As a general guideline, the following hardware is recommended:

For optimal performance, your system must have sufficient RAM memory for the JVM heap and database cache. The server also provides ready-to-use tuning. For more information about setting the JVM heap and database cache, see Configuring the JVM, Java, and Database Cache Options for Oracle Unified Directory in Oracle® Fusion Middleware Installing Oracle Unified Directory.

Your system should also have enough disk space to store the generated log files. The server log files can consume up to 1 GB of disk space with default server settings. In replicated environments, the change log database can grow up to 30-40 GB with loads of 1,000 mods/sec. For information about setting the log file size, see Configuring Log Rotation Policies in Oracle® Fusion Middleware Administering Oracle Unified Directory.

You can configure Oracle Unified Directory in such a way that it uses substantially less, or more, disk space depending on your applications and performance needs. Any setup considerations must determine the amount of memory for the server's database and log files.

On Solaris and Linux systems, the operating system should be configured to have at least twice as much virtual memory as JVM heap. To achieve this, you might need to increase the size of the operating system swap space.

Oracle Unified Directory is certified for the following languages:

• Chinese (Simplified)

• Chinese (Traditional)

• French

• German

• Italian

• Japanese

• Korean

• Spanish

• Portuguese (Brazilian)

This section lists the limitations of Oracle Unified Directory 14c (14.1.2.1.0). They are as follows:

• The Oracle Unified Directory directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.

• For Enterprise User Security, Oracle Unified Directory is validated to store and manage users and groups locally, and also for proxying to other external directory servers. The list of supported external directory servers is documented in the certification matrix. See Viewing the Certification Matrix in Oracle Fusion Middleware Installing Oracle Unified Directory.

• Oracle Unified Directory Server in proxy mode provides the best search performance when the search queries ask for the specific required attributes (rather than all the attributes) of an entry.

To view the certification matrix:

The recommendations that are to be followed are:

• The directory server provides better performance when the database files are cached entirely into memory.

• The default settings of the Oracle Unified Directory directory server are targeted initially at evaluators or developers who are running equipment with a limited amount of resources. For this reason, you should tune the Java virtual machine (JVM) and the directory server itself to improve scalability and performance, particularly for write operations. See Configuring the JVM, Java, and Database Cache Options for Oracle Unified Directory in Oracle Fusion Middleware Installing Oracle Unified Directory.

• If you want to import large LDIF files by using the import-ldif command, then it is recommended that you use the --skipDNvalidation option. However, if you are not certain that the LDIF file is valid, using this option is not advised.

• If you want to perform isMemberOf query for complex searches involving static groups, it is advisable to keep group membership and user entry under the same backend.

Issue

If you update the node manager properties like username and password, the system component details in the config.xml file are deleted. This causes the OUD system component to fail while trying to start/stop the component using stopComponent.sh/startComponent.sh.

Workaround

Ensure that you do not update the node manager details after creating the system components.

Issue

Bug Number: 20109035

When the ds-sync-hist flag of the ds-cfg-purging is set to false, the OUD upgrade fails to set the purging flag in the ds-sync-hist index.

Workaround

Set the ds-cfg-purging flag of the ds-sync-hist index to true. Then rebuild the ds-sync-hist index:

./dsconfig set-local-db-index-prop --element-name userRoot --index-name 
ds-sync-hist --set purging:true 
 
./rebuild-index -b "dc=example,dc=com" -i ds-sync-hist 

Issue

Bug Number: 19786556

Misleading additional information occurs when a static large group is modified.

Workaround

Increasing the member-lookthrough-limit property. See Managing Static Groups With More Than 100,000 Members in Oracle® Fusion Middleware Administering Oracle Unified Directory.

Issue

Bug Number: 19767906

Although there are two servers in the replication topology, results are returned from one server only. This error occurs during data transfer between the replication servers.

Workaround

There is currently no workaround for this issue.

Issue

Bug Number: 19260923

When you use the signal SIGSTOP to pause the server, it can disable the backend upon using SIGSCONT to resume server processing. This problem occurs because SIGSTOP is not supported by OUD.

Workaround

Set BDB JE latch timeout to a duration longer than the duration between SIGSTOP and SIGCONT. The following is an example: dsconfig set-workflow-element-prop --add je-property:je.env.latchTimeout="12 h"

Issue

Bug Number: 17874888

The data-sync privilege was not an operational privilege and consequently the OUD server does not recognize this privilege. For example, if the root user is created as follows:

dn: cn=myroot,cn=Root DNs,cn=config
objectClass: inetOrgPerson
objectClass: person
objectClass: top
objectClass: ds-cfg-root-dn-user
objectClass: organizationalPerson
userPassword: admin-password
cn: myroot
sn: myroot
ds-cfg-alternate-bind-dn: cn=myroot
givenName: My Root User
ds-privilege-name: -data-sync

then the OUD server does not recognize the privilege, and cannot remove it. Instead, the OUD server removes all privileges for this user.

Workaround

All references to this privilege in the OUD server configuration should be removed. For example:

$ ldapmodify -h localhost -p 4444 --useSSL
dn: cn=myroot,cn=Root DNs,cn=config
changetype:modify
delete:ds-privilege-name
ds-privilege-name: -data-sync

Issue

Bug Number: 17797663

When pass-through authentication (PTA) is configured with a Kerberos authentication provider, certain conditions must be met in order for the bind to succeed.

Workaround

Configure PTA to meet the following conditions:

• The user provider must be a local backend.

• The PTA suffix, the user suffix, and the authentication suffix must be the same. The easiest way to configure the suffixes to be the same is to define the PTA suffix, and leave the other suffixes undefined.

Issue

Bug Number: 17689711

You may encounter this issue when you have two servers containing two suffixes: one suffix already configured for replication (for example dc=example,dc=com), and the other suffix not configured for replication (for example cn=companyname.) When you enable the changelog for cn=companyname in both servers, replication is automatically configured for the cn=companyname suffix because the servers themselves have already been defined and configured for replication.

Workaround

There is currently no workaround for this issue.

Issue

Bug Number: 14772631

When you configure an AddOutboundTransformation with virtualAttr={%sn%.%cn%@o.com}where the definition contains a dot, then a search request with a filter on the virtualAttr parameter might not work correctly.

For instance, the sn and cn backend attribute values contain a dot, such as "sn:sn.light" and "cn:cn.light." Here, a search request with a filter on the virtualAttr, for example "virtualAttr=sn.light.cn.light@o.com" might not work correctly.

Workaround

There is currently no workaround for this issue.

Issue

Bug Number: 14080885

The moveplan interface does not have a field to update the path for keystore pin file during the cloning process.

Workaround

Use the dsconfig command on the cloned instance to update the key-store-pin-file value of JKS Key Manager Provider.

Issue

Bug Number: 14652478

On Oracle Linux Enterprise 6, the runInstaller command may require i686 packages to be present on the system. Although the missing packages are not directly required for OUD to operate properly, they are required during the installation process.

Workaround

Prior to running the runInstaller command, install the required i686 packages. See Checking the System Requirements for Oracle Unified Directory in Oracle® Fusion Middleware Installing Oracle Unified Directory

Issue

Bug Number: 14065106

The messages and Help for oudCopyConfig,oudExtractMovePlan, and oudPasteConfig command-line tools of Oracle Unified Directory are only available in English.

Workaround

There is currently no workaround for this issue.

Issue

Bug Number: 14055062

On Windows system, if the value for parameter -j, --rootUserPasswordFile is provided as a relative path, then oud-setup, oud-proxy-setup, and oud-replication-gateway-setup commands fail.

Workaround

Provide an absolute path for -j, --rootUserPasswordFile parameter.

For example:

-j C:\local\Password.txt

Issue

Bug Number: 13996369

The gicadm command does not import a catalog when you specify a relative path.

Workaround

Specify an absolute path to import a catalog.

Issue

Bug Number: 13965857

The -tih, -targetInstanceHomeLoc option of the oudPasteConfig command allows you to specify the location of the cloned server instance. If you specify an alternative location, for the cloned server instance, the instance is still created in the default location (TARGET_ORACLE_HOME/../TARGET_INSTANCE_NAME) and no error message is generated. However, the cloned server is configured partially as some custom parameters are not updated in the cloned server instance.

Workaround

To successfully clone the server instance, as the -tih parameter is mandatory, you must explicitly provide the default location for the -tih parameter as follows:

-tih TARGET_ORACLE_HOME/../TARGET_INSTANCE_NAME

Issue

Bug Number: 13954545

On a Windows system with a JDK 1.7 (previous to Update 11) JVM instance running, the ldapsearch.bat client might not handle the trailing "*" correctly.

Workaround

Download the latest JDK version to leverage the fixes and updates that are added to the Java SE platform.

Issue

Bug Number: 12291860

On Windows systems, no SNMP trap is sent if the server is stopped by using stop-ds with no credentials. The server is, however, stopped correctly.

The SNMP trap is sent if the server is stopped by using stop-ds -D bindDN -p password.

Workaround

There is currently no workaround for this issue.

Issue

Bug Number: 12280658

When a distribution is using a GIC, and the GIC indexes the entry DNs, the ModifyDN operation is not supported.

If DNs are not indexed in the global index catalog, the modify DN operation is supported. Otherwise, only the modify RDN operation is supported.

Workaround

Although indexing the DN is recommended for performance reasons, as a workaround in this situation, do not index the DN.

Issue

Bug Number: 12266690

If you delete the load balancing workflow element or the load balancing algorithm, the load balancing routes are also deleted without any warning.

Workaround

There is currently no workaround for this issue.

Issue

Bug Number: 11718654

In a replicated topology, if the server has a heavy workload, then the following error message is recorded in the error log: "The server failed to obtain a read lock on the parent entry dc=example, dc=com after multiple attempts."

Workaround

Configure a larger database cache. See Tuning the Server Configuration in Oracle® Fusion Middleware Administering Oracle Unified Directory.

Issue

Bug Number: 17582404

When accessing an entry in the data view, the following error message appears in the WebLogic Server logs:

<Oct 9, 2013 8:04:17 AM PDT> <Error>
<oracle.adf.controller.internal.binding.TaskFlowRegionInitialConditions>
<ADFC-64007> <ADFc: Task flow binding parameter 'entryObject' of type
'oracle.idm.directoryservices.odsm.model.oid.UserEntry' on binding
'oidDBdetailtaskflow' is not serializable, potential for incorrect
application behavior or data loss.> 

Workaround

The error does not affect the WebLogic Server functionality. You can safely ignore the message.

Issue

Bug Number: 18789805/18915580/18905879/18884612/18874750

The results of modification of certain elements and parameters in JOIN Workflow Element in OUDSM are not saved.

The list of parameters that are not saved are:

• "Attribute Storage", "Attribute Retrieval" for both Primary and Secondary Participant

• join suffix value

• join condition

• bind priority in the Participant Relations

• LDAP operations

Workaround

Use dsconfig to do the modification.

Issue

Bug Number: 18871434

In OUDSM, query using advanced search does not return the Join DN attribute. Using ldapsearch, the search returns the join dn attribute.

Workaround

Use ldapsearch to get the Join DN attribute.

Issue

Bug Number: 19028533

On the Advanced Search page, the search operation on the Attribute picker window for the "Fetched Attributes" and "Sort Results On" sections, returns error: "An unresolvable error has occurred. Contact your administrator for more information."

Workaround

Manually select the attribute by scrolling down the Select Attribute table.

Issue

Bug Number: 17462792

When accessing the Directory Service Manager tab or Topology Manager tab using Firefox on a Solaris system, the subtabs may not display as expected.

Workaround

Click the forward arrows (>>) or back arrows (<<) to open a menu, and then navigate among the subtabs.

Issue

Bug Number: 17262682

After installing OUD and OUDSM on Windows 2008 R2, when you try to access the OUDSM URL, the message "Starting Oracle Directory Services Manager..." displays, but the OUDSM application does not load in the browser as expected. This can occur when you use Microsoft Internet Explorer version 8 or 9 browsers.

Workaround

1. Verify that JavaScript is enabled.

2. Add the OUDSM URL in the trusted sites.

   Go to Tools-> Internet Options -> Security -> Trusted sites -> Sites -> Add. Then click Add to add the OUDSM URL to a site.

Issue

Bug Number: 16946878

On the Alert Handler Properties page, the Disabled Alert Type and Enabled Alert Type fields do not work as designed. Regardless of the setting for either field, alerts are never sent as expected.

Workaround

Use dsconfig set-alert-handler-prop to add or remove enabled-alert-type or disabled-alert-type values.

Use dsconfig set-alert-handler-prop --add enabled-alert-type: alert type value to add enabled-alert-type alert type value.

Use dsconfig set-alert-handler-prop set-alert-handler-prop --remove enabled-alert-type:alert type value to remove enabled-alert-type alert type value.

Example:

# dsconfig -h slc03roj -p 4444 -D "cn=Directory Manager" -j /tmp/oud -n -X set-alert-handler-prop --handler-name "SMTP Alert handler name" --remove enabled-alert-type:org.opends.server.DirectoryServerShutdown

Issue

Bug Number: 16056177

On the Advanced Search page, when you click an entry in the Search Results table, the Show Attributes button does not appear if Optional Attributes is already expanded. However, if you collapse Optional Attibutes and then expand, the Show Attributes button appears. But, when you click the button the Select Attributes dialog box is blank.

Workaround

To view the entry details, you can select the same entry from the Data Browser tab.

Issue

Bug Number: 15928439

When this NullPointer exception is encountered, the contents of that particular changelog entry cannot be accessed from OUDSM. You can continue to use OUDSM to perform other tasks and access other entries.

Workaround

To access a changelog entry with no objectclasse specified, use a different LDAP client.

Issue

Bug Number: 12363352

When you are in the screenreader mode, the Create, Apply, and Cancel buttons in the OUDSM interface do not get focus after modification.

Workaround

Press the Tab key until you get the focus on the required button. Alternatively, you can use the mouse to activate the required button.