5 Oracle Unified Directory
Known issues and workarounds for Oracle Unified Directory include general issues and known issues related with Oracle Unified Directory, Oracle Unified Directory Services Manager, and related directory components.
Topics
-
Oracle Unified Directory Services Manager (OUDSM) Known Issues and Workarounds
-
Related Oracle Directory Components Known Issues and Workarounds
Note:
-
See What's New in Oracle Unified Directory for information about new features in this release of Oracle Unified Directory.
5.1 Oracle Unified Directory System Requirements and Specifications
You must read through the system requirements and certification documents to ensure that your environment meets the minimum installation requirements for the products you are installing.
The following documents are available for your reference:
-
Keep the following in mind during OUD installation:
Note:
This applies only to collocated OUD installations and does not apply to standalone OUD 14.1.2.1.0 installations.- Fresh OUD Installation: Apply the one-off ADF patch (search for Bug ID 37376076 at https://support.oracle.com) manually using OPatch to the OUD 14.1.2.1.0
ORACLE_HOME
after installation and before domain creation. - Upgrade OUD Installation:
Apply the one-off ADF patch (search for Bug ID 37376076 at https://support.oracle.com) manually using OPatch to the OUD 14.1.2.1.0
ORACLE_HOME
before performing the reconfiguration step.Apply the one-off EM patch (search for Bug ID 37476292 at https://support.oracle.com) manually using OPatch to the OUD 14.1.2.1.0
ORACLE_HOME
before performing the reconfiguration step.
- Fresh OUD Installation: Apply the one-off ADF patch (search for Bug ID 37376076 at https://support.oracle.com) manually using OPatch to the OUD 14.1.2.1.0
-
Checking the System Requirements for Oracle Unified Directory.
This document provides information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches when installing Oracle Unified Directory with other Oracle products.
-
Oracle Fusion Middleware Supported System Configurations
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
This landing page contains links to certification information for all products in Fusion Middleware suite. To view the certification matrix:
-
Access the Oracle Fusion Middleware Supported System Configurations landing page:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
-
Scroll down to System Requirements and Supported Platforms for Oracle Identity and Access Management 14c (14.1.2.1.0).
-
Click the xls link to view the certification matrix.
This document contains the most detailed information about supported application servers, supported clients, JDK requirements, and IPv4/IPv6 certifications for installing Oracle Unified Directory. This document always contains the latest information for a specific release.
-
-
Oracle® Fusion Middleware Installing Oracle Unified Directory 14c (14.1.2.1.0)
Planning the Oracle Unified Directory Installation contains pre-installation system notes and other information you should review prior to Oracle Unified Directory installation.
The following sections describe additional information specific to Oracle Unified Directory installation requirements:
5.1.1 Hardware Requirements
You must bear in mind the minimum hardware requirements for installation that are recommended for this release.
As a general guideline, the following hardware is recommended:
Table 5-1 Recommended Hardware
Hardware Component | Requirement |
---|---|
RAM |
Evaluation purposes: At least 256 MB of free memory for a small database. Production: Minimum of 2 GB. |
Local disk space |
Evaluation purposes: For a small database and sufficient space for log files, your system should have at least 100 MB of free local disk space. Preferably, you should have at least 1 GB of disk space. Production: For a typical production deployment with a maximum of 250,000 entries and no binary attributes, such as images, 4 GB of disk space might be sufficient for the database only. You might need an additional 1 GB of disk space for log files. You need to determine disk space for the change log database (DB), which is dependent on the load (updates per second) and on the replication purge delay (that is, the time the server should keep information about internal updates). The change log DB can grow up to 30-40 GB with loads of 1,000 modifications per second. When you use global index replication, ensure that you have enough disk space for the replication change logs. By default, the change log stores changes from the last 100 hours. The configuration should be based on the expected size of the service. For example, you would need 150 GB for 5,000 modify/seconds. |
For optimal performance, your system must have sufficient RAM memory for the JVM heap and database cache. The server also provides ready-to-use tuning. For more information about setting the JVM heap and database cache, see Configuring the JVM, Java, and Database Cache Options for Oracle Unified Directory in Oracle® Fusion Middleware Installing Oracle Unified Directory.
Your system should also have enough disk space to store the generated log files. The server log files can consume up to 1 GB of disk space with default server settings. In replicated environments, the change log database can grow up to 30-40 GB with loads of 1,000 mods/sec. For information about setting the log file size, see Configuring Log Rotation Policies in Oracle® Fusion Middleware Administering Oracle Unified Directory.
You can configure Oracle Unified Directory in such a way that it uses substantially less, or more, disk space depending on your applications and performance needs. Any setup considerations must determine the amount of memory for the server's database and log files.
On Solaris and Linux systems, the operating system should be configured to have at least twice as much virtual memory as JVM heap. To achieve this, you might need to increase the size of the operating system swap space.
5.1.2 Software Requirements
You must bear in mind the software requirements that are to be met before beginning the installation.
In addition to the operating system, application server, and JDK requirements described in this document:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html.
You must ensure to resolve the following operating system specific requirements:
5.1.2.1 File Descriptor Requirements (Linux Systems)
The recommendation described in this section affects Linux systems only. All other supported platforms are not impacted.
To ensure optimal server performance, the total number of client connections, database files, and log files must not exceed the maximum file descriptor limit on the operating system (ulimit
-n
). By default, the directory server allows an unlimited number of connections but is restricted by the file descriptor limit on the operating system. Linux systems limit by default the number of file descriptors that any one process may open to 1024 per process.
After the directory server has exceeded the file descriptor limit of 1024 per process, any new process and worker threads will be blocked. For example, if the directory server attempts to open an Oracle Berkeley Java Edition database file when the operating system has exceeded the file descriptor limit, the directory server will no longer be able to open a connection that can lead to a corrupted database exception. Likewise, if you have a directory server that exceeds the file descriptor limit set by the operating system, the directory server can become unresponsive as the LDAP connection handler consumes all of the CPU's processing in attempting to open a new connection.
To fix this condition, set the maximum file descriptor limit to 65535
per process on Linux machines.
To view the maximum file descriptor limit, run the following command:
/sbin/sysctl -a | grep file-max
If the file-max
value is lower than 65535,
then perform the following steps:
Note:
When you specify the values in the /etc/sysctl.conf
or /etc/security/limits.conf
file, they persist when you restart the system.
5.1.2.2 Specific Requirements for Installation in Solaris Zones
This section describes the specific requirements for installation of Oracle Unified Directory on Solaris Zones.
The Oracle Unified Directory software treats global, full local, and sparse zones as an independent physical system. Installing the server in any type of Solaris zone is therefore like installing on an independent system. The software does not share services or file locations with other zones.
5.1.3 Certified Languages
You can find here the list of languages supported, called certified languages.
Oracle Unified Directory is certified for the following languages:
-
Chinese (Simplified)
-
Chinese (Traditional)
-
French
-
German
-
Italian
-
Japanese
-
Korean
-
Spanish
-
Portuguese (Brazilian)
Note:
Certain error messages (specifically, the SEVERE and FATAL messages) are displayed in English only.
5.2 Software Environment Limitations and Recommendations
This section describes the limitations that might affect the initial deployment of your directory server.
The Oracle Unified Directory 14c (14.1.2.1.0) software has some limitations that might affect the initial deployment of your directory server. Follow the recommendations for deployments in this section.
Administrators also should appropriately tune the Oracle Unified Directory directory server and its Java Virtual Machine (JVM) to ensure that adequately sized hardware is made available to support heavy write operations. See Configuring the JVM, Java, and Database Cache Options for Oracle Unified Directory in Oracle Fusion Middleware Installing Oracle Unified Directory.
This section describes the following topics:
5.2.1 OUD 14c (14.1.2.1.0) Limitations
This section lists the limitations of Oracle Unified Directory 14c (14.1.2.1.0). They are as follows:
-
The Oracle Unified Directory directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.
-
For Enterprise User Security, Oracle Unified Directory is validated to store and manage users and groups locally, and also for proxying to other external directory servers. The list of supported external directory servers is documented in the certification matrix. See Viewing the Certification Matrix in Oracle Fusion Middleware Installing Oracle Unified Directory.
-
Oracle Unified Directory Server in proxy mode provides the best search performance when the search queries ask for the specific required attributes (rather than all the attributes) of an entry.
5.2.2 Viewing the Certification Matrix
This section describes the procedure to view the certification matrix.
To view the certification matrix:
5.2.3 Software Recommendations
This section lists the recommendations for using Oracle Unified Directory.
The recommendations that are to be followed are:
-
The directory server provides better performance when the database files are cached entirely into memory.
-
The default settings of the Oracle Unified Directory directory server are targeted initially at evaluators or developers who are running equipment with a limited amount of resources. For this reason, you should tune the Java virtual machine (JVM) and the directory server itself to improve scalability and performance, particularly for write operations. See Configuring the JVM, Java, and Database Cache Options for Oracle Unified Directory in Oracle Fusion Middleware Installing Oracle Unified Directory.
-
If you want to import large LDIF files by using the
import-ldif
command, then it is recommended that you use the--skipDNvalidation
option. However, if you are not certain that the LDIF file is valid, using this option is not advised. -
If you want to perform
isMemberOf
query for complex searches involving static groups, it is advisable to keep group membership and user entry under the same backend.
5.2.4 Deprecation of the Password Notification Change plug-in
Starting with Oracle Unified Directory 12c (12.2.1.4.0), the Password Notification Change plug-in (oidpwdcn.dll
) is deprecated.
Oracle recommends that you replace this plug-in with the centrally managed users (CMU) feature provided by Oracle Database.
5.3 Oracle Unified Directory (OUD) Known Issues and Workarounds
The following sections describe known issues and limitations with the Oracle Unified Directory 14c (14.1.2.1.0) core server at the time of this release.
-
(Bug 29964155) Unable to Find the System Component Details in the config.xml File
-
PBKDF2WithHmacSHA512–based password storage schemes might fail due to JDK bug
-
(Bug 20109035) OUD upgrade fails to set the purging flag in the ds-sync-hist index
-
(Bug 19767906) ECL changes are delayed by the clock difference between servers in topology
-
(Bug 17874888) Removing the data-sync privilege for a user removes all privileges for that user
-
(Bug 14080885) The moveplan interface does not have a field to update the path for keystore pin file
-
(Bug 14652478) The runInstaller command fails to check for appropriate OS
-
(Bug 14065106) Translation is not supported for some error message and online Help
-
(Bug 13954545) The ldapsearch.bat client incorrectly handles a trailing asterisk character
-
(Bug 12266690) Load balancing routes are deleted without warning
-
(Bug 11718654) Error Occurs in Replicated Topology with a Heavy Workload
5.3.1 (Bug 29964155) Unable to Find the System Component Details in the config.xml File
Issue
If you update the node manager properties like username and password,
the system component details in the config.xml
file are deleted.
This causes the OUD system component to fail while trying to start/stop the
component using
stopComponent.sh
/startComponent.sh
.
Workaround
Ensure that you do not update the node manager details after creating the system components.
5.3.2 PBKDF2WithHmacSHA512–based password storage schemes might fail due to JDK bug
Issue
If you are using the following password storage schemes that are based on PBKDF2WithHmacSHA512 algorithm, then you might experience unpredictable results. This problem occurs owing to an issue with JDK 8.
-
cn=PBKDF2 HMAC SHA-512,cn=Password Storage Schemes,cn=config
-
cn=EUS PBKDF2 SHA-512,cn=Password Storage Schemes,cn=config
If you are using the preceding schemes on a heavily-loaded server, then you might not be able to bind to Oracle Unified Directory.
Workaround
This issue is fixed in JDK 9. This fix has been backported to JDK 8. Oracle recommends that you to apply the JDK patch if you are using the preceding PBKDF2WithHmacSHA512–based password storage schemes in your configuration. For more information about applying this patch, you can contact My Oracle Support.
5.3.3 (Bug 20109035) OUD upgrade fails to set the purging flag in the ds-sync-hist index
Issue
Bug Number: 20109035
When the ds-sync-hist
flag of the ds-cfg-purging
is set to false, the OUD upgrade fails to set the purging flag in the ds-sync-hist
index.
Workaround
Set the ds-cfg-purging
flag of the ds-sync-hist
index to true. Then rebuild the ds-sync-hist
index:
./dsconfig set-local-db-index-prop --element-name userRoot --index-name ds-sync-hist --set purging:true ./rebuild-index -b "dc=example,dc=com" -i ds-sync-hist
5.3.4 (Bug 19786556) During modification of a large static group, the administrative limit might be exceeded
Issue
Bug Number: 19786556
Misleading additional information occurs when a static large group is modified.
Workaround
Increasing the member-lookthrough-limit
property. See Managing Static Groups With More Than 100,000 Members in Oracle® Fusion Middleware Administering Oracle Unified Directory.
5.3.5 (Bug 19767906) ECL changes are delayed by the clock difference between servers in topology
Issue
Bug Number: 19767906
Although there are two servers in the replication topology, results are returned from one server only. This error occurs during data transfer between the replication servers.
Workaround
There is currently no workaround for this issue.
5.3.6 (Bug 19260923) Using the signal SIGSTOP causes failures
Issue
Bug Number: 19260923
When you use the signal SIGSTOP to pause the server, it can disable the backend upon using SIGSCONT to resume server processing. This problem occurs because SIGSTOP is not supported by OUD.
Workaround
Set BDB JE latch timeout to a duration longer than the duration between SIGSTOP and SIGCONT. The following is an example: dsconfig set-workflow-element-prop --add je-property:je.env.latchTimeout="12 h"
5.3.7 (Bug 17874888) Removing the data-sync privilege for a user removes all privileges for that user
Issue
Bug Number: 17874888
The data-sync privilege was not an operational privilege and consequently the OUD server does not recognize this privilege. For example, if the root user is created as follows:
dn: cn=myroot,cn=Root DNs,cn=config objectClass: inetOrgPerson objectClass: person objectClass: top objectClass: ds-cfg-root-dn-user objectClass: organizationalPerson userPassword: admin-password cn: myroot sn: myroot ds-cfg-alternate-bind-dn: cn=myroot givenName: My Root User ds-privilege-name: -data-sync
then the OUD server does not recognize the privilege, and cannot remove it. Instead, the OUD server removes all privileges for this user.
Workaround
All references to this privilege in the OUD server configuration should be removed. For example:
$ ldapmodify -h localhost -p 4444 --useSSL dn: cn=myroot,cn=Root DNs,cn=config changetype:modify delete:ds-privilege-name ds-privilege-name: -data-sync
5.3.8 (Bug 17797663) Pass-Through Authentication subject to limitations when configured with Kerberos authentication provider.
Issue
Bug Number: 17797663
When pass-through authentication (PTA) is configured with a Kerberos authentication provider, certain conditions must be met in order for the bind to succeed.
Workaround
Configure PTA to meet the following conditions:
-
The user provider must be a local backend.
-
The PTA suffix, the user suffix, and the authentication suffix must be the same. The easiest way to configure the suffixes to be the same is to define the PTA suffix, and leave the other suffixes undefined.
5.3.9 (Bug 17689711) Enabling the changelog for a suffix on two servers will unexpectedly enable replication on the suffix
Issue
Bug Number: 17689711
You may encounter this issue when you have two servers containing two suffixes: one suffix already configured for replication (for example dc=example,dc=com
), and the other suffix not configured for replication (for example cn=companyname
.) When you enable the changelog for cn=companyname
in both servers, replication is automatically configured for the cn=companyname
suffix because the servers themselves have already been defined and configured for replication.
Workaround
There is currently no workaround for this issue.
5.3.10 (Bug 14772631) If an AddOutboundTransformation definition contains a dot, then a search request might fail
Issue
Bug Number: 14772631
When you configure an AddOutboundTransformation
with virtualAttr={%sn%.%cn%@o.com}
where the definition contains a dot, then a search request with a filter on the virtualAttr
parameter might not work correctly.
For instance, the sn
and cn
backend attribute values contain a dot, such as "sn:sn.light"
and "cn:cn.light."
Here, a search request with a filter on the virtualAttr
, for example "virtualAttr=sn.light.cn.light@o.com"
might not work correctly.
Workaround
There is currently no workaround for this issue.
5.3.11 (Bug 14080885) The moveplan interface does not have a field to update the path for keystore pin file
Issue
Bug Number: 14080885
The moveplan
interface does not have a field to update the path for keystore pin file during the cloning process.
Workaround
Use the dsconfig
command on the cloned instance to update the key-store-pin-file
value of JKS Key Manager Provider
.
5.3.12 (Bug 14652478) The runInstaller command fails to check for appropriate OS
Issue
Bug Number: 14652478
On Oracle Linux Enterprise 6, the runInstaller
command may require i686 packages to be present on the system. Although the missing packages are not directly required for OUD to operate properly, they are required during the installation process.
Workaround
Prior to running the runInstaller
command, install the required i686 packages. See Checking the System Requirements for Oracle Unified Directory in Oracle® Fusion Middleware Installing Oracle Unified Directory
5.3.13 (Bug 14065106) Translation is not supported for some error message and online Help
Issue
Bug Number: 14065106
The messages and Help for oudCopyConfig,oudExtractMovePlan
, and oudPasteConfig
command-line tools of Oracle Unified Directory are only available in English.
Workaround
There is currently no workaround for this issue.
5.3.14 (Bug 14055062) If the value for parameter -j,--rootUserPasswordFile is provided as a relative path, commands fail
Issue
Bug Number: 14055062
On Windows system, if the value for parameter -j, --rootUserPasswordFile
is provided as a relative path, then oud-setup, oud-proxy-setup,
and oud-replication-gateway-setup
commands fail.
Workaround
Provide an absolute path for -j, --rootUserPasswordFile
parameter.
For example:
-j C:\local\Password.txt
5.3.15 (Bug 13996369) The gicadm command does not import a catalog
Issue
Bug Number: 13996369
The gicadm
command does not import a catalog when you specify a relative path.
Workaround
Specify an absolute path to import a catalog.
5.3.16 (Bug 13965857) If you specify an alternative location for a cloned server instance, the cloned server instance is not completely configured
Issue
Bug Number: 13965857
The -tih, -targetInstanceHomeLoc
option of the oudPasteConfig
command allows you to specify the location of the cloned server instance. If you specify an alternative location, for the cloned server instance, the instance is still created in the default location (TARGET_ORACLE_HOME/../TARGET_INSTANCE_NAME) and no error message is generated. However, the cloned server is configured partially as some custom parameters are not updated in the cloned server instance.
Workaround
To successfully clone the server instance, as the -tih
parameter is mandatory, you must explicitly provide the default location for the -tih
parameter as follows:
-tih TARGET_ORACLE_HOME/../TARGET_INSTANCE_NAME
5.3.17 (Bug 13954545) The ldapsearch.bat client incorrectly handles a trailing asterisk character
Issue
Bug Number: 13954545
On a Windows system with a JDK 1.7 (previous to Update 11) JVM instance running, the ldapsearch.bat
client might not handle the trailing "*" correctly.
Workaround
Download the latest JDK version to leverage the fixes and updates that are added to the Java SE platform.
5.3.18 (Bug 12291860) No SNMP trap is sent if the server is stopped using the stop-ds command with no credentials
Issue
Bug Number: 12291860
On Windows systems, no SNMP trap is sent if the server is stopped by using stop-ds
with no credentials. The server is, however, stopped correctly.
The SNMP trap is sent if the server is stopped by using stop-ds -D bindDN -p password
.
Workaround
There is currently no workaround for this issue.
5.3.19 (Bug 12280658) The ModDN operation is not supported if DNs are indexed in the global index catalog (GIC)
Issue
Bug Number: 12280658
When a distribution is using a GIC, and the GIC indexes the entry DNs, the ModifyDN operation is not supported.
If DNs are not indexed in the global index catalog, the modify DN operation is supported. Otherwise, only the modify RDN operation is supported.
Workaround
Although indexing the DN is recommended for performance reasons, as a workaround in this situation, do not index the DN.
5.3.20 (Bug 12266690) Load balancing routes are deleted without warning
Issue
Bug Number: 12266690
If you delete the load balancing workflow element or the load balancing algorithm, the load balancing routes are also deleted without any warning.
Workaround
There is currently no workaround for this issue.
5.3.21 (Bug 11718654) Error Occurs in Replicated Topology with a Heavy Workload
Issue
Bug Number: 11718654
In a replicated topology, if the server has a heavy workload, then the following error message is recorded in the error log: "The server failed to obtain a read lock on the parent entry dc=example
, dc=com
after multiple attempts."
Workaround
Configure a larger database cache. See Tuning the Server Configuration in Oracle® Fusion Middleware Administering Oracle Unified Directory.
5.4 Oracle Unified Directory Services Manager (Oracle Unified Directory Services Manager) Known Issues and Workarounds
The following sections describe known issues with Oracle Unified Directory Services Manager at the time of Oracle Unified Directory 14c (14.1.2.1.0) release.
Note:
If Oracle Unified Directory has recently been updated, you might encounter a problem when you try to invoke Oracle Unified Directory Services Manager. During an Oracle Unified Directory update operation, Oracle Unified Directory Services Manager is also updated, and the Oracle Unified Directory Services Manager URL can change. This problem usually occurs if you used your browser to invoke the earlier version of Oracle Unified Directory Services Manager.
Therefore, to invoke the updated version of Oracle Unified Directory Services Manager, first clear your browser's cache and cookies.
This section describes the following known issues and workarounds:
-
(Bug 17582404) ADF error is displayed in WebLogic Server logs.
-
(Bugs 18789805/18915580/18905879/18884612/18874750) Modification Issues with Join Workflow Element
-
(Bug 18871434) Join DN attribute does not return in Advanced Search in OUDSM
-
(Bug 19028533) Adv Search: Issue with Search in pick attributes table
-
(Bug 17462792) Subtabs may not display as designed on Solaris
-
(Bug 17262682) Default browser settings may not allow OUDSM URL to be accessible on Windows 2008 R2(Bug 17462792) Subtabs may not display as designed on Solaris
-
(Bug 12363352) In the screenreader mode, focus for some buttons does not work as expected
5.4.1 (Bug 17582404) ADF error is displayed in WebLogic Server logs.
Issue
Bug Number: 17582404
When accessing an entry in the data view, the following error message appears in the WebLogic Server logs:
<Oct 9, 2013 8:04:17 AM PDT> <Error> <oracle.adf.controller.internal.binding.TaskFlowRegionInitialConditions> <ADFC-64007> <ADFc: Task flow binding parameter 'entryObject' of type 'oracle.idm.directoryservices.odsm.model.oid.UserEntry' on binding 'oidDBdetailtaskflow' is not serializable, potential for incorrect application behavior or data loss.>
Workaround
The error does not affect the WebLogic Server functionality. You can safely ignore the message.
5.4.2 (Bugs 18789805/18915580/18905879/18884612/18874750) Modification Issues with Join Workflow Element
Issue
Bug Number: 18789805/18915580/18905879/18884612/18874750
The results of modification of certain elements and parameters in JOIN Workflow Element in OUDSM are not saved.
The list of parameters that are not saved are:
-
"Attribute Storage", "Attribute Retrieval" for both Primary and Secondary Participant
-
join suffix value
-
join condition
-
bind priority in the Participant Relations
-
LDAP operations
Workaround
Use dsconfig to do the modification.
5.4.3 (Bug 18871434) Join DN attribute does not return in Advanced Search in OUDSM
Issue
Bug Number: 18871434
In OUDSM, query using advanced search does not return the Join DN attribute. Using ldapsearch, the search returns the join dn attribute.
Workaround
Use ldapsearch to get the Join DN attribute.
5.4.4 (Bug 19028533) Adv Search: Issue with Search in pick attributes table
Issue
Bug Number: 19028533
On the Advanced Search page, the search operation on the Attribute picker window for the "Fetched Attributes" and "Sort Results On" sections, returns error: "An unresolvable error has occurred. Contact your administrator for more information."
Workaround
Manually select the attribute by scrolling down the Select Attribute table.
5.4.5 (Bug 17462792) Subtabs may not display as designed on Solaris
Issue
Bug Number: 17462792
When accessing the Directory Service Manager tab or Topology Manager tab using Firefox on a Solaris system, the subtabs may not display as expected.
Workaround
Click the forward arrows (>>) or back arrows (<<) to open a menu, and then navigate among the subtabs.
5.4.6 (Bug 17262682) Default browser settings may not allow OUDSM URL to be accessible on Windows 2008 R2
Issue
Bug Number: 17262682
After installing OUD and OUDSM on Windows 2008 R2, when you try to access the OUDSM URL, the message "Starting Oracle Directory Services Manager..." displays, but the OUDSM application does not load in the browser as expected. This can occur when you use Microsoft Internet Explorer version 8 or 9 browsers.
Workaround
-
Verify that JavaScript is enabled.
-
Add the OUDSM URL in the trusted sites.
Go to Tools-> Internet Options -> Security -> Trusted sites -> Sites -> Add. Then click Add to add the OUDSM URL to a site.
5.4.7 (Bug 16946878) Alerts not sent as designed
Issue
Bug Number: 16946878
On the Alert Handler Properties page, the Disabled Alert Type and Enabled Alert Type fields do not work as designed. Regardless of the setting for either field, alerts are never sent as expected.
Workaround
Use dsconfig set-alert-handler-prop
to add or remove enabled-alert-type or disabled-alert-type values.
Use dsconfig set-alert-handler-prop --add enabled-alert-type
: alert type value to add enabled-alert-type alert type value.
Use dsconfig set-alert-handler-prop set-alert-handler-prop --remove enabled-alert-type:
alert type value to remove enabled-alert-type alert type value.
Example:
# dsconfig -h slc03roj -p 4444 -D "cn=Directory Manager" -j /tmp/oud -n -X set-alert-handler-prop --handler-name
"SMTP Alert handler name"
--remove enabled-alert-type:org.opends.server.DirectoryServerShutdown
5.4.8 (Bug 16056177) On the Advanced Search page, when you click an entry in the Search Results table, some buttons do not behave as expected
Issue
Bug Number: 16056177
On the Advanced Search page, when you click an entry in the Search Results table, the Show Attributes button does not appear if Optional Attributes is already expanded. However, if you collapse Optional Attibutes and then expand, the Show Attributes button appears. But, when you click the button the Select Attributes dialog box is blank.
Workaround
To view the entry details, you can select the same entry from the Data Browser tab.
5.4.9 (Bug 15928439) Java NullPointer exception occurs if a changelog entry does not contain a specified objectclass
Issue
Bug Number: 15928439
When this NullPointer exception is encountered, the contents of that particular changelog entry cannot be accessed from OUDSM. You can continue to use OUDSM to perform other tasks and access other entries.
Workaround
To access a changelog entry with no objectclasse specified, use a different LDAP client.
5.4.10 (Bug 12363352) In the screenreader mode, focus for some buttons does not work as expected
Issue
Bug Number: 12363352
When you are in the screenreader mode, the Create, Apply, and Cancel buttons in the OUDSM interface do not get focus after modification.
Workaround
Press the Tab key until you get the focus on the required button. Alternatively, you can use the mouse to activate the required button.
5.5 Related Oracle Directory Components Known Issues and Workarounds
This section describes the known issues and its workarounds for Oracle Directory Integration Platform and Oracle Identity Directory Services.
5.5.1 Oracle Directory Integration Platform
Known issues and workarounds for Oracle Directory Integration Platform include general issues and configuration issues.
5.5.1.1 General Oracle Directory Integration Platform Issues and Workarounds
This section describes general issues and workarounds.
Topics
-
Running the testProfile Command with LDIF Files Option Fails in Advance Mode
-
Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded Source Director
-
manageSyncProfiles Utility Prompts for Connected Directory Password
-
The Oracle Password Filter for Microsoft Active Directory Installation Screens Displays 11g Version
5.5.1.1.1 Enabling the Domain-Wide Administration Port on Oracle WebLogic Server Prevents use of the DIP Command Line Interface
Issue
Be aware that enabling the domain-wide administration port on any WebLogic server running Directory Integration Platform will prevent you from using the DIP command line interface using a standard administrator account. Entering DIP commands will result in an error similar to the following:
User: "weblogic", failed to be authenticated
Workaround
Administrators can still use the Enterprise Manager (EM) GUI to configure and manage Oracle Directory Integration Platform.
5.5.1.1.2 LDIF Files That Contain Non-ASCII Characters Will Cause the testProfile Command Option to Fail if the LDIF File has Native Encoding
Issue
When running DIP Tester from a command-line, the manageSyncProfiles testProfile
command will fail if the -ldiffile
option is specified and the LDIF file contains non-ASCII characters.
Workaround
Note that LDIF files with UTF-8 encoding are not impacted by this limitation. If an LDIF file containing multibyte characters cannot be saved with UTF-8 encoding, then use the following workaround:
-
From a command-line, add the entry using the
ldapadd
command and include the-E
option to specify the locale. For the required command syntax, see ldapadd Command Reference in Oracle Fusion Middleware Reference for Oracle Identity Management. -
Get the specific
changeNumber
for the last add operation. -
Execute the
testProfile
command using thechangeNumber
from the previous step.For more information, see the section Running DIP Tester From the WLST Command-Line Interface in Oracle Fusion Middleware Administering Oracle Directory Integration Platform.
5.5.1.1.3 Running the testProfile Command with LDIF Files Option Fails in Advance Mode
Issue
When running DIP Tester from a command-line in advance mode, the manageSyncProfiles testProfile
command will fail if the -ldiffile
option is specified and may synchronize the wrong operation.
Workaround
To resolve this issue, run the manageSyncProfile updatechgnum
command. See Running DIP Tester From the WLST Command-Line Interface in the Oracle Fusion Middleware Administering Oracle Directory Integration Platform.
5.5.1.1.4 Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded Source Directory
Issued
If the source directory is heavily-loaded, a race condition may occur where database commits cannot keep pace with updates to the lastchangenumber
. If this race condition occurs, Oracle Directory Integration Platform may not be able to synchronize some of the changes.
Note:
This issue only occurs if you are using Oracle Internet Directory as the back-end directory.
Workaround
To resolve this issue, perform the following steps to enable database commits to keep pace with the lastchangenumber
:
-
Increase the value of the synchronization profile's Scheduling Interval.
-
Control the number of times the search is performed on the source directory during a synchronization cycle by setting the
searchDeltaSize
parameter in the profile. Oracle suggests starting with a value of 10, then adjusting the value as needed.
5.5.1.1.5 manageSyncProfiles Utility Prompts for Connected Directory Password
Issue
When you run the manageSyncProfiles
utility to synchronize with a database, the manageSyncProfiles
register prompts for the connected directory password.
Workaround
Ensure that you specify the connected database password and not the directory password.
5.5.1.2 Oracle Directory Integration Platform Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the following topics:
5.5.1.2.1 Specify the Service Name While Creating Synchronization Profiles
When you create the synchronization profile, ensure that you specify the database service name and not the SID.
Examples:
To connect to a database, use the form host:port:serviceName
for the odip.profile.condirurl
connection detail property in a directory synchronization profile.
Specify the database service name for Database Service ID in the Create Synchronization Profile page in Oracle Enterprise Manager Fusion Middleware Control. See Creating Synchronization Profiles in Oracle Fusion Middleware Administering Oracle Directory Integration Platform.
5.5.1.2.2 If Oracle Internet Directory is the Back-End Directory then do not use localhost as Oracle Internet Directory Hostname When Configuring Oracle Directory Integration Platform
When configuring Oracle Directory Integration Platform against an existing Oracle Internet Directory using the Configuration Wizard, you must specify the hostname for Oracle Internet Directory using only its fully qualified domain name (such as myhost.example.com
). Do not use localhost
as the Oracle Internet Directory hostname even if Oracle Directory Integration Platform and Oracle Internet Directory are collocated on the same host.
If you use localhost
as the Oracle Internet Directory hostname, you will not be able to start the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform.
5.5.1.2.3 You may Need to Restart the Directory Integration Platform After Running dipConfigurator Against Oracle Unified Directory
After running dipConfigurator against an Oracle Unified Directory (OUD) endpoint, if you are unable to open the Directory Integration Platform (DIP) UI in Enterprise Manger, stop and start DIP to fix the UI problem.
5.5.1.2.4 When Configuring a Profile, you may Need to Scroll Past a Section of Whitespace to View Mapping Rules
If you are using Internet Explorer to view the Directory Integration Platform (DIP) UI, you may need to scroll past a large blank space to see the profile mapping rules section. This issue is not known to affect other browsers.
5.5.1.2.5 Specify the Host Name and Port Number for an Oracle RAC Database
Issue
While configuring Oracle Directory Integration Platform for Oracle Internet Directory as the back-end directory, If you only specify the URL for the RAC database in the dbconfig
file, then the following error messages appear:
Error occurred in configuring DataSource. Error occurred in rolling back DataSource changes. Error occurred in configuring DataSource. Error occurred during DIP configuration Step - DataSourceConfigurationStep. Error occurred in DIP configuration against OID as backend.
Workaround
To resolve this issue, specify the URL
, DB_HOST
, and DB_PORT
for the Oracle RAC database in the dbconfig
file.
5.5.1.3 Provisioning Issues
This section describes provisioning issues.
5.5.1.3.1 Modification may not Propagate Using Interface Protocol (Inbound) Version 3.0
Issue
When an inbound provisioning profile with interface protocol version 3.0 is configured with Oracle Internet Directory (Back-End Directory), then modification fails to propagate.
Workaround
5.5.1.3.2 Provisioning from Oracle Internet Directory (Back-End Directory) to an Application May Fail
Issue
If you delete a provisioning profile for Oracle Internet Directory, and recreate it with same name, then the provisioning from Oracle Internet Directory to an application may fail.
Workaround
To resolve this issue, create a provisioning profile and specify a new name.
For more information on creating a provisioning profile, see About manageProvProfiles Command in Oracle Fusion Middleware Administering Oracle Directory Integration Platform.
5.5.2 Oracle Identity Directory Services
Known issues and workarounds for Oracle Identity Directory Services include general issues and known issues related with Identity Directory Services (IDS).
5.5.2.1 Oracle Identity Directory Services Documentation Changes
Identity Directory Services introduced some behavioral changes in the 12c (12.2.1.3.0) release. This includes deprecated and desupported features and components.
Deprecated Chapters or Books
By deprecate, we mean that the feature is no longer being enhanced but is still supported for the full life of the 12c (12.2.1.3.0) release. By desupported, we mean that Oracle will no longer fix bugs related to that feature and may remove the code altogether. Where indicated, a deprecated feature may be desupported in a future major release.
-
From 12c (12.2.1.3.0) release onward, the following Javadocs were deprecated:
-
Java API Reference for Identity Governance Framework IDXUserRole
-
Java API Reference for Identity Governance Framework UserRole
Oracle recommends the use of Identity Directory API. See Oracle® Fusion Middleware Java API Reference for Identity Directory Services.
-
-
Deprecation of Using the ArisID API functionality from 12c (12.2.1.3.0) onward.