What's New in This Guide?

This preface introduces the new and changed features of Oracle Unified Directory and Oracle Unified Directory Services Manager (OUDSM) since the previous release, and provides pointers to additional information. The information includes the following section:

Follow the pointers into this guide to get more information about the features and how to use them. This document is the new edition of the formerly titled Oracle Fusion Middleware Administrator's Guide for Oracle Unified Directory.

Updates in April 2024 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

Updates in October 2023 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

Updates in April 2023 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

Updates in October 2022 Bundle Patch for 12c Release (12.2.1.4.0)

This release of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

Updates in October 2021 Documentation Refresh for 12c Release (12.2.1.4.0)

This revision of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

  • Improving OUD Performance

    To improve the OUD performance, some changes are made in the default OUD configuration parameters. Some log publishers are now disabled by default to increase OUD performance by reducing disk I/O. This will affect only new instances. The disabled log publishers can be enabled again using the dsconfig command after you set up the instances. To enable a log publisher, refer Enabling a Log Publisher.

  • Listen Address for Replication Server

    In this release, a new configurable attribute is introduced to configure replication listen address. Currently only replication listen port is available for configuration. The default listen address is 0.0.0.0. Now the replication listen address is configurable to support multiple replication server with the same replication port in a single cluster node with multiple logical IPs. For more information, refer Enabling Replication Between Two Servers With dsreplication.

  • Maintain Same Timezone

    In this release, a new configurable attribute namely, last-login-time-zone is introduced to maintain same timezone across all the OUD instances for attribute value last-login-time. For more information, refer Default Password Policy Properties.

  • Multi-Value Attribute

    In RDBMS workflow element, when certain table structures contained multiple rows for the same entity (including joins in some cases), it returned duplicate records in the LDAP search results. This has now been fixed and all attribute values are merged together and returned as part of the LDAP entry. For more information, refer Accessing Remote Data Sources.

  • AES-GCM based Attribute Encryption

    Oracle Unified Directory now supports stronger AES GCM based attribute encryption algorithms. AES-256-GCM is the default attribute encryption algorithm starting this release. For re-encryption of existing data, OUD now supports data reencryption using scheduled task. For more information, refer Understanding Data Encryption in Oracle Unified Directory.

  • Customizing Self Signed Certificate Generation Options

    Oracle Unified Directory now uses RSA key algorithm with 3072 bits key and SHA256 with RSA signing algorithm for any new self-signed certificates it generates. During OUD setup, you can now customize the key algorithm, key bit size and signature algorithm for the self-signed certificate. For more information, refer Configuring Security Between Clients and Servers.

  • Support for Custom Password Storage Scheme

    Oracle Unified Directory now supports User-defined password storage scheme. User-defined password storage scheme provides the ability to implement and deploy custom password hashing schemes into the server. For more information, refer Managing Password Policies.

Updates in April 2021 Documentation Refresh for 12c Release (12.2.1.4.0)

This revision of Oracle® Fusion Middleware Administering Oracle Unified Directory contains feature updates and addresses bug fixes.

  • Keystore and Truststore Enhancement

    From this release onward, the PIN needed to access a truststore or keystore is stored in an encrypted format inside the key-store-pin or trust-store-pin attribute of the corresponding configuration entry within Oracle Unified Directory.

    In earlier releases, PIN files contained passwords in cleartext format. The mechanism of providing password is no longer supported. In addition, keystore or truststore configuration attributes such as trust-store-pin-file, trust-store-pin-property, and trust-store-pin-environment-variable, key-store-pin-file, key-store-pin-property, and key-store-pin-environment varliable are no longer referred while getting pin value.

    If your environment contains configuration attributes such as trust-store-pin-file, trust-store-pin-property, or trust-store-pin-environment-variable, then after you upgrade to the latest bundle patch, the PIN value determined from these configuration attributes is automatically moved to the trust-store-pin configuration attribute and stored in an encrypted format.

    If your environment contains configuration attributes such as key-store-pin-file, key-store-pin-property, or key-store-pin-environment-variable, then after you upgrade to the latest bundle patch, the PIN value determined from these configuration attributes is automatically moved to the key-store-pin configuration attribute and stored in an encrypted format.

    All relevant references to PIN files and the above-unsupported configuration attributes have been removed from this guide.

  • Support for Retriveing Keystore or Trustore Password Using the dsconfig Utility

    The dsconfig utility has been enhanced to include a new argument --showKeystorePassword to retrieve the password for the keystore or trustore. When you run the dsconfig utility by passing the --showKeystorePassword argument, the password is decrypted and is displayed in clear text on the terminal. You can no longer obtain the password directly from the PIN file. For information about the --showKeystorePassword argument, see dsconfig.

New and Changed Features for Oracle Unified Directory 12c (12.2.1.4.0)

Oracle Unified Directory 12c (12.2.1.4.0) includes the following new and changed features: