Oracle® Fusion Middleware Release Notes 11g Release 1 (11.1.1) for Microsoft Windows (32-Bit) Part Number E10132-10 |
|
|
View PDF |
This chapter describes issues associated with Oracle Directory Integration Platform. It includes the following topics:
This section describes general issues and workarounds. It includes the following topics:
Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded Source Directory
Synchronization Continues After Stopping Oracle Directory Integration Platform
syncProfileBootstrap Not Supported for SSL Mode 2 Server-Only Authentication
DIP Tester Utility Not Currently Supported for 11g Release 1 (11.1.1)
If the source directory is heavily-loaded, a race condition may occur where database commits cannot keep pace with updates to the lastchangenumber. If this race condition occurs, Oracle Directory Integration Platform may not be able to synchronize some of the changes.
To work around this issue, perform the following steps to enable database commits to keep pace with the lastchangenumber:
Increase the value of the synchronization profile's Scheduling Interval.
Control the number of times the search is performed on the source directory during a synchronization cycle by setting the searchDeltaSize parameter in the profile. Oracle suggests starting with a value of 10, then adjusting the value as needed.
When a synchronization profile is initialized, the debugging log level for the Oracle Directory Integration Platform application is set to the debugging log level configured for that synchronization profile. If you have synchronization profiles configured with different debugging log levels, you may see various levels of information in the Oracle Directory Integration Platform application's logs.
To work around this issue, set the debugging log level in all synchronization profiles to the same level.
If you stop the Oracle Directory Integration Platform application during synchronization, the synchronization process that the Quartz scheduler started will continue to run.
To work around this issue, restart the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform or redeploy the Oracle Directory Integration Platform application.
When synchronizing from Sun Java System Directory Server (iPlanet) or IBM Tivoli Directory Server, if the change log is not enabled in these third-party directory servers, the manageSyncProfiles utility may fail to register synchronization profiles and the Profile Initialization Failure
message may appear.
If you encounter this issue while attempting to update or register synchronization profiles for Sun Java System Directory Server (iPlanet) or IBM Tivoli Directory Server, ensure the change log is enabled in the third-party directory server.
Included per bug 7909839
On Windows, you must escape the file path separator using a back-slash ( \ ) in profile properties files and when executing Oracle Directory Integration Platform commands. For example:
In profile properties files:
odip.profile.configfile = C:\\test\\Oracle_ IDM1\\ldap\\odi\\conf\\activeimp.cfg.master
When executing an Oracle Directory Integration Platform command, such as manageDIPServerConfig:
C:\test\Oracle_IDM1\BIN>manageDIPServerConfig.bat set -attribute \ keystorelocation -h myhost.mycompany.com -p 7005 -D LOGIN_ID \ -value C:\\test\\Oracle_IDM1\\bin\\server_keystore.jks
The syncProfileBootstrap
utility, which performs the initial migration of data between a connected target directory and Oracle Internet Directory based on a synchronization profile or LDIF file, is not supported for SSL mode 2 (Server-Only Authentication).
The syncProfileBootstrap
utility is supported only for SSL mode 0 (No SSL) and SSL mode 1 (No Authentication).
At the time of publication of these Release Notes, the DIP Tester utility is not supported for Oracle Directory Integration Platform 11g Release 1 (11.1.1).
Monitor My Oracle Support (formerly MetaLink) for updates regarding DIP Tester support for Oracle Directory Integration Platform 11g Release 1 (11.1.1). You can access My Oracle Support at http://metalink.oracle.com
.
While the DIP Tester utility is not currently supported for Oracle Directory Integration Platform 11g Release 1 (11.1.1), you can use the manageSyncProfiles command and its testProfile operation to test a disabled synchronization profile to ensure it will successfully perform synchronization. Refer to the "Managing Synchronization Profiles Using manageSyncProfiles" section in the Oracle Fusion Middleware Integration Guide for Oracle Identity Management for more information about the testProfile operation.
This section describes configuration issues and their workarounds. It includes the following topics:
When configuring Oracle Directory Integration Platform against an existing Oracle Internet Directory—using either the installer's Install and Configure installation option or the Oracle Identity Management 11g Release 1 (11.1.1) Configuration Wizard—you must specify the hostname for Oracle Internet Directory using only its fully qualified domain name (such as myhost.example.com). Do not use localhost
as the Oracle Internet Directory hostname even if Oracle Directory Integration Platform and Oracle Internet Directory are collocated on the same host.
If you use localhost
as the Oracle Internet Directory hostname, you will not be able to start the Oracle WebLogic Managed Server hosting Oracle Directory Integration Platform.
The foreign security principal file for Microsoft Active Directory, activeimp.cfg.fsp, that was included in Oracle Directory Integration Platform Release 10g, is not included in 11g Release 1 (11.1.1). This file is required if you are synchronizing entries from multiple domain controllers and also global groups involving foreign security principals as members. The activeimp.cfg.fsp should be in the $ORACLE_HOME/ldap/odi/conf/ directory.
To work around this issue, create the activeimp.cfg.fsp file by opening a text file and entering the following information
Note:
In the following example, DOMAIN_B and DOMAIN_C represent the trusted domains for DOMAIN_A. PROFILE_NAME_FOR_DOMAIN_B and PROFILE_NAME_FOR_DOMAIN_C represent the profiles used to synchronized domains B and C respectively.[INTERFACEDETAILS] Reader: oracle.ldap.odip.gsi.ActiveReader [TRUSTEDPROFILES] prof1: PROFILE_NAME_FOR_DOMAIN_B prof2: PROFILE_NAME_FOR_DOMAIN_C [FSPMAXSIZE] val: 1000 *
There are no known documentation issues at this time.