| Note |
|---|
|
Before using this information and the product it supports, read the general information under 8.0 Notices. |
This README file contains a description of the IBM(R) Directory Server Version 4.1. This product is available on the AIX(R), Linux, HP-UX, Solaris, Windows NT(R), and Windows(R) 2000 platforms. The server readme (server.pdf, server.htm, or server.txt) and a separate readme file describing the IBM Directory Server Client SDK (client.pdf , client.htm, or client.txt) can be found in the following directories:
3.0 Additional hardware and software requirements
4.0 Installation, configuration, and migration
5.0 Restrictions, known problems, troubleshooting, and additional information
7.0 Performance considerations
The IBM Directory Server V4.1 consists of the following components:
It includes an LDAP Version 3 server that supports IETF LDAPv3 (RFC 2251) protocol, schema, RootDSE, UTF-8, referrals, Simple Authentication and Security Layer (SASL) authentication mechanism and related specifications. In addition, it includes support for Secure Socket Layer (SSL), replication, access control, client certificate authentication, CRAM MD5 authentication, change log, password encryption, server plug-ins, enhanced search capability for compound Relative Distinguish Name (RDN), Web-based server administration GUI, LDAP V3 schema definitions, IBM common schema definitions, schema migration and performance improvements.
This version translates messages for Group 1 national languages on Windows NT, AIX, Linux, and Solaris operating systems including Brazilian Portuguese, French, German, Italian, Spanish, Japanese, Korean, Simplified Chinese, Traditional Chinese. In addition, this product on AIX also translates messages for Czech, Polish, Hungarian, Russian, Catalan and Slovakian.
The directory provides scalability by storing information in the IBM DB2 Universal Database(TM) (UDB). DB2(R) is packaged with the directory product.
In addition to the readmes, on-line documents including the Release Notes, QuickStart, the Installation and Configuration Guide for Multiplatforms, the Administration Guide, the Tuning Guide, the C-Client SDK Programming References, the Server Plug-in Reference are provided in pdf and html formats. The Administration Helps and the Directory Management Tool online helps are provided in html format.
The IBM Directory Server Version 4.1 uses the JNDI client from Sun Microsystems. For information about the JNDI client, go to the Sun Microsystems Web site at http://java.sun.com/
For Windows systems:
For AIX systems:
For Solaris systems:
For Linux systems:
For HP-UX systems:
Further information is available on the Web. Find the IBM Directory Server page at http://www.software.ibm.com/network/directory/ for general information and announcements.
At this time there are no additional requirements. See your Installation and Configuration Guide for system requirements.
See the Installation and Configuration Guide for information about the installation of individual components and the migration from a Version 3.1.1.5, a Version 3.2 or a Version 3.2.X server to a V4.1 server. This guide is separately provided in the package to be viewed before the product is installed. This guide is also available from the IBM Directory Web site http://www-306.ibm.com/software/network/directory/library/.
Follow the steps described in the Installation section and the Configuration section for a quick setup of the server, loading a sample database and managing the directory content.
The following items apply to the InstallShield Multi Platform (ISMP) tool:
If the IBM Directory Server installation is done using the InstallShield GUI, the removal must also be done using the InstallShield GUI. You cannot use the native package commands such as installp or RPM, to remove the IBM Directory Server.
To remove the IBM Directory Server:
cd <installation directory>/_uninst
./uninstall
On the AIX platform, the progress bar might be behind the full screen panel when files are being installed. You can minimize the large panel so that the progress indicator panel can be seen.
To use the InstallShield GUI you need to have at least 256M of memory and 400M of /tmp space.
The following information applies to the Server Administration Graphical User Interface (GUI)
On the AIX platform, reconfiguring a database using Server Administration (click Database -> Configure) fails if you select the Backup to option. If you want to reconfigure and back up your database, you must perform two separate operations:
On the Windows NT platform, reconfiguring a database using Server Administration (click Database -> Configure) fails if you select the Backup to option and your user-specified path for the database backup files contains spaces. If you want to reconfigure and back up your database, ensure that your path for the database backup files does not contain any spaces.
The Web-based Server Administration starts, stops and restarts the server as a service on Windows NT and Windows 2000 platforms. In Version 4.1, if you run slapd.exe as an application (from a console), Server Administration detects that it is running , but cannot stop or restart it. To stop the server you must press <CTRL>-C at the console in which it is running.
Make sure that the system environment variable, LANG, matches the name of a folder under <install path>\LDAP\NLS\msg. For example: "enus1252" for US English. LANG might be changed by other applications installed after LDAP, specifically DCE for Windows.
In the Server Administration Settings -> Schema -> Files section, you can choose to remove the schema files that are loaded at setup. Extreme caution must be used because the files must be removed in pairs:
If you remove only one of the files in the pair, you cannot restart the server.
If you have removed one file from the pair and cannot restart the server, you must go back to the Settings -> Schema -> Files panel and add back the file that you have removed. To do this. type the path and file name in the field and click Update.
The name of the installation directory where V4.1 is installed must not have special characters, such as "-" and ".". If you do not choose the default location for the software installation, choose a name such as "ldap" or "ldapdir". Do not choose a name such as "ldap-dir" or "ldap.dir".
Installation of V4.1 software for a Windows NT backup domain controller is not supported at this time.
The following information applies to the Directory Management Tool.
The Directory Management Tool runs using the version of the Java Virtual Machine that is included with IBM Directory Server. If you want to run the Directory Management Tool using a newer version of the Java Virtual Machine, set the environment variable ENV_JAVA=1. If this variable is set, the Directory Management Tool searches until it finds a working version of the Java Virtual Machine. If no version is found, the Directory Management Tool runs with the Java Virtual Machine version included with the IBM Directory Server.
Setting the ENV_JAVA=1 variable causes the following:
For the AIX platform , the Directory Management Tool searches for the Java Virtual Machine in the following directories:
For Windows NT and Windows 2000 platforms, the Directory Management Tool searches for the following registry keys:
For the Solaris platform , the Directory Management Tool searches for the Java Virtual Machinein the following directories:
If you create your own dmt.conf file and choose to include the password in that file, you might want to protect your password. Change the world access permissions so that the dmt.conf file is not readable.
For UNIX systems, in the directory that contains the dmt.conf file, type:
chmod 700 dmt.conf
For Windows NT systems:
For Windows 2000 systems:
Directory Management Tool does not start on the Japanese version of Linux Red Hat 7.1 operating system. Trying to start the Directory Management Tool results in an 'mprotect' error message.
At the present time the Directory Management Tool has a performance limitation of 100,000 entries. Using the tool with directories having greater than 100,000 entries might lessen the performance of the tool. See the IBM Directory Server Version 4.1 Tuning Guide for the latest information.
Syntax length is not a mandatory field. It defaults to 240 bytes for a string and 256 bytes for a binary. A string can range from a minimum of 1byte to a maximum of 32700 bytes. The maximum for a binary is 2 GB.
In order for the Directory Management Tool to display simplified Chinese, you must perform the following steps:
filename.\u5b8b\u4f53=simsun.ttf
to
filename.\u5b8b\u4f53=simsun.ttc
If running the Directory Management Tool on a Linux S/390 machine using the SuSE Linux 7.2 distribution receives an "Out of Memory" error condition, the root cause is the level of Java support that is currently loaded on the machine. This error message is the result of Java Runtime Environment (JRE) 1.3.0 being loaded in that customer environment. The Directory Management Tool for IBM Directory Server 4.1 is not supported on Linux S/390 with Linux kernel 2.4 and Java JRE 1.3.0.
When using the Directory Management Tool to add an entry with a DN that
includes double quotations, spaces or backslashes, you must use a backslash (
\ ) to escape the characters. For example:
| What you want to add | What you enter using the Directory Management Tool |
|---|---|
| cn=aaa\\bbb,o=ibm,c=us | cn=aaa\\\bbb |
| cn=aaa\"bbb,o=ibm,c=us | cn=aaa\\"bbb |
For information about the JNDI compositeName syntax go to http://java.sun.com/j2se/1.3/docs/api/javax/naming/CompositeName.html.
The following information applies to the IBM Network Authentication Service (formerly referred to as Kerberos):
When running IBM Directory 4.1 with the IBM Network Authentication Service on Windows 2000 servers, you must be using the latest 1.1 release of the Network Authentication Service code, otherwise the directory server (slapd) does not start after installation.
To check the level of Network Authentication Service code:
If you are running a Windows 2000 server as a domain controller and you want to use a different KDC, you need to follow these steps:
[domain_realm]
.mymachine.company.com = MYREALM.COMPANY.COM
Note the additional dot in front of the domain name.
The following information applies to the IBM Universal Database (DB2):
Users should not put anything in to the default database directory (for AIX and Linux platforms: /home/ldapdb2, for Windows NT and Windows 2000 platforms: c:\ldapdb2, for Solaris platforms: /export/home/ldapdb2). This directory as well as the ldapdb2 ID are reserved by the IBM Directory Server. User files in this database directory might be deleted.
Currently an entry with a large binary attachment might generate an 'Operations Error' error message.
If your entries need to include large binaries (for example up to 3 MB), you need to increase the size of the query heap. Use the DB2 update command to increase the query heap size. Issue the following command:
db2 update dbm cfg using query_heap_sz 2000
Stop and restart DB2 to initialize the change.
If you need to include binary attachments larger than 3 MB, you will need to increase the query heap size accordingly.
If you are installing IBM Directory Server on a machine where two version of DB2 are installed, a conflict in the libdb2.a library can disable the slapd process from starting.
Third-Party products can set links for /usr/lib/libdb2.a to either of the installed DB2 versions. When IBM Directory Server is started, it first searches the /usr/lib directory for the libdb2.a link.
If this first link is found, it uses this library for accessing DB2. If this link does not match the version of DB2, which the IBM Directory Server is configured to use, then the slapd process fails to start. If this link is not found, the slapd process then searches /usr/ldap/lib, to find the correct link.
You need to set the environment variable LIBPATH to point to the appropriate library file for the DB2 version configured for the IBM Directory Server.
The following information applies to the bulkload utility:
If an attempt to load a database using bulkload fails and you decide to drop the database, before you can try bulkload again with a new database, you must do two things:
The following information applies to the AIX operating system only:
The IBM Directory Server Version 4.1 C-API now has a 64-bit enabled library for building 64-bit LDAP applications. This library is named libibmldap64n.a and is located in directory /usr/ldap/lib with the soft link, /usr/lib/libibmldap64.a -> /usr/ldap/lib/libibmldap64n.a for the AIX 4.3.3 platform or in the directory /usr/ldap/lib/aix5 with with the soft link /usr/lib/libibmldap64.a -> /usr/ldap/lib/aix5/libibmldap64n.a for AIX 5L(TM) Version 5.1 or greater platform .
Two libraries are needed because AIX platforms use different 64-bit XCOFF formats for executables or object modules on AIX 4.3.3 and AIX 5L Version 5.1 platforms . An application built with an AIX 4.3.3 64-bit XCOFF format does not run on an AIX 5L Version 5.1 system. Likewise a 64-bit application built to run on an AIX 5L Version 5.1 system does not run on an AIX 4.3.3 system.
At this time, the CRAM-MD5 SASL plug-in is a separate dynamically loadable shared object for 32 and 64 bit LDAP applications. To correctly select and load the appropriate 64-bit module, the environmental variable IBMLDAP_CONF must be set to a location other than /etc. At this new location, you need to create a copy of the /etc/ldap.conf file and replace the following entry:
plugin sasl CRAM-MD5 ldap_plugin_sasl_cram-md5 ldap_plugin_init
with:
plugin sasl CRAM-MD5 ldap_plugin_sasl_cram-md5_64 ldap_plugin_init
Additional information for building 64-bit applications for AIX can be found in the documentation for VisualAge(R) C/C++ Professional for AIX Version 5.0.
You might need to adjust the UNIX ulimit settings for the process running the IBM Directory Server (slapd). The "nofiles" (descriptors) setting limits the number of concurrent connections to the server, because each connection requires an open socket descriptor. If your clients receive a "DSA Busy" error message from the server, try increasing the nofiles limit. You can reset the limit with the ulimit command. For example, to set the limit to 32,000 use:
ulimit -n 32000
To view all of the current limits, use:
ulimit -a
Another limit to consider when configuring the IBM Directory Server is the memory limit. On AIX platforms, this setting limits the ability of the process to use physical memory. If your machine has at least 256 MB of memory, set the memory limit to 240 MB.
ulimit -m 240000
Set the ulimit for coredump (blocks) to a large enough value to ensure that a complete core file can be dumped in the event of a problem with the server. The AIX platform default setting, 2097151, in most cases is sufficient.
If you used AIX Maintenance Patch 50 for AIX 4.3.3 to install the required patches to support Java JRE 1.3, the Netscape browser might not start. If you have a libpthreads or libc_r.a problem trying to start the Netscape browser on AIX 4.3.3, then try the following:
cd /usr/netscape/communicator/lib433/
ln -s /usr/lib/libc.a
The gsk5ikm korn shell script on AIX platforms is trying to find a file '$JAVA_HOME/sh/jre' that no longer exists. To use this java utility you must issue the following commands:
ln -s /usr/ldap/java/bin/java /usr/ldap/java/bin/jre
Netscape Communicator 4.51 for AIX might cause JavaScript errors when opening IBM directory help files. To avoid these errors use Netscape Communicator Version 4.7 or higher.
The configuration currently does not provide an option for starting the LDAP server at system boot time. However, this can be achieved by manually adding a line to inittab:
ldapd:2:once: /bin/slapd > /dev/console 2>&1 #autostart LDAP/DB2 Services
For a IBM Directory Server created on an AIX system that has a double byte code set (DBCS) primary locale and has its database created in a local code page, the IBM Directory Server can be automatically started at boot time by adding the following statement:
ldap:2:once:/bin/slapd -f /etc/slapd32.conf >/dev/console 2>&1, to /etc/inittab
This is sufficient for most locales with exception of the DBCS locales where the IBM Directory Server has been configured in a local (Non-UTF8) code page. In this case, create an executable script with the following contents and appropriate line added to the /etc/inittab using the mkitab command.
Create an executable slapd start script, (example /etc/rc.ldap) with the following contents:
#!/bin/ksh
export LANG=<Primary Locale>
export LC_ALL=<Primary Locale>
/bin/slapd -f /etc/slapd32.conf
Add an appropriate entry into /etc/inittab using the mkitab command as root user:
mkitab "ldap:2:once:<script name> >/dev/console 2>&1"
chitab "ldap:2:once:<script name> >/dev/console 2>&1"
This problem occurs if you exit from the Directory Management Tool on a machine that has the IBM Directory Server installed. This causes the creation of a core file and a javacore file that take up space in your directory. You can safely remove these files to restore the space in your directory.
To avoid this problem on a server machine you must launch the Directory Management Tool from a logged-in user other than root.
For Simplified Chinese, you need to set the locale to Zh_CN for Graphical User Interface (GUI) application usages such as Server Administration.
For the Directory Management Tool and the ldapxcfg utility you need to issue the following commands in the session where these utilities are invoked:
export LANG=Zh_CN export LC_ALL=Zh_CN
With double-byte languages on AIX platforms, the text for the buttons in the Server Administration utility are displayed incorrectly because of a known problem with the Netscape Web browser.
The following information applies to the Windows NT and Windows 2000 operating systems:
If you have a master server configured to do replication during updates, you might see an error like the following in the slapd error log:
"[IBM][CLI Driver] CLI0157E Error opening a file. SQLSTATE=S1507"
This problem can be resolved by adding the following stanza to the \sqllib\db2cli.ini file:
[COMMON] TempDir=x:\<your-directory>\
where "x:\<your-directory>\" specifies an existing directory on a drive that has space available. DB2 writes temporary files to this directory. The amount of space required depends on the size of the directory entries that you are adding or updating, but generally does require more space than the size of the largest entry you are updating. The trailing slash ('\') is required.
When backing up the directory database using Server Administration, if the (Lightweight Directory Interchange Format (LDIF) file provided is on a network drive at the server machine, the file path might not be found. This is because of the Web server running as a Windows NT service. It does not recognize that the network drive has been added after the Windows NT system startup.
The Directory Server replication fails on a single processor MP machine which has a multiprocessor NT kernel installed and was originally configured with two or more processors.
The slapd server does not start if it cannot open this file with both read and write permissions.
The following information applies only to Windows NT and Windows 2000 operating systems.
If you have a version of DB2 that is earlier than 7.1 or want to upgrade to the 7.2 level that is included with the IBM Directory Server Version 4.1, you must first uninstall your existing version of DB2. Ensure that you also remove the db2admin userid because it is not removed by the uninstalling process.
If you have an incompatible level of DB2 existing on your machine, during the installation of the IBM Directory Server you are prompted to stop the installation process and remove the existing level of DB2. Rather than removing your version of DB2, try to upgrade it first.
To upgrade your level of DB2 follow the directions in Upgrading to a new version of DB2 UDB, located on the IBM Directory Server Web site (http://www-306.ibm.com/software/network/directory/library).
If you must remove your existing level of DB2 and install the level of DB2 included with the IBM IBM Directory Server Version 4.1, you must first back up your database before removing the existing copy of DB2, otherwise your data will be lost.
ldapucfg -d
The following information applies to the Solaris operating system only:
In this release Kerberos authentication not supported for the Solaris platform. Consequently, although the Kerberos panel is displayed when Kerberos is selected under the Server Administration Security selection, none of the functions are available. Similarly, in the Server Administration Replication section the Kerberos buttons for authentication in the Add a replica and Edit a replica do not work.
To run the IBM Directory Server in the zh_TW.BIG5 locale on the Solaris Operating Environment Software(TM), you must set the following after configuring your database:
/export/home/ldapdb2/sqllib/adm/db2set DB2CODEPAGE=950 /export/home/ldapdb2/sqllib/adm/db2set DB2COUNTRY=88
To view the following documentation for zh_TW.BIG5 locale, replace zh_TW.BIG5 with zh_TW in the path specification:
On the Solaris 8 operating system with the default Traditional Chinese locale (zh_TW.Big5) if you are running the Directory Management Tool, you need to add the following to your profile:
export LANG=zh_TW export LC_ALL=zh_TW
On Solaris 8, you need to change the language variable setting in the session where Directory Management Tool is invoked to zh_TW, not in the root .profile file.
If you are running the Directory Management Tool locally, the Directory Management Tool help files might not display. You need to enable client access control so that clients can connect from any host. Issue the following commands at the local machine console:
xhost + <hostname> dmt
This applies to both Solaris 7 and Solaris 8 operating systems
On Solaris 8, for Group 1 languages (Brazilian Portuguese, French, German, Italian, and Spanish) and double-byte languages (Japanese, Korean, Simplified Chinese, and Traditional Chinese), different GUI applications require different locales in order for them to work correctly with the language that is set on the machine.
For Server Administration, use the following locales to invoke the Server
Administration correctly.
| Language | Locale |
|---|---|
| Brazilian Portuguese | pt_BR.ISO8859-1 |
| French | fr_FR.ISO8859-1 |
| German | de_DE.ISO8859-1 |
| Italian | it_IT.ISO8859-1 |
| Spanish | es_ES.ISO8859-1 |
| Japanese | ja_JP.PCK |
| Korean | ko |
| Simplified Chinese | zh |
| Traditional Chinese | zh_TW.BIG5 |
For the Directory Management Tool, in the session where the Directory
Management Tool is invoked, export the following locales to invoke the
Directory Management Tool correctly in each language.
| Language | Locale |
|---|---|
| Brazilian Portuguese | pt or pt_BR |
| French | fr |
| German | de or de_DE |
| Italian | it |
| Spanish | es |
For double-byte languages, you must issue the following commands in the session where the Directory Management Tool is invoked:
export LANG=ja_JP.PCK export LC_ALL=ja_JP.PCK
export LANG=ko export LC_ALL=ko
export LANG=zh export LC_ALL=zh
export LANG=zh_TW export LC_ALL=zh_TW
The following information applies to the Linux operating systems only:
Installing DB2 V7.1 requires a system library file called libncurses.so.4 that is needed by the db2setup command. RedHat 7.0 has a later version of that file, but because db2setup requires version 4, you must do the following to create a symbolic link:
cd /usr/lib ln -sf libncurses.so libncurses.so.4
On the SuSE Linux 7.2 version of the Linux operating system, the Directory Management Tool panels are displayed in English, even if you have set your locale variable to a language other than English. This is a known problem. The SuSE Linux 7.2 version of the Linux operating system is not officially supported by Java 1.3, which is included in the IBM Directory Server Version 4.1 release.
If you do a bulkload on Red Hat 7.1, you receive the following error:
SQL2044N An error occurred while accessing a message queue. Reason code: "1".
To avoid this error, change the value in the /proc/sys/kernel/msgmni file from 16 to 50.
If you are logged in as root, and you want to run a bulkload, make sure the DB2INSTANCE and LD_LIBRARY_PATH environment variables are not set. If any DB2 environment variables are set when you run bulkload, bulkload will fail.
When using the Directory Management Tool, you need to change the language variable setting in the session where Directory Management Tool is invoked, to ja_JP.
If you have more than one language package installed and you remove one of the packages, the entire usr/ldap/nls directory is also removed.
This release supports Linux for S/390. SuSE Linux is supported with the 2.2.16 kernel, plus the 2.4 kernel. TurboLinux is supported with the 2.2.19 kernel.
The following information applies to the HP-UX platform.
When you install the Java Virtual Machine using swinstall, you need to supply the full path to it as /cdrom/java/rte_13102os11.depot.
You can install DB2 directly from the CD by going into the udb72 subdirectory and issuing the db2setup command. You can also follow the DB2 installation information located at http://www.developer.ibm.com/library/data/install_HP-UX.html.
Follow the instructions in the IBM Directory Server Version 4.1 Installation and Configuration for Multiplatform Guide.
You can install the following packages:
GSKit is available from the gskit directory. Follow the instructions in the IBM Directory Server Version 4.1 Installation and Configuration for Multiplatform Guide.
After you have completed the installation process, you need to set the following environment variable:
NLSPATH = /usr/lib/nsl/%L/%N
The following items apply to the IBM Directory Server and are not platform specific.
DBCS Characters in the Administrator Passwords are not supported.
After all DB2 tables are created with some data loaded to the server, changes made to attribute table names or maximum (syntax) length values do not cause the table that has been created to change. If there is no data in the attribute table, it is possible to modify the table name and attribute syntax size from Directory Management Tool after the IBM Directory Server is started. In this case, the database table is changed to the new size and name.
If db2ldif is used to create a file on a Windows NT machine, and the data is copied to AIX or Solaris platforms in binary using FTP, then each line ends with an extraneous carriage return character (Ctrl-M when viewed in an editor such as vi).
If the file is provided to ldif2db on UNIX, the utility loads only the first entry or none of the entries. This might occur when populating replicas on different platforms. To avoid the problem, copy the text file in ASCII mode.
If a DB2 column name of a new user attribute in the schema configuration file causes a problem, a DB2 reserved word might have been picked. To resolve the problem, use a different name.
The problem happens when GSKIT SSL is used and the Windows NT machine is mounted as a networked drive and the drive is in your path. The server takes an additional 3-7 minutes to start. The cause of the problem appears to be that the server sends a QPathInfo SMB message and is getting an undefined error back. The server continues to try to send the QPathInfo message in a loop until it times out.
The problem is caused by remote drives being referenced in the PATH statement before local drives. The cause of the problem appears to be the inability of processes running as a SYSTEM service to properly access remote drives. The solution to this problem is to make sure that in the PATH statement the directories on local drives are specified before any directories that are located on remote drives.
If you encounter the following error when using an extremely complex filter in a ldapsearch operation:
Error code -1 from odbc string:" SQLFetch "
ldap_search: Operations error
and find this message from the database error log file
installation directory\tmp\cli.errors:
12/02/98 15:11:28 native retcode = -973; state = "57011";
message = "[IBM][CLI Driver][DB2/NT] SQL0973N Not enough storage
is available in the "APP_CTL_HEAP" heap to process the statement.
SQLSTATE=57011: Virtual storage or database resource is not available.
Increase the database heap size needs from a command window (on Windows NT, from a DB2 command window by typing db2cmd first):
db2 update db cfg for databasename using APP_CTL_HEAP_SZ 256
where databasename is the database name for ldap. The default size is 64 (of 4k blocks).
If you have a problem with starting a replication master server on a Windows NT multiprocessor, look at the cli.errors and slapd.errors files in installation path/tmp directory.
If you find the following messages in slapd_errors:
Error code -1 from odbc string:" SQLFetch " Error code -1 from odbc string:" SQLGetData "
and in cli.errors:
native retcode = -973; state = "57011"; message = "[IBM][CLI Driver] [DB2/NT] SQL0973N Not enough storage is available in the "APP_CTL_HEAP" heap to process the statement. SQLSTATE=57011" native retcode = -99999; state = "24000"; message = "[IBM][CLI Driver] CLI0115E Invalid cursor state. SQLSTATE=24000"
The problem is that DB2 is running out of heap space. Fetch is returning a message about APP_CTL_HEAP_SZ being too small. This problem might be because a large number of updates (for example, 5,000 change entries) to be replicated to the replica servers, possibly after a replica server shutdown and restart followed by a master server shutdown and restart.
Increasing the APP_CTL_HEAP_SZ (for example from 64 to 256) solves this problem.
If you are adding a large number of entries using ldif2db, and the entries are not replicated because of an error. If you find a log entry in file installation directory\tmp\cli.errors (on most UNIX systems, /tmp/cli.error and on Solaris /var/ldap/cli.error) about APP_CTL_HELP being too small, increase APP_CTL_HEAP_SZ from a command window (on Windows NT, from a DB2 command window by typing db2cmd first) to fix the problem:
db2 update db cfg for databasename using APP_CTL_HEAP_SZ 256
The configuration program might report error codes as a result of database configuration. The following are the error codes that might be reported and what they mean.
76 - The instance you specified does not exist.
Verify the instance that was input actually exists and retry.
84 - A database configuration error occurred.
Look in slapd.errors for more information.
These files on the following platforms contain the date of the product build:
installation directory/web/readme/buildno.txt
The LDIF files generated by earlier (pre-v3.2) versions of db2ldif contains operational ACL attributes and can not be used by ldapadd. ldapadd does not recognize the old inherit-on-create operational attribute and so cannot be used in place of the ldif2db to load the data dumped from a V2 server. Use the ldif2db utility as described in the migration documentation.
If you are not satisfied with the font size of the ldapxcfg panels, you may change the default font size as follows:
cd /usr/ldap
This change should take effect the next time ldapxcfg is started.
In Internet Explorer 5, on some Server Administration screens with both "Back" and "Next" buttons, or "Back" and "Finish" buttons, users must click on the "Next" or "Finish" button to proceed to the following screen. If the user presses the Enter key on the keyboard, he is taken back one screen instead of forward and any input he entered on the screen is lost.
On the create group (and role) panels, there is a field marked Relative Group DN which appears in between the suffix list and the field for Common Name. This field should be filled in with the new DN except the suffix. For example, if the defined suffix is 'c=US'. The Full DN of the new entry is 'ou=Austin, o=IBM, c=US'. The Relative Group DN field should contain 'ou=Austin, o=IBM'. The suffix which is appended to this Relative DN is selected in the suffixes list just above this field.
The IBM Directory Server does not support approximate matching for double-byte languages (Korean, Japanese, Chinese, and so forth). At this time this is a permanent restriction.
The following information applies to the Microsoft IIS Web server:
The Microsoft Personal Web Manager does not always correctly update the registry for the MS IIS virtual roots. If IBM Directory Server is reinstalled to a different location and re-configured for MS IIS, but the http://localhost/ldap URL fails to work, remove the /ldap virtual root from the Microsoft Personal Web Manager by clicking the Advanced icon, selecting the /ldap virtual root and clicking Remove. After removing the LDAP virtual root, reconfigure IIS for LDAP again and then restart the IIS server.
The following information applies to the IBM HTTP server:
There is a problem with the Microsoft IE browser which appears to be a log on problem, but it is really a cookie problem. If you are using the secondary directory entry window to display an entry, and get the message "You are not logged on ..." when in fact you are logged on to the server in the primary IBM Directory Server window, the browser cookie has been lost. The only remedy to the problem is to close down all non-LDAP occurrences of the browser that might have set a cookie. About 5 seconds after doing so, reopen the secondary window and the log on problem should be gone.
A server caching problem might occur. Typically the problem shows up as extra text at the top of the second directory entry screen but other unexplained behavior, such as being unable to change the error log path, has been reported. To correct these problems, in the Web server configuration file, located in ibmhttp path\conf\httpd.conf comment out the lines starting with "Afpa". This includes:
The following information applies to the Lotus Domino server:
If you are going to be using SSL, add the Lotus Domino installation directory to the PATH environment variable.
See the IBM Directory Server Version 4.1 Administration Guide for additional information.
You might want to allocate as much as 75% of the machine memory to the DB2 database buffer pool. You can use the DB2 database system monitor to calculate the buffer pool hit ratio, which can help you tune your buffer pool for your specific environment. The "optimizing" action must be used after changing any db2 configuration parameters.
Refer to the DB2 Database Tuning Parameter section of the Installation and Configuration Guide. The DB2 Database System Monitor Guide and Reference is a good reference for overall db2 tuning information. For further information on tuning DB2, refer to the Web site: http://www.software.ibm.com/data/db2/library.
See also the IBM Directory Server Version 4.1 Performance Tuning Guide for additional information.
This information was developed for products and services offered in the U.S.A. IBM might not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of LicensingFor license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation LicensingThe following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the information. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this information at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM CorporationSuch information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.
The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary.
The following terms are trademarks of International Business Machines Corporation in the United States, or other countries, or both:
AIX
AIX 5L
DB2
DB2 Universal Database
IBM
S/390
VisualAge
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
Lotus and Domino are trademarks of Lotus Development Corporation in the United States, other countries, or both.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.
UNIX is a registered trademark of The Open Group.
Other company, product, and service names may be trademarks or service marks of others.