HP-UX Directory Server B.08.10.03 Release Notes (5900-2214, February 2012)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

a component of the Apache server; the HP-UX Apache-based Web Server does not allow the

Apache server to run with the user ID root.

The System User name in the setup-ds.pl script dialog is not affected by this restriction.

The setup-ds.pl script configures the user ID for the Directory Server but not for the

Administration Server. However, HP recommends that you do not run the Directory Server

with the user ID root.

• Selecting the Configuration tab results in Java exception errors.

When a nonprivileged user logs into the Directory Console and selects the Configuration tab,

the Directory Console displays Java exception errors.

6 Known issues

Issues known at time of publication include:

• QXCR1001038153: If the nsslapd-accesslog-logexpirationtime,

nsslapd-auditlog-logexpirationtime, or

nsslapd-errorlog-logexpirationtime attribute is missing from dse.ldif, the Admin

console incorrectly displays the value of the attribute as set to 1. This is incorrect, the default

of these attributes is -1 (disabled).

• When exporting a replica to LDIF using the db2ldif -r command, debug messages might

be seen, similar to the following:

0: if ( userdn = ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot ) TRUE else

FALSE

Parsed authorization.

These are insignificant and can be ignored.

• passwordGraceUserTime attribute is automatically added when passwords are changed

When a user's password changes, the passwordGraceUserTime attribute is automatically

added with a value of 0. This attribute is added whether the password expiration policy setting

is enabled or not. The presence of this attribute should not interfere with the operation of the

Directory Server but could appear as an inconsistency to third-party applications accessing

the Directory Server.

Workaround: You can remove the passwordGraceUserTime attribute from the user entry,

but it returns the next time the user's password is changed.

• Running LDAP command-line utilities results in “ Unsatisfied data symbol

'GSS_C_NT_USER_NAME'” error in syslog

When the LDAP command-line utilities are run, the error “Unsatisfied data symbol

'GSS_C_NT_USER_NAME'” appears in syslog.

Workaround: The command-line utilities attempt to resolve symbols that are located in the

Kerberos client libraries. Old releases of the Kerberos client libraries do not contain these

symbols. To prevent the error from being logged, download and install KRB5CLIENT (version

1.6.2 or later) from the following location:

http://www.hp.com/go/softwaredepot

• Files in the log directory and the backup configuration file dse.ldif.startOK are not

assigned the correct primary group after setup

After setup completes, the files in the log directory and the backup configuration file

dse.ldif.startOK are not set to the right group.

Workaround: Use the chgrp command to set the correct group for the relevant files. For

example:

# chgrp other /var/opt/dirsrv/slapd-example/log/*

# chgrp other /etc/opt/dirsrv/slapd-example/dse.ldif.startOK

6 Known issues 11