2009

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

Administration Server. However, HP recommends that you do not run the Directory Server

with the user ID root.

• Selecting the Configuration tab results in Java exception errors.

When a nonprivileged user logs into the Directory Console and selects the Configuration

tab, the Directory Console displays Java exception errors.

6 Known issues

Issues known at time of publication include:

• createTimestamp, creatorsName, modifyTimestamp, and modifiersName values

in imported LDIF are not retained

The values of any createTimestamp, creatorsName, modifyTimestamp, and

modifiersName attributes specified in an LDIF file that is being imported are replaced.

The creatorsName and modifiersName values are replaced with empty strings, and the

createTimestamp and modifyTimestamp values are replaced with the current time.

This issue also affects migration when performed using LDIF exports (for example, when

migrating from Netscape Directory Server 6.x).

The account policy plug-in uses the createTimestamp value to determine the account

inactivity limit if a loginTimestamp is not found. Thus, users imported using LDIF and

lacking a loginTimestamp might experience unexpected inactivity limits if account

inactivity policies are created.

Workaround: To retain the values of any of these four attributes, use the bak2db utility to

initialize a Directory Server backend instead of importing the LDIF. You can use the bak2db

utility when the source is Red Hat Directory Server 7.1 or 8.0, and when the data does not

need to be modified between the back up and restoration. For more information, see Section

4.3 (“Backing up and restoring data”) in the HP-UX Directory Server administrator guide.

• passwordGraceUserTime attribute is automatically added when passwords are changed

When a user's password changes, the passwordGraceUserTime attribute is automatically

added with a value of 0. This attribute is added whether the password expiration policy

setting is enabled or not. The presence of this attribute should not interfere with the operation

of the Directory Server but could appear as an inconsistency to third-party applications

accessing the Directory Server.

Workaround: You can remove the passwordGraceUserTime attribute from the user entry,

but it returns the next time the user's password is changed.

• Running LDAP command-line utilities results in “ Unsatisfied data symbol

'GSS_C_NT_USER_NAME'” error in syslog

When the LDAP command-line utilities are run, the error “Unsatisfied data symbol

'GSS_C_NT_USER_NAME'” appears in syslog.

Workaround: The command-line utilities attempt to resolve symbols that are located in the

Kerberos client libraries. Old releases of the Kerberos client libraries do not contain these

symbols. To prevent the error from being logged, download and install KRB5CLIENT

(version 1.6.2 or later) from the following location:

http://www.hp.com/go/softwaredepot

• Files in the log directory and the backup configuration file dse.ldif.startOK are not

assigned the correct primary group after setup

After setup completes, the files in the log directory and the backup configuration file

dse.ldif.startOK are not set to the right group.

Workaround: Use the chgrp command to set the correct group for the relevant files. For

example:

6 Known issues 9