2009

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

7 Known issues

Issues known at time of publication include:

• Log files created before a Directory Server restart are not removed according to their

configured expiration policy.

To determine whether to remove a log file that had been created before the last restart, the

Directory Server checks the creation timestamp in the rotationinfo files at startup and

compares it against the expiration policy for that log file. However, the timestamps in the

rotationinfo files are being reset to an incorrect date. As a result, expired log files are

not removed as expected. (QXCR1000977427)

Workaround: Remove the expired log files manually. The creation time of a log file is

indicated by the file name. For example, a file named access.20091101-120000 is an

access log file that was created at noon on November 1, 2009. (These timestamps use the

local time zone configured for the host, not the UTC.) If your expiration policy was set to

30 days, and today's date is later than December 1 of 2009, that file should be removed.

To verify your current expiration policy configuration, look under Logs in the Configuration

tab of the Admin console, or check the appropriate parameters in the dse.ldif file (if the

parameters were left at their default subsequent to the Directory Server installation, the

expiration values are not available in the dse.ldif file; for the default values, see the

HP-UX Directory Server configuration, command, and file reference).

• When exporting a replica to LDIF using the db2ldif -r command, debug messages might

be seen, similar to the following:

0: if ( userdn = ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot ) TRUE else

FALSE

Parsed authorization.

These are insignificant and can be ignored.

• passwordGraceUserTime attribute is automatically added when passwords are changed

When a user's password changes, the passwordGraceUserTime attribute is automatically

added with a value of 0. This attribute is added whether the password expiration policy

setting is enabled or not. The presence of this attribute should not interfere with the operation

of the Directory Server but could appear as an inconsistency to third-party applications

accessing the Directory Server.

Workaround: You can remove the passwordGraceUserTime attribute from the user entry,

but it returns the next time the user's password is changed.

• Running LDAP command-line utilities results in “ Unsatisfied data symbol

'GSS_C_NT_USER_NAME'” error in syslog

When the LDAP command-line utilities are run, the error “Unsatisfied data symbol

'GSS_C_NT_USER_NAME'” appears in syslog.

Workaround: The command-line utilities attempt to resolve symbols that are located in the

Kerberos client libraries. Old releases of the Kerberos client libraries do not contain these

symbols. To prevent the error from being logged, download and install KRB5CLIENT

(version 1.6.2 or later) from the following location:

http://www.hp.com/go/softwaredepot

• Files in the log directory and the backup configuration file dse.ldif.startOK are not

assigned the correct primary group after setup

After setup completes, the files in the log directory and the backup configuration file

dse.ldif.startOK are not set to the right group.

Workaround: Use the chgrp command to set the correct group for the relevant files. For

example: