.
Administrators also should appropriately tune the Oracle Unified Directory directory server and its Java Virtual Machine (JVM) to ensure that adequately sized hardware is made available to support heavy write operations. For more information, see "Configuring the JVM, Java Options, and Database Cache" in Oracle Fusion Middleware Installing Oracle Unified Directory.
This section describes the following topics:
Section 4.1, "Oracle Unified Directory 11g Release 2 (11.1.2.3) Limitations"
Section 4.2, "Oracle Unified Directory Software Recommendations"
This section lists the limitations of Oracle Unified Directory 11g Release 2 (11.1.2.3). They are as follows:
The Oracle Unified Directory directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.
For Enterprise User Security, Oracle Unified Directory is validated to store and manage users and groups locally, and also for proxying to other external directory servers. The list of supported external directory servers is documented in the certification matrix. To view the certification matrix:
Access the Oracle Fusion Middleware Supported System Configurations landing page:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
Scroll down to System Requirements and Supported Platforms for Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0).
Click the xls link to view the certification matrix and then click the Interop tab for the list of supported external directory servers.
Oracle Unified Directory Server in proxy mode provides the best search performance when the search queries ask for the specific required attributes (rather than all the attributes) of an entry.
This section lists the recommendations for using Oracle Unified Directory 11g Release 2 (11.1.2.3). They are as follows:
The directory server provides better performance when the database files are cached entirely into memory.
The default settings of the Oracle Unified Directory directory server are targeted initially at evaluators or developers who are running equipment with a limited amount of resources. For this reason, you should tune the Java virtual machine (JVM) and the directory server itself to improve scalability and performance, particularly for write operations. For more information, see "Configuring the JVM, Java Options, and Database Cache" in Oracle Fusion Middleware Installing Oracle Unified Directory.
If you want to import large LDIF files by using the import-ldif
command, then it is recommended that you use the --skipDNvalidation
option. However, if you are not certain that the LDIF file is valid, using this option is not advised.
The following sections describe known issues and limitations with the Oracle Unified Directory 11g Release 2 (11.1.2.3) core server at the time of this release.
start-ds --upgrade
fails if the server already has a passwordexpirationtime
virtual attributeIf you upgrade an instance of Oracle Unified Directory from 11g R2 PS1 or 11g R2PS2 to 11g R2PS3 that contains passwordExpirationTime
virtual attribute ("cn=Password Expiration Time,cn=Virtual Attributes,cn=config
"), then the start-ds --upgrade
command might throw the following error message:
"Patch from earlier OUD version to current version failed: The entry cn=Password Expiration Time,cn=Virtual Attributes,cn=config cannot be added because an entry with that name already exists"
This error occurs because the server already contains the passwordExpirationTime
virtual attribute.
Workaround
Ignore the warning and restart the server.
You can also apply the workaround, which is to remove the password expiration configuration before running the upgrade. For more information, see "Configuring Virtual Attributes Using dsconfig" in Administering Oracle Unified Directory.
When you upgrade from 11.1.2.2.0 to 11.1.2.3.0, case sensitivity of attribute value might be lost due to the default behavior of the compact-encoding feature in 11.1.2.3.0.
You can retain case sensitive values by setting the value of compact-encoding flag to false right before the upgrade. See "Retaining Case Sensitivity in Attributes During Upgrade" in Administering Oracle Unified Directory.
When manage-suffix is used to integrate a suffix with EUS, the following configuration changes are missing:
The password storage scheme in the default password policy update
The password storage scheme in the Import password policy plug-in update
The cipher suites in the LDAPS connection handlers update
'If you have configured a suffix with manage-suffix to integrate with EUS, run the following command-lines to update the password storage scheme configuration and the LDAP connection handler cipher suite configuration:
<OUD_INSTANCE_ROOT>/bin/dsconfig set-password-policy-prop \ --policy-name Default\ Password\ Policy \ --set allow-pre-encoded-passwords:true \ --set default-password-storage-scheme:Salted\ SHA-1 \ --hostname <host name> \ --port <admin port> \ --trustAll \ --bindDN cn=Directory\ Manager \ --bindPasswordFile <file containing directory manager password> \ --no-prompt <OUD_INSTANCE_ROOT>/bin/dsconfig set-plugin-prop \ --plugin-name Password\ Policy\ Import \ --set default-auth-password-storage-scheme:Salted\ SHA-1 \ --set default-user-password-storage-scheme:Salted\ SHA-1 \ --hostname <host name> \ --port <admin port> \ --trustAll \ --bindDN cn=Directory\ Manager \ --bindPasswordFile <file containing directory manager password> \ --no-prompt
The configuration of each of the LDAPS connection handlers must also be updated. If the cipher has not been modified, run the following:
<OUD_INSTANCE_ROOT>/bin/dsconfig set-connection-handler-prop \ --handler-name LDAPS\ Connection\ Handler \ --add ssl-cipher-suite:jvm \ --add ssl-cipher-suite:SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA \ --add ssl-cipher-suite:SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 \ --add ssl-cipher-suite:SSL_DH_anon_WITH_3DES_EDE_CBC_SHA \ --add ssl-cipher-suite:SSL_DH_anon_WITH_DES_CBC_SHA \ --add ssl-cipher-suite:SSL_DH_anon_WITH_RC4_128_MD5 \ --hostname <host name> \ --port <admin port> \ --trustAll \ --bindDN cn=Directory\ Manager \ --bindPasswordFile <file containing directory manager password> \ --no-prompt
If you have modified the cipher suite configuration (for example: if you have configured other suites than the one provided by the JVM), run the following instead:
<OUD_INSTANCE_ROOT>/bin/dsconfig set-connection-handler-prop \ --handler-name LDAPS\ Connection\ Handler \ --add ssl-cipher-suite:SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA \ --add ssl-cipher-suite:SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 \ --add ssl-cipher-suite:SSL_DH_anon_WITH_3DES_EDE_CBC_SHA \ --add ssl-cipher-suite:SSL_DH_anon_WITH_DES_CBC_SHA \ --add ssl-cipher-suite:SSL_DH_anon_WITH_RC4_128_MD5 \ --hostname <host name> \ --port <admin port> \ --trustAll \ --bindDN cn=Directory\ Manager \ --bindPasswordFile <file containing directory manager password> \ --no-prompt
When the ds-sync-hist
flag of the ds-cfg-purging
is set to false, the OUD upgrade fails to set the purging flag in the ds-sync-hist
index.
Set the ds-cfg-purging
flag of the ds-sync-hist
index to true. Then rebuild the ds-sync-hist
index:
./dsconfig set-local-db-index-prop --element-name userRoot --index-name ds-sync-hist --set purging:true ./rebuild-index -b "dc=example,dc=com" -i ds-sync-hist
Misleading additional information occurs when a static large group is modified.
Increasing the member-lookthrough-limit
property. For more information, see "Managing Static Groups With More Than 100,000 Members" in Administering Oracle Unified Directory.
When you run the dsreplication
initialize-all
command, a failure can occur if one of the remote servers to initialize is stopped or is too slow.
Rerun the dsreplication
initialize-all
command.
Although there are two servers in the replication topology, results are returned from one server only. This error occurs during data transfer between the replication servers.
There is currently no workaround for this issue.
When you use the signal SIGSTOP to pause the server, it can disable the backend upon using SIGSCONT to resume server processing. This problem occurs because SIGSTOP is not supported by OUD.
Set BDB JE latch timeout to a duration longer than the duration between SIGSTOP and SIGCONT. The following is an example: dsconfig set-workflow-element-prop --add je-property:je.env.latchTimeout="12 h"
When initialization is launched in a replicating topology, dsreplication initialize-all
and dsreplication initialize
commands, hang after sending a few entries. This occurs during processing.
Rerun the commands.
The data-sync privilege was not an operational privilege and consequently the OUD server does not recognize this privilege. For example, if the root user is created as follows:
dn: cn=myroot,cn=Root DNs,cn=config objectClass: inetOrgPerson objectClass: person objectClass: top objectClass: ds-cfg-root-dn-user objectClass: organizationalPerson userPassword: admin-password cn: myroot sn: myroot ds-cfg-alternate-bind-dn: cn=myroot givenName: My Root User ds-privilege-name: -data-sync
then the OUD server does not recognize the privilege, and cannot remove it. Instead, the OUD server removes all privileges for this user.
All references to this privilege in the OUD server configuration should be removed. For example:
$ ldapmodify -h localhost -p 4444 --useSSL dn: cn=myroot,cn=Root DNs,cn=config changetype:modify delete:ds-privilege-name ds-privilege-name: -data-sync
When you set up OUD to run as a Windows Service, and then restart the Windows system, an error message is displayed. The Windows service cannot be launched. This occurs when the administrator does not have access rights on the instance path.
Enable the administrator's access rights on the instance path and in the directories below the instance path (notably on the directory containing the database, by default called 'db').
When pass-through authentication (PTA) is configured with a Kerberos authentication provider, certain conditions must be met in order for the bind to succeed.
Configure PTA to meet the following conditions:
The user provider must be a local backend.
The PTA suffix, the user suffix, and the authentication suffix must be the same. The easiest way to configure the suffixes to be the same is to define the PTA suffix, and leave the other suffixes undefined.
When using the Oracle Directory Server Enterprise Edition Console DSCC to monitor the replication gateway, on the Directory Servers tab, the operational status indicates "Unexpected Error."
Stop the replication gateway.
Edit the legacy configuration file
<INSTANCE_PATH>/OUD/config/legacy-config.ldif
.
Find the mapping tree entry corresponding to the suffix that you cannot manage through DSCC because of the "unexpected error." Remove the slash character (\) present in the cn
value.
For example, after the modification you should have an entry similar to this:
dn: cn=dc=example\,dc=com,cn=mapping tree,cn=gwconfig objectClass: extensibleobject objectClass: nsMappingTree objectClass: top nsslapd-state: backend nsslapd-backend: example1 cn: dc=example,dc=com entryUUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Restart the replication gateway.
Refresh the DSCC page.
You may encounter this issue when you have two servers containing two suffixes: one suffix already configured for replication (for example dc=example,dc=com
), and the other suffix not configured for replication (for example cn=companyname
.) When you enable the changelog for cn=companyname
in both servers, replication is automatically configured for the cn=companyname
suffix because the servers themselves have already been defined and configured for replication.
There is currently no workaround for this issue.
When comparing attribute values using ldapcompare
, an error occurs because ldapcompare
is not supported in this release.
There is currently no workaround for this issue because ldapcompare
is not supported in this release.
When you configure an AddOutboundTransformation
with virtualAttr={%sn%.%cn%@o.com}
where the definition contains a dot, then a search request with a filter on the virtualAttr
parameter might not work correctly.
For instance, the sn
and cn
backend attribute values contain a dot, such as "sn:sn.light"
and "cn:cn.light."
Here, a search request with a filter on the virtualAttr
, for example "virtualAttr=sn.light.cn.light@o.com"
might not work correctly.
There is currently no workaround for this issue.
The moveplan
interface does not have a field to update the path for keystore pin file during the cloning process.
Use the dsconfig
command on the cloned instance to update the key-store-pin-file
value of JKS Key Manager Provider
.
On Oracle Linux Enterprise 6, the runInstaller
command may require i686 packages to be present on the system. Although the missing packages are not directly required for OUD to operate properly, they are required during the installation process.
Prior to running the runInstaller
command, install the required i686 packages. See the "Section 1.1 System Requirements and Certification" in Installing Oracle Unified Directory.
The messages and Help for oudCopyConfig,oudExtractMovePlan
, and oudPasteConfig
command-line tools of Oracle Unified Directory are only available in English.
There is currently no workaround for this issue.
On Windows system, if the value for parameter -j, --rootUserPasswordFile
is provided as a relative path, then oud-setup, oud-proxy-setup,
and oud-replication-gateway-setup
commands fail.
Provide an absolute path for -j, --rootUserPasswordFile
parameter.
For example:
-j C:\local\Password.txt
The gicadm
command does not import a catalog when you specify a relative path.
Specify an absolute path to import a catalog.
The -tih, -targetInstanceHomeLoc
option of the oudPasteConfig
command allows you to specify the location of the cloned server instance. If you specify an alternative location, for the cloned server instance, the instance is still created in the default location (TARGET_ORACLE_HOME/../TARGET_INSTANCE_NAME) and no error message is generated. However, the cloned server is configured partially as some custom parameters are not updated in the cloned server instance.
To successfully clone the server instance, as the -tih
parameter is mandatory, you must explicitly provide the default location for the -tih
parameter as follows:
-tih TARGET_ORACLE_HOME/../TARGET_INSTANCE_NAME
On a Windows system with a JDK 1.7 (previous to Update 11) JVM instance running, the ldapsearch.bat
client might not handle the trailing "*" correctly.
Download the latest JDK version to leverage the fixes and updates that are added to the Java SE platform.
On Windows systems, no SNMP trap is sent if the server is stopped by using stop-ds
with no credentials. The server is, however, stopped correctly.
The SNMP trap is sent if the server is stopped by using stop-ds -D bindDN -p password
.
There is currently no workaround for this issue.
When a distribution is using a GIC, and the GIC indexes the entry DNs, the ModifyDN operation is not supported.
If DNs are not indexed in the global index catalog, the modify DN operation is supported. Otherwise, only the modify RDN operation is supported.
Although indexing the DN is recommended for performance reasons, as a workaround in this situation, do not index the DN.
If you delete the load balancing workflow element or the load balancing algorithm, the load balancing routes are also deleted without any warning.
There is currently no workaround for this issue.
Under heavy and sustained load the database cleaning process might not end.
Configure a larger database cache. For more information, see "Tuning the Server Configuration" in Oracle Fusion Middleware Administering Oracle Unified Directory.
On Windows system, if the path to your Java installation in the -jreLoc
option includes a space character, then the installer does not run appropriately and terminates.
Provide the path to your Java installation in DOS 8.3 format.
For example:
-jreloc C:\Progra~1\Java\jdk1.7
For more information, see "Installing Oracle Unified Directory" in Oracle Fusion Middleware Installing Oracle Unified Directory.
In a replicated topology, if the server has a heavy workload, then the following error message is recorded in the error log: "The server failed to obtain a read lock on the parent entry dc=example
, dc=com
after multiple attempts."
Configure a larger database cache. For more information, see "Tuning the Server Configuration" in Oracle Fusion Middleware Administering Oracle Unified Directory.
The following sections describe known issues with Oracle Directory Services Manager at the time of Oracle Unified Directory (OUD) 11g Release 2 (11.1.2.3) release.
Note:
If Oracle Unified Directory has recently been updated, you might encounter a problem when you try to invoke ODSM. During an Oracle Unified Directory update operation, ODSM is also updated, and the ODSM URL can change. This problem usually occurs if you used your browser to invoke the earlier version of ODSM.Therefore, to invoke the updated version of ODSM, first clear your browser's cache and cookies.
When ODSM is used to disable replication in a server by first disabling the replicated suffix and then the replication server, dsreplication
enable fails when an attempt is made to add a new server to that topology.
Disable the replication on the server by running following dsreplication
command-line tool:
$ bin/dsreplication disable --disableAll
When accessing an entry in the data view, the following error message appears in the WebLogic Server logs:
<Oct 9, 2013 8:04:17 AM PDT> <Error> <oracle.adf.controller.internal.binding.TaskFlowRegionInitialConditions> <ADFC-64007> <ADFc: Task flow binding parameter 'entryObject' of type 'oracle.idm.directoryservices.odsm.model.oid.UserEntry' on binding 'oidDBdetailtaskflow' is not serializable, potential for incorrect application behavior or data loss.>
The error does not affect the WebLogic Server functionality. You can safely ignore the message.
The error, LDAP: "error code 21- an attempt to modify an ACI attribute type in the entry dc-example, dc-com failed...." occurs when the creation of a new ACI in OUD with ODSM fails.
In the text editor view, change the ACI bind rule Boolean operator value from "null" to "AND".
When using the Advanced Search paging in ODSM with the page results set to 5, the results remain the same when paging. When the results per page is set to 4, the problem does not occur.
Do not set the page results to 5.
The results of modification of certain elements and parameters in JOIN Workflow Element in ODSM are not saved.
The list of parameters that are not saved are:
"Attribute Storage", "Attribute Retrieval" for both Primary and Secondary Participant
join suffix value
join condition
bind priority in the Participant Relations
LDAP operations
Use dsconfig to do the modification.
In ODSM, query using advanced search does not return the Join DN attribute. Using ldapsearch, the search returns the join dn attribute.
Use ldapsearch to get the Join DN attribute.
On the Advanced Search Page, the search operation on the Attribute picker window for the "Fetched Attributes" and "Sort Results On" sections, returns error: "An unresolvable error has occurred. Contact your administrator for more information."
Manually select the attribute by scrolling down the Select Attribute table.
When accessing the Directory Service Manager tab or Topology Manager tab using Firefox on a Solaris system, the subtabs may not display as expected.
Click the forward arrows (>>) or back arrows (<<) to open a menu, and then navigate among the subtabs.
After installing OUD and ODSM on Windows 2008 R2, when you try to access the ODSM URL, the message "Starting Oracle Directory Services Manager..." displays, but the ODSM application does not load in the browser as expected. This can occur when you use Microsoft Internet Explorer version 8 or 9 browsers.
Verify that JavaScript is enabled.
Add the ODSM URL in the trusted sites.
Go to Tools-> Internet Options -> Security -> Trusted sites -> Sites -> Add. Then click Add to add the ODSM URL to a site.
On the Alert Handler Properties page, the Disabled Alert Type and Enabled Alert Type fields do not work as designed. Regardless of the setting for either field, alerts are never sent as expected.
Use dsconfig set-alert-handler-prop
to add or remove enabled-alert-type or disabled-alert-type values.
Use dsconfig set-alert-handler-prop --add enabled-alert-type
: alert type value to add enabled-alert-type alert type value.
Use dsconfig set-alert-handler-prop set-alert-handler-prop --remove enabled-alert-type:
alert type value to remove enabled-alert-type alert type value.
Example:
# dsconfig -h slc03roj -p 4444 -D "cn=Directory Manager" -j /tmp/oud -n -X set-alert-handler-prop --handler-name
"SMTP Alert handler name"
--remove enabled-alert-type:org.opends.server.DirectoryServerShutdown
On the Advanced Search page, when you click an entry in the Search Results table, the Show Attributes button does not appear if Optional Attributes is already expanded. However, if you collapse Optional Attibutes and then expand, the Show Attributes button appears. But, when you click the button the Select Attributes dialog box is blank.
To view the entry details, you can select the same entry from Data Browser tab.
When this NullPointer exception is encountered, the contents of that particular changelog entry cannot be accessed from ODSM. You can continue to use ODSM to perform other tasks and access other entries.
To access a changelog entry with no objectclasse specified, use a different LDAP client.
When you are in the screenreader mode, the Create, Apply, and Cancel buttons in the Oracle Directory Services Manager interface do not get focus after modification.
Press the Tab key until you get the focus on the required button. Alternatively, you can use the mouse to activate the required button.
This section contains the following documentation errata for The Oracle Fusion Middleware Configuration Reference for Oracle Unified Directory.�
In the Free Disk Space Log Retention Policy page, it states "This policy is only available on Java 6." The correct statement is: "This policy is only available with Java 7." Other references to Java 6 in this guide should also refer to Java 7.For the specific versions of Java 7 supported by Oracle Unified Directory, check the certification matrix in Section 3, "System Requirements and Specifications."
This section describes general issues and workarounds.
Starting with JDK 8u31, JDK 7u75, and JDK 6u91, the Java Runtime Environment has SSLv3 disabled by default. For more information about this change, see http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
If you apply any of these Java updates, then any attempt to connect to Oracle Unified Directory with SSLv3 will fail.
To solve this issue, configure the client LDAP application to use a different protocol. You may need to check whether any fixes are available that enable your client LDAP application to use a different protocol.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc
.
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info
or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs
if you are hearing impaired.
Oracle® Fusion Middleware Release Notes for Oracle Unified Directory, 11g Release 2 (11.1.2.3)
E55519-02
Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.