/
/ $Header: README_OID.txt 22-aug-00.12:07:36 akeni Exp $
/
/ README_OID.txt
/
/ Copyright (c) Oracle Corporation 2000. All Rights Reserved.
/
/   NAME
/     README_OID.txt - <one-line expansion of the name>
/
/   DESCRIPTION
/     <short description of component this file declares/defines>
/
/   NOTES
/     <other useful comments, qualifications, etc.>
/
/   MODIFIED   (MM/DD/YY)
/   akeni       08/22/00 - Release Note for OiD 2.1.1
/   akeni       08/22/00 - Creation
/


                      Oracle Internet Directory
     Release 2.1.1.0.0 (for Oracle 8.1.7) on Sun Sparc Solaris 2.6
                           August 14th, 2000
     -------------------------------------------------------------
              Copyright (C) Oracle Corporation 2000,2001


This software/documentation contains proprietary information of Oracle
Corporation; it is provided under a license agreement containing restrictions on
use and disclosure and is also protected by copyright law. Reverse engineering
of the software is prohibited.

If this software/documentation is delivered to a U.S. Government Agency of the
Department of Defense, then it is delivered with Restricted Rights and the
following legend is applicable:

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the Government is subject to restrictions as
set forth in subparagraph (c)(1)(ii) of DFARS 252.227-7013, Rights in Technical
Data and Computer Software (October 1988).

If this software/documentation is delivered to a U.S. Government Agency not
within the Department of Defense, then it is delivered with "Restricted Rights,"
as defined in FAR 52.227-14, Rights in Data - General, including Alternate III
(June 1987).

Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065.

The information in this document is subject to change without notice. If you
find any problems in the documentation, please report them to us in writing.
Oracle Corporation does not warrant that this document is error free.

Oracle, Oracle8, Oracle8I are trademarks of Oracle Corporation. 
All trade names referenced are the service mark, trademark, or registered
trademark of the respective manufacturer.

-------------------------------------------------------------------------------

TABLE OF CONTENTS
===================

0. Introduction
        0.1 About Oracle Internet Directory
        0.2 About this README
        0.3 Cover Letter and Licensing
        0.4 Oracle Internet Directory, 2.1.1.0.0 Documentation

1. Installation Process
        1.1 Fresh Installation
        1.2 Upgrade Installation

2. OID Server 2.1.1.0.0
        2.1 DATABASE COMPATIBILITY
        2.2 LDAP SERVER NEW FEATURES and ENHANCEMENTS
        2.3 REPLICATION NEW FEATURES and ENHANCEMENTS
        2.4 LDAP SERVER LIMITATIONS
        2.5 REPLICATION LIMITATIONS
        2.6 LOG FILE LOCATIONS

3. OID Client 2.1.1.0.0
        3.1 LDAP TOOLS LIMITATIONS
        3.2 LDAP TOOLS ENHANCEMENTS
        3.3 ORACLE DIRECTORY MANAGER (oidadmin)
        3.4 ORACLE INTERNET DIRECTORY PL/SQL API (DBMS_LDAP)

4. Windows 95, 98, 2000 and NT specific issues

5. Corrections to Oracle Internet Directory Administrator's Guide (Release 2.1.1)

----------------------------------------------

0. Introduction
============

0.1 About Oracle Internet Directory
-----------------------------------
Oracle Internet Directory version 2.1.1.0.0 is an LDAP-v3 compliant
directory server that is powered by Oracle8i. It exploits the Oracle RDBMS
technology to achieve scalability and sophisticated data management
capabilities. OID version 2.1.1.0.0 is a special version of Oracle Internet
Directory bundled with the Oracle 8i version 8.1.7.0.0 release for the
purpose of fulfilling the directory needs of Oracle 8i directory enabled
products.

There are two components of Oracle Internet Directory:
        - OID Server 2.1.1.0.0
                This component installs the Oracle Internet Directory
                LDAP server and all of its related components.
        - OID Client 2.1.1.0.0
                This component installs the LDAP client and administration
                tools required for accessing and managing data in Oracle
                Internet Directory remotely. The files installed as part of
                client installation are a subset of the files that would be
                installed as part of the server installation.


0.2 About this README
---------------------
This README file is relevant only to the Oracle Internet Directory version
2.1.1.0.0 and its integral components delivered as part of the 8.1.7.0.0
software bundle.

This README documents any differences between the shipped software (and its
integral parts) and its documented functionality, as well as fixed
bugs, and known problems and workarounds. This README file is provided in
lieu of release notes, system bulletins, or similar publications.


0.3 Cover Letter and Licensing
------------------------------
Please read the cover letter that may be included with your Oracle8i
(8.1.7.0.0) software distribution. It may contain important information
about the licensing terms of Oracle Internet Directory 2.1.1.0.0.


0.4 Oracle Internet Directory, 2.1.1.0.0 Documentation
------------------------------------------------------
The following documentation should be used with this release of
Oracle Internet Directory:

- Oracle8i Installation Guide (Release 8.1.7)        

- Oracle8i Administrator's Reference (Release 8.1.7)

- Oracle Internet Directory Administrator's Guide (Release 2.1.1)

- Oracle8i Administrator's Guide (Release 8.1.7)

- Oracle8i Reference (Release 8.1.7)

- Oracle Internet Directory Application Developer's Guide (Release 2.1.1)


1.0 INSTALLATION PROCESS:
=========================

1.1 FRESH INSTALLATION
----------------------

1.1.1 HOW TO SELECT OID 2.1.1.0.0 COMPONENTS FOR INSTALLATION
        In the 8.1.7 CD, OID Server 2.1.1.0.0 is located under 
        "Oracle8i Management and Integration" option. A dedicated 
        database installation is recommended for OID, but you do not 
        need to perform this database installation as a separate step; 
        the OID installation process will automatically install a 
        dedicated database for you. If you have selected OID Server
        for installation, you do not need to install the OID Client
        package.
 
        OID Client 2.1.1.0.0 is located under "Oracle8i Client 8.1.7.0.0"
        option. OID Client will be installed if you select either the 
        "Administrator" or the "Custom" option.
	
1.1.2 INSTALLING OID ON TOP OF A PRE-EXISTING 8.1.7 DATABASE
        You may use an existing 8.1.7 database that resides in the same 
        ORACLE_HOME for OID usage.  The database needs to be up and
        running before you start the installer and it must be using the UTF8
        character set.  When providing the SID to identify the DB instance,
        use upper-case letters.

1.1.3 INSTALLER CANNOT INSTALL OID AGAINST A REMOTE DATABASE
        In order to get OID 2.1.1.0.0 to work against a remote database,
        you must perform an installation of OID and the database on the
        local machine as well as the remote machine. After both installations
        have completed, the OID running on the first machine can be
        configured by the administrator to connect to the database
        running on the second machine by making appropriate entries in the
        tnsnames.ora file.

1.1.4  WINDOWS-SPECIFIC PRE-INSTALLATION REQUIREMENTS
        Make sure that ORACLE_HOME is not set in the Windows system environment. If this is set,
        then it causes Net8 Configuration Assistant to hang.

1.1.5 CUSTOM INSTALLATION
        During a custom installation of OID, DBCA will be launched in its
        custom mode.  The SID and global database name that you have 
        selected earlier during the installation will appear.  Do not change
        these values.  Otherwise, OIDCA will fail.

1.1.6 POST-INSTALLATION CONFIGURATION TOOL
        NetCA - In a typical installation of OID, select typical configuration.
        Do not perform Directory Service Access Configuration when installing
        OID.

1.1.7 INSTALLATION OF ORACLE SPECIFIC SCHEMA IN THE DIRECTORY.
        For all installation types, the OID installation process will
        load the product specific schema required for other products
        in the 8.1.7 bundle. This schema is backwards compatible with
        Oracle products shipped with the 8.1.6 bundle.
        The LDAP schema loading is done automatically at the end
        of the installation. If this step does not go through, then the
        following files should be loaded into the directory in the
        order listed:
		$ORACLE_HOME/ldap/admin/oidbaseacl.ldif
					-> this implements the default
					   security policy.
		$ORACLE_HOME/ldap/admin/oidbase.ldif
					-> this loads the common schema
					   required by all Oracle LDAP
					   enabled products.
		$ORACLE_HOME/ldap/admin/oidnet.ldif  
					-> this loads the schema required
					    for LDAP support in Net8.
		$ORACLE_HOME/ldap/admin/oidrdbms.ldif
					-> this loads the schema required
					   for Oracle8i RDBMS to use
					   Oracle Internet Directory.
        The above scripts can be launched collectively using 
		$ORACLE_HOME/ldap/admin/schema_ext.sh

1.1.8 SILENT INSTALLATION
        For a typical installation, you need to use omioid.rsp along with net8ca.rsp 
        which controls the behavior of NetCA.  The location of this net8ca.rsp file
        is needed in omioid.rsp.  For a custom installation, you need to use 
        omicustom.rsp along with net8ca.rsp and dbca.rsp for NetCA and DBCA
        respectively.  The location of these files are needed in omicustom.rsp.

1.1.9 OID 2.1.1.0.0 DOES NOT SUPPORT DOWNGRADE
	OID 2.1.1.0.0 does not support downgrade to earlier versions of OID.


1.2 UPGRADE INSTALLATION
------------------------

1.2.1 2.0.4/2.0.6
        OID 2.1.1.0.0 supports upgrade from OID release 2.0.4.0.0 and 2.0.6.0.0.
        To upgrade from an older version, select OID 2.1.1.0.0 to be installed in 
        the same ORACLE_HOME and the installer will prompt the user for an upgrade.

1.2.2 Errors regarding the invocation of certain makefiles may appear during 
        de-installation of products from the existing installation.  Please ignore them
        by clicking on "Ignore" to proceed.

1.2.3 During installation, the installer complains with the following error message:
        "Error in creating link from <some location>/jre/1.1.8 to <$ORACLE_HOME>/JRE".
        Please remove $ORACLE_HOME/JRE from another window, then click on the
        "Retry" button to proceed.

1.2.4 Installer cannot verify neither the "ods" user password nor the OID Administrator
        password as you enter them.  Please be extra careful.  Invalid passwords will
        cause the OID Upgrade Assistant to fail.

1.2.5 ORACLE DATA MIGRATION ASSISTANT (ODMA) HANGS DURING UPGRADE
	If ODMA hangs during the upgrade.  The following steps needs to be carried out
	manually to restore the database.  
	1)  When ODMA prompt the user to take a backup of the existing database, select
	    to do so and ODMA will create a database restore script
	2)  If ODMA hangs, manually kill the installation process.
	3)  Run the database restore script created in step 1) to restore the database
	4)  Manually execute $ORACLE_HOME/ldap/postcfg/OidUpgrade to finish the rest of
	    the upgrade procedures

1.2.6 During OID Upgrade Assistant, the progress meter stays at "4%" for a considerable
         amount of time due to the execution of $ORACLE_HOME/rdbms/admin/catrep.sql.

1.2.7 The following files in $ORACLE_HOME/network/admin are modified during 
        the upgrade procedure by the Oracle Data Migration Assistant:
               - listener.ora
               - tnsnames.ora
               - sqlnet.ora
        The original files are backed up in the same directory as
               <filename><date_time of backup>.ora.bak
        Please restore these files and restart the listener before starting up OID.

1.2.8 After exiting the installer from an upgrade, user must run
        "$ORACLE_HOME/ldap/bin/cryptupgrd.sh".  The script takes the service name and the
        "ods" user password as inputs.  If step 1.2.5 is not carried out properly, 
        the script may hang.  Abort the script and try again with the appropriate
        service name.

1.2.9 After an upgrade, the password of the super user (cn=orcladmin), guest
        user, and the proxy user will be reset to their respective value.  In an
        LDIF-based upgrade, the above passwords and the password for the "ods" 
        database user will be reset.

1.2.10 In an LDIF-based upgrade, "backup_oid.sh" does not export the configsets.
        hence the configsets must re-created by the user after the upgrade.

1.2.11 In an LDIF-based upgrade, the "cn=oracleschemaversion" subtree is exported by
        "backup_oid.sh" into $ORACLE_HOME/ldap/load/orcl_schemaver.ldif.  However,
        "restore_oid.sh" does not restore this subtree.  Any user-defined entries in 
        $ORACLE_HOME/ldap/load/orcl_schemaver.ldif must be manually added through the
        OID server.

1.2.12 During the transient period of a multi-node upgrade in a replication environment,
        do not use the new password encryption scheme until the entire network has
        been upgraded.  Otherwise, inconsistencies in password values will occur,
        disabling authentication.


2.0 OID SERVER 2.1.1.0.0
=========================
OID Server 2.1.1.0.0 includes all the executables required to run
the LDAP server and associated components from an Oracle Home.


2.1 DATABASE COMPATIBILITY
--------------------------
        OID Server 2.1.1.0.0 is certified to work against Oracle8i, release 8.1.7 only.
        The database being used as the data-store for OID should be dedicated for OID,
        and should NOT be enabled to lookup user information in the LDAP server by
        using an LDAP enabled program, such as the Oracle Advanced Security option.


2.2 LDAP SERVER NEW FEATURES and ENHANCEMENTS
---------------------------------------------

2.2.1 USE OF LANGUAGE CODE (RFC 2596) IS NOW SUPPORTED
        Oracle Internet Directory Server allows use of language codes to store values for 
        same attribute in different languages as defined in RFC 2596.  Users can now store 
        and query data with appropriate language codes.

2.2.2.1 SUPPORT FOR REFERRALS IN LDAPSEARCH, LDAPADD, LDAPDELETE
and LDAPMODIFY.

        Referral support is now available for LDAP v3 clients.  All referral objects
        below the base of the search will be returned as part of an ldapsearch request.

2.2.2.2 REFERRAL SUPPORT IN LDAPSEARCH FOR LDAPv2 CLIENTS
        OID supports returning referrals to LDAP v2 clients as defined in the 
        document http://www.umich.edu/~dirsvcs/ldap/doc/other/ldap-ref.html. OID uses 
        LDAP_PARTIAL_RESULT (0x09) return code to indicate that the additional 
        information  field of LDAP Message contains the referral information.

2.2.2.3 SUPPORT FOR manageDSA CONTROL TO ADMINISTER REFERRALS IN OID
        Directory administrators can use manageDSA control to administer REFERRALS in
        OID. If manageDSA control is set in the ldapsearch operation, OID returns
        referrals as regular entries.  The control type for manageDSA control is
        2.16.840.1.113730.3.4.2.

2.2.3 ENHANCED PASSWORD ENCRYPTION SUPPORT
        OID supports multiple encryption schemes to encrypt userPassword values. Directory 
        administrators can choose one of the following schemes as the default encryption scheme.
        Supported encryption schemes are: 
        No Encryption, MD5, SHA-1 or UNIX Crypt.   
        Note: Directory administrators can change  the default encryption scheme at anytime.

2.2.4 PERFORMANCE ENHANCEMENT FOR COMPLEX QUERIES

        The following filter types will see a performance improvement in this release :

        1.  All simple AND filter types with and without NOT filters.  Some examples are
        as follows :
                 "(&(postalcode=wx*)(cn=hm))",
                 "(&(postalcode=*)(!(sn=johnson))"
        2.  Simple OR filters with no NOT filters and the OR operator applying
        only to the same attribute type.  Some examples are as follows :
                "(|(objectclass=person)(objectclass=inetorgperson))",
                "(|(postalcode=*wv*)(postalcode=B1 9XX))"
        Some examples of simple OR filters that will not see performance difference
        are as follows :
                "(|(objectclass=person)(postalcode=*))" , => different attribute types
                "(|(!(postalcode=B1 9XX))(postalcode>=1000))",   => Not filter present
        3.  Compound AND filters containing simple OR filters, the limitation on the
        simple OR filters being mentioned in case 2. above.  For example:
        "(&(objectclass=inetorgperson)(cn=hm)(|(postalcode=*wv*)(postalcode=*XX))
          (!(sn=johnson)))"


2.2.5 SUPPORT FOR DEFAULT REFERRALS IN LDAPSEARCH.

       Administrators can configure default referral in OID by creating a 'ref' attribute
       containing host name and port of other known OID directory server in the
       referral network.  The 'ref' attribute should be created in the DSE (Root) Entry.

      OID will return the value of this "default referral" attribute only if:
      a. the entry being searched for cannot be found in the directory,
      AND
      b. the entry being searched for does not belong to a naming context found in the
      'namingcontexts' attribute, also defined in the Root DSE.

      For example, if the 'namingcontexts' attribute contains values "c=jp"
      but not "c=us" or "c=uk", then the value of the 'ref' attribute will be returned
      for any searches requesting information under naming contexts "c=us" or "c=uk".

      Searches for entries under "c=jp" will either succeed or return "No such object"
      to the requesting client.

      See http://www.ietf.org/rfc/rfc2255.txt for the supported syntax for ref attribute
      values.

2.2.6 SUPPORT FOR RUN TIME DEBUG LEVEL SWITCH
      Directory Administrators can now modify the debug level of Oracle Internet
      Directory Server by setting the 'orcldebugflag' parameter in ROOT DSE
      entry with a different debug level. The change will take effect without needing to
      restart the Server. The old orcldebuglevel parameter in Oracle Internet configset
      has been removed.

2.2.7 SUPPORT FOR RESOLVING OBJECTCLASS HIERARCHY WHILE ADDING OBJECTS
      Oracle Internet Directory support exploding objectClasses hierarchy when 
      adding a new entry. The users can choose to specify only the leaf node in 
      the objectClass hierarchy and based on the schema definition of this objectClass, 
      Oracle Internet Directory will resolve all other objectClasses for the entry.


2.3 REPLICATION NEW FEATURES and ENHANCEMENTS
---------------------------------------------

2.3.1 REPLICATION CYCLE FOR HUMAN INTERVENTION QUEUE IS NOW CONFIGURABLE
        Changes which fail to be applied a number of times on the consumer
        directory are moved into a 'human intervention queue'. Those changes
        will then be re-attempted at a configurable interval as defined in the
        orclHIQSchedule parameter in the Replication Agreement. orclHIQSchedule is
        defaulted to 10 minutes.

2.3.2 HUMAN INTERVENTION QUEUE MANIPULATION TOOL IS NOW AVAILABLE
        Changes being in 'human intervention queue' can now be moved to 'purge queue' 
        if no longer needed, or moved to 'retry queue' if need be re-attempted at a higher
        frequency.

2.3.3 REPLICATION RECONCILIATION TOOL IS NOW AVAILABLE
          Oracle Internet Directory can now repair inconsistent data between different
        directories. You can use the new OID reconciliation tool to synchronize the entries
        on the consumer node with those on the supplier node. This tool can be used to 
        repair a leaf entry as well as the entire subtree.

2.3.4 DELETE NODE PROCEDURE IS NOW AVAILABLE
        The Oracle Internet Directory administrator can now delete a node from a DRG.
        Following are situations an administrator might want to delete a node:
       (a) Failed to add a new node due to some unexpected system errors such as
        running out of table space while loading LDIF data. In this case, the administrator 
        needs to delete the new node from the DRG.
       (b) In case of DRG requirement change, an administrator may want to delete
        a node from DRG and use it for other purposes.

2.3.5 SUPPORT OF CHANGE SUBSCRIPTION FOR OTHER DIRECTORIES
        Other Directories can now register themselves as change subscription clients to an
        Oracle Internet Directory. This gives the client directories access to change log
        objects stored in the Oracle Internet Directory and enable them to synchronize
        with an Oracle Internet Directory.


2.4 LDAP SERVER LIMITATIONS AND ISSUES
--------------------------------------

2.4.1 MULTIPLE INSTANCES OF OID 2.1.1.0.0 SERVER CAN ONLY RUN ON SAME MACHINE
        After installing OID Server 2.1.1.0.0 you can run multiple instances
        of the LDAP server on the same machine. For example, one server
        can be running in SSL mode while the other may be running in
        non-SSL mode. However all instances of OID server using a given
        database server MUST run on the same machine. For example:
        running two OID servers, one on Machine A and another on
        Machine B, against a database on Machine C is NOT supported.
        However running both the OID Servers on Machine A against a
        database on Machine B is supported.

2.4.2 NO SSL SUPPORT FOR REPLICATION SERVER CONNECTIONS TO THE LDAP SERVER
        In this release of Oracle Internet Directory, oidrepld server
        processes cannot use SSL to connect to SSL-based oidldapd
        processes.

2.4.3 SSL V2 CLIENTS CAN NOT CONNECT TO SERVER
        LDAP clients using SSL v2 may experience "Can't Contact LDAP server"
        errors sporadically in attempting to bind to Oracle Internet  Directory v2.0.6.0.0 servers.

2.4.4 ORACLE INTERNET DIRECTORY DATABASE USER/PASSWORD SHOULD BE CHANGED
        After installing Oracle Internet Directory, administrators may reset
        the password used by the Oracle Internet Directory server processes to
        connect to and access the underlying Oracle8i database tables by
        running the OID Database Password utility ("oidpasswd").
        Refer to the Oracle Internet Directory Administrator's Guide for
        instructions on using "oidpasswd". The initial password is "ODS".

2.4.5 THE DEFAULT ACP DENIES WRITE ACCESS TO ALL USERS EXCEPT SUPER USERS.
        The default access control policy being shipped with Oracle Internet
        Directory 2.1.1 will deny write access in the directory to all users
        except the super user ("cn=orcladmin"). Site administrators can relax
        this policy based on actual security considerations. The default
        ACL policy is loaded after the installation has been successful using
        an LDIF file called "oidbaseacl.ldif". Please refer to Section 1.5
        of this document for further details.

2.4.6 INDEXED ATTRIBUTE NAMES CANNOT EXCEED 28 CHARACTERS
        Using catalog.sh to create an index on an attribute will not
        succeed if the attribute has more than 28 characters in its name.

2.4.7 ONLY ATTRIBUTES WITH EQUALITY MATCHING RULE MAY BE INDEXED
        Indexes can be created for only those attributes that have an equality matching rule specified in the 
        attribute definition.. If an attribute does not have an equality matching rule specified, you must
        assign an equality matching rule before indexing that attribute. 
        See the Oracle Internet Directory Administrator's Guide for more details on using the
        catalog.sh utility and on supported  matching rules.

2.4.8 INTEGER MATCH FOR EQUALITY OF INDEXED ATTRIBUTES BEHAVES LIKE A STRING MATCH
        When an attribute with integerMatch for EQUALITY is indexed
        using catalog.sh, the matching rule of the attribute works like that
        of a string rather than that of an integer.

2.4.9 ALIAS DEREFERENCING NOT SUPPORTED IN LDAP OPERATIONS
        Oracle Internet Directory v2.1.1.0 does not support alias
        de-referencing in LDAP operations.

2.4.10 SYNTAX CHECKING IS NOT SUPPORTED IN LDAP SERVER
        LDAP Server does not verify the syntax of the attribute values
        entered by users during entry addition and modification.

2.4.11 SLOWNESS IN SINGLE AVA FILTER WITH HIGH SELECTIVITY 
        Subtree and one level search cases will be slow with single AVA filter, 
        where the filter is not specific i.e. the catalog of interest has high 
        selectivity. The search will be slow even if the DN is very specific.

2.4.12 USE OF ATTRIBUTE OPTIONS IN REQUIRED ATTRIBUTE LIST NOT SUPPORTED.
       Current release of Oracle Internet Directory does not support the use of 
       attribute options and hence the language codes in the required attribute list 
       in search operations. Oracle Internet Directory ignores any language codes or 
       attribute options specified in required attributes, instead returns all the 
       values (with or without any attribute options) of the attributes mentioned in 
       the required attribute list.


2.5 REPLICATION LIMITATIONS
---------------------------

2.5.1 CREATING NEW DIRECTORY REPLICATION GROUPS (DRGs)
        The Oracle Internet Directory Administrator's Guide section for
        creating new Directory Replication Groups (DRGs) assumes that there
        is no pre-existing directory data on any of the nodes being used
        for the DRG.


2.5.2 ADDING NEW NODES TO EXISTING DIRECTORY REPLICATION GROUPS
        When adding a new node to an existing Directory Replication Group,
        there should not be any pre-existing directory data on the new
        node.  Any pre-existing data will not be replicated to the other
        participants in the DRG. If it is necessary to replicate the
        pre-existing data, that data should first be extracted to an LDIF
        file using 'ldapsearch -L' option and re-loaded using 'ldapadd' utility
        after the new node has been added to the DRG and is capable of
        replicating new data to other nodes.


2.5.3 LOCAL SYSTEM-SPECIFIC METADATA IS NOT REPLICATED EXCEPT ACL POLICY INFORMATION
        DSE root-specific data, server configuration data, and replication agreement data
        are not included in the data replicated between servers in a Directory Replication
        Group. The only exception to the above rule is that DSE root-specific ACL policy
        attributes, orclaci and orclentrylevelaci, are replicated.


2.5.4 REPLICATION SERVER DOES NOT PRESERVE SPACES BETWEEN RDN COMPONENTS
        Replication Server does not always preserve the spaces between RDN
        components in the DN during entry replication. In some rare cases,
        it may not preserve the case of the letters in the DN.


2.5.6 DO NOT USE BULKLOAD.SH TO ADD DATA TO A NODE THAT IS
ALREADY PART OF AN ACTIVE REPLICATION AGREEMENT
        Once an LDAP server instance is participating in a replication
        agreement, bulkload.sh should not be used to add data into the node.
        The 'ldapadd' tool should be used to load the data.


2.6 LOG FILE LOCATIONS
----------------------
The Oracle Internet Directory components output their log and trace
information to log files that are maintained within the ORACLE_HOME
environment.  The components and the location of their log files
are listed here:

Component                 Log File Name
++++++++++                +++++++++++++++++++++++++++++++++++++
LDAP Dispatcher          $ORACLE_HOME/ldap/log/oidldapdXX.log
process "oidldapd"            where XX = Server instance #

LDAP Server                $ORACLE_HOME/ldap/log/oidldapdXXs<pid>.log
process "oidldapd"            where <pid> = Server process Id

Replication Server        $ORACLE_HOME/ldap/log/oidrepldXX.log
process "oidrepld"            where XX = Replication server instance.

Monitor                        $ORACLE_HOME/ldap/log/oidmon.log
process "oidmon"

Bulk Loader                 $ORACLE_HOME/ldap/log/install.log
"bulkload.sh"

Catalog Manager          $ORACLE_HOME/ldap/log/catalog.log
"catalog.sh"

Replication Setup         $ORACLE_HOME/ldap/admin/logs/ldaprepl.log
"ldaprepl.sh"



3.0 OID Client version 2.1.1.0.0
=================================
The OID Client 2.1.1.0.0 contains the following software:
        - LDAP libraries required by various LDAP clients to
          talk to an LDAP server
        - various general purpose LDAP tools like ldapsearch, ldapadd etc
        - an administrative tool for administering an OID LDAP server


3.1 LDAP tools limitations
--------------------------

3.1.1 INCORRECT LDIF DATA CAUSING SEGMENTATION FAULTS IN LDAP TOOLS (bug 1103958)
        If you are loading data using the LDIF format but have not included
        the distinguished name of an object, the 'ldapadd' or 'ldapmodify'
        tool may crash. To recover from this crash, delete any entries
        which were successfully loaded, correct the LDIF file and
        re-run the tool.

3.1.2 LDAP SEARCH LIMITATION
        Approximate matching (or Fuzzy Matching) of entries is not supported.

3.1.3 LDAPSEARCH WILL NOT GENERATE LDIF OUTPUT BY DEFAULT
        To generate LDIF-formatted output from the ldapsearch command line
        tool, use the -L flag.

3.1.4 CATALOG MANAGER USAGE ISSUE
        The Catalog Index Management Tool (catalog.sh) allows users to
        convert previously non-searchable attributes into searchable ones
        by indexing them. It also allows users to define and delete indexes
        on new attributes. Be careful not to use the catalog.sh -delete
        option to remove indexes on attributes unless you are absolutely
        sure that the indexes were not created by the base schema that
        was installed with Oracle Internet Directory. Removing indexes from
        base schema attributes can adversely impact the operation of Oracle
        Internet Directory. Also see the server side INDEXED ATTRIBUTE
        limitations in sections 2.4.5 and 2.4.6. User needs to restart running instances of
        OID process to recognize the newly catalogued attribute.

3.1.5 COMMAND LINE TOOLS HANG WHILE ACCESSING OID IN SSL 
MODE WHEN -U OPTION IS NOT SPECIFIED
        The -U option must be specified when using LDAP command line tools to
        connect to an LDAP Server in SSL mode. Without doing so, the command
        line tool will hang.

3.1.6 BULKMODIFY RETURNS MISLEADING ERROR IF FILTER 
CONTAINS NON-CATALOGED ATTRIBUTE.
        If one tries to run the 'bulkmodify' utility using a search
        filter that contains a non-cataloged attribute, the error
        reported to the user is "Subtree Search failed", and that is
        incorrect. To rectify the situation, either catalog the
        attribute in question or change the filter criteria.

3.1.7 LDAPADD WITH "-r" OPTION IS NOT SUPPORTED
        ldapadd with "-r" option should replace the entry if there is an entry
        with the same dn already in the directory. An "object already exists"
        message will be reported when an entry of the same distinguished
        name already exists in the directory information tree.

3.2 LDAP tools enhancements
---------------------------

3.2.1 PARALLEL BULK LOADING IS NOW SUPPORTED ON SOLARIS
        The bulkload.sh tool supports  a '-parallel' option, which can be specified 
        to perform  the data loading in parallel. But this option is available currently 
        on Solaris only.

3.2.2 SUPPORT FOR BINARY DATA LOAD in BULKLOAD TOOL
        Bulkload tool is now supporting binary data load. This makes it possible to add a
        new node using the ldifwriter based adding node procedure when the existing 
        nodes contain binary data. 


3.3 Oracle Directory Manager (OID Administration Utility, 'oidadmin')
---------------------------------------------------------------------
The Oracle Directory Manager presents an easy to use graphical user interface
for administering data and policies in Oracle Internet Directory. It can
be launched through command line invocation ('oidadmin')

We use the terms Oracle Directory Manager, ODM and 'oidadmin'
interchangeably in this document.


3.3.1 BUG FIXES AND ENHANCEMENT IN ODM SINCE 2.0.6
------------------------------------------------------------

3.3.1.1 ODM ENTRY MANAGEMENT SUPPORTS THE DISPLAY OF 
OPERATIONAL ATTRIBUTES.
        The operational attributes can be the creator name, creation time stamp, 
        modifier name and modification time stamp.

3.3.1.2 ODM SUPPORTS THE NEW FEATURE FOR CUSTOMIZING 
ACCESS CONTROL POINTS DISPLAY.
        (bug 988852)
        For the server contains more than 5000 ACPs,  it is better to utilize this
        new feature to avoid the hanging problem occurrence.  Please refer to 
        Chapter  9: Managing Directory Access Control in Oracle Internet Directory 
        Administrator's Guide, Release 2.1.1.

3.3.1.3 "MAKE OPTIONAL" BUTTON IN THE OBJECT CLASS EDITING 
FORM DOES NOT WORK 
        PROPERLY. (bug 918761)
          
3.3.1.4 ODM DOESNT HANDLE CACHE PROPERLY FOR 
CONFIGURATION SET MODIFICATION.
        (bug 918691) 

3.3.1.5 DUPLICATE ENTRIES ARE SHOWN IN "MEMBER" ATTRIBUTE 
WHEN CREATING
        GROUP ENTRY. (bug 914256)
        Using "Browse" button invokes search engine, highlight one entry
        in the result listbox and press OK.  There are duplicated selected
        entries displayed in the "member" attribute.

3.3.1.6 TWO OVERLAPPING MENUS APPEAR WHEN RIGHT CLICKING ON SOME
        MANAGEMENT CONTAINERS. (bug 908781)
        When "Subtree Access Management", "Entry Management", "Server
        Management", "Schema Management" or "Audit log Management" are
        not highlighted, right clicking on any of them causes two
        overlapping menus to appear over the one clicked.

3.3.1.7 OIDADMIN (ODM) REPORTS "FUNCTION NOT IMPLEMENTED" 
ERROR. (bug 903472)
        If the LDAP server is down, 'oidadmin' reports a vague error
        message like "Function Not Implemented" instead of reporting
        that the LDAP server is down.

3.3.1.8 THE SEARCH CRITERIA OPERATION IN SEARCH ENGINE 
CANNOT BE CHANGED.
        (bug 903463)

3.3.1.9 USER LOGON WITHOUT PASSWORD SHALL BE TREATED 
AS ANONYMOUS LOGON.
        (bug 902957)
        
3.3.1.10 ODM DOESNT DISPLAY WARNING MESSAGES WHEN 
UPDATE REQUEST TIMEOUT.
         (bug 797892)

3.3.1.11 ODM DOESN'T DISPLAY ANY INDICATION OF SUCCESSFUL OPERATIONS.
         (bug 760412)
         The "Executed Successfully" message will be displayed in the status bar 
         when the operation finishes without any error. 

3.3.1.12 ODM DOESN'T SAVE USER SETTING ACROSS SESSIONS. (bug 760406)
         ODM saves the following information in the $HOME/osdadmin.ini file :
         The configuration information for customizing ACPs display. The last logon server/port.


3.3.2 Current Limitations of 'oidadmin'
---------------------------------------

3.3.2.1 ADMINISTERING OLDER VERSIONS OF OID WITH OIDADMIN VERSION 
2.1.1.0.0
        The version of 'oidadmin' shipped with the 2.1.1.0.0 release
        will only work with the following versions of OID Server :
           2.0.4.0.0
           2.0.5.0.0
           2.0.6.0.0
           2.1.1.0.0

3.3.2.2 ADMINISTERING THIRD-PARTY DIRECTORIES USING OIDADMIN.
        Administering third-party directories with 'oidadmin' is
        not supported.

3.3.2.3 IMAGE FETCH EXCEPTION THROWN WHEN MACHINE DOES NOT 
HAVE ENOUGH MEMORY OR WHEN THE NETWORK IS SLOW.
        This is a  known JDK bug (#4112007 from JavaSoft).
        One workaround is to call ulimit before running 'oidadmin' and
        increase the number of file descriptors to 1024.

3.3.2.4 "BIND FAILED" MESSAGE WHEN LOGGING INTO THE DIRECTORY 
USING 'oidadmin'.
        This error message can be caused by invalid user name or password.
        If this error message occurs when logging in using SSL, it could
        indicate an invalid SSL location, SSL password, or SSL
        authentication level.

3.3.2.5 NOT SHOWING EMPTY ATTRIBUTES. (bug 1370786)
        ODM does not show all empty attributes in the "show all" attributes tab
        under entry management if "top" valued is not defined as the last value
        in the entry's objectclass attribute.
        The workaround is :  "Define top as the last value in objectclass
        attribute."

3.3.2.6 HELP BUTTON IS NOT WORKING IN ODM STRUCTURAL ACCESS ITEM. 
(bug 1369808)
        First, connect to one Directory Server, click Access Control, click
        Default ACP, the regarding information display in right pane.
        Then, click one button "Create via Wizard" , the "Structural Access Item "
        window display. click "help" button in this window.  Result: there are
        no response.
        "Create via Wizard" button is not translated.

3.3.2.7 FAILS TO CREATE AN ENTRY WITH OBJECTCLASS THAT DOES NOT 
INHERIT FROM ANY OTHER. (bug 1360090)
        First, create an object class (do not include top), without any parent.
        Then create an entry which includes this object class.  You will get entry
        creation failure message.
        Workaround : While creating custom object classes, always include top
        as parent if it does not inherit from any other object classes.

3.3.2.8 ERROR CODE=112 NOT DOCUMENTED. (bug 1271471)

3.3.2.9 UNABLE TO DISPLAY ACP AT CN=AUDITLOG USING ODM. (bug 
1261398)


3.4  ORACLE INTERNET DIRECTORY PL/SQL API (DBMS_LDAP)
---------------------------------------------------------------------
  The database release 8.1.7 has the capability to interact with LDAP
  servers from the PL/SQL programming environment. This is accomplished
  using a new PL/SQL package called DBMS_LDAP. Oracle Internet
  Directory Server need not be installed in order to use this package.
  Any 8.1.7 database can be enabled to use the DBMS_LDAP package
  by running a SQL script called catldap.sql which is available in
  $ORACLE_HOME/rdbms/admin directory. Please refer to the
  Oracle Internet Directory Application Developer's Guide (Release 2.1.1)
  for further details on using the DBMS_LDAP package.


4.0 Windows 95, 98, 2000 and NT specific issues
=====================================

4.1 BULKMODIFY & BULKLOAD CANNOT BE USED TO LOAD DATA.
     These tools cannot be used to load data from Windows 95 & 98 machines to
     OID servers running on Windows NT or Windows 2000. Instead, use ldapaddmt
     or ldapmodifymt to perform bulk operations.

4.2 PATH SETTINGS DO NOT TAKE AFFECT UNTIL THE M/C IS REBOOTED
     After the installation, path settings do not take effect until the machine is rebooted 
     as a result ODM cannot be executed.

4.3 'BIND FAILED' OCCURS WITHIN ODM THE FIRST TIME AFTER FINISHING OID
     INSTALLATION  ON WINDOWS 98.
     Workaround : Close Oracle Directory Manager, then launch it again.

4.4 NT WORKSTATION LIMITATION OF CONCURRENT CONNECTIONS
     If you are installing the OID on Windows NT workstation, please
     be aware that Windows NT workstation restricts the maximum number
     of simultaneous inbound connections to six. If you expect to use
    OID at a higher load, you should install it on Windows NT Server
    and purchase additional user licenses. Please contact Microsoft
    for further details on concurrent usage.

4.5 BULK TOOLS LIMITATION
     All bulktools are shell scripts and can only be used under a UNIX shell
     emulator on NT and Windows 2000.  The following toolkits have been certified 
     against OID 2.1.1.0.0:

     MKS Toolkit and Cygwin 2.0 Beta


5.0 Corrections to Oracle Internet Directory Administrator's Guide (Release 2.1.1)
=====================================

5.1  Corrections to Chapters 3 - Preliminary Tasks
---------------------------------------------------------------------
 
5.1.1  ILLIGAL LDIF IN SETTING UPGRADE STATUS

       On page  3-13 and 3-16 , the text now reads: 

       Edit the input file as follows:

       dn:
       modify:replace
       replace:orclupgradeinprogress
       orclupgradeinprogress:FALSE 

       It should read: 

       Edit the input file as follows: 

       dn: changetype:modify
       replace:orclupgradeinprogress
       orclupgradeinprogress:FALSE

------------------- End of README_oid.txt --------------------
Copyright 2000,2001 Oracle Corporation

                                                                                                                                                                                                                                                                                       
