This chapter describes issues associated with Oracle Virtual Directory. It includes the following topics:
This section describes general issues and workarounds. It includes the following topics:
Oracle Directory Services Manager Browser Window is Not Usable
Identifying the DN Associated with an Access Control Point in Oracle Directory Services Manager
Issues With Oracle Virtual Directory Metrics in Fusion Middleware Control
Using a Wildcard when Performing an LDAPSEARCH on a TimesTen Database Causes an Operational Error
ODSM Version 11.1.1.4.0 Does Not Support OVD Versions 11.1.1.2.0 or 11.1.1.3.0
ODSM Version 11.1.1.5.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0
Problem Running CRUD Operations on Windows Platforms Using JDK 6
Users with Non-ASCII Names Might Encounter Problems when Using ODSM with SSO
In some circumstances, after you launch Oracle Directory Services Manager from Fusion Middleware Control, then select a new Oracle Directory Services Manager task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.
As a work around, go to the URL: http://host:port/odsm, where host and port specify the location where Oracle Directory Services Manager is running, for example, http://myserver.example.com:7005/odsm. You can then use the Oracle Directory Services Manager window to log in to a server.
Under certain circumstances, when managing multiple Oracle Virtual Directory components from the same Oracle Directory Services Manager session, exception or error messages may appear if you stop one of the Oracle Virtual Directory components. For example, you are managing Oracle Virtual Directory components named ovd1 and ovd2 from the same Oracle Directory Services Manager session. Both ovd1 and ovd2 are configured and running. If you stop ovd1, an exception or Target Unreachable message may appear when you try to navigate Oracle Directory Services Manager.
To work around this issue, exit the current Oracle Directory Services Manager session, close the web browser, and then reconnect to Oracle Virtual Directory components in a new Oracle Directory Services Manager session.
When you create an Access Control Point (ACP) using Oracle Directory Services Manager, the Relative Distinguished Name (RDN) of the DN where you created the ACP appears in the navigation tree on the left side of the screen. For example, if you create an ACP at the DN of cn=ForExample,dc=us,dc=sales,dc=west, then cn=ForExample appears in the navigation tree. After clicking an ACP in the navigation tree, its settings appear in the right side of the screen and the RDN it is associated with appears at the top of the page.
To identify the DN associated with an ACP, move the cursor over ("mouse-over") the ACP entry in the navigation tree. The full DN associated with the ACP will be displayed in a tool-tip dialog box.
Mousing-over ACPs in the navigation tree is useful when you have multiple ACPs associated with DNs that have identical RDNs, such as:
ACP 1 = cn=ForExample,dc=us,dc=sales,dc=west
ACP 2 = cn=ForExample,dc=us,dc=sales,dc=east
This topic describes issues with Oracle Virtual Directory metrics in Fusion Middleware Control, including:
If you upgraded an Oracle Virtual Directory Release 10g installation with plug-ins configured to execute on specific operations, such as add, bind, get, and so on, to 11g Release 1 (11.1.1), you may have to update those operation-specific plug-ins before you can use Fusion Middleware Control to view performance metrics.
After upgrading to 11g Release 1 (11.1.1) and performing some initial operations to verify the upgrade was successful, check the Oracle Virtual Directory home page in Fusion Middleware Control. You should see data for the Current Load and Average Response Time and Operations metrics.
If you do not see any data for these metrics, you must update the plug-ins configured to execute on specific operations. The work-around is to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain.
Perform the following steps to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain:
If the operation-specific plug-in is a Global-level plug-in, edit the server.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.
If the operation-specific plug-in is an adapter-level plug-in, edit the adapters.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.
Locate the pluginChains element in the file. For example, if the Dump Transactions plug-in is configured to execute on the get operation, you will see something similar to the following:
Example 29-1 Dump Transactions Plug-In Configured for get Operation
<pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins"> <plugins> <plugin> <name>Dump Transactions</name> <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class> <initParams> <param name="loglevel" value="info"/> </initParams> </plugin> <plugin> <name>Performance Monitor</name> <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class> <initParams/> </plugin> </plugins> <default> <plugin name="Performance Monitor"/> </default> <get> <plugin name="Dump Transactions"> <namespace>ou=DB,dc=oracle,dc=com </namespace> </plugin> </get> </pluginChains>
Add the following Performance Monitor plug-in element within the operation-specific configuration chain:
<plugin name="Performance Monitor"/>
For example:
Example 29-2 Adding the Performance Monitor to the Operation-Specific Plug-In Configuration Chain
<pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
<plugins>
<plugin>
<name>Dump Transactions</name>
<class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
<initParams>
<param name="loglevel" value="info"/>
</initParams>
</plugin>
<plugin>
<name>Performance Monitor</name>
<class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
<initParams/>
</plugin>
</plugins>
<default>
<plugin name="Performance Monitor"/>
</default>
<get>
<plugin name="Dump Transactions">
<namespace>ou=DB,dc=oracle,dc=com </namespace>
</plugin>
<plugin name="Performance Monitor"/>
</get>
</pluginChains>
Save the file.
Restart Oracle Virtual Directory.
Currently, a TimesTen bug is preventing wildcard searches (such as "cn=t*") from working in a Database adapter with TimesTen.
To work around this problem, enable the Case Insensitive Search option and create the necessary linguistic indexes for any database columns used in the search.
For more information, see the related TimesTen Enhancement Request, Bug# 9885055 and Section 12.2.2 "Creating Database Adapters for Oracle TimesTen In-Memory Database" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
Oracle Directory Services Manager Version 11.1.1.4.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0 or 11.1.1.3.0.
Changes introduced in Oracle Directory Services Manager Version 11.1.1.4.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.4.0.
Oracle Directory Services Manager Version 11.1.1.5.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0.
Changes introduced in Oracle Directory Services Manager Version 11.1.1.5.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.5.0.
Running CRUD operations on Windows platforms using JDK 6 causes an issue in NIO (Non Input Output) mode because JDK 6 does not support IPv6 stack in Windows Vista/2008.
Note:
Support for IPv6 stack was added in JDK 7 Build b36.For more information, refer to JDK Bug IDs 6230761 (http://bugs.sun.com/view_bug.do?bug_id=6230761) and 4640544 (http://bugs.sun.com/view_bug.do?bug_id=4640544).
The Oracle Virtual Directory development team verified this use case with JDK 7 and confirmed that it works in Oracle Virtual Directory NIO mode.
Workaround:
Note:
You must apply this workaround in the Oracle Virtual Directory server.Turn off NIO mode by adding the <useNIO>false</useNIO> XML element in <OracleInstance>/config/OVD/ovd1/listeners.os_xml at the following location, then stop and restart the Oracle Virtual Directory server:
<ldap id="LDAP Endpoint" version="0">
<port>6501</port>
...
<socketOptions>
...
</socketOptions>
<useNIO>false</useNIO>
</ldap>
When ODSM is configured to use Oracle Access Manager 11g Release 1 (11.1.1.2) for single sign-on, a user whose name contains non-ASCII characters might observe the following issues after logging in:
The user name displayed on the Home page is garbled.
Single sign-on connections to Oracle Virtual Directory servers do not appear in the list of connections.
After upgrading Oracle Directory Services Manager, creating an attribute or an objectclass causes an NPE error.
Workaround:
Refresh the entries by clicking Refresh every time the creation fails.
An additional Patch 10365116 is required to enable the Account Lockout functionality.
In addition, Oracle Virtual Directory may not update the AD badpasswdcount until the account is fully locked out, which means AD badpasswdcount shows the correct number when it reaches the bad password count setting in AD.
This section describes a configuration issue and its workaround. It includes the following topic:
For certain operations, the out-of-box heap size of 512 MB is not sufficient for Oracle Virtual Directory (OVD) on AIX.
Increase the heap size to over 1 GB for production environments. Complete the following steps to increase the heap size for Oracle Virtual Directory (OVD):
In INSTANCE_HOME/config/OPMN/opmn.xml, find the following XML fragment:
<process-type id="OVD" module-id="OVD">
<environment>
<variable id="TNS_ADMIN" value="$ORACLE_INSTANCE/config"/>
</environment>
<module-data>
<category id="start-options">
<data id="java-bin" value="$ORACLE_HOME/jdk/bin/java"/>
<data id="java-options" value="-server -Xms512m -Xmx512m
-Dvde.soTimeoutBackend=0
-Doracle.security.jps.config=$ORACLE_INSTANCE/config/JPS/jps-config-jse.xml"/>
<data id="java-classpath"
value="$ORACLE_HOME/ovd/jlib/vde.jar$:$ORACLE_HOME/jdbc/lib/ojdbc6.jar"/>
</category>
</module-data>
<stop timeout="120"/>
</process-type>
Modify the default -Xmx512m to an appropriate value. For example: -Xmx2048m.
Shutdown Oracle Virtual Directory.
Execute opmnctl reload command to refresh OPMN configuration.
Start Oracle Virtual Directory.
This section describes documentation errata. It includes the following topics:
Section 11.4.3.1.1 in the Administrator's Guide for Oracle Virtual Directory, which describes "Editing the Oracle Virtual Directory Administrative Listener Settings" using Oracle Enterprise Manager Fusion Middleware Control, is incomplete.
The following, additional step must be performed after completing the six steps that are documented in section 11.4.3.1.1:
7. Use the opmnctl updatecomponentregistration command to update the registration of the Oracle Virtual Directory component that contains the Admin Listener you edited.
The syntax for opmnctl updatecomponentregistration is:
$ORACLE_INSTANCE/bin/opmnctl updatecomponentregistration [-adminHost hostname] [-adminPort weblogic_port] [-adminUsername weblogic_admin] [-adminPasswordFile 'FILE_WITH_WEBLOGIC_ADMIN_PASSWORD'] [-componentType OVD] -componentName componentName [-Host OVD_HOST_NAME]
Notes:
If you do not use the -Host option, the value in listeners.os_xml will be used.
Both the componentName and componentType parameters are required.
For example:
$ORACLE_INSTANCE/bin/opmnctl updatecomponentregistration -adminHost myhost \
-adminPort 7001 -adminUsername weblogic -componentType OVD -componentName ovd1
The following error has been noted in Appendix B, "Starting and Stopping the Oracle Stack" of the Administrator's Guide for Oracle Virtual Directory.
In Step 3 of "Starting the Stack,"
MW_HOME/user_projects/domains/DOMAIN_NAME/bin/startNodeManager.sh
should be
MW_HOME/wlserver_10.3/server/startNodeManager.sh
The code example currently provided in section 18.3.3.3, "Operation Plug-In Implementation Point" of the Administrator's Guide for Oracle Virtual Directory does not close the connection to the back-end LDAP server.
The example code uses chain.getVSI().get, which populates a Vector<EntrySet> with one EntrySet for each adapter. Each EntrySet in get() contains a live handle to the data source connection, which is used to retrieve entries.
To release this data source connection to the pool, you must provide a call to EntrySet.cancelEntrySet()or Oracle Virtual Directory could be blocked. Blocking occurs when the plug-in occupies all of the configured connections from the pool and no connections are available to execute new requests.
The example code should be updated to implement a call to entrySet.cancelEntrySet() as follows:
ChainVector results = new ChainVector();
try
{
chain.getVSI().get(...);
}
catch (...)
{
}
finally
{
for (EntrySet entrySet : results)
entrySet.cancelEntrySet();
}