<?xml version="1.0" encoding="UTF-8"?>
|
<!--
|
! CCPL HEADER START
|
!
|
! This work is licensed under the Creative Commons
|
! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
|
! To view a copy of this license, visit
|
! http://creativecommons.org/licenses/by-nc-nd/3.0/
|
! or send a letter to Creative Commons, 444 Castro Street,
|
! Suite 900, Mountain View, California, 94041, USA.
|
!
|
! You can also obtain a copy of the license at
|
! trunk/opendj3/legal-notices/CC-BY-NC-ND.txt.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! If applicable, add the following below this CCPL HEADER, with the fields
|
! enclosed by brackets "[]" replaced with your own identifying information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CCPL HEADER END
|
!
|
! Copyright 2011-2014 ForgeRock AS
|
!
|
-->
|
<chapter xml:id='chap-issues'
|
xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en'
|
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
|
xsi:schemaLocation='http://docbook.org/ns/docbook
|
http://docbook.org/xml/5.0/xsd/docbook.xsd'
|
xmlns:xlink='http://www.w3.org/1999/xlink'>
|
<title>OpenDJ Fixes, Limitations, & Known Issues</title>
|
|
<para>
|
This chapter covers the status of key issues and limitations
|
for OpenDJ ${docTargetVersion} and OpenDJ SDK ${sdkDocTargetVersion}.
|
For details and information on other issues,
|
see the <link xlink:show="new"
|
xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ"
|
>OpenDJ issue tracker</link>.
|
</para>
|
|
<section xml:id="fixes">
|
<title>Key Fixes</title>
|
|
<note>
|
<para>This release contains fixes that resolve security issues within OpenDJ.
|
Older versions of OpenDJ contain these security issues. It is recommended
|
that you upgrade to this release to resolve these security issues. ForgeRock
|
customers can contact support for details.</para>
|
|
<!-- TODO: reconsider when 2.4.x is no longer supported. -->
|
<para>
|
OpenDJ 2.6.0 and later maintenance releases
|
include important improvements to replication.
|
Replication remains fully compatible with earlier versions.
|
However, some operations that work fine with the current OpenDJ release,
|
such as replicating large groups
|
and replicating high volumes of adds and deletes,
|
can cause issues for earlier versions.
|
Make sure you upgrade all servers to this version
|
before allowing clients to take advantage of write operations
|
that could cause trouble for older servers.
|
</para>
|
</note>
|
|
<para>The following important bugs were fixed in this release.</para>
|
|
<!-- List generated at 18:07:57 20140205 using http://bugster.forgerock.org/jira/rest/api/2/search?jql=project+%3D+OpenDJ+AND+type+%3D+Bug+AND+resolution+%3D+Fixed+AND+%28fixVersion+%3D+"2.6.1"+OR+fixVersion+in+%28"2.6.1-sdk"%2C+"2.6.2-sdk"%2C+"2.6.3-sdk"%2C+"2.6.4-sdk"%2C+"2.6.5-sdk"%2C+"2.6.6-sdk"%2C+"2.6.7-sdk"%29%29+AND+component+not+in+%28Documentation%2C+QA%29+AND+labels+%3D+release-notes&startAt=0&maxResults=500&fields=summary-->
|
<itemizedlist>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1322" xlink:show="new">OPENDJ-1322</link>: Control-Panel.bat can not start and stop the OpenDJ server when running as a windows service</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1283" xlink:show="new">OPENDJ-1283</link>: Replayed Modify operations are rejected if the backend writability mode is internal-only</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1275" xlink:show="new">OPENDJ-1275</link>: Connections stop getting closed due to idle time outs</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1270" xlink:show="new">OPENDJ-1270</link>: Avoid unnecessary DNS lookups when performing bind requests</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1269" xlink:show="new">OPENDJ-1269</link>: JMX connection counter not being decremented when connections are closed.</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1266" xlink:show="new">OPENDJ-1266</link>: State index is not updated when an index is deleted</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1249" xlink:show="new">OPENDJ-1249</link>: ConnectionFactory timeout setting is applied for Active Directory persistent search requests</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1247" xlink:show="new">OPENDJ-1247</link>: Client side timeouts do not cancel bind or startTLS requests properly</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1228" xlink:show="new">OPENDJ-1228</link>: Concatenated schema may contain more than valid schema, possibly leading to further issues</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1226" xlink:show="new">OPENDJ-1226</link>: Upgrade should only consider .ldif files under config/schema</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1204" xlink:show="new">OPENDJ-1204</link>: Access Log timestamp doesn't have milliseconds for Connect and Disconnect entries</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1200" xlink:show="new">OPENDJ-1200</link>: SDK should use octet string matching by default for unrecognized attribute types</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1196" xlink:show="new">OPENDJ-1196</link>: updateSchemaFile "succeeds" if it can't find schema in the templates</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1190" xlink:show="new">OPENDJ-1190</link>: Under rare circumstances the DS replication recovery thread (RSUpdater) can spin</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1183" xlink:show="new">OPENDJ-1183</link>: Can not reset userPassword through REST interface due to lack of privileges</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1168" xlink:show="new">OPENDJ-1168</link>: Warning message displayed when heartbeat check fails with a bind connection pool</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1160" xlink:show="new">OPENDJ-1160</link>: Write operations to non-groups force groups to be reloaded</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1115" xlink:show="new">OPENDJ-1115</link>: Internal errors from ModifyOperation - change number was not found in pending list</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1090" xlink:show="new">OPENDJ-1090</link>: ECL changenumbers get reset after a purge and server restart</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1048" xlink:show="new">OPENDJ-1048</link>: OpenDJ QuickSetup creates the "licenseAccepted" file in the wrong place</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-877" xlink:show="new">OPENDJ-877</link>: ldifsearch.bat is not working</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-661" xlink:show="new">OPENDJ-661</link>: TimeoutChecker throws NullPointerException on application shutdown</para></listitem>
|
</itemizedlist>
|
</section>
|
|
<section xml:id="limitations">
|
<title>Limitations</title>
|
|
<para>Release <?eval ${docTargetVersion}?> has the following limitations,
|
none of which are new since <?eval ${stableServerVersion}?>.</para>
|
|
<itemizedlist>
|
<listitem>
|
<para>OpenDJ directory server provides full LDAP v3 support, except for
|
alias dereferencing, and limited support for LDAPv2.</para>
|
</listitem>
|
<listitem>
|
<para>When you configure account lockout as part of password policy,
|
OpenDJ locks an account after the specified number of consecutive
|
authentication failures. Account lockout is not transactional across a
|
replication topology, however. Global account lockout occurs as soon as
|
the authentication failure times have been replicated.</para>
|
</listitem>
|
<listitem>
|
<para>OpenDJ is not fully integrated with Microsoft Windows, yet OpenDJ
|
directory server can be run as a service, and thus displayed in the
|
Windows Services Control Panel.</para>
|
</listitem>
|
<listitem>
|
<para>OpenDJ replication is designed to permit an unlimited number
|
of replication servers in your topology. Project testing has, however,
|
focused only on topologies of up to eight replication servers.</para>
|
</listitem>
|
|
<listitem>
|
<para>OpenDJ plugin extensions must follow the guidelines set forth in
|
the <filename>README</filename> file delivered in
|
<filename>opendj/example-plugin.zip</filename>. When developing your
|
extension, aim to remain loosely coupled with any particular version of
|
OpenDJ. Libraries used must be installed in
|
<filename>opendj/lib/extensions/</filename> (or bundle them in your
|
.jar). Keep your configuration separate from the server configuration.
|
Also, unless you are reusing standard schema definitions, keep your
|
schema definitions separate as well.</para>
|
|
<para>This can affect how your extension works after upgrade. In
|
particular <literal>opendj-accountchange-handler-1.0.0</literal> does
|
not work with OpenDJ 2.6.0 after upgrade (<link xlink:show="new"
|
xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-991"
|
>OPENDJ-991</link>). See that issue for notes on how make that version
|
of the extension work with OpenDJ 2.6.0.</para>
|
</listitem>
|
|
<!-- This hardware is EOL.
|
<listitem>
|
<para>On Niagara systems such as T2000, hardware SSL crypto acceleration
|
runs more slowly than software crypto acceleration. To work around this
|
issue take the following actions.</para>
|
<orderedlist>
|
<listitem>
|
<para>Add more request handlers to LDAP (for TLS) and LDAPS (for SSL)
|
connection handlers.</para>
|
</listitem>
|
<listitem>
|
<para>Disable hardware acceleration for server's JVM by removing the
|
SunPKCS11 security provider from
|
<filename>jre/lib/security/java.security</filename>.</para>
|
</listitem>
|
</orderedlist>
|
</listitem>
|
-->
|
</itemizedlist>
|
</section>
|
|
<section xml:id="known-issues">
|
<title>Known Issues</title>
|
|
<tip>
|
<para>When deploying for production, make sure that you follow the
|
installation instructions on allowing OpenDJ to use at least 64K (65536)
|
file descriptors, and on tuning the JVM appropriately.</para>
|
</tip>
|
|
<para>The following important issues remained open at the time this release
|
became available.</para>
|
|
<!-- List generated at 18:08:35 20140205 using http://bugster.forgerock.org/jira/rest/api/2/search?jql=project+%3D+OpenDJ+AND+type+%3D+Bug+AND+%28resolution+%3D+unresolved+or+%28fixVersion+not+in+%28"2.6.1"%2C+"2.6.1-sdk"%2C+"2.6.2-sdk"%2C+"2.6.3-sdk"%2C+"2.6.4-sdk"%2C+"2.6.5-sdk"%2C+"2.6.6-sdk"%2C+"2.6.7-sdk"%29+AND+%28fixVersion+>+"2.6.1"+OR+fixVersion+>+"2.6.7-sdk"%29%29%29+AND+component+not+in+%28Documentation%2C+QA%29+AND+labels+%3D+release-notes&startAt=0&maxResults=500&fields=summary-->
|
<itemizedlist>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1309" xlink:show="new">OPENDJ-1309</link>: First dsreplication enable could warn before replicating schema</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1294" xlink:show="new">OPENDJ-1294</link>: ldappasswordmodify -D <DN> -w - fails without prompting password from stdin</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1290" xlink:show="new">OPENDJ-1290</link>: Nested backends handles hasSubordinates attribute incorrectly</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1213" xlink:show="new">OPENDJ-1213</link>: LDIFReader should reject LDIF that contains trailing space</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1169" xlink:show="new">OPENDJ-1169</link>: Exception/error lost when logging ERR_LOOP_REPLAYING_OPERATION</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1158" xlink:show="new">OPENDJ-1158</link>: rebuild-index leaves backend offline if a backup is running</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1151" xlink:show="new">OPENDJ-1151</link>: OpenDJ unable to initialize the SSL context an doesn't start</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1146" xlink:show="new">OPENDJ-1146</link>: Memory leak on opendj 2.6.0</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1138" xlink:show="new">OPENDJ-1138</link>: searchrate throws java.lang.IndexOutOfBoundsException</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1131" xlink:show="new">OPENDJ-1131</link>: Rest2LDAP fails to start with GlassFish3.1</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1094" xlink:show="new">OPENDJ-1094</link>: ECL virtual lastChangeNumber attribute can decrement</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1087" xlink:show="new">OPENDJ-1087</link>: OpenDJ Console: Validation checks missing</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1056" xlink:show="new">OPENDJ-1056</link>: secure listener should not be created if proper keying material is not available for some reason</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1051" xlink:show="new">OPENDJ-1051</link>: Upgrade: add task to update lastChangeNumber/firstChangeNumber attributes definition when upgrading from 2.4.x</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1043" xlink:show="new">OPENDJ-1043</link>: Worker Thread was interrupted while waiting for new work while shutting down </para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1016" xlink:show="new">OPENDJ-1016</link>: Control panel does not follow static group recommendation from documentation</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1009" xlink:show="new">OPENDJ-1009</link>: CryptoManagerTestCase:testStreamEncryptDecryptSuccess fails</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-1007" xlink:show="new">OPENDJ-1007</link>: InstallHelper: endless loop, etc.</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-948" xlink:show="new">OPENDJ-948</link>: unauthorized disclosure of directory contents</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-934" xlink:show="new">OPENDJ-934</link>: Changes to RS window-size property require a server restart</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-862" xlink:show="new">OPENDJ-862</link>: Strange ds-privilege-name behavior</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-810" xlink:show="new">OPENDJ-810</link>: Non-atomic password state updates</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-640" xlink:show="new">OPENDJ-640</link>: Text Query Against indexed telephoneNumber Attribute Very Slow</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-573" xlink:show="new">OPENDJ-573</link>: mustChangePassword function makes-up password change state</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-557" xlink:show="new">OPENDJ-557</link>: Identical changes recorded in duplicate changelog records</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-527" xlink:show="new">OPENDJ-527</link>: rebuild-index --rebuildAll corrupts the indexes for certain data sets </para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-518" xlink:show="new">OPENDJ-518</link>: Cannot log into the administrative control panel with FIPS-140 enabled in certain cases</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-514" xlink:show="new">OPENDJ-514</link>: OpenDJ SDK SASL integrity/confidentiality violates protocol</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-505" xlink:show="new">OPENDJ-505</link>: dsreplication enable fails when hostname contains an underscore</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-431" xlink:show="new">OPENDJ-431</link>: Server side sort control only works on result sets of less than 100000 entries</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-412" xlink:show="new">OPENDJ-412</link>: Blocked persistent searches may block all worker threads</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-365" xlink:show="new">OPENDJ-365</link>: Potential deadlock in JE backend while performing a mix of update operations</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-270" xlink:show="new">OPENDJ-270</link>: dsreplication disable takes a long time</para></listitem>
|
<listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-49" xlink:show="new">OPENDJ-49</link>: Replication replay does not take into consideration the server/backend's writability mode.</para></listitem>
|
</itemizedlist>
|
</section>
|
</chapter>
|
