29 Oracle Internet Directory

29.1.1 ODSM Browser Window Becomes Unusable

Under certain circumstances, after you launch ODSM from Fusion Middleware Control, then select a new ODSM task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.

As a workaround, go to the URL: http://host:port/odsm, where host and port specify the location where ODSM is running, for example, http://myserver.example.com:7005/odsm. You can then use the ODSM window to log in to a server.

29.1.2 In ldapdelete Command -V Should Be The Last Parameter

For certain platforms command ldapdelete considers everything after -v, as parameter. A typical ldapdelete command looks like this:

ldapdelete -h hostname  -p portname  -v 's' -D cn=orcladmin -w welcome1

For Linux x86-64 and Microsoft Windows x64 the command mentioned here works fine. However, for Solaris Operating System (SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium platforms the above command fails.

Workaround

Use the flag -v as the last parameter when running the ldapdelete command. For example:

ldapdelete -h hostname  -p portname -D cn=orcladmin -w welcome1   -v 's'

29.1.3 Button on ODSM Login Page Might be Hidden

When you invoke Oracle Directory Services Manager using Internet Explorer 7, if the browser window is not maximized, the following buttons might be hidden:

• Connect to a Server

• Accessibility Mode

To make either button visible, click the Overflow icon, >>, or make the window larger.

This problem does not occur with Internet Explorer 8 or with other browsers, such as FireFox.

29.1.4 Bulkmodify Might Generate Errors

If Oracle Internet Directory is using Oracle Database 11g Release 1 (11.1.0.7.0), you might see ORA-600 errors while performing bulkmodify operations. To correct this problem, apply the fixes for Bug 7019313 and Bug 7614692 to the Oracle Database.

29.1.5 Do Not Use ldapmodify to Add or Replace a Hashed Attribute's Value in an Entry when a Salted Crypto Scheme is Set

If the orclcryptoscheme attribute in the root DSE is set to a salted crypto scheme, such as SSHA, and you use ldapmodify to add or replace a value of an attribute of type orclhashedattributes in an entry, the value will no longer be hashed.

Use Oracle Directory Services Manager whenever you need to add or replace a value of a hashed attribute in an entry.

29.1.6 Turkish Dotted I Character is Not Handled Correctly

Due to a bug, Oracle Internet Directory cannot handle the upper-case dotted I character in the Turkish character set correctly. This can cause problems in Oracle Directory Services Manager and in command-line utilities.

29.1.7 OIDCMPREC Might Modify Operational Attributes

By default, the oidcmprec tool excludes operational attributes during comparison.That is, oidcmprec does not compare the operational attributes values in source and destination directory entries. During reconciliation of user defined attributes however, operational attributes might be changed.

29.1.8 Non-ASCII Characters in Log Files are Displayed Incorrectly

Log messages containing non-ASCII characters may be displayed incorrectly by Fusion Middleware Control or command-line tools.

29.1.9 Data Manipulation at Database Level is Not Supported

Use only the documented tools, such as command-line tools, Oracle Directory Services Manager, Fusion Middleware Control, and WLST, to modify data in Oracle Internet Directory. Do not attempt to change Oracle Internet Directory data directly in the Oracle Database.

29.2.1 Function Return Codes for DBMS_LDAP_UTL Functions are Incorrect

In Table 11-61, Function Return Codes, in Chapter 11 of Oracle Fusion Middleware Application Developer's Guide for Oracle Identity Management, some of the codes are incorrect and some are missing. The following codes should be removed:

ACCT_TOTALLY_LOCKED_EXCEPTION

-14

AUTH_PASSWD_CHANGE_WARN

-15

The following codes should be added:

ACCT_TOTALLY_LOCKED_EXCEPTION

9001

PWD_EXPIRED_EXCEPTION 

9000

PWD_EXPIRE_WARN 

9002

PWD_MINLENGTH_ERROR 

9003

PWD_NUMERIC_ERROR

9004

PWD_NULL_ERROR 

9005

PWD_INHISTORY_ERROR 

9006

PWD_ILLEGALVALUE_ERROR

9007

PWD_GRACELOGIN_WARN

9008

PWD_MUSTCHANGE_ERROR

9009

USER_ACCT_DISABLED_ERROR

9050

29.2.2 DSML is not Deprecated

The following statement appears at the beginning of the "DSML Syntax" appendix in the Oracle Fusion Middleware Application Developer's Guide for Oracle Identity Management:

Directory Services Mark-up Language (DSML) is deprecated in Oracle Fusion Middleware 11g Release 1 (11.1.1) and might not be supported in future releases.

The statement is incorrect. Please ignore it.

29.2.3 Option to ldifwrite is Incorrect

In the ldifwrite section of the "Oracle Internet Directory Data Management Tools" chapter in Oracle Fusion Middleware User Reference for Oracle Identity Management, several examples use the option file. This is incorrect. The option is actually ldiffile. For example:

ldifwrite connect="nldap" basedn="ou=Europe, o=imc, c=us" ldiffile="output1.ldif"

ldifwrite connect="nldap" basedn="cn=includednamingcontext000001, \
          cn=replication namecontext,orclagreementid=000001, \
          orclreplicaid=node replica identifier,cn=replication configuration" \
          ldiffile="output2.ldif"

29.2.4 Use Bulk Tools or LDAP Tools with Replication

The following note appears in the bulkload sections of Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory and Oracle Fusion Middleware User Reference for Oracle Identity Management:

"NOTE: If a directory server instance is participating in a replication agreement, do not use the bulkload tool to add data into the node. Instead, use ldapadd."

This note is incorrect. You can use either bulk tools or LDAP tools, depending on the circumstances. The following rules apply when you add data to a node that is part of a DRG.

• When you add new entries to all nodes in the DRG, you can use either bulk tools or LDAP tools. For more than 20K entries, bulk tools are significantly faster. If you use LDAP tools, add the entries to only one node in the DRG and let replication propagate the entries. If you use bulk tools, generate the intermediate file only once from the LDIF file and use that intermediate file to load the entries onto all the nodes in the DRG.

• When you copy existing entries from one node to another in the same replication group, use bulk tools. Use the bulkload option restore=true when you upload the data.

• If the LDIF file contains operational attributes, which it does when created with ldifwrite, use bulkload to add the entries.

• If the replication agreement is a partial replication agreement, use ldifwrite with the base DN as the replication agreement DN to write the entries to the LDIF file. Then use bulkload with the restore=true option to load the data.

29.2.5 You Can Start WebLogic Server in the Background

Bug 9284503

The "Starting and Stopping the Oracle Stack" appendix to Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory includes the following command for starting the WebLogic Administration Server:

MW_HOME/user_projects/domains/DOMAIN_NAME/bin/startWebLogic.sh \
SERVER_NAME {ADMIN_URL}

If you start the Oracle WebLogic Administration Server from the command line as shown, it runs in the foreground and prints output to the screen. You can, however, run the server in the background by using nohup at the beginning of the command line. This sends all output to the file nohup.out and prevents the script from prompting you for USER_NAME and PASSWORD. To pass parameters to StartWebLogic.sh when using nohup, you can use a boot identity file, as described in the "Starting and Stopping Servers" chapter of Oracle Fusion Middleware Managing Server Startup and Shutdown for Oracle WebLogic Server.