This chapter contains important, product-specific information available
at the time of release of Directory Server.
This section lists bugs fixed for this release.
The following bugs were fixed since the last release of Directory Server.
- 2065190
-
Issue with ;binary attributes and compliance
with RFC 1274.
- 2073877
-
Console process grows when adding users.
- 2077615
-
Console cannot display an access log greater than 60 MB when
a filter is used.
- 2078936
-
Log size settings over 2 GB do not work.
- 2081711
-
Directory Server crashes when a client sends a certificate
without an issuer DN.
- 2096858
-
Adding an entry crashes Directory Server.
- 2096883
-
Directory Server dumps core due to an incorrect search
performed by a plug-in.
- 2096891
-
Deadlock in access control plug-in.
- 2096903
-
Unable to configure pass-through authentication with URLs
containing the same suffix.
- 2096910
-
DN checking operation is not properly carried out by Directory Server.
- 2096948
-
Regression related to ignoring referrals.
- 2096972
-
ldapsearch -A fails against a chained database.
- 2096974
-
During shutdown, referential integrity plug-in can crash Directory Server.
- 2097033
-
VLV indexes are broken.
- 2097063
-
Binding with certificate authentication and a simple bind
can cause Directory Server to hang.
- 2097069
-
Replicated updates can stop replication.
- 2097104
-
Crash while deleting a browsing index.
- 2097113
-
Subtree plug-in logs superfluous postoperation warnings.
- 2097137
-
Referential Integrity plug-in does not allocate enough space
for internal search.
- 2097199
-
Password expiration does not completely prevent users from
binding.
- 2097204
-
Strange reverse DNS request issued at startup.
- 2097230
-
All attribute subtypes get deleted from index.
- 2097291
-
Directory Server dumps core in acl_access_allowed().
- 2097364
-
Wildcard searches work poorly with single character attribute
values.
- 2097365
-
Some wildcard searches trigger problems.
- 2097370
-
ldif2db -n userRoot -i test.ldif causes
a bus error.
- 2097382
-
ACIs and ACLs do not take extra whitespace into account.
- 2097440
-
Memory leak with persistent searches.
- 2097454
-
Directory Server dumps core when checking the history of
a clear text password.
- 2097508
-
Persistent search returns tombstone purging events.
- 2097539
-
Start TLS is not thread safe.
- 2097566
-
bak2db fails with nested directory databases.
- 2097599
-
Buffer Overflow in re_comp().
- 2097622
-
Significant memory leak.
- 2097653
-
Directory Server core dumps in preop_modify() when
the attribute uniqueness plug-in is active.
- 2097856
-
Directory Server crashes on receipt of an invalid PDU.
- 2098089
-
Substring index becomes corrupt if one of similar multiple
values is deleted.
- 2099319
-
Installation fails on HP-UX.
- 2099405
-
Replication commands should have a timeout parameter.
- 2099420
-
Crash when trimming the retro changelog.
- 2099426
-
Duplicate uid attribute values arise when
encryption is performed.
- 2099434
-
db2ldif -r removes the guardian file.
- 2101109
-
The audit log can fail to rotate as configured.
- 2101130
-
Access log rotation does not occur upon restart.
- 2101137
-
Some tombstone entries are not being purged.
- 2101144
-
Could not set referrals for replica errors.
- 2101156
-
Unable to release IDs on the consumer after the link is down
for more than 5 minutes.
- 2101162
-
VLV search based on empty container returns err=1.
- 2101166
-
Memory leak in search on suffix containing referral subsuffix.
- 2101187
-
Adding entry with "*" chars in DN field
incur full scan of tombstones.
- 2101191
-
repldisc does not properly work with multiple
instances on the same host.
- 2101202
-
A modify or delete of more than five values deletes all values.
- 2101217
-
Crash when removing a RUV when using multiple Solaris 9 x86
masters.
- 2101232
-
DENY macro ACI applies to entries that should not be affected.
- 2101246
-
Log settings for minimum free disk space do not work as expected.
- 2101260
-
Directory Server stops responding when LDAP search with
too many attributes is sent.
- 2101264
-
Search operation with "-" char in filter
leads to failure.
- 2101312
-
Link loss longer than five minutes causes consumer not to
sync after network recovery.
- 2101314
-
ADD not replicated, DEL cannot be replayed when using multi-master
replication over SSL.
- 2101332
-
Expiration time unit does not take the right default value.
- 2101395
-
Schema deletions not propagated correctly.
- 2101399
-
Consumers hang when schema is pushed over replication.
- 2106623
-
Transaction logs are not always deleted.
- 2112994
-
Special DN with ; and , crashes Directory Server.
- 2113363
-
Internal search causes Console to display warning.
- 2115512
-
Directory Server crashes when changelog trimming is enabled.
- 2118489
-
Master and consumer expand superior object class differently.
- 2118767
-
Slow import with complex DIT.
- 2119156
-
Directory Server crashes at startup in ACI code.
- 2119159
-
Crash occurs when reading the replication agreement.
- 2119577
-
Chaining downcasts DNs.
- 2120295
-
ACL does not work as expected if nested group is specified
as groupdn.
- 2120415
-
Directory Server exits after 4 GB realloc().
- 2120445
-
Directory Server crashes during a specific search when
adding a subsuffix.
- 2120502
-
Crash at startup when nsslapd-binary-mode is
set.
- 2120542
-
Unexpected password is expiring on consumer in %d
seconds message reported.
- 2120918
-
Inconsistency in replicated data between master and consumer.
- 2120950
-
Multiple password changes can lead to clear-text password.
- 2120951
-
Directory Server connection is unexpectedly down.
- 2121080
-
Crash when checking access control during modify operation.
- 2121115
-
Crash on consumer during schema replication if legacy replication
is enabled.
- 2121137
-
Updates to the retro changelog lost on master.
- 2121247
-
Excess warning messages about replay of operation already
seen.
- 2121679
-
Race condition occurs when closing connections.
- 2121953
-
Online index task request and simultaneous access control
search leads to hang.
- 2122537
-
Index corruption with very large number of matches.
- 2122698
-
Memory leak in individual password policies.
- 2123206
-
Crash in replication when difference between system clock
is greater than 24 hours.
- 2123826
-
Data inconsistency after restarting masters under load.
- 2123827
-
Crash when shutting down server as changelog is being trimmed.
- 2124111
-
Huge memory leak topology using old protocol with mixed versions.
- 2124113
-
Crash with DSML PDU larger than 2 KB.
- 2124476
-
Need a tool to check database integrity.
- 2124477
-
fildif cannot handle files larger than
2GB.
- 2124722
-
Replication halts and restarts with send update now.
- 2124725
-
Clean RUV task does not remove RUV with read-only replica
ID.
- 2124727
-
Deadlock between replica and connection locks.
- 2124730
-
Schema replication can miss changes.
- 2124731
-
Substring searches very slow.
- 2124740
-
mmldif delta files do not contain LDIF
update statements.
- 2124975
-
Crash while processing modification with retro changelog plug-in
turned on.
- 2125068
-
Memory leak when DN normalization fails.
- 2125161
-
db2ldif.pl -r can cause hang.
- 2125445
-
Adding and deleting an attribute in a single modify operation
is not replicated correctly.
- 2125722
-
Crash if resource limit for number of file descriptors is
dynamically increased.
- 2125809
-
Performance problems when doing searches with the en-US collation
rule.
- 2125848
-
Exit when allocating 4 GB to handle access control for a group
member.
- 2126520
-
Checkpoint forced even when no updates are performed.
- 2126571
-
CoS does not take effect for entries in nested organization.
- 2126669
-
Error during the creation of subsuffix or clone under a search
workload.
- 2126886
-
Deadlock in database while evaluating the ACLs during a modify
operation.
- 2127020
-
Replication may be slow to restart after a network outage.
- 2127266
-
A consumer does not detect there is pending operation and
when closing an idle replication connection.
- 2127456
-
Modification lost when using ldapmodify.
- 2127545
-
Performance issue when deleting non existent attribute.
- 2127627
-
Deleting multivalued attributes results in high etime.
- 2127691
-
Adding and deleting the same entry on replica can lead to
replication issues.
- 2127692
-
Performance degradation when purging tombstones in multi master
environment.
- 2128056
-
Deletion operation is not flagged as dependent on a previous
modification.
- 2128417
-
Retro Changelog plug-in fails to record changes if regular
replication is disabled.
- 2129137
-
Duplicate unique IDs can be generated.
- 2129138
-
Allow administrators to reset passwords.
- 2129139
-
Cannot stop or use master after total update fails when using
multi master replication over SSL.
- 2129140
-
Add the return code for errors that could not be logged in
the changelog.
- 2129141
-
Hub not replicating due to bad hub replica ID, 65535, in hub
RUV.
- 2129142
-
Lack of disk space causes looping in db2bak internal
task.
- 2129143
-
ACI returns incorrect results when fix is applied.
- 2129145
-
Bad server side sort performance when data contains many identical
values.
- 2129147
-
passwordRetryCount does not get incremented
when passwordResetFailureCount is set to 0.
- 2129148
-
Performance degradation in substring searches.
- 2129149
-
Memory leak with virtual attributes.
- 2129152
-
Searches for subtype attributes does not work correctly with nsslapd-search-tune enabled.
- 2129154
-
Restart of a fractional consumer breaks replication with configuration
error.
- 2129155
-
Crash within SASL bind check.
- 2129159
-
Hang when replication agreement is initialized from another
master.
- 2129161
-
Infrequent updates on standby replica can cause replication
to stop for prolonged periods.
- 2131372
-
Crash when referential integrity log file is truncated.
- 2131955
-
Hang when an error occurs during error log rotation.
- 2131982
-
No further adds possible after first empty replace operation
on single-valued, replicated attribute.
- 2132137
-
Crash in replicated operation.
- 2132359
-
Log rotation does not work correctly after restart.
- 2132568
-
Generated CSN is not systematically higher than previous CSN.
- 2132654
-
Some CoS attributes not generated for entries under nested
organizations.
- 2132657
-
Classic CoS under nested organization does not work as configured.
- 2132929
-
Bad default value for nsslapd-maxbersize.
- 2133109
-
Tools needed to monitor completeness, status, and availability
of servers in large, multi master deployments.
- 2133110
-
Schema checking on hubs should be enabled by default.
- 2133155
-
Invalid values are accepted for minimum password length in
individual password policies.
- 2133168
-
LDIF containing encrypted attribute values corrupts indexes
during import.
- 2133351
-
ldif2db has been seen to hang.
- 2133355
-
Deadlock between tombstone purging thread and access control
plug-in.
- 2133503
-
On Windows systems, DSML request fails when instance path
contains a space.
- 2134041
-
Crash when adding VLV index with incorrect vlvFilter.
- 2134409
-
Remote denial of service attack possible with large memory
allocation.
- 2134467
-
Partial replication can break when several suppliers are configured
for changelog trimming.
- 2134470
-
Merge during ldif2db skips keys due to
incorrect continuation block prefix.
- 2134480
-
Memory leak when index contains a continuation block.
- 2134648
-
The mmldif command should support huge
files.
- 2134901
-
Individual password policy specifies plain text, but password
in new entry is replicated in encrypted form.
- 2134918
-
CoS attribute not found on entries after online initialization.
- 2136223
-
Memory leak in ACI group member evaluation.
- 2136224
-
When nsslapd-db-transaction-batch-val is
set, transaction flush fails to enforce the limit.
- 2136869
-
Import can corrupt state of entries having userPassword attributes.
- 2138073
-
Incorrect page size computation creates indexes with many
overflow pages after a reindexing operation.
- 2138081
-
Substring performance requires improvement.
- 2138837
-
Entries can be skipped while importing an LDIF file generated
with db2ldif.pl -r.
- 2139899
-
ioblocktimeout not always enforced when
writing result over secure connection.
- 2139914
-
Potential crash when renaming corrupted child entry.
- 2140785
-
Memory leak when handling password histories.
- 2141919
-
Zero allocation error when retro changelog and TMR plug-in
is enabled.
- 2142817
-
Memory leak during LDAP write operations upon failure to update
a matching rule index.
- 2142904
-
Operational attribute entrydn added before
the entry is cached.
- 2143075
-
VLV searches leak memory.
- 2143076
-
Restore fails following binary copy when CN attribute does
not match case.
- 2143790
-
Memory leak in decryption code.
- 4537541
-
Retro changelog plug-in should be executed for selected backends.
- 4538988
-
Performance issues when searching for tombstone entries.
- 4541437
-
No feedback from import during delay processing large entries.
- 4541499
-
Allow more database configuration attributes to be set over
LDAP.
- 4542920
-
Provide a changelog purge vector over LDAP.
- 4738244
-
Allow a grace login period after passwords expire.
- 4748577
-
Allow complete replication configuration and management on
the command line.
- 4877553
-
Enable support for libwrap.
- 4881004
-
Set default changelog maximum age to seven days.
- 4882951
-
Provide frozen mode to allow file system snapshot backups.
- 4883062
-
Make it possible to import additional entries without initialization.
- 4925250
-
Incorrect error message when exporting a subtree with db2ldif
-s.
- 4951154
-
Modify performance degrades until all entries are modified.
- 4966365
-
Backend instances called default do not
work.
- 4972234
-
Allow account validation through an LDAP bind without the
user password.
- 5021269
-
Adding entries with object class nsTombstone can
cause replication to fail.
- 5045529
-
Support required for SASL/GSS encryption.
- 5063150
-
Make the SNMP agent work with the native operating system
agents.
- 5095192
-
Stopping Directory Server is sometimes slow during poll
for results in a replication session.
- 6197516
-
Need a way or a tool to monitor progress during recovery after
a crash.
- 6224962
-
More control needed over cache sizes.
- 6249904
-
Changelog database and other databases do not shrink even
after data is removed.
- 6252422
-
Role fails to work on consumer after online initialization.
- 6264095
-
Allow disabling of anonymous binds.
- 6272729
-
Need an attribute that shows the groups to which an entry
belongs.
- 6290382
-
Crash on startup with message trying to allocate
0 or a negative number of bytes.
- 6292118
-
Add port number in access log when a client connection is
created.
- 6296288
-
Need a non-intrusive way to count the number of active persistent
searches.
- 6321407
-
Document plug-in execution order.
- 6333657
-
Avoid traversing nscpentrydn index when
purging tombstones.
- 6341364
-
Log an error when using connection based access control and
the client list is not specified.
- 6343255
-
Remove the time bomb.
- 6370656
-
Display connection number under cn=monitor in
same format as access log.
- 6394412
-
Support a plug-in for password syntax checking.
- 6407613
-
changeNumber is not indexed by default.
- 6411228
-
Maximum connection backlog queue incorrectly hard coded as
128.
- 6442106
-
Crash while enabling replication.
The following bugs were found during the beta program, and subsequently
fixed.
This section lists known problems and limitations at the time of release.
This section lists product limitations. Limitations are not always associated
with a change request number.
This section lists known issues. Known issues are associated with a
change request number.
- 2113177
-
Directory Server has been seen to crash when the server
is stopped while performing online export, backup, restore, or index creation.
- 2133169
-
When entries are imported from LDIF, Directory Server does
not generate createTimeStamp and modifyTimeStamp attributes.
LDIF import is optimized for speed. The import process does not generate
these attributes. To work around this limitation, add rather than import the
entries. Alternatively, preprocess the LDIF to add the attributes before import.
- 2134435
-
The pwdChangedTime attribute and usePwdChangedTime attribute are defined in Directory Server 5 2004Q2, 2005Q4,
and the current version. These attributes are not defined in earlier versions.
When an entry is defined with password expiration in a version where these
attributes are defined, the entry contains the pwdChangedTime attribute
and usePwdChangedTime attribute. When that entry is replicated
to a supplier that runs an earlier version, the supplier cannot process any
modifications to that entry. A schema violation error occurs because the supplier
does not have the pwdChangedTime attribute in its schema.
Note –
usePwdChangedTime is no longer used. Instead,
the operational attribute pwdChangedTime is updated whenever
the password is modified.
To work around this issue, define the pwdChangedTime attribute
and usePwdChangedTime attribute in the 00core.ldif file.
You must define these attributes for all servers in the replication topology
that run a version that does not define these attributes. The attribute type
definitions are as follows.
attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16
NAME 'pwdChangedTime'
DESC 'Directory Server defined password policy attribute type'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE
USAGE directoryOperation
X-DS-USE 'internal'
X-ORIGIN 'Sun Directory Server' )
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.597
NAME 'usePwdChangedTime'
DESC 'Directory Server defined attribute type'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-DS-USE 'internal'
X-ORIGIN 'Sun Directory Server' )
Do not migrate new servers to the new password policy while older servers
are still present in the replication topology.
- 2144251
-
Demoting a replica to be a dedicated, read-only consumer,
then promoting the server again can break replication.
- 4703503
-
If you use a zero-length password to bind to a directory,
your bind is an anonymous bind. This bind is not a simple bind. Third party
applications that authenticate users by performing a test bind might exhibit
a security hole if such applications are not aware of this behavior.
- 4979319
-
Some Directory Server error messages refer to the Database
Errors Guide, which does not exist. If you cannot understand the
meaning of a critical error message that is not documented, contact Sun support.
- 6358392
-
When removing software, the dsee_deploy uninstall command
does not stop or delete existing server instances.
To work around this limitation, follow the instructions in the Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide.
- 6366948
-
Directory Server has been seen to retain pwdFailureTime values on a consumer replica, even after the attribute values have
been cleared on the supplier replica. The values remain after the modification
of userPassword has been replicated.
- 6395603
-
When installing software from the zip distribution, do not
use the -N (--no-cacao) option if you intend
subsequently to manage servers with Directory Service Control Center. The Common Agent Container
cannot be installed separately later.
- 6401484
-
The dsconf accord-repl-agmt command cannot
align authentication properties of the replication agreement when SSL client
authentication is used on the destination suffix.
To work around this issue, store the supplier certificate in the configuration
on the consumer, following these steps. The examples command shown are based
on two instances on the same host.
-
Export the certificate to a file.
The following
example shows how to perform the export for servers in /local/supplier and /local/consumer.
$ dsadm show-cert -F der -o /tmp/supplier-cert.txt /local/supplier defaultCert
$ dsadm show-cert -F der -o /tmp/consumer-cert.txt /local/consumer defaultCert
|
-
Exchange the client and supplier certificates.
The
following example shows how to perform the exchange for servers in /local/supplier and /local/consumer.
$ dsadm add-cert --ca /local/consumer supplierCert /tmp/supplier-cert.txt
$ dsadm add-cert --ca /local/supplier consumerCert /tmp/consumer-cert.txt
|
-
Add the SSL client entry on the consumer, including the supplierCert certificate on a usercertificate;binary attribute,
with the proper subjectDN.
-
Add the replication manager DN on the consumer.
$ dsconf set-suffix-prop suffix-dn repl-manager-bind-dn:entryDN
|
-
Update the rules in /local/consumer/alias/certmap.conf.
-
Restart both servers with the dsadm start command.
- 6410741
-
Directory Service Control Center sorts values as strings. As a result, when you
sort numbers in Directory Service Control Center, the numbers are sorted as if they were strings.
An ascending sort of 0, 20, and 100 results in the list 0, 100, 20.
A descending sort of 0, 20, and 100 results in the list 20, 100, 0.
- 6415184
-
Directory Server instances with multibyte names can not
be registered in Directory Service Control Center.
To work around this issue, configure the Common Agent Container as follows.
# cacaoadm stop
# cacaoadm set-param java-flags="-Xms4M -Xmx64M -Dfile.encoding=utf-8"
# cacaoadm start
|
- 6416407
-
Directory Server does not correctly parse ACI target DNs
containing escaped quotes or a single escaped comma. The following example
modifications cause syntax errors.
dn:o=mary\"red\"doe,o=example.com
changetype:modify
add:aci
aci:(target="ldap:///o=mary\"red\"doe,o=example.com")
(targetattr="*")(version 3.0; acl "testQuotes";
allow (all) userdn ="ldap:///self";)
dn:o=Example Company\, Inc.,dc=example,dc=com
changetype:modify
add:aci
aci:(target="ldap:///o=Example Company\, Inc.,dc=example,dc=com")
(targetattr="*")(version 3.0; acl "testComma";
allow (all) userdn ="ldap:///self";)
Examples with more than one comma that has been escaped have been observed
to parse correctly, however.
- 6428448
-
The dpconf command has been seen to display
the Enter "cn=Directory Manager" password: prompt twice
when used in interactive mode.
- 6435416
-
When running server management commands in the French locale,
some messages displayed by the commands are missing apostrophes.
- 6443229
-
Directory Service Control Center does not allow you to manage PKCS#11 external
security devices or tokens.
- 6446318
-
SASL authentication has been seen to fail on Windows systems
when SASL encryption is used.
- 6448572
-
Directory Service Control Center fails to generate a self-signed certificate when
you specify the country.
- 6449828
-
Directory Service Control Center does not properly display userCertificate binary
values.
- 6468074
-
The configuration attribute name, passwordRootdnMayBypassModsCheck, does not reflect that the server now allows any administrator
to bypass password syntax checking when modifying another user's password
when the attribute is set.
- 6468096
-
Do not set LD_LIBRARY_PATH before installing
from the zip distribution or using the dsadm command.
- 6469296
-
The Directory Service Control Center feature that allows you to copy the configuration
of an existing server does not allow you to copy the plug-in configuration.
- 6469688
-
On Windows systems, the dsconf command
has been seen to fail to import LDIF with double-byte characters in the LDIF
file name.
To work around this issue, change the LDIF file name so that it does
not contain double-byte characters.
- 6475244
-
When using a browser running in Chinese, Japanese, or Korean
locales, logs generated by Directory Service Control Center when creating a server instance contain
garbage.
To work around this issue perform the following commands on the Common
Agent Container where the new server instance is to be created.
cocaoadm stop
cacaoadm set-param java-flags="-Xms4M -Xmx64M -Dfile.encoding=utf-8"
cacaoadm start
|
- 6478568
-
The dsadm enable-service command does not
work correctly with Sun Cluster.
- 6478586
-
When using a browser running in the French locale, duplicate
apostrophes appear in Directory Service Control Center.
- 6480753
-
The dsee_deploy command has been seen to
hang while registering the Monitoring Framework component into the Common
Agent Container.
- 6482378
-
The supportedSSLCiphers attribute on the
root DSE lists NULL encryption ciphers not actually supported by the server.
- 6482888
-
Unless you start Directory Server at least once, the dsadm enable-service fails to restart Directory Server upon system
reboot.
- 6483290
-
Neither Directory Service Control Center nor the dsconf command
allows you to configure how Directory Server handles invalid plug-in signatures.
Default behavior is to verify the plug-in signatures, but not to require that
they are valid. Directory Server logs a warning for invalid signatures.
To change the server behavior, adjust the ds-require-valid-plugin-signature and ds-verify-valid-plugin-signature attributes
on cn=config. Both attributes take either on or off.
- 6485560
-
Directory Service Control Center does not allow you to browse a suffix that is
configured to return a referral to another suffix.
- 6488197
-
After installation and after server instance creation on Windows
systems, the file permissions to the installation and server instance folder
allow access to all users.
To work around this issue, change the permissions on the installations
and server instance folders.
- 6488262
-
The dsadm autostart command fails when
multiple instances are specified, and the command fails for one of the instances.
- 6488263
-
The dsadm autostart command does not support
white space in the instance file name.
- 6488303
-
The dsmig command has been seen not to
migrate values for some configuration attributes that are not identified in
the upgrade and migration documentation.
The following configuration attributes are concerned:
-
nsslapd-db-durable-transaction
-
nsslapd-db-replication-batch-val
-
nsslapd-disk-low-threshold
-
nsslapd-disk-full-threshold
- 6489776
-
After a total update on master replica bearing significant
write load, in some cases the generation ID for the master having undergone
total update is not set properly. As a result, replication fails.
- 6490653
-
When enabling referral mode for Directory Server by using Directory Service Control Center through
Internet Explorer 6, the text in the confirm referral mode window is truncated.
To work around this issue, use a different browser such as Mozilla web
browser.
- 6490762
-
After creating or adding a new certificate, Directory Server must
be restarted for the change to take effect.
- 6491849
-
After upgrading replica, and moving servers to new systems,
you must recreate replication agreements to use new host names. Directory Service Control Center lets
you delete the existing replication agreements, but does not allow you to
create new agreements.
- 6492894
-
On Red Hat systems, the dsadm autostart command
does not always ensure that the server instances start at boot time.
- 6492939
-
Directory Server does not properly handle Chinese multibyte
character in strings for database names, file names, and path names.
To work around this issue when creating a Directory Server suffix
having Chinese multibyte characters, specify a database name that has no multibyte
characters. When creating a suffix on the command line, for example, explicitly
set the --db-name option of the dsconf create-suffix command.
$ dsconf create-suffix --db-name asciiDBName multibyteSuffixDN
|
Do not use the default database name for the suffix.
- 6493957
6493977
-
On Windows systems when Directory Server is enabled as
a service, do not use the dsadm cert-pwd-prompt=on command.
- 6494027
-
The following replication error messages have been seen to
persist on agreements with a consumer even after a total update is performed
on the consumer.
Error sending replication updates. Error Message: Replication error
updating replica: Unable to start a replication session : transient
error - Failed to get supported proto. Error code 907.
Operational Status Error sending updates to server host:port. Error:
Replication error updating replica: Incremental update session abored :
fatal error - Send extended op failed. Error code: 824.
To eliminate the messages, disable the replication agreement, and then
enable the replication agreement.
- 6494448
-
When stopping multiple master replica under heavy load in
a multi master replication configuration, the servers may take several minutes
to stop.
- 6494984
-
After an import operation is performed on a master where read-write-mode is set to read-only, Directory Server fails
to restart.
- 6494997
-
The dsconf command does not prompt for
the appropriate dsSearchBaseDN setting when configuring
DSML.
- 6495004
-
On Windows systems, Directory Server has been seen to fail
to start when the base name of the instance is ds.
- 6495459
-
You must configure DSML before you can monitor DSML with Java ES Monitoring
Framework.
- 6496916
-
When using a browser running in a Chinese locale, the More
on Server Groups link in Directory Service Control Center is incorrect, leading to an application
error page.
- 6497053
-
When installing from the zip distribution, the dsee_deploy command does not provide an option to configure SNMP and stream
adaptor ports.
- 6497894
-
The dsconf help-properties command is set
to work properly only after instance creation. In addition, the correct list
of values for the dsml-client-auth-mode command should
be client-cert-first | http-basic-only | client-cert-only.
- 6498537
-
In order to use Directory Service Control Center on Windows XP systems, the guest
account must be disabled. Additionally, the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ForceGuest must be set to 0 in order for authentication to succeed.
- 6500297
6500301
-
After installing from the zip distribution on Solaris and
Red Hat systems, Directory Server does not appear through SNMP after the
Common Agent Container, cacao, is restarted.
To work around this issue on Solaris systems, apply all recommended
patches listed in Directory Server, Directory Proxy Server, and Directory Server Resource Kit Operating System Requirements.
- 6501893
-
Output of the entrycmp, fildif, insync, mmldif, and ns-accountstatus commands
are not localized.
- 6501900
6501902
6501904
-
Some output displayed by the dsccmon, dsccreg, dsccsetup, and dsccreg commands
is not localized.
- 6503595
-
After accessing Directory Service Control Center for the first time and registering
a Directory Server instance, a warning and an exception are written to
the Sun Java Web Console logs.
You can ignore safely ignore the warning, failed to retreive
"server-pid" from command ouptut, and the exception. The exception
output appears as follows.
StandardWrapperValve[wizardWindowServlet]: Servlet.service() for servlet
wizardWindowServlet threw exception
java.lang.IllegalStateException: Cannot forward after response has been
committed
- 6503558
-
When setting up Directory Service Control Center in a locale other than English,
log messages concerning creation of the Directory Service Control Center Registry are not fully
localized. Some log messages are shown in the locale used when setting up Directory Service Control Center.
- 6506020
-
After manual reboot following installation on a Windows system
with the Java ES installer, Directory Server is not running.
However, Directory Server can appear to be running in the Task Manager.
When this occurs, Directory Server cannot be restarted from the Task Manager.
To work around this issue, remove the process ID file from the logs folder.
- 6506043
-
The dsmig migrate-data -R -N command has
been seen to fail when upgrading from Directory Server 5 2005Q1.
To work around failures in automatic data migration, migrate the data
manually as described in Chapter 3, Migrating Directory Server Manually, in Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide.
- 6507312
-
On HP-UX systems, applications using NSPR libraries crash
and dump core after investigation with gdb. The problem
occurs when you attach gdb to a running Directory Server instance,
then use the gdb quit command.
- 6507803
-
When accessing Directory Service Control Center through Internet Explorer 6, saving
index configuration changes for a suffix causes a null error to appear. The
progress window for the operation appears to freeze.
To work around this issue, access Directory Service Control Center through a different browser,
such as a Mozilla-based browser.
- 6507817
-
When you edit a directory entry through Directory Service Control Center, if the
entry is simultaneously changed by some other method, refreshing the display
does not show the changes.
- 6508042
-
Directory Service Control Center has been seen to show incorrect status for the
User-Changeable field of Global Password Policy, pwd-user-change-enabled.
To work around this issue, use the dsconf(1M) command to read the pwd-user-change-enabled server property.
$ dsconf get-server-prop -w /tmp/ds.pwd pwd-user-change-enabled
pwd-user-change-enabled : off
|
- 6510594
-
When upgrading from Directory Server 5.2, if you have a
certificate database that contains no trusted certificates, the dsmig
migrate-config command fails. This problem can occur when you have
created a certificate database, but never used the database, nor set up SSL.
To work around this issue, follow these steps.
-
Remove the new, empty Directory Server 6 instance.
-
Rename the ServerRoot/alias/slapd-serverID-cert8.db and ServerRoot/alias/slapd-serverID-key3.db files that the Directory Server 5.2
instance uses.
$ cd ServerRoot/alias
$ mv slapd-serverID-cert8.db slapd-serverID-cert8.db.old
$ mv slapd-serverID-key3.db slapd-serverID-key3.db.old
|
-
Perform the upgrade and migration process again.
- 6513644
-
On HP-UX systems, Directory Service Control Center has been seen to show a null
pointer exception error message when starting and stopping a Directory Server instance.
The error affects Directory Service Control Center, not the Directory Server instance.
- 6519263
-
When migrating a Directory Server configuration, the dsmig migrate-config command fails if the -R option
is used but not all suffixes in the existing configuration are replicated.
To work around this issue, perform the following steps.
-
Stop the old server.
-
In the old server instance, dse.ldif configuration
file entry with DN cn=changelog5,cn=config comment out
the following attributes using hash marks, #.
#nsslapd-changelogmaxage: ...
#nsslapd-changelogmaxentries: ...
-
Make a note of the values for these attributes.
-
Migrate the server configuration using the dsmig
migrate-config command.
-
On the new server instance, for every suffix that has a configuration
entry with DN of the form cn=replica,cn=suffix-dn,cn=mapping tree,cn=config, run the following
commands.
$ dsconf set-suffix-prop -p port suffix-dn repl-cl-max-age:old-value
|
Here old-value means the value of nsslapd-changelogmaxage in the old server instance.
$ dsconf set-suffix-prop -p port suffix-dn repl-cl-max-entry-count:old-value/nbr-suffixes
|
Here old-value means the value of nsslapd-changelogmaxentries in the old server instance. nbr-suffixes is
the total number of replicated suffixes.
- 6523245
-
Directory Server does not allow you to enable password
quality checking alone without at least one other password policy feature.
To work around this issue, enable at least one additional password policy
feature when you enable password quality checking. The following example enables
password quality checking, and also enforces a minimum age before the password
is changed.
$ dsconf set-server-prop pwd-check-enabled:on pwd-min-age:1h
|
Télécharger cet ouvrage au format PDF (777 Ko)