This document describes Bundle Patch 14.1.2.1.250604 for Oracle Unified Directory.

This readme document requires base installation of Oracle Unified Directory 14c (14.1.2.1.0). It includes the following sections:

1.1 Understanding Bundle Patches

This section describes Bundle Patches and explains differences between Stack Patch Bundles, Bundle Patches, Interim Patches (also known as patch set exceptions), and Patch Sets.

1.1.1 Stack Patch Bundle

Stack Patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Quarterly Stack Patch Bundles (Doc ID 2657920.1) at https://support.oracle.com.

1.1.2 Bundle Patch

A Bundle Patch is an official Oracle patch for Oracle Unified Directory. In a Bundle Patch release string, the fifth digit indicated the Bundle Patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the "YYMMDD" format where:

  • YY is the last 2 digits of the year

  • MM is the numeric month (2 digits)

  • DD is the numeric day of the month (2 digits)

Each Bundle Patch includes libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in a Bundle Patch are tested and certified to work with one another. Each Bundle Patch is cumulative. That is, the latest Bundle Patch includes all fixes in earlier Bundle Patches for the same release.

1.1.3 Interim Patch

In contrast to a Bundle Patch, an Interim Patch addressed only one issue for a single component. Although each Interim Patch was an official Oracle patch, it was not a complete product distribution and did not include packages for every component. An Interim Patch included only the libraries and files that had been rebuilt to implement a specific fix for a specific component.

You may also know an Interim Patch as: security one-off, exception release, x-fix, PSE, MLR, or hotfix.

1.1.4 Patch Set

A Patch Set is a mechanism for delivering fully tested and integrated product fixes. A Patch Set can include new functionality. Each Patch Set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a Patch Set might not be a complete software distribution and might not include packages for every component on every platform. All of the fixes in a Patch Set are tested and certified to work with one another on the specified platforms.

1.2 Recommendations

Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that Customers apply these certified patches. For more information on these patches, see the note Certification of Underlying or Shared Component Patches for Identity Management Products (Doc ID 2627261.1) at https://support.oracle.com.

1.3 Bundle Patch Requirements

Before you run OPatch, find the OPatch utility in the Oracle Home (ORACLE_HOME) and verify that you have the latest version.

Complete the following steps before you apply the Bundle Patch:

  • Verify that the OPatch version is 13.9.4.2.17 or higher.

    1. Access and log into My Oracle Support at the following location:

      https://support.oracle.com/

    2. In the Search Knowledge Base field, enter 1587524.1. This is the ID of the document that describes Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

    3. In the search results, click the link corresponding to document ID 1587524.1.

    4. In the document, click the Patch 28186730 link which will take you to the screen where you can obtain the OPatch 13.9.4.2.17 or higher version.

    5. After obtaining the OPatch, follow the instructions in the OPatch zip README file to upgrade it to the appropriate version.

  • Verify the OUI Inventory:

    OPatch needs access to a valid OUI inventory to apply patches. Validate the OUI inventory with the following commands:

    Unix

    $ opatch lsinventory

    Windows

    opatch.bat lsinventory

    If the command throws errors, then contact Oracle Support and work to validate and verify the inventory setup before proceeding.

  • Confirm the executables appear in your system PATH.

    Unix

    $ which opatch

    $ which unzip

    Windows

    where opatch.bat

    where unzip

    If the command throws errors, then contact Oracle Support and work to validate and verify the inventory setup before proceeding. If either of these executables do not show in the PATH, correct the problem before proceeding.

  • Create a location for storing the unzipped patch. This location will be referred later in the document as PATCH_TOP.

1.4 Before Applying the Bundle Patch

Before you apply the Bundle Patch for Oracle Unified Directory 14c (14.1.2.1.0), you must set the environment variable and stop all the Directory Server instances and domains.

Note:

You must read about the OUDSM auto redeployment instructions in Documentation Updates before applying this Bundle Patch.

Note:

Before applying the Bundle Patch, you must take a tar backup of the configuration directory of an OUD instance. For example: asinst_1/OUD/config. If regular backups are not in place, then a complete cold backup/tar of entire OUD instance is recommended. Example: <Path to asinst_1>.

You must complete the following prerequisites for applying the Bundle Patch:

  1. Set the ORACLE_HOME environment variable for Oracle Middleware Home Location (where Oracle Unified Directory is installed).

    For example:

    Unix

    $ <bash> export ORACLE_HOME="Oracle Middleware Home Location"

    Windows

    <prompt> set ORACLE_HOME="Oracle Middleware Home Location"

  2. Verify that the ORACLE_HOME is set correctly by running the following command.

    Unix
    ls $ORACLE_HOME/OPatch/opatch

    Windows

    dir %ORACLE_HOME%\OPatch\opatch.bat

  3. Stop all the Directory Server instances and domains where Oracle Unified Directory Services Manager (OUDSM) is installed, depending upon the domain configuration.

    1. Stop the Standalone Oracle Unified Directory Server

      If you installed Oracle Unified Directory in a Standalone Oracle Unified Directory Server (Managed independently of WebLogic Server) mode, stop all the Directory Server instances using the stop-ds command.

      Unix
      ORACLE_HOME/INSTANCE_NAME/OUD/bin/stop-ds

      Windows

      ORACLE_HOME\INSTANCE_NAME\OUD\bat\stop-ds.bat

    2. Stop the Collocated Oracle Unified Directory Server

      If you installed Oracle Unified Directory in a Collocated Oracle Unified Directory Server (Managed through WebLogic Server) mode, complete the following steps:

      1. Stop the OUD instance by running the following command from command line interface.

        Unix

        DOMAIN_HOME/bin/stopComponent.sh INSTANCE_NAME

        Windows

        DOMAIN_HOME\bin\stopComponent.bat INSTANCE_NAME
      2. Stop the Node Manager.

        Unix

        DOMAIN_HOME/bin/stopNodeManager.sh

        Windows

        DOMAIN_HOME\bin\stopNodeManager.cmd
      3. Stop the Oracle WebLogic Administration Server.

        Unix

        DOMAIN_HOME/bin/stopWebLogic.sh

        Windows

        DOMAIN_HOME\bin\stopWebLogic.cmd

    3. Stop the OUDSM Configured in a Single Domain

      If you created and configured a WebLogic domain for OUDSM, then you must stop the Administration Server.

      Stop the Oracle WebLogic Administration Server:

      Unix
      DOMAIN_HOME/bin/stopWebLogic.sh

      Windows

      DOMAIN_HOME\bin\stopWebLogic.cmd

    4. Stop the Oracle Directory Integration Platform and OUDSM Configured in a Single Domain

      Note:

      This is optional only for configurations with DIP/OUDSM in a Single Domain.

      If you added OUDSM and Oracle Directory Integration Platform in a single domain, you must stop the Admin Server and Managed Server.

      1. Stop the Oracle Directory Integration Platform Managed Server:

        Unix
        DOMAIN_HOME/bin/stopManagedWebLogic.sh <managed_server_name> <ADMIN_SERVER_URL>

        Windows

        DOMAIN_HOME\bin\stopManagedWebLogic.cmd <managed_server_name> <ADMIN_SERVER_URL>

        Where managed_server_name specifies the name of the Managed Server (the default value is wls_ods1) and ADMIN_SERVER_URL specifies the listen address (host name, IP address, or DNS name) and port number of the domain's Administration Server.

      2. Stop the Oracle WebLogic Administration Server:

        Unix
        DOMAIN_HOME/bin/stopWebLogic.sh

        Windows

        DOMAIN_HOME\bin\stopWebLogic.cmd

Note:

See Understanding the Oracle Unified Directory Installation Directories to know about OUD installation directories.

1.5 Using the Oracle Patch Mechanism (OPatch)

Use OPatch to perform the necessary steps for applying a patch to an Oracle Home.

Note:

You must have the latest version of OPatch (version 13.9.4.2.17 or higher) from My Oracle Support. OPatch requires access to a valid Oracle Universal Installer (OUI) Inventory to apply patches.

The patching process uses both unzip and OPatch executables. After sourcing the ORACLE_HOME environment, Oracle recommends that you confirm that both of these exist before patching. OPatch is accessible at: 

$ORACLE_HOME/OPatch/opatch

When OPatch starts, it validates the patch to ensure there are no conflicts with the software already installed in your $ORACLE_HOME:

  • If you find conflicts with a patch already applied to the $ORACLE_HOME, stop the patch installation and contact Oracle Support Services.
  • If you find conflicts with a subset patch already applied to the $ORACLE_HOME, continue Bundle Patch application. The subset patch is automatically rolled back before installation of the new patch begins. The latest Bundle Patch contains all fixes from the previous Bundle Patch in $ORACLE_HOME.

This Bundle Patch is not -auto flag enabled. Without the -auto flag, no servers need to be running. The Machine Name & Listen Address can be blank on a default install.

See Also:

Patching with OPatch

Identifying the Version of OPatch Included with Oracle Unified Directory 14.1.2.1.0

In general, there is a version of OPatch available for each version of the Oracle Universal Installer software.

To identify the version of OPatch:
  1. Change directory to the following directory:
    cd ORACLE_HOME/OPatch/
  2. Run the following command:
    ./opatch version

    For example:

    ./opatch version
OPatch Version: 13.9.4.2.17

OPatch succeeded.

1.6 Applying the Bundle Patch

Unzip the patch zip file and run OPatch to apply the patch.

To apply the Bundle Patch, complete the following steps:
  1. Unzip the patch zip file into the PATCH_TOP, where PATCH_TOP is a directory path that temporarily contains the patch for installation.

    Unix

    $ unzip -d PATCH_TOP p38032733_141210_Generic.zip

    Windows

    unzip -d PATCH_TOP p38032733_141210_Generic.zip

    Note:

    On Windows, the unzip command has a limitation of 256 characters in the path name. If you encounter this, use an alternate ZIP utility such as 7-Zip to unzip the patch. For example, run the following command to unzip using 7-Zip:
    "c:\Program Files\7-Zip\7z.exe" x p38032733_141210_Generic.zip
  2. Set your current directory to the directory where the patch is located. For example:

    Unix

    $ cd PATCH_TOP/38032733

    Windows

    cd PATCH_TOP\38032733
  3. Run OPatch to apply the patch.

    Unix

    $ [ORACLE_HOME]/OPatch/opatch apply

    Windows

    [ORACLE_HOME]\OPatch\opatch.bat apply
When OPatch starts, it validates the patch and makes sure that there are no conflicts with the software already installed in the ORACLE_HOME.

  • Conflicts with a patch already applied to the ORACLE_HOME.

    In this case, stop the patch installation, and contact Oracle Support Services.

  • Conflicts with subset patch already applied to the ORACLE_HOME.

    In this case, continue the install, as the new patch contains all the fixes from the existing patch in the ORACLE_HOME.

1.7 After Applying the Bundle Patch

You need to perform certain tasks after applying the Bundle Patch.

Perform the following steps after applying the Bundle Patch:
  1. Verify if the Oracle Unified Directory installation has been patched by running the start-ds command.

    For example:

    Unix

    $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds -F

    Windows

    [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat -F

    Note:

    OUD patch version can be determined from the output, based on the values for Build ID, Platform Version and Label Identifier fields.
  2. Start all the Directory Server instances depending upon the domain configuration.

    Start the Standalone Oracle Unified Directory Server

    If you installed Oracle Unified Directory in a Standalone Oracle Unified Directory Server (Managed independently of WebLogic Server) mode, start all the Directory Server instances using the start-ds command. For example:

    Unix

    $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds

    Windows

    [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat

    Start the Collocated Oracle Unified Directory Server

    If you installed Oracle Unified Directory in a Collocated Oracle Unified Directory Server (Managed through WebLogic Server) mode, complete the following steps:

    1. Start the Oracle WebLogic Administration Server.

      Unix

      DOMAIN_NAME/bin/startWebLogic.sh

      Windows

      DOMAIN_HOME\bin\startWebLogic.cmd
    2. Start the Node Manager.

      Unix

      $DOMAIN_NAME/bin/startNodeManager.sh

      Windows

      DOMAIN_HOME\bin\startNodeManager.cmd
    3. Start the OUD instance by running the following command from command line interface.

      Unix

      startComponent.sh INSTANCE_NAME

      For example:

      $DOMAIN_HOME/bin/startComponent.sh oud1

      where oud1 is the instance name/server name created using WLST

      Windows

      startComponent.bat INSTANCE_NAME

      For example:

      DOMAIN_HOME\bin\startComponent.bat oud1

      where oud1 is the instance name/server name created using WLST

  3. If you created and configured a WebLogic domain for OUDSM, then you must restart the Administration Server. Allow the application server instance to redeploy the new oudsm.ear file in the patch.
  4. If you added OUDSM and Oracle Directory Integration Platform in a single domain, you must start the Admin Server and Managed Server.

    1. Start the Oracle WebLogic Administration Server.

      Unix
      DOMAIN_HOME/bin/startWebLogic.sh

      Windows

      DOMAIN_HOME\bin\startWebLogic.cmd

    2. Start the Oracle Directory Integration Platform Managed Server:

      Unix
      DOMAIN_HOME/bin/startManagedWebLogic.sh <managed_server_name> <ADMIN_SERVER_URL>

      Windows

      DOMAIN_HOME\bin\startManagedWebLogic.cmd <managed_server_name> <ADMIN_SERVER_URL>

      Where managed_server_name specifies the name of the Managed Server (the default value is wls_ods1) and ADMIN_SERVER_URL specifies the listen address (host name, IP address, or DNS name) and port number of the domain's Administration Server.

1.8 Creating the File Based Access Control Log Publisher

You can create a File Based Access Control Log publisher for diagnosing ACI evaluation.

Note:

The steps mentioned in this section are optional.

The File Based Access Control Log publisher should be disabled as soon as diagnostic is over as it impacts server performance.

Note:

Once this publisher is created, the de-installation of this patch will not be possible as the server would no longer be able to start.

To create the File Based Access Control Log publisher, a server administrator must invoke the following dsconfig command against a server instance that is already up and running: 

dsconfig create-log-publisher \
         --publisher-name "ACI logger" \
         --type file-based-access-control \
         --set enabled:true \
         --set log-file:logs/acilog \
         --hostname serverHostName --port 4444 \
         --trustAll --bindDN cn=Directory\ Manager \
         --bindPasswordFile passwordFile \
         --no-prompt

The following entry is created in the config.ldif: server configuration file: 

dn: cn=ACI logger,cn=Loggers,cn=config
         objectClass: ds-cfg-log-publisher
         objectClass: ds-cfg-access-control-log-publisher
         objectClass: ds-cfg-file-based-access-control-log-publisher
         objectClass: top
         ds-cfg-enabled: true
         ds-cfg-java-class: org.opends.server.loggers.accesscontrol.TextAccessControlLogPublisher
         ds-cfg-asynchronous: true
         cn: ACI logger
         ds-cfg-log-file-permissions: 640
         ds-cfg-log-file: logs/acilog

1.9 Removing the Bundle Patch

If you experience any problems after installing the Bundle Patch, you can remove the Bundle Patch.

Note:

Before you remove the Bundle Patch, ensure that you shutdown Oracle Unified Directory, WebLogic Administration Server, and Node Manager. For more information, refer Before Applying the Bundle Patch.

Execute the following commands to remove the Bundle Patch:

  1. Set the ORACLE_HOME environment variable for Oracle Middleware Home Location (where Oracle Unified Directory is installed).

    Unix

    $ <bash> export ORACLE_HOME="Oracle Middleware Home Location"

    Windows

    <prompt> set ORACLE_HOME="Oracle Middleware Home Location"
  2. Verify the OUI inventory by running the following command:

    Unix

    $ [ORACLE_HOME]/OPatch/opatch lsinventory

    Windows

    [ORACLE_HOME]\OPatch\opatch.bat lsinventory
  3. Run OPatch to deinstall the patch:

    Unix

    $ [ORACLE_HOME]/OPatch/opatch rollback -id 38032733
    Windows
    [ORACLE_HOME]\OPatch\opatch.bat rollback -id 38032733
  4. In the case of a Directory Server instance created after the application of this patch or once after the patch is removed/rollback, the instance buildinfo still looks like:
    $ cat [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo 14.1.2.1.250604
  5. The instance buildinfo must be manually changed back:
    $ cp [ORACLE_HOME]/oud/config/buildinfo [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo
    For example, 
    $ cat [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo 14.1.2.1.250604
  6. After removing the Bundle Patch, start the OUD instance by running the following command:
    Unix
    $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds
    Windows
    [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat

1.9.1 Post Action After Rollback

After roll-back, restore respectively either the configuration and schema from the backup (by restoring the configuration directory of the OUD instance) or the OUD instance complete tar backup (if available), before you start an OUD instance.

1.10 Resolved Issues

This section lists the issues resolved in 14c (14.1.2.1.0) Release.

1.10.1 Resolved Issues in OUD Bundle Patch (14.1.2.1.250604)

The following table lists the issues resolved in OUD Bundle Patch 14.1.2.1.250604:

Table 1-1 Issues Resolved in 14c Release 14.1.2.1.250604

Bug Number Description
37808540 THE DATA DISPLAYED IN THE OUDSM PORTAL'S 'ABOUT' COPYRIGHT IS YEAR 2015
35574518 OUD12CPS4: NPE FOR MULTIPLE CHANGES ON SAME ATTRIBUTE (ON SAME DN) INTO SAME MOD
37499128 OUD REPLICATION SERVER SHUTS DOWN DUE TO INPUT STRING NUMBER FORMAT ERROR CONTINUATION
36831142 OUD12CPS4: FIX OF BUG 35967475 FROM PATCH 36550966 - NOT WORKING
36502031 PATCH 35263333 (OUD 12.2.1.4.230406) BROKE TRANSFORMATION AGAINST AD
30517036 ORACLE ACCESS LOGGER DOES NOT HONOR ETIME-RESOLUTION:NANOSECONDS
37229364 OUD 12C USERPASSWORD CHANGES WITH REST API FAILS WITH INVALID CREDENTIALS

1.11 Documentation Updates

This section describes documentation updates for this release.

Note:

Refer Admin REST APIs for Oracle Unified Directory.

OUDSM Auto Redeployment Instructions

The oudsm.ear file is shipped along with the OUD Bundle Patch. 
(bppatchnumber/files/oracle.idm.oud.odsm/14.1.2.1.0/oracle.idm.oud.odsm.symbol/odsm/oudsm.ear)
A new oudsm.ear file is included with OUD Bundle Patch 14.1.2.1.250604 would be patched at the following location: 
$ORACLE_HOME/oud/odsm/oudsm.ear

When you restart the Server for the first time after applying the patch, it will automatically redeploy the new oudsm.ear file. Therefore, you might experience a slower restart of the Server. You must look at the logs related to oudsm.ear file deployment.

If for any reason the oudsm.ear file deployment fails during the first restart of the Server, then you manually need to redeploy the file.

1.12 Related Documents

For more information, see the following resources:

1.13 Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.