ORACLE CONFIDENTIAL. For authorized use only. Do not distribute to third parties.
Pre-General Availability: 2021-10-13
This document describes Bundle Patch 12.2.1.4.210406 for Oracle Unified Directory.
This readme document requires base installation of Oracle Unified Directory 12c (12.2.1.4.0). It includes the following sections:
Note:
For issues documented after the release of OUD Bundle Patch 12.2.1.4.210406, log into My Oracle Support. In the Search Knowledge Base field, enter 2602696.1. This is the ID of the document that describes the Oracle Fusion Middleware 12.2.1.4.0 Known Issues.1.1 New Features and Enhancements in OUD Bundle Patch 12.2.1.4.210406
Oracle Unified Directory 12.2.1.4.210406 BP includes the following new features and enhancements:
Configure Password Validators and Password Generators
The Password Validators and Password Generators can now be created as Subentries and can attach to a Subentry Password Policy. The Password Policies, Password Validators, or Password Generators that are created as Subentries (that is, as part of the data) are replicated. For details about the Password Policies, see Managing Password Policies.Keystore and Truststore Enhancements
This release onwards the pin to keystores and truststores will not be stored in PIN files. Instead it will be stored in encrypted form in the corresponding configuration entry within Oracle Unified Directory. For details about keystores, see Configuring Key Manager Providers. For details about truststores, see Configuring Trust Manager Providers.
The dsconfig
utility is enhanced to include a new argument
--showKeystorePassword
to retrieve the password for the
keystore or trustore. When you run the dsconfig
utility by passing
the --showKeystorePassword
argument, the password is decrypted and
is displayed in clear text on the terminal. You can no longer obtain the password
directly from the PIN file. For details about the
--showKeystorePassword
argument, see dsconfig.
Support for FIPS 140-2 and TLS v1.3
This release is compliant with the latest FIPS and TLS standards and versions. For details about FIPS and TLS, see Enabling FIPS Mode on OUD Server and Supported System Default TLS Protocols by Oracle Unified Directory.
1.2 Understanding Bundle Patches
This section describes bundle patches and explains differences between bundle patches, interim patches (also known as patch set exceptions), and patch sets.
1.2.1 Stack Patch Bundle
Stack patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Quarterly Stack Patch Bundles (Doc ID 2657920.1) at https://support.oracle.com.
1.2.2 Bundle Patch
A bundle patch is an official Oracle patch for Oracle Unified Directory. In a bundle patch release string, the fifth digit indicated the bundle patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the form "YYMMDD" where:
-
YY is the last 2 digits of the year
-
MM is the numeric month (2 digits)
-
DD is the numeric day of the month (2 digits)
Each bundle patch includes libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in a bundle patch are tested and certified to work with one another. Each bundle patch is cumulative. That is, the latest bundle patch includes all fixes in earlier bundle patches for the same release.
1.2.3 Interim Patch
In contrast to a bundle patch, an interim patch addressed only one issue for a single component. Although each interim patch was an official Oracle patch, it was not a complete product distribution and did not include packages for every component. An interim patch included only the libraries and files that had been rebuilt to implement a specific fix for a specific component.
You may also know an interim patch as: security one-off, exception release, x-fix, PSE, MLR, or hotfix.
1.2.4 Patch Set
A patch set is a mechanism for delivering fully tested and integrated product fixes. A patch set can include new functionality. Each patch set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. All of the fixes in a patch set are tested and certified to work with one another on the specified platforms.
1.3 Bundle Patch Recommendation
Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that Customers apply these certified patches. For more information on these patches, see the note Certification of Underlying or Shared Component Patches for Identity Management Products (Doc ID 2627261.1) at https://support.oracle.com.
1.4 Bundle Patch Requirements
Before you run OPatch, find the OPatch utility in the Oracle home
(ORACLE_HOME
) and verify that you have the latest version.
Complete the following steps before you apply the bundle patch:
-
Verify that the OPatch version is 13.9.4.2.4 or higher.
-
Access and log into My Oracle Support at the following location:
-
In the Search Knowledge Base field, enter 1587524.1. This is the ID of the document that describes Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.
-
In the search results, click the link corresponding to document ID 1587524.1.
-
In the document, click the Patch 28186730 link which will take you to the screen where you can obtain the OPatch 13.9.4.2.4.
-
-
Verify the OUI Inventory:
OPatch needs access to a valid OUI inventory to apply patches. Validate the OUI inventory with the following commands:
Unix
$ opatch lsinventory
Windows
opatch.bat lsinventory
If the command throws errors than contact Oracle Support and work to validate and verify the inventory setup before proceeding.
-
Confirm the executables appear in your system
PATH.
Unix
$ which opatch
Windows$ which unzip
where opatch.bat
where unzip
If the command errors out, contact Oracle Support and work to validate and verify the inventory setup before proceeding. If either of these executables do not show in the
PATH
, correct the problem before proceeding. -
Create a location for storing the unzipped patch. This location will be referred to later in the document as
PATCH_TOP
.
1.5 Before Applying the Bundle Patch
Before you apply the bundle patch for Oracle Unified Directory 12c (12.2.1.4.0), you must set the environment variable and stop all the Directory Server instances and domains.
Note:
You must read about the OUDSM auto redeployment instructions in Documentation Updates before applying this bundle patch.Note:
Before applying the bundle patch, you must take a tar backup of the configuration file of an OUD instance.You must complete the following prerequisites for applying the bundle patch:
-
Set
ORACLE_HOME
environment variable to Oracle Middleware Home Location (under which OUD is installed).For example:
Unix
$ <bash> export ORACLE_HOME="Oracle Middleware Home Location"
Windows
<prompt> set ORACLE_HOME="Oracle Middleware Home Location"
-
Verify that
ORACLE_HOME
is set correctly by running the following command.Unixls $ORACLE_HOME/OPatch/opatch
Windows
dir %ORACLE_HOME%\OPatch\opatch.bat
-
Stop all the Directory Server instances and domains where Oracle Unified Directory Services Manager (OUDSM) is installed, depending upon the domain configuration.
Stop Standalone Oracle Unified Directory Server
If you installed Oracle Unified Directory in a Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) mode, stop all the Directory Server instances using the
stop-ds
command.UnixORACLE_HOME/INSTANCE_NAME/OUD/bin/stop-ds
Windows
ORACLE_HOME\INSTANCE_NAME\OUD\bat\stop-ds.bat
Stop Collocated Oracle Unified Directory Server
If you installed Oracle Unified Directory in a Collocated Oracle Unified Directory Server (Managed through WebLogic server) mode, complete the following steps:
- Stop the OUD instance by running the following command from command line interface.
Unix
DOMAIN_HOME/bin/stopComponent.sh INSTANCE_NAME
Windows
DOMAIN_HOME\bin\stopComponent.bat INSTANCE_NAME
- Stop the node manager.
Unix
DOMAIN_HOME/bin/stopNodeManager.sh
Windows
DOMAIN_HOME\bin\stopNodeManager.cmd
- Stop the Oracle WebLogic Administration Server.
Unix
DOMAIN_HOME/bin/stopWebLogic.sh
Windows
DOMAIN_HOME\bin\stopWebLogic.cmd
Stop the Oracle Directory Integration Platform and OUDSM Configured in a Single Domain
If you added OUDSM and Oracle Directory Integration Platform in a single domain, you must stop the Admin Server and Managed Server.
-
Stop the Oracle Directory Integration Platform Managed Server:
UnixDOMAIN_HOME/bin/stopManagedWebLogic.sh
Windows
DOMAIN_HOME\bin\stopManagedWebLogic.cmd
-
Stop the Oracle WebLogic Administration Server:
UnixDOMAIN_HOME/bin/stopWebLogic.sh
Windows
DOMAIN_HOME\bin\stopWebLogic.cmd
- Stop the OUD instance by running the following command from command line interface.
Note:
See Understanding the Oracle Unified Directory Installation Directories to know about OUD installation directories.1.6 Using the Oracle Patch Mechanism (Opatch)
Use OPatch to perform the necessary steps for applying a patch to an Oracle home.
Note:
You must have the latest version of Opatch (version 13.9.4.2.4 ) from My Oracle Support. Opatch requires access to a valid Oracle Universal Installer (OUI) Inventory to apply patches. The patching process uses both unzip and Opatch executables. After
sourcing the ORACLE_HOME
environment, Oracle recommends that you
confirm that both of these exist before patching. Opatch is accessible at:
$ORACLE_HOME/OPatch/opatch
When Opatch starts, it validates the patch to ensure there are no conflicts with the software already installed in your $ORACLE_HOME:
- If you find conflicts with a patch already applied to the
$ORACLE_HOME
, stop the patch installation and contact Oracle Support Services. - If you find conflicts with a subset patch already applied to the
$ORACLE_HOME
, continue Bundle Patch application. The subset patch is automatically rolled back before installation of the new patch begins. The latest Bundle Patch contains all fixes from the previous Bundle Patch in$ORACLE_HOME
.
This Bundle Patch is not -auto
flag enabled. Without
the -auto
flag, no servers need to be running. The Machine Name
& Listen Address can be blank on a default install.
See Also:
Patching with OPatchIdentifying the Version of OPatch Included with Oracle Unified Directory 12c
In general, there is a version of OPatch available for each version of the Oracle Universal Installer software.
- Change directory to the following
directory:
cd ORACLE_HOME/OPatch/
- Run the following
command:
./opatch version
For example:
./opatch version OPatch Version: 13.9.4.2.4 OPatch succeeded.
1.7 Applying the Bundle Patch
Unzip the patch zip file and run OPatch to apply the patch.
ORACLE_HOME
.
-
Conflicts with a patch already applied to the
ORACLE_HOME
.In this case, stop the patch installation, and contact Oracle Support Services.
-
Conflicts with subset patch already applied to the
ORACLE_HOME
.In this case, continue the install, as the new patch contains all the fixes from the existing patch in the
ORACLE_HOME
.
1.8 After Applying the Bundle Patch
You need to perform certain tasks after applying the bundle patch.
1.9 Creating the File based Access Control Log Publisher
This step is optional. You can create a File Based Access Control Log publisher for diagnosing ACI evaluation. This publisher should be disabled as soon as diagnostic is over as it impacts server performance.
Note:
Once this publisher is created, the de-installation of this patch will not be possible as the server would no longer be able to start.To create the File Based Access Control Log publisher, a server administrator must invoke the following dsconfig
command against a server instance that is already up and running:
dsconfig create-log-publisher \ --publisher-name "ACI logger" \ --type file-based-access-control \ --set enabled:true \ --set log-file:logs/acilog \ --hostname serverHostName --port 4444 \ --trustAll --bindDN cn=Directory\ Manager \ --bindPasswordFile passwordFile \ --no-prompt
The following entry is created in the config.ldif:
server
configuration file:
dn: cn=ACI logger,cn=Loggers,cn=config objectClass: ds-cfg-log-publisher objectClass: ds-cfg-access-control-log-publisher objectClass: ds-cfg-file-based-access-control-log-publisher objectClass: top ds-cfg-enabled: true ds-cfg-java-class: org.opends.server.loggers.accesscontrol.TextAccessControlLogPublisher ds-cfg-asynchronous: true cn: ACI logger ds-cfg-log-file-permissions: 640 ds-cfg-log-file: logs/acilog
1.10 Removing the Bundle Patch
If you experience any problems after installing the bundle patch, you can remove the bundle patch.
Execute the following commands to remove the bundle patch:
1.10.1 Post Action After Rollback
After roll-backup, restore configuration and schema from the backup before you start an OUD instance. Normally after rolling back, OUD would be on base version (12.2.1.4). So, you need to apply the previous OUD Bundle Patch again.
1.11.1 Resolved Issues in OUD Bundle Patch (12.2.1.4.210406)
The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.210406:
Table 1-1 Issues Resolved in 12c Release (12.2.1.4.210406)
Bug Number | Description |
---|---|
32562107 | ODSEE-OUD 12.2.1.4 CERTIFICATES GET CORRUPTED THROUGH THE REPLICATION GATEWAY |
25471403 | FIX FOR 25471403 |
31851470 | OUD 12C: ISMEMBER SEARCH RECEIVES STACKOVERFLOWERROR |
29651080 | REPLICATION SUMMARY SHOWS INCORRECT DATA WITH OEM13C AND OUD 12.2.1.3.0 |
31745920 | OUD UNION PROXY SEARCHES RECEIVE A RESULT=4 WHEN PAGE-SIZE=0 FOR WFE |
30513440 | SUPPORT PASSWORD VALIDATORS AND GENERATORS IN SUBENTRY PASSWORD POLICY |
29530047 | PASSWORD VISIBLE IN ACCESS LOG FOR DB WORKFLOWS |
32547317 | FORWARD MERGE OF BUG 29376960 TO MAIN VIEW |
32208265 | CRYPTO MANAGER ORDERS CIPHERS ALPHABETICALLY (DIFFERENT THEN OTHER SSL HANDLERS) |
32065140 | REPLICATION IGNORES SCHEMA VIOLATION |
31546491 | CPU SPIKES AND UTILIZATION RESULTING IN TIMETHREAD ERROR |
31878749 | STACKING TRANSFORMATIONS MODIFIY OPERATION FAILS |
31931564 | OUD 12C - LOG-CONNECTION-DETAILS CONFIG INCORRECTLY SHOWING IN FILE BASED AUDIT LOGGER MENU |
32019006 | SUPPORTING PWDMINLENGTH IN PASSWORD POLICY AT SUBENTRY LEVEL |
30666508 | NPE WHEN EXECUTING LDAPSEARCH ON OUD PROXY WITH PAGESIZE SET IN LDAPSERVEREXTENSION |
31666925 | THE OUD-SETUP SCRIPT DOES NOT RECOGNIZE A EXABYTE FS |
1.11.2 Resolved Issues in OUD Bundle Patch (12.2.1.4.200827)
The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200827:
Table 1-2 Issues Resolved in 12c Release (12.2.1.4.200827)
Bug Number | Description |
---|---|
28401694 | ADD OPTION FOR ADDITIONAL BINDDN, CLIENTIP, AND PROTOCOL TO LOGGERS |
29868285 | OUDSM CRASHES WHEN ACCESSING CORE CONFIG, WITH LATEST BP 28569189 |
30386441 | (JE 7.0.7) INTERRUPTEDEXCEPTION MAY CAUSE INCORRECT INTERNAL STATE |
30403293 | CANNOT UPGRADE 11G BECAUSE OF THE "DS-CFG-FETCH-AUTHENTICATED-USER" PROPERTY |
30767720 | EXCLUDE SEARCH FILTER IN WORKFLOW CONFIG RETURNS RESULT: 50 OR 80 |
30832284 | OUD 12C VIRTUAL ATTRIBUTE SUB CONTAINER PASSWORD POLICY INCONSISTENTLY APPLIED |
30871004 | OUD 12.2.1.4 RETURN-BIND-ERROR-MESSAGES=TRUE NOT WORKING |
30963266 | OUD 12C PASSWORD INVALID WHEN USING BRACE SPECIAL CHARACTER |
31013245 | ER OUD - S_CONN VALUES IN PROXY ACCESS LOGS SHOULD SHOW HOSTNAME OF DS SERVER |
31239817 | UNION WF DOES NOT SHOW OUTPUT IN DATA BROWSER TAB OF OUDSM |
31246776 | OUD12CPS4: COMPLEX QUERIES USING NONEXISTING GROUP MEMBERSHIP RETURN ALL USERS |
31336975 | UNABLE TO ADD OR MODIFY OBJECT CLASSES AND ATTRIBUTES TO OUD 12C PS4 |
31377876 | REBUILD-INDEX DISABLES BACKEND WHEN USING MIXED DEFINED/NOTDEFINED ATTRIBUTES |
31490532 | OUD 12CPS4 JULY2020 BP - UPGRADE OF 12CPS3JULY'20 BP OUD DS INSTANCE TO 12CPS4JULY'20 BP IS FAILING |
1.11.3 Resolved Issues in OUD Bundle Patch (12.2.1.4.200526)
The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200526:
Table 1-3 Issues Resolved in 12c Release (12.2.1.4.200526)
Bug Number | Description |
---|---|
29971908 | OUD 12C - DSREPLICATION STATUS IGNORES -I ADMINUID WHEN SPECIFIED VIA CLI |
30668734 | UNABLE TO USE UNDERSCORES IN DNS |
30012998 | SETTING DEPRECATED PASSWORD STORAGE SCHEME AND ADMIN PWD RESET CLEARS PWDRESET |
28467589 | START-DS IN DMZ SLOW |
30854158 | CODE CORRECTION FOR BUG 29676093 |
29757041 | OUD 12C: DIGEST-MD5 SASL AUTH FAILS WITH LDAP 80 IF SEARCHING JOIN VIEW CONTEXT |
30651541 | OUD 12C - CUSTOM PASSWORD POLICY AND VALIDATOR IGNORED ON ACCOUNT CREATION |
30440259 | OUD INVALID PWDGRACEUSETIME ATTRIBUTE CREATED BY EUS. |
30521914 | AFTER INITIALIZATION THE RGW STATUS SHOWS AS "BAD DATA SET" |
30534318 | OUD 11G: HIGH CPU AND CAUSING LOSS OF SERVICE |
29026772 | ISSUE WITH FORCE-CHANGE-ON-ADD AFTER APPLYING BUNDLE PATCH 11.1.2.3.181016 |
1.11.4 Resolved Issues in OUD Bundle Patch 12.2.1.4.200204
The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200204:
Table 1-4 Issues Resolved in OUD Bundle Patch 12.2.1.4.200204:
Bug Number | Description |
---|---|
30645038 | OUD 12.2.1.3 JAN'20 BP - COUPLE OF NEWLY ADDED CORE-ENTRYCACHE TESTS FAILING IN FARM EXECUTION |
30265103 | OUD11G - BEFORE BP DS-RLIM-IDLE-TIME-LIMIT ATT. WAS IN SECS AFTER BP IS MS |
30367492 | UNINSTALL FAILS DUE TO RESOLVING HOST TO 0.0.0.0 |
29885985 | OUD ALLOWS ADDING USER INTO GROUP EVEN IF USER DOESN'T EXIST WHEN RI IS ENABLED |
29661762 | CUSTOM PASSWORD POLICIES REQUIRE A INDIVIDUAL "PASSWORDSTORAGESCHEME" |
30074000 | Fix for Bug 30074000 |
29682036 | FORKJOIN WFE WITH LEFT-OUTER-JOIN DOES NOT WORK |
28135591 | UNABLE TO SPECIFY A DENIED-CLIENT HOSTNAME THAT BEGINS WITH A NUMERIC VALUE |
29945677 | ISMEMBEROF SUBSTRING SEARCH FILTER RETURNS NO ENTRIES |
30094884 | REGRESSION FOR BUG 29724794 |
29418242 | (JE 7.0.7) ENVIRONMENT MUST BE CLOSED, CAUSED BY: COM.SLEEPYCAT.JE.THREADINTERRU |
1.12 Known Issues and Workarounds
For known issues and workarounds, log in to My Oracle Support, and then search for 2602696.1, which is the ID of the document, Oracle Fusion Middleware 12.2.1.4.0 Known Issues.
For Known Issues specific to Oracle Unified Directory Bundle Patches, search for Doc ID 2636943.1 in My Oracle Support.
For information about OPatch issues, log in to My Oracle Support and use the OPatch version provided with the product.
1.13 Related Documents
For more information, see the following resources:
-
Oracle Fusion Middleware Documentation
This contains documentation for all Oracle Fusion Middleware 12c products.
-
This site contains additional documentation that is not included as part of the documentation libraries.
1.14 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc
.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info
or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs
if you are hearing impaired.
Oracle Fusion Middleware Oracle Unified Directory Bundle Patch Readme, 12c ( 12.2.1.4.210406 )
F41558-02
April 2021
Copyright © 2021, Oracle and/or its affiliates.