chap-issues.xml revision 51607ea01068c9047391e4c8b46bc9dbd0edb7fd
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! CCPL HEADER START
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! This work is licensed under the Creative Commons
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! To view a copy of this license, visit
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! or send a letter to Creative Commons, 444 Castro Street,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Suite 900, Mountain View, California, 94041, USA.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! You can also obtain a copy of the license at
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! See the License for the specific language governing permissions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! and limitations under the License.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! If applicable, add the following below this CCPL HEADER, with the fields
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! enclosed by brackets "[]" replaced with your own identifying information:
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Portions Copyright [yyyy] [name of copyright owner]
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! CCPL HEADER END
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Copyright 2011-2013 ForgeRock AS
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en'
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd'
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <title>OpenDJ Fixes, Limitations, & Known Issues</title>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>This chapter covers the status of key issues and limitations for OpenDJ
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <?eval ${docTargetVersion}?> and OpenDJ SDK <?eval ${docTargetVersion}?>.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark For details and information on other issues, see the <link xlink:show="new"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ" >OpenDJ issue
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <note><!-- TODO: reconsider when 2.4.x is no longer supported. -->
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ 2.6.0 includes important improvements to replication.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Replication remains fully compatible with earlier versions. However, some
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark operations that work fine with OpenDJ 2.6.0, such as replicating large
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark groups and replicating high volumes of adds and deletes, can cause
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark issues for earlier versions. Make sure you upgrade all servers to 2.6.0
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark before allowing clients to take advantage of write operations that could
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark cause trouble for older servers.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>The following important bugs were fixed in this release.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>TODO</para><!-- https://github.com/markcraig/release-notes-list-builder -->
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Release <?eval ${docTargetVersion}?> has the following
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark limitations.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <itemizedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ directory server provides full LDAP v3 support, except for
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark alias dereferencing, and limited support for LDAPv2.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>When you configure account lockout as part of password policy,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark OpenDJ locks an account after the specified number of consecutive
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark authentication failures. Account lockout is not transactional across a
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark replication topology, however. Global account lockout occurs as soon as
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark the authentication failure times have been replicated.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ is not fully integrated with Microsoft Windows, yet OpenDJ
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark directory server can be run as a service, and thus displayed in the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Windows Services Control Panel.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ replication is designed to permit an unlimited number
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark of replication servers in your topology. Project testing has, however,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark focused only on topologies of up to eight replication servers.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ plugin extensions must follow the guidelines set forth in
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>opendj/example-plugin.zip</filename>. When developing your
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark extension, aim to remain loosely coupled with any particular version of
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark OpenDJ. Libraries used must be installed in
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>opendj/lib/extensions/</filename> (or bundle them in your
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark .jar). Keep your configuration separate from the server configuration.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Also, unless you are reusing standard schema definitions, keep your
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark schema definitions separate as well.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>This can affect how your extension works after upgrade. In
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark particular <literal>opendj-accountchange-handler-1.0.0</literal> does
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark not work with OpenDJ 2.6.0 after upgrade (<link xlink:show="new"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xlink:href="https://bugster.forgerock.org/jira/browse/OPENDJ-991"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark >OPENDJ-991</link>). See that issue for notes on how make that version
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark of the extension work with OpenDJ 2.6.0.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <!-- This hardware is EOL.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>On Niagara systems such as T2000, hardware SSL crypto acceleration
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark runs more slowly than software crypto acceleration. To work around this
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark issue take the following actions.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <orderedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Add more request handlers to LDAP (for TLS) and LDAPS (for SSL)
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark connection handlers.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Disable hardware acceleration for server's JVM by removing the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark SunPKCS11 security provider from
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>jre/lib/security/java.security</filename>.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </orderedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </itemizedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>When deploying for production, make sure that you follow the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark installation instructions on allowing OpenDJ to use at least 64K (65536)
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark file descriptors, and on tuning the JVM appropriately.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>The following important issues remained open at the time this release
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark became available.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>TODO</para><!-- https://github.com/markcraig/release-notes-list-builder -->
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>