This chapter describes issues associated with Oracle Directory Integration Platform. It includes the following topics:
This section describes general issues and workarounds. It includes the following topics:
Running the testProfile Command with LDIF Files Option Fails in Advance Mode
Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded Source Directory
Be aware that enabling the domain-wide administration port on any WebLogic server running Directory Integration Platform will prevent you from using the DIP command line interface using a standard administrator account. Entering DIP commands will result in an error similar to the following:
User: "weblogic", failed to be authenticated
Administrators can still use the Enterprise Manager (EM) GUI to configure and manage Oracle Directory Integration Platform.
When running DIP Tester from a command-line, the manageSyncProfiles testProfile command will fail if the -ldiffile option is specified and the LDIF file contains non-ASCII characters.
Note that LDIF files with UTF-8 encoding are not impacted by this limitation. If an LDIF file containing multibyte characters cannot be saved with UTF-8 encoding, then use the following workaround:
From a command-line, add the entry using the ldapadd command and include the -E option to specify the locale. See the Oracle Fusion Middleware User Reference for Oracle Identity Management for the required command syntax.
Get the specific changeNumber for the last add operation.
Execute the testProfile command using the changeNumber from the previous step.
For more information, see the section "10.1.5.2 Running DIP Tester From the WLST Command-Line Interface" in the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform.
When running DIP Tester from a command-line in advance mode, the manageSyncProfiles testProfile command will fail if the -ldiffile option is specified and may synchronize the wrong operation. To resolve this issue, run the manageSyncProfile updatechgnum command.
For more information, see the section "10.1.5.2 Running DIP Tester From the WLST Command-Line Interface" in the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform.
If the source directory is heavily-loaded, a race condition may occur where database commits cannot keep pace with updates to the lastchangenumber. If this race condition occurs, Oracle Directory Integration Platform may not be able to synchronize some of the changes.
Note:
This issue only occurs if you are using Oracle Internet Directory as the back-end directory.To work around this issue, perform the following steps to enable database commits to keep pace with the lastchangenumber:
Increase the value of the synchronization profile's Scheduling Interval.
Control the number of times the search is performed on the source directory during a synchronization cycle by setting the searchDeltaSize parameter in the profile. Oracle suggests starting with a value of 10, then adjusting the value as needed.
When you run the manageSyncProfiles utility to synchronize with a database, the manageSyncProfiles register prompts for the connected directory password. Ensure that you specify the connected database password and not the directory password.
After upgrading from Oracle Directory Integration Platform 11.1.1.7.0 environment, when you run the dipConfigurator update command successfully, it may throw schema error messages. You can ignore these messages.
Note:
This issue only occurs if you are using Oracle Unified Directory or Oracle Directory Server Enterprise Edition as the back-end directory.This section describes configuration issues and their workarounds. It includes the following topics:
When configuring Oracle Directory Integration Platform against an existing Oracle Internet Directory—using either the installer's Install and Configure installation option or the Oracle Identity Management 11g Release 1 (11.1.1) Configuration Wizard—you must specify the hostname for Oracle Internet Directory using only its fully qualified domain name (such as myhost.example.com). Do not use localhost as the Oracle Internet Directory hostname even if Oracle Directory Integration Platform and Oracle Internet Directory are collocated on the same host.
If you use localhost as the Oracle Internet Directory hostname, you will not be able to start the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform.
After running dipConfigurator against an Oracle Unified Directory (OUD) endpoint, if you are unable to open the Directory Integration Platform (DIP) UI in Enterprise Manger, stop and start DIP to fix the UI problem.
If you are using Internet Explorer to view the Directory Integration Platform (DIP) UI, you may need to scroll past a large blank space to see the profile mapping rules section. This issue is not known to affect other browsers.
If two IDM domains on the same host share the same Oracle home and are both configured to use wls_ods1 managed servers, then the DIP home page will not display the resource usage charts if both instances are running at the same time.
This section describes provisioning issues. It includes the following topics:
Modification may not Propagate Using Interface Protocol (Inbound) Version 3.0
Provisioning from Oracle Internet Directory (Back-End Directory) to an Application May Fail
When an inbound provisioning profile with interface protocol version 3.0 is configured with Oracle Internet Directory (Back-End Directory), then modification fails to propagate. For more information, see http://support.oracle.com/.
If you delete a provisioning profile for Oracle Internet Directory, and recreate it with same name, then the provisioning from Oracle Internet Directory to an application may fail. To resolve this issue, create a provisioning profile and specify a new name. For more information on creating a provisioning profile, see "Managing Provisioning Profiles Using manageProvProfiles" in the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform.
There are no known documentation issues at this time.