This document describes Bundle Patch 12.2.1.4.211008 for Oracle Unified Directory.

This readme document requires base installation of Oracle Unified Directory 12c (12.2.1.4.0). It includes the following sections:

Note:

For issues documented after the release of OUD Bundle Patch 12.2.1.4.211008, log into My Oracle Support. In the Search Knowledge Base field, enter 2602696.1. This is the ID of the document that describes the Oracle Fusion Middleware 12.2.1.4.0 Known Issues.

1.1 New Features and Enhancements in OUD Bundle Patch 12.2.1.4.211008

Oracle Unified Directory 12.2.1.4.211008 BP includes the following new features and enhancements:

Improving OUD Performance

To improve the OUD performance, some changes are made in the default OUD configuration parameters. Some log publishers are now disabled by default to increase OUD performance by reducing disk I/O. This will affect only new instances. The disabled log publishers can be enabled again using the dsconfig command after you set up the instances. To enable a log publisher, refer Enabling a Log Publisher.

Listen Address for Replication Server

In this release, a new configurable attribute is introduced to configure replication listen address. Currently only replication listen port is available for configuration. The default listen address is 0.0.0.0. Now the replication listen address is configurable to support multiple replication server with the same replication port in a single cluster node with multiple logical IPs. For more information, refer Enabling Replication Between Two Servers with dsreplication.

Maintain Same Timezone

In this release, a new configurable attribute namely, last-login-time-zone is introduced to maintain same timezone across all the OUD instances for attribute value last-login-time. For more information, refer Default Password Policy Properties.

Multi-Value Attribute

In RDBMS workflow element, when certain table structures contained multiple rows for the same entity (including joins in some cases), it returned duplicate records in the LDAP search results. This has now been fixed and all attribute values are merged together and returned as part of the LDAP entry. For more information, refer Accessing Remote Data Sources.

User-defined Password Storage Scheme

The user-defined password storage scheme in Oracle Unified Directory provides the ability to implement and deploy custom password hashing scheme into the server. This framework provides an ability to implement schemes which are not available out of the box in Oracle Unified Directory. For more information, refer Managing Password Policies.

AES-GCM based Attribute Encryption

Oracle Unified Directory now supports stronger AES GCM based attribute encryption algorithms. AES-256-GCM is the default attribute encryption algorithm starting this release. For re-encryption of existing data, OUD now supports data reencryption using scheduled task. For more information, refer Understanding Data Encryption in Oracle Unified Directory.

Customizing Self Signed Certificate Generation Options

Oracle Unified Directory now uses RSA key algorithm with 3072 bits key and SHA256 with RSA signing algorithm for any new self-signed certificates it generates. During OUD setup, you can now customize the key algorithm, key bit size and signature algorithm for the self-signed certificate. For more information, refer Configuring Security Between Clients and Servers

Support for Custom Password Storage Scheme

Oracle Unified Directory now supports User-defined password storage scheme. User-defined password storage scheme provides the ability to implement and deploy custom password hashing schemes into the server. For more information, refer Managing Password Policies. For more information, refer Managing Password Policies.

1.2 Understanding Bundle Patches

This section describes bundle patches and explains differences between bundle patches, interim patches (also known as patch set exceptions), and patch sets.

1.2.1 Stack Patch Bundle

Stack patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Quarterly Stack Patch Bundles (Doc ID 2657920.1) at https://support.oracle.com.

1.2.2 Bundle Patch

A bundle patch is an official Oracle patch for Oracle Unified Directory. In a bundle patch release string, the fifth digit indicated the bundle patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the form "YYMMDD" where:

  • YY is the last 2 digits of the year

  • MM is the numeric month (2 digits)

  • DD is the numeric day of the month (2 digits)

Each bundle patch includes libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in a bundle patch are tested and certified to work with one another. Each bundle patch is cumulative. That is, the latest bundle patch includes all fixes in earlier bundle patches for the same release.

1.2.3 Interim Patch

In contrast to a bundle patch, an interim patch addressed only one issue for a single component. Although each interim patch was an official Oracle patch, it was not a complete product distribution and did not include packages for every component. An interim patch included only the libraries and files that had been rebuilt to implement a specific fix for a specific component.

You may also know an interim patch as: security one-off, exception release, x-fix, PSE, MLR, or hotfix.

1.2.4 Patch Set

A patch set is a mechanism for delivering fully tested and integrated product fixes. A patch set can include new functionality. Each patch set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. All of the fixes in a patch set are tested and certified to work with one another on the specified platforms.

1.3 Bundle Patch Recommendation

Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that Customers apply these certified patches. For more information on these patches, see the note Certification of Underlying or Shared Component Patches for Identity Management Products (Doc ID 2627261.1) at https://support.oracle.com.

1.4 Bundle Patch Requirements

Before you run OPatch, find the OPatch utility in the Oracle home (ORACLE_HOME) and verify that you have the latest version.

Complete the following steps before you apply the bundle patch:

  • Verify that the OPatch version is 13.9.4.2.7 or higher.

    1. Access and log into My Oracle Support at the following location:

      https://support.oracle.com/

    2. In the Search Knowledge Base field, enter 1587524.1. This is the ID of the document that describes Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

    3. In the search results, click the link corresponding to document ID 1587524.1.

    4. In the document, click the Patch 28186730 link which will take you to the screen where you can obtain the OPatch 13.9.4.2.7.

  • Verify the OUI Inventory:

    OPatch needs access to a valid OUI inventory to apply patches. Validate the OUI inventory with the following commands:

    Unix

    $ opatch lsinventory

    Windows

    opatch.bat lsinventory

    If the command throws errors than contact Oracle Support and work to validate and verify the inventory setup before proceeding.

  • Confirm the executables appear in your system PATH.

    Unix

    $ which opatch

    $ which unzip

    Windows

    where opatch.bat

    where unzip

    If the command errors out, contact Oracle Support and work to validate and verify the inventory setup before proceeding. If either of these executables do not show in the PATH, correct the problem before proceeding.

  • Create a location for storing the unzipped patch. This location will be referred to later in the document as PATCH_TOP.

1.5 Before Applying the Bundle Patch

Before you apply the bundle patch for Oracle Unified Directory 12c (12.2.1.4.0), you must set the environment variable and stop all the Directory Server instances and domains.

Note:

You must read about the OUDSM auto redeployment instructions in Documentation Updates before applying this bundle patch.

Note:

Before applying the bundle patch, you must take a tar backup of the configuration file of an OUD instance.

You must complete the following prerequisites for applying the bundle patch:

  1. Set ORACLE_HOME environment variable to Oracle Middleware Home Location (under which OUD is installed).

    For example:

    Unix

    $ <bash> export ORACLE_HOME="Oracle Middleware Home Location"

    Windows

    <prompt> set ORACLE_HOME="Oracle Middleware Home Location"

  2. Verify that ORACLE_HOME is set correctly by running the following command.

    Unix
    ls $ORACLE_HOME/OPatch/opatch

    Windows

    dir %ORACLE_HOME%\OPatch\opatch.bat

  3. Stop all the Directory Server instances and domains where Oracle Unified Directory Services Manager (OUDSM) is installed, depending upon the domain configuration.

    1. Stop Standalone Oracle Unified Directory Server

      If you installed Oracle Unified Directory in a Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) mode, stop all the Directory Server instances using the stop-ds command.

      Unix
      ORACLE_HOME/INSTANCE_NAME/OUD/bin/stop-ds

      Windows

      ORACLE_HOME\INSTANCE_NAME\OUD\bat\stop-ds.bat

    2. Stop Collocated Oracle Unified Directory Server

      If you installed Oracle Unified Directory in a Collocated Oracle Unified Directory Server (Managed through WebLogic server) mode, complete the following steps:

      1. Stop the OUD instance by running the following command from command line interface.

        Unix

        DOMAIN_HOME/bin/stopComponent.sh INSTANCE_NAME

        Windows

        DOMAIN_HOME\bin\stopComponent.bat INSTANCE_NAME
      2. Stop the node manager.

        Unix

        DOMAIN_HOME/bin/stopNodeManager.sh

        Windows

        DOMAIN_HOME\bin\stopNodeManager.cmd
      3. Stop the Oracle WebLogic Administration Server.

        Unix

        DOMAIN_HOME/bin/stopWebLogic.sh

        Windows

        DOMAIN_HOME\bin\stopWebLogic.cmd

    3. Stop the Oracle Directory Integration Platform and OUDSM Configured in a Single Domain

      Note:

      This is optional only for configurations with DIP/OUDSM in a Single Domain.

      If you added OUDSM and Oracle Directory Integration Platform in a single domain, you must stop the Admin Server and Managed Server.

      1. Stop the Oracle Directory Integration Platform Managed Server:

        Unix
        DOMAIN_HOME/bin/stopManagedWebLogic.sh

        Windows

        DOMAIN_HOME\bin\stopManagedWebLogic.cmd

      2. Stop the Oracle WebLogic Administration Server:

        Unix
        DOMAIN_HOME/bin/stopWebLogic.sh

        Windows

        DOMAIN_HOME\bin\stopWebLogic.cmd

Note:

See Understanding the Oracle Unified Directory Installation Directories to know about OUD installation directories.

1.6 Using the Oracle Patch Mechanism (Opatch)

Use OPatch to perform the necessary steps for applying a patch to an Oracle home.

Note:

You must have the latest version of Opatch (version 13.9.4.2.7 ) from My Oracle Support. Opatch requires access to a valid Oracle Universal Installer (OUI) Inventory to apply patches.

The patching process uses both unzip and Opatch executables. After sourcing the ORACLE_HOME environment, Oracle recommends that you confirm that both of these exist before patching. Opatch is accessible at: 

$ORACLE_HOME/OPatch/opatch

When Opatch starts, it validates the patch to ensure there are no conflicts with the software already installed in your $ORACLE_HOME:

  • If you find conflicts with a patch already applied to the $ORACLE_HOME, stop the patch installation and contact Oracle Support Services.
  • If you find conflicts with a subset patch already applied to the $ORACLE_HOME, continue Bundle Patch application. The subset patch is automatically rolled back before installation of the new patch begins. The latest Bundle Patch contains all fixes from the previous Bundle Patch in $ORACLE_HOME.

This Bundle Patch is not -auto flag enabled. Without the -auto flag, no servers need to be running. The Machine Name & Listen Address can be blank on a default install.

See Also:

Patching with OPatch

Identifying the Version of OPatch Included with Oracle Unified Directory 12c

In general, there is a version of OPatch available for each version of the Oracle Universal Installer software.

To identify the version of OPatch:
  1. Change directory to the following directory:
    cd ORACLE_HOME/OPatch/
  2. Run the following command:
    ./opatch version

    For example:

    ./opatch version
OPatch Version: 13.9.4.2.7

OPatch succeeded.

1.7 Applying the Bundle Patch

Unzip the patch zip file and run OPatch to apply the patch.

To apply the bundle patch, complete the following steps:
  1. Unzip the patch zip file into the PATCH_TOP , where PATCH_TOP is a directory path that temporarily contains the patch for installation.

    Unix

    $ unzip -d PATCH_TOP p33448950_122140_Generic.zip

    Windows

    unzip -d PATCH_TOP p33448950_122140_Generic.zip

    Note:

    On Windows, the unzip command has a limitation of 256 characters in the path name. If you encounter this, use an alternate ZIP utility such as 7-Zip to unzip the patch. For example, run the following command to unzip using 7-Zip:
    "c:\Program Files\7-Zip\7z.exe" x p33448950_122140_Generic.zip
  2. Set your current directory to the directory where the patch is located. For example:

    Unix

    $ cd PATCH_TOP/33448950

    Windows

    cd PATCH_TOP\33448950
  3. Run OPatch to apply the patch.

    Unix

    $ [ORACLE_HOME]/OPatch/opatch apply

    Windows

    [ORACLE_HOME]\OPatch\opatch.bat apply
When OPatch starts, it validates the patch and makes sure that there are no conflicts with the software already installed in the ORACLE_HOME.

  • Conflicts with a patch already applied to the ORACLE_HOME.

    In this case, stop the patch installation, and contact Oracle Support Services.

  • Conflicts with subset patch already applied to the ORACLE_HOME.

    In this case, continue the install, as the new patch contains all the fixes from the existing patch in the ORACLE_HOME.

1.8 After Applying the Bundle Patch

You need to perform certain tasks after applying the bundle patch.

Perform the following steps after applying the bundle patch:
  1. Verify if the Oracle Unified Directory installation has been patched by running the start-ds command.

    For example:

    Unix

    $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds -F

    Windows

    [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat -F

    Note:

    OUD patch version can be determined from the output, based on the values for Build ID, Platform Version and Label Identifier fields.
  2. Upgrade Oracle Unified Directory server instances that are associated with the ORACLE_HOME directory.

    Note:

    From October 21 BP (12.2.1.4.211008), this Step 2 of --upgrade is not required.

    For example:

    Unix

    $ [ORACLE_HOME]/<OUD-Instance-Path>/OUD/bin/start-ds --upgrade

    Windows

    [ORACLE_HOME]/<OUD-Instance-Path>\OUD\bat\start-ds.bat --upgrade

    The preceding step is executed to upgrade OUD instance according to the patched version of OUD in ORACLE_HOME. If start-ds is executed to start OUD instance without executing start-ds --upgrade, following message will be displayed: Instance needs to be upgraded. Please run the start-ds command with the option "--upgrade"

  3. Start all the Directory Server instances depending upon the domain configuration.

    Start Standalone Oracle Unified Directory Server

    If you installed Oracle Unified Directory in a Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) mode, start all the Directory Server instances using the start-ds command. For example:

    Unix

    $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds

    Windows

    [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat

    Start Collocated Oracle Unified Directory Server

    If you installed Oracle Unified Directory in a Collocated Oracle Unified Directory Server (Managed through WebLogic server) mode, complete the following steps:

    1. Start the Oracle WebLogic Administration Server.

      Unix

      DOMAIN_NAME/bin/startWebLogic.sh

      Windows

      DOMAIN_HOME\bin\startWebLogic.cmd
    2. Start the node manager.

      Unix

      $DOMAIN_NAME/bin/startNodeManager.sh

      Windows

      DOMAIN_HOME\bin\startNodeManager.cmd
    3. Start the OUD instance by running the following command from command line interface.

      Unix

      startComponent.sh INSTANCE_NAME

      For example:

      $DOMAIN_HOME/bin/startComponent.sh oud1

      where oud1 is the instance name/server name created using WLST

      Windows

      startComponent.bat INSTANCE_NAME

      For example:

      DOMAIN_HOME\bin\startComponent.bat oud1

      where oud1 is the instance name/server name created using WLST

  4. If you created and configured a Weblogic domain for OUDSM then you must restart the Administration Server. Allow the application server instance to redeploy the new oudsm.ear file in the patch.
  5. If you added OUDSM and Oracle Directory Integration Platform in a single domain, you must start the Admin Server and Managed Server.

    1. Start the Oracle WebLogic Administration Server.

      Unix
      DOMAIN_HOME/bin/startWebLogic.sh

      Windows

      DOMAIN_HOME\bin\startWebLogic.cmd

    2. Start the Oracle Directory Integration Platform Managed Server:

      Unix
      DOMAIN_HOME/bin/startManagedWebLogic.sh <wls_ods1> <ADMIN_SERVER_URL>

      Windows

      DOMAIN_HOME\bin\startManagedWebLogic.cmd <wls_ods1> <ADMIN_SERVER_URL>

      Where managed_server_name specifies the name of the Managed Server (The default value is wls_ods1.) and admin_url specifies the listen address (host name, IP address, or DNS name) and port number of the domain's Administration Server.

  6. You may need to update Config.ldif file to remove PIN file.
    1. The attributes ds-cfg-key-store-pin-file, ds-cfg-trust-store-pin-file, and ds-cfg-key-pin-file are not removed for an upgraded instance for backward compatibility. You will see a warning during upgrade process stating that those attributes are still populated. Use dsconfig to remove the value of the attributes after upgrade has been done successfully.
    2. If a truststore configuration entry does not have its pin attribute populated then you will see a warning during upgrade and server startup. Use dsconfig to update the pin attribute with the password of the truststore to prevent those warnings.
    3. While creating a new instance with SSL port disabled, the default configuration entry for any disabled keystore or truststore would still have attribute ds-cfg-key-store-pin-file populated. This can be ignored. Whenever you enable that keystore or trusstore then you will have to reset the pin-file attribute. You need to provide the pin of the keystore or truststore by using the pin attribute only.
    4. Any error messages seen for disabled keystore/truststore during upgrade or server startup can be ignored.

1.9 Creating the File based Access Control Log Publisher

This step is optional. You can create a File Based Access Control Log publisher for diagnosing ACI evaluation. This publisher should be disabled as soon as diagnostic is over as it impacts server performance.

Note:

Once this publisher is created, the de-installation of this patch will not be possible as the server would no longer be able to start.

To create the File Based Access Control Log publisher, a server administrator must invoke the following dsconfig command against a server instance that is already up and running: 

dsconfig create-log-publisher \
         --publisher-name "ACI logger" \
         --type file-based-access-control \
         --set enabled:true \
         --set log-file:logs/acilog \
         --hostname serverHostName --port 4444 \
         --trustAll --bindDN cn=Directory\ Manager \
         --bindPasswordFile passwordFile \
         --no-prompt

The following entry is created in the config.ldif: server configuration file: 

dn: cn=ACI logger,cn=Loggers,cn=config
         objectClass: ds-cfg-log-publisher
         objectClass: ds-cfg-access-control-log-publisher
         objectClass: ds-cfg-file-based-access-control-log-publisher
         objectClass: top
         ds-cfg-enabled: true
         ds-cfg-java-class: org.opends.server.loggers.accesscontrol.TextAccessControlLogPublisher
         ds-cfg-asynchronous: true
         cn: ACI logger
         ds-cfg-log-file-permissions: 640
         ds-cfg-log-file: logs/acilog

1.10 Removing the Bundle Patch

If you experience any problems after installing the bundle patch, you can remove the bundle patch.

Note:

Before you remove the bundle patch, ensure that you shutdown Oracle Unified Directory, WebLogic Administration Server, and NodeManager. For more information, refer Before Applying the Bundle Patch.

Execute the following commands to remove the bundle patch:

  1. Set the ORACLE_HOME environment variable for Oracle Middleware Home Location (Where Oracle Unified Directory is installed).

    Unix

    $ <bash> export ORACLE_HOME="Oracle Home Location"

    Windows

    <prompt> set ORACLE_HOME="Oracle Home Location"
  2. Verify the OUI inventory by running the following command:

    Unix

    $ [ORACLE_HOME]/OPatch/opatch lsinventory

    Windows

    [ORACLE_HOME]\OPatch\opatch.bat lsinventory
  3. Run OPatch to deinstall the patch:

    Unix

    $ [ORACLE_HOME]/OPatch/opatch rollback -id 33448950
    Windows
    [ORACLE_HOME]\OPatch\opatch.bat rollback -id 33448950
  4. In the case of a Directory Server instance created after the application of this patch, once the patch is removed, the instance buildinfo still looks like:
    $ cat [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo 12.2.1.4.211008.2104060218
  5. The instance buildinfo must be manually changed back:
    $ cp [ORACLE_HOME]/oud/config/buildinfo [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo
    For example, 
    $ cat [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo 12.2.1.4.211008.2104060218
  6. After removing the bundle patch, start the OUD instance by running the following command:
    Unix
    $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds
    Windows
    [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat

1.10.1 Post Action After Rollback

After roll-backup, restore configuration and schema from the backup before you start an OUD instance.

1.11 Resolved Issues

This section lists the issues resolved in 12c (12.2.1.4.0) Release.

1.11.1 Resolved Issues in OUD Bundle Patch (12.2.1.4.211008)

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.211008:

Table 1-1 Issues Resolved in 12c Release (12.2.1.4.211008)

Bug Number Description
33340220 OUD 12CPS4 OCT'21 BP - DSREPLICATION ENABLE FAILING WITH NEW LISTENADDRESS1 PARAMETER
32643974 OUD 12C ACI NOT EVALUATED PROPERLY W/SASL EXTERNAL AND OBJECTCLASS=GROUPOFURLS
33055228 REPLICATION NULLPOINTEREXCEPTION CAUSED BY CONFLICTS-HISTORICAL-PURGE-DELAY AND REPLICATION-PURGE-DELAY
25719578 LEVERAGE STRING CONSTANT POOL FOR ACI PERFORMANCE
27870572 OUD11G -SUPPORT MULTI VALUE ATTRIBUTE LIKE GROUP MEMBERSHIP IN CASE OF RDBMS
32814167 DSCONFIG COMMANDS SHOULD NOT HAVE --RESET KEY-STORE-PIN-FILE
32958797 ANALYSIS OF PERFORMANCE ISSUE FOR BUG 32532350
32959469 SUPPORT FOR GCM, AES OPTIONS ETC. FOR ATTRIBUTE ENCRYPTION
32959482 SUPPORT CUSTOM PASSWORD STORAGE SCHEMES
32288501 OUD PROXY- LOAD BALANCING ALGORITHM NOT DETECTING DISABLED BACKENDS
32488611 "LOG-CONNECTION-DETAILS" ENABLED THROWS "NULLPOINTEREXCEPTION"
32440224 LAST-LOGIN-TIME FOR REPLICATED SERVERS LOCATED IN DIFFERENT TIMEZONES
32477736 REPLICATION INITIALIZE FAILS ON BASE DN CONTAINING SLASH CHAR
32690984 CERTIFICATES GET CORRUPTED THROUGH THE REPLICATION GATEWAY:ODSEE-OUD 12.2.1.4
32441706 OUD12.2.1.4.0:PASSWORD POLICY ALLOWING TO RE-USE OLD PASSWORDS STORED IN PWDHIST
32968947 OUD KERBEROS PTA /TMP FILE JAASXXXXXXXXXXXXXXXXXXX.CONF
31852977 OUD SHOULD USE SHA256 ALGORITHM IN ALL CASES WHERE AUTO CERTIFICATES ARE GENERATED
32130922 OUD 12C FORKJOIN LDAPSEARCH FAILS WITH COMPLEX FILTER
32038977 OUD REPLICATION STOPPED WHILE BATCH DELETING WITH MANAGEDSAIT CONTROL
31661241 NEED TO DEFINE LISTEN-ADDRESS FOR REPLICATION SERVER

1.11.2 Resolved Issues in OUD Bundle Patch (12.2.1.4.210406)

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.210406:

Table 1-2 Issues Resolved in 12c Release (12.2.1.4.210406)

Bug Number Description
32562107 ODSEE-OUD 12.2.1.4 CERTIFICATES GET CORRUPTED THROUGH THE REPLICATION GATEWAY
25471403 FIX FOR 25471403
31851470 OUD 12C: ISMEMBER SEARCH RECEIVES STACKOVERFLOWERROR
29651080 REPLICATION SUMMARY SHOWS INCORRECT DATA WITH OEM13C AND OUD 12.2.1.3.0
31745920 OUD UNION PROXY SEARCHES RECEIVE A RESULT=4 WHEN PAGE-SIZE=0 FOR WFE
30513440 SUPPORT PASSWORD VALIDATORS AND GENERATORS IN SUBENTRY PASSWORD POLICY
29530047 PASSWORD VISIBLE IN ACCESS LOG FOR DB WORKFLOWS
32547317 FORWARD MERGE OF BUG 29376960 TO MAIN VIEW
32208265 CRYPTO MANAGER ORDERS CIPHERS ALPHABETICALLY (DIFFERENT THEN OTHER SSL HANDLERS)
32065140 REPLICATION IGNORES SCHEMA VIOLATION
31546491 CPU SPIKES AND UTILIZATION RESULTING IN TIMETHREAD ERROR
31878749 STACKING TRANSFORMATIONS MODIFIY OPERATION FAILS
31931564 OUD 12C - LOG-CONNECTION-DETAILS CONFIG INCORRECTLY SHOWING IN FILE BASED AUDIT LOGGER MENU
32019006 SUPPORTING PWDMINLENGTH IN PASSWORD POLICY AT SUBENTRY LEVEL
30666508 NPE WHEN EXECUTING LDAPSEARCH ON OUD PROXY WITH PAGESIZE SET IN LDAPSERVEREXTENSION
31666925 THE OUD-SETUP SCRIPT DOES NOT RECOGNIZE A EXABYTE FS

1.11.3 Resolved Issues in OUD Bundle Patch (12.2.1.4.200827)

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200827:

Table 1-3 Issues Resolved in 12c Release (12.2.1.4.200827)

Bug Number Description
28401694 ADD OPTION FOR ADDITIONAL BINDDN, CLIENTIP, AND PROTOCOL TO LOGGERS
29868285 OUDSM CRASHES WHEN ACCESSING CORE CONFIG, WITH LATEST BP 28569189
30386441 (JE 7.0.7) INTERRUPTEDEXCEPTION MAY CAUSE INCORRECT INTERNAL STATE
30403293 CANNOT UPGRADE 11G BECAUSE OF THE "DS-CFG-FETCH-AUTHENTICATED-USER" PROPERTY
30767720 EXCLUDE SEARCH FILTER IN WORKFLOW CONFIG RETURNS RESULT: 50 OR 80
30832284 OUD 12C VIRTUAL ATTRIBUTE SUB CONTAINER PASSWORD POLICY INCONSISTENTLY APPLIED
30871004 OUD 12.2.1.4 RETURN-BIND-ERROR-MESSAGES=TRUE NOT WORKING
30963266 OUD 12C PASSWORD INVALID WHEN USING BRACE SPECIAL CHARACTER
31013245 ER OUD - S_CONN VALUES IN PROXY ACCESS LOGS SHOULD SHOW HOSTNAME OF DS SERVER
31239817 UNION WF DOES NOT SHOW OUTPUT IN DATA BROWSER TAB OF OUDSM
31246776 OUD12CPS4: COMPLEX QUERIES USING NONEXISTING GROUP MEMBERSHIP RETURN ALL USERS
31336975 UNABLE TO ADD OR MODIFY OBJECT CLASSES AND ATTRIBUTES TO OUD 12C PS4
31377876 REBUILD-INDEX DISABLES BACKEND WHEN USING MIXED DEFINED/NOTDEFINED ATTRIBUTES
31490532 OUD 12CPS4 JULY2020 BP - UPGRADE OF 12CPS3JULY'20 BP OUD DS INSTANCE TO 12CPS4JULY'20 BP IS FAILING

1.11.4 Resolved Issues in OUD Bundle Patch (12.2.1.4.200526)

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200526:

Table 1-4 Issues Resolved in 12c Release (12.2.1.4.200526)

Bug Number Description
29971908 OUD 12C - DSREPLICATION STATUS IGNORES -I ADMINUID WHEN SPECIFIED VIA CLI
30668734 UNABLE TO USE UNDERSCORES IN DNS
30012998 SETTING DEPRECATED PASSWORD STORAGE SCHEME AND ADMIN PWD RESET CLEARS PWDRESET
28467589 START-DS IN DMZ SLOW
30854158 CODE CORRECTION FOR BUG 29676093
29757041 OUD 12C: DIGEST-MD5 SASL AUTH FAILS WITH LDAP 80 IF SEARCHING JOIN VIEW CONTEXT
30651541 OUD 12C - CUSTOM PASSWORD POLICY AND VALIDATOR IGNORED ON ACCOUNT CREATION
30440259 OUD INVALID PWDGRACEUSETIME ATTRIBUTE CREATED BY EUS.
30521914 AFTER INITIALIZATION THE RGW STATUS SHOWS AS "BAD DATA SET"
30534318 OUD 11G: HIGH CPU AND CAUSING LOSS OF SERVICE
29026772 ISSUE WITH FORCE-CHANGE-ON-ADD AFTER APPLYING BUNDLE PATCH 11.1.2.3.181016

1.11.5 Resolved Issues in OUD Bundle Patch 12.2.1.4.200204

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200204:

Table 1-5 Issues Resolved in OUD Bundle Patch 12.2.1.4.200204:

Bug Number Description
30645038 OUD 12.2.1.3 JAN'20 BP - COUPLE OF NEWLY ADDED CORE-ENTRYCACHE TESTS FAILING IN FARM EXECUTION
30265103 OUD11G - BEFORE BP DS-RLIM-IDLE-TIME-LIMIT ATT. WAS IN SECS AFTER BP IS MS
30367492 UNINSTALL FAILS DUE TO RESOLVING HOST TO 0.0.0.0
29885985 OUD ALLOWS ADDING USER INTO GROUP EVEN IF USER DOESN'T EXIST WHEN RI IS ENABLED
29661762 CUSTOM PASSWORD POLICIES REQUIRE A INDIVIDUAL "PASSWORDSTORAGESCHEME"
30074000 Fix for Bug 30074000
29682036 FORKJOIN WFE WITH LEFT-OUTER-JOIN DOES NOT WORK
28135591 UNABLE TO SPECIFY A DENIED-CLIENT HOSTNAME THAT BEGINS WITH A NUMERIC VALUE
29945677 ISMEMBEROF SUBSTRING SEARCH FILTER RETURNS NO ENTRIES
30094884 REGRESSION FOR BUG 29724794
29418242 (JE 7.0.7) ENVIRONMENT MUST BE CLOSED, CAUSED BY: COM.SLEEPYCAT.JE.THREADINTERRU

1.12 Known Issues and Workarounds

For known issues and workarounds, log in to My Oracle Support, and then search for 2602696.1, which is the ID of the document, Oracle Fusion Middleware 12.2.1.4.0 Known Issues.

For Known Issues specific to Oracle Unified Directory Bundle Patches, search for Doc ID 2636943.1 in My Oracle Support.

For information about OPatch issues, log in to My Oracle Support and use the OPatch version provided with the product.

1.13 Documentation Updates

This section describes documentation updates for this release.

Note:

Refer Admin REST APIs for Oracle Unified Directory.

OUDSM Auto Redeployment Instructions

The oudsm.ear file is shipped along with the OUD bundle patch. 
(bppatchnumber/files/oracle.idm.oud.odsm/12.2.1.4.0/oracle.idm.oud.odsm.symbol/odsm/oudsm.ear)
A new oudsm.ear file is included with OUD Bundle Patch 12.2.1.4.211008 would be patched at the following location: 
$ORACLE_HOME/oud/odsm/oudsm.ear

When you restart the Server for the first time after applying the patch, it will automatically redeploy the new oudsm.ear file. Therefore, you might experience a slower restart of the Server. You must look at the logs related to oudsm.ear file deployment.

If for any reason the oudsm.ear file deployment fails during the first restart of the Server, then you manually need to redeploy the file.

1.14 Related Documents

For more information, see the following resources:

1.15 Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.