| Note |
|---|
|
Before using this information and the product it supports, read the general information under Appendix A, Notices. |
Fifth Edition (September 2002)
This edition applies to version 4, release 1, of the IBM(R) Directory Server and to all subsequent releases and modifications until otherwise indicated in new editions.
This file contains information on changes and fixes that occurred after the product documentation had been translated. This file is in English only. This file can also be found by selecting library on the IBM Directory Server Web page located at http://www.software.ibm.com/network/directory.
1.0 Must read known problems and general information
2.0 Platform specific information
3.0 Corrections to documentation
This information applies to the AIX(R), Windows NT(R), Windows(R) 2000, the Solaris Operating Environment Software, and Linux platforms.
When you delete a custom attribute type that contained data, make sure you stop and restart not just the directory server, but also the DB2(R) instance (using the db2start and db2stop commands), before adding a new custom attribute type that uses the same name as the attribute you just deleted. If you do not stop and restart DB2 after you delete the custom attribute, you will receive an error when you try to add another custom attribute using the same name.
IBM Directory Server Version 4.1 supports hardware that uses the BSAFE Hardware API (BHAPI) interface including:
An environment variable "LDAP_KRB_SERVICE_NAME" is used to determine the case of the LDAP Kerberos service name. If the variable is set to 'LDAP' then the uppercase LDAP Kerberos service name is used. If the variable is not set, then the lower case 'ldap' is used. This environment variable is used by both the ldap client and the server. By default this variable is not set.
At this time, if you select Secure Socket Layer (SSL) when you add a server using the Directory Management Tool, the
Authentication types CRAM MD5 (Challenge-Response Authentication Mechanism Message-Digest Algorithm) and SASL External (Simple Authentication Security Layer) are not available. You can still add a server using SSL with the Authentication types None or Simple.
If you have selected SSL and have specified incorrect information in the entry fields and try to add a server, the connection fails. If you correct the entry fields and then try to add the server, the connection fails again.
To correct this situation, you must exit from the Directory Management Tool. Doing this clears the Factory class information. You can now restart the Directory Management Tool and add the server with the correct information.
The Directory Management Tool cannot view entries when connected to a Domino server. This is a temporary restriction until a version of the Java(TM) Runtime Environment (JRE) 1.3 with a build date of 20020226 or later becomes available. See the IBM developer kit porting Web site at http://www.ibm.com/developerworks/java/jdk/index.html.
The IBM Directory configuration programs (ldapcfg, ldapucfg, ldapxcfg) require that the UNIX Korn shell (ksh) be available on the system being configured.
If you are using the InstallShield Graphical User Interface (GUI) for installations on Solaris or Linux platforms, to prevent messages from being cut off in the installation panels, set the following environment variable before running the setup program:
export JAVA2D_USEAWTFONTS=0
Setting this environment variable helps to prevent text truncation.
To enable the Directory Management Tool and to enable the Directory Management Tool helps, you must set the LC_ALL and LANG environment variables by issuing the following commands in the session where the Directory Management Tool is invoked. For example, if using the korn shell (ksh):
export LANG=xxxxx export LC_ALL=xxxxx
where xxxxx is the locale taken from the following table.
| Language | Locales by platform | |||||
|---|---|---|---|---|---|---|
|
| AIX | Red Hat 7.2 | SuSE 7.2 | TurboLinux 6.5 | Solaris 7 | Solaris 8 |
| Brazilian Portuguese | pt_BR | pt_BR | pt_BR |
| pt_BR | pt_BR or pt |
| Catalan | ca_ES |
|
|
|
|
|
| Czech | cs_CZ |
|
|
|
|
|
| French | fr_FR | fr_FR | fr_FR |
| fr | fr |
| German | de_DE | de_DE | de_DE |
| de | de_DE or de |
| Hungarian | hu_HU |
|
|
|
|
|
| Italian | it_IT | it_IT | it_IT |
| it | it |
| Japanese | Ja_JP | ja_JP |
| ja_JP | ja | ja_JP.PCK |
| Korean | ko_KR |
|
| ko_KR | ko | ko |
| Polish | pl_PL |
|
|
|
|
|
| Russian | ru_RU |
|
|
|
|
|
| Simplified Chinese | Zh_CN |
|
| zh_CN | zh | zh |
| Spanish | es_ES | es_ES | es_ES |
| es | es |
| Traditional Chinese | Zh_TW |
|
| zh_TW | zh_TW | zh_TW |
If you want to create an object class, ensure that its name is not the same as the object identifier (OID) of the object class. Otherwise you will have problems with inheritance and be unable to delete the object class.
If you are migrating from the from SecureWay Directory Version 3.1.1, you must do a complete migration to Version 3.2 (preferably Version 3.2.2) including starting the server and importing data. To be able to migrate to IBM Directory Version 4.1 you must export your data from Version 3.2.2.
The -D binddn -w passwd option does not call bind functions on administrator DNs for the following utilities:
The client only package (ldap32client) for the IBM SecureWay Directory Version 3.2.2 creates two entries in the registry:
This creates a problem when trying to migrate to the IBM Directory Server Version 4.1. The migration tool tries to migrate both the server and the client, although only the client is actually installed. To avoid this problem, you must use the regedit command to manually delete the SecureWay Directory Server and it version from the Registry.
When an LDAP client connects to a server, the connection and resources associated with it remain active until the client does an "unbind" operation or the TCP/IP connection is broken in some other way. It is very important that LDAP applications are designed to always do unbinds when they are finished with a connection to an LDAP server. This applies to Java applications as well as C applications.
When migrating to version 4.1, the Directory Management Tool and Java components must be installed for the migration to complete successfully. These components are:
For AIX systems:
4.1.0.0 IBM Directory Client DMT 4.1.0.0 IBM Directory Client Java
For Microsoft(R) Windows-based systems:
DMT 4.1 and Java 1.3
For Solaris systems:
IBMldapdj IBM Directory DMT
For Linux (Intel-based) systems:
ldap-dmtjava-4.1-1.i386.rpm (no SSL) ldap-dmtjavad-4.1-1.i386.rpm (SSL enabled)
The IBM Directory Server Version 4.1 supports renaming leaf entries only. It does not support
The IBM Directory Server returns the attribute names of a search in lower case. This situation is fixed by installing IBM Directory Server Version 4.1 FixPak 1. You can download the appropriate FixPak for your operating system from the IBM Directory Server Support Web site at http://www.ibm.com/software/network/directory/server/support/efixes.html.
FixPak1 enables you to set an environment variable, IBM_ATTRCASE=YES, either in the slapd32.conf file or as an environment variable. This needs to be done before the slapd process is started.
To edit the slapd32.conf file, use a text editor to add the line:
ibm-slapdSetEnv: IBMLDAP_ATTRCASE=YES
to the stanza:
dn: cn=Front End, cn=Configuration
If the environment variable IBM_ATTRCASE is set to YES (must be in upper case), the server behaves the following way:
# ldapsearch -b"o=ibm,c=us" -sbase objectclass=*
o=IBM,c=US
objectClass=top
objectClass=organization
o=IBM
This is the same as the old search behavior or if IBM_ATTRCASE were set to NO.
# ldapsearch -b"o=ibm,c=us" -sbase objectclass=* OBJECTclass o=IBM,c=US OBJECTclass=top OBJECTclass=organization
The following information applies only to the AIX operating system.
Before installing the IBM Directory Server Version 4.1 on the AIX Version 4.3.3 operating system, ensure that the following file sets have been installed:
bos.adt.prof.4.3.3.3 bos.adt.prof.4.3.3.15
The InstallShield GUI uses Java 1.3.1, and requires the following operating levels of AIX:
For AIX Version 4.3.3, Java 1.3.1 requires the AIX 4330-09 Recommended Maintenance Level. This maintenance package is intended for customers who already have AIX 4.3.3 installed. The AIX 4330-09 maintenance package can be downloaded from http://techsupport.services.ibm.com/rs6000/fixes/, using APAR number IY22024. If you are a licensee of AIX 4.3.3, you can obtain an Update CD by contacting your point of sale and requesting feature code 0838.
For AIX Version 5.1, Java 1.3.1 requires the AIX 5100-01 Recommended Maintenance Level. This maintenance package is intended for customers who already have AIX 5.1.0 installed. The AIX 5100-01 maintenance package can be downloaded from http://techsupport.services.ibm.com/rs6000/fixes/, using APAR number IY21957. If you are a licensee of AIX 5.1, you can obtain an Update CD by contacting your point of sale.
The InstallShield Graphical User Interface (GUI) for AIX does not have language support for Catalan and Slovakian. You can still use the InstallShield GUI to install the IBM Directory Server Version 4.1 with the English files. If you want to install the translated version of the IBM Directory Server , you must use the smit utility. See the IBM Directory Server Version 4.1 Installation and Configuration Guide for Multiplatforms for details on using smit to install the IBM Directory Server.
The ldapxcfg configuration utility fails if issued from a nonwritable network drive. You must change to a writable, nonnetwork drive (for example, /tmp), before running the configuration program.
When installing using the InstallShield GUI, all the components that you want to install (for example: server, client, DB2, and so forth) need to be installed at the same time, if at a later time you might want to remove a component. If incremental installations are done, that is the client is installed, and later the server is installed , then all components must be uninstalled together, otherwise the uninstall process fails, although it indicates success.
No readmes or license panels are displayed during the InstallShield GUI installation. The readmes, server.pdf or .htm and client.pdf or .htm, can be found in the /usr/ldap/language/readme/ directory on the installation CD. After the installation, the license files are in the directory /usr/ldap/license.
Because the InstallShield GUI uses a significant amount of /tmp space on AIX. It is recommended that you increase the amount of /tmp space from 400 MB to at least 650 MB.
The IBM Directory Version 4.1 64-bit client is missing the symbolic link /lib/libldapiconv64.a . The libibmldap64.a file is needed in the /lib directory to run 64 bit Kerberos on AIX 5.1. To create this link, issue the following command:
ln -s /usr/ldap/lib/aix5/libldapiconv64.a /lib/libldapiconv64.a
The following information applies only to theWindows NT and Windows 2000 platforms.
The installation process for the Windows 98 client does not automatically set the PATH environment variable. You must manually set this variable to:
<installation drive>:\<installation path>\bin
When installing on Windows operating systems, if you already have some IBM Directory Server files on your system, you might receive a pop-up that says, "The program xxx exists on this system and is newer than the one being installed. Do you want to replace this file?" You cannot select any option on this pop-up. You must click the x to close this pop-up box so that the install can continue. Please note that the files mentioned in this pop-up are not replaced.
When installing in a directory other than C:\Program Files\IBM\LDAP, the start icons are not created on the desktop.
The following information applies only to the Solaris Operating Environment Software.
You need to install the recommended patches for the Solaris 8 operating system, to ensure correct execution of LDAP utility functions (such as ldif2db, db2lidf and bulkload). You can download Solaris patches directly from Sun Microsystems, Inc. at the following Web site: http://sunsolve.Sun.COM.
When installing the IBM Directory Server in a language other than English, if you select the View in English button on the license agreement panel for the InstallShield utility, the install ends. This is a known problem and a permanent restriction for this release.
Using the InstallShield GUI might leave tempory directories in the /tmp directory. To free this space you need to delete any directories with ismp* from the /tmp directory after you have completed installing the IBM Directory Server Version 4.1 on your machine.
Running DB2 on the Solaris operating system might require updating Solaris kernel configuration parameters.
To set a kernel parameter, add a line at the end of the /etc/system file as follows:
set <paramter_name> = <value>
For example, to set the value of the msgsys:msginfo_msgmax parameter, add the following lines to the end of the /etc/system file:
set msgsys:msginfo_msgmax = 65535 set msgsys:msginfo_msgmnb = 65535 set msgsys:msginfo_msgmap = 258 set msgsys:msginfo_msgmni = 256 set msgsys:msginfo_msgssz = 16 set msgsys:msginfo_msgtql = 512 set msgsys:msginfo_msgseg = 32768 set shmsys:shminfo_shmmax = 268435456 set shmsys:shminfo_shmseg = 64 set shmsys:shminfo_shmmni = 300 set semsys:seminfo_semmni = 512 set semsys:seminfo_semmap = 514 set semsys:seminfo_semmns = 1024 set semsys:seminfo_semmnu = 1024 set semsys:seminfo_semmsl = 50 set max_nprocs = 65535 set maxuprc = 65535
Sample files with recommended configuration parameters are provided in the /opt/IBMdb2/V7.1/cfg directory.
The file names are (based on the amount of physical memory on your system):
For the Server Administration utility, use the following locales in the Web
server's configuration file. These locales are case
sensitive.
Table 2. Server Administration locales
| Language | Locale |
|---|---|
| Brazilian Portuguese | pt_BR |
| French | fr |
| German | de |
| Italian | it |
| Spanish | es |
| Japanese | ja |
| Korean | ko |
| Simplified Chinese | zh |
| Traditional Chinese | zh_TW.BIG5 |
For the Directory Management Tool utility, use the following locales in the
session where the Directory Management Tool is invoked. These locales
are case sensitive.
Table 3. Directory Management Tool locales
| Language | Locale |
|---|---|
| Brazilian Portuguese | pt_BR |
| French | fr |
| German | de |
| Italian | it |
| Spanish | es |
| Japanese | ja |
| Korean | ko |
| Simplified Chinese | zh |
| Traditional Chinese | zh_TW |
When migrating to IBM Directory Server Version 4.1 from a previous release of the IBM SecureWay Directory, the uninstallation of the previous directory does not always remove all the files.
On the Solaris operating system, if you use the pkgrm command to uninstall the SecureWay Directory and DB2, you might encounter problems trying to configure the IBM Directory Version 4.1.
If you have successfully installed the updated DB2 and Directory 4.1 and are unable to run ldapcfg or ldapxcfg to configure the Directory. Check if the following symbolic links were left behind from the previous version of the Directory:
lrwxrwxrwx 1 root other 30 Aug 20 16:56 /opt/IBMldaps/lib/libdb2.so ->
/opt/IBMdb2/V6.1/lib/libdb2.so
lrwxrwxrwx 1 root other 32 Aug 20 16:56 /opt/IBMldaps/lib/libdb2.so.1 ->
/opt/IBMdb2/V6.1/lib/libdb2.so.1
If these symbolic links were not removed when the previous version of the Directory was removed or they were not overwritten when Directory 4.1 was installed, you must either of the following:
The following information applies only to the Linux operating systems.
If you are operating the Directory Management Tool on the same machine that you installed the IBM Directory Server, you might need to increase your memory from the minimum requirement of 256 MB to the strongly recommended level of 512 MB.
At this time CRAM-MD5 implementations on Linux S/390 do not interact with non-LinuxS/390 platforms.
If you are migrating from the SecureWay Directory Version 3.2.2, to enable audit logging to function, users on Linux S/390 need to manually add a line to the slapd32.conf file. In the stanza that begins with the dn:
dn: cn=SchemaDB,cn=LDCF Backends,cn=IBM SecureWay,cn=Schemas,cn=Configuration
add the line:
ibm-slapdPlugin: audit /lib/libldapaudit.so audit_init
Currently in double-byte languages, any IBM Directory Server applications that have a GUI and are using Java coding, might display corrupted text on TurboLinux 7.0. These applications display correctly on TurboLinux 6.5.
In the IBM Directory Server Version 4.1 server readme, section 6.2.4 stated that trying to start the Directory Management Tool on the Japanese version of Linux Red Hat 7.1 resulted in an 'mprotect' error message. This condition has been corrected.
If you you have DB2 Version 8 installed and are installing the IBM Directory Server Version 4.1 using the native RPM installation, you must specify the --nodeps flag. For example:
rpm -i --nodeps ldap-server-4.1-1.i386.rpm
After installing the IBM Directory Server with either the InstallShield GUI installation or the native RPM installation, the following links and modifications need to be made:
ln -fs /opt/IBM/db2/V8.1/lib/libdb2.so /usr/ldap/lib/libdb2.so
chown ldap.ldap /usr/ldap/lib/libdb2.so
ln -fs /opt/IBM/db2/V8.1 /usr/ldap/db2
chown ldap.ldap /usr/ldap/db2
In the IBM Directory Server Version 4.1 server readme, section 6.8.2 stated that only English panels were displayed for the Directory Management Tool on SuSe 7.2. This condition has been corrected and the Directory Management Tool panels are displayed in the supported languages.
You must stop the server before uninstalling the IBM Directory Server. If you attempt to uninstall the IBM Directory Server while the server is running, you can complete the operation, but the server continues to run.
IBM(R) Directory Server Version 4.1 Installation and Configuration Guide for Multiplatforms lists in the chapter 'Installing using Linux utilities' the lists following packages for Linux S/390:
These packages do not exist for Linux S/390, they apply only to Linux (Intel-based distributions). The Directory Management Tool for Linux S/390 is included in the client packages.
IBM Directory Server 4.1 Release Notes says that the Directory Management Tool interoperates with the IBM Directory Server on Linux (Intel-based distributions). The restriction is no longer true. The Directory Management Tool interoperates with the IBM Directory Server on Linux Intel-based distributions and Linux S/390.
The java supplied with the IBM Directory Server Version 4.1 in the /usr/ldap/java directory fails on Linux S/390 with 2.4 kernel. It returns the error:
**Out of memory, exiting**
To avoid this error use either the IBM JDK or JRE Version 1.3.1.
After installing the IBM Directory Server Version 4.1, perform the following:
ln -s /opt/IBMJava2-s390-131/jre /usr/ldap/java
# export LD_PRELOAD=/usr/lib/libstdc++-libc6.2.2.so.3
The ldapcfg, ldapxcfg, and ldapucfg utilities can now be used.
This information applies to the HP-UX operating system only.
The minimum memory requirement for the IBM Directory Server is upgraded from 256 MB to 512 MB.
To mount the cd, issue the following commands:
An example of a <cd-rom device name> is /dev/rdsk/c0t2d0.
Attention: Links to the Library page on the IBM Directory Web site, might change. If the documentation links do not function correctly go to http://www.ibm.com/software/network/directory/ and select library from the referenced page.
The following information became available after the documentation was translated.
This information applies to the Administration Guide:
In the Example section of Using peer-to-peer replication the following stanzas have been changed by removing the machine reference from the replicaHost attribute and the addition of several other attributes:
A replica object is added to the machine 1 database through the following ldif file:
dn: cn=machine2, cn=localhost cn: machine2 replicaBindDN: cn=peer replicaCredentials: <machine2password> replicaPort: 389 replicaHost: <fully-qualified-hostname> replicaBindMethod: Simple replicaUseSSL: FALSE replicaUpdateTimeInterval: 0objectclass: replicaObject objectclass: top
and the stanza:
A replica object is added to the machine 2 database through the following ldif file:
dn: cn=machine1, cn=localhost cn: machine1 replicaBindDN: cn=peer replicaCredentials: <machine1password> replicaPort: 389 replicaHost: <fully-qualified-hostname> replicaBindMethod: Simple replicaUseSSL: FALSE replicaUpdateTimeInterval: objectclass: replicaObject objectclass: top
These previously undocumented parameters are supported by the bulkload command:
The following information applies to the Installation Guide:
In "Chapter 11. Migration" in the IBM Directory Server Version 4.1 Installation and Configuration Guide for Multiplatforms, the "Migration from SecureWay Directory Version 3.2.x for Windows 2000 or Windows NT InstallShield GUI installations" and "Migration from SecureWay Directory Version 3.2.x for UNIX installations" sections refer to the following JNDI related directory paths:
These paths are incorrect. On a UNIX operating system, the correct JNDI related directory paths are:
Source (copy from):
Target (copy to):
For a Windows 2000 or Windows NT operating system, use back slashes instead of forward slashes:
<install path>\java\bin\*
In the IBM Directory Server Version 4.1 Installation and Configuration Guide for Multiplatforms, 'Chapter 9. Configuration' contains some incorrect Web server default paths and configuration file names. The correct paths and file names are:
/opt/IBMHTTPD/conf/httpd.conf
/usr/netscape/server4/https-<fully qualified domain name>/config/obj.conf
/local/notesdata/httpd.cnf
/usr/local/apache/conf/httpd.conf
In Chapter 3 under the section Installing IBM Directory 4.1 on a Windows 98, Windows 2000 or Windows NT platform, step 1 of both the typical and custom installations does not specify the location of the Setup.exe file. The following is the correct text for both steps.
To begin installing IBM Directory 4.1:
If the CD-ROM does not automatically start, click Start->Run. Depending on whether you are installing locally from a CD or remotely from the network, select the drive for your CD-ROM or for the appropriate network path. In the \ismp folder, double-click the Setup.exe icon.
A language panel is displayed.
The following information applies to the Server README.
This release supports Linux for S/390. Using DB2 fixpack7 with either DB2 7.1 fixpack3 or DB2 7.2, enables Suse SLES 7.0 and Red Hat 7.2 to be supported with the 2.4 kernel. To enable the ldap client operations to work with the 2.4 kernel, set the environment variable LD_PRELOAD to /usr/lib/libstdc++-libc6.1-2.so.3. TurboLinux is supported with the 2.2.19 kernel.
This information was developed for products and services offered in the U.S.A. IBM might not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of LicensingFor license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation LicensingThe following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the information. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this information at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM CorporationSuch information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.
The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary.
The following terms are trademarks of International Business Machines Corporation in the United States, or other countries, or both:
AIX DB2 IBM SecureWay S/390
Domino is a trademark of the Lotus(R) Development Corporation
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.
UNIX is a registered trademark in the United States and/or other countries licensed exclusively through X/Open Company Limited.
Other company, product, and service names may be trademarks or service marks of others.