Known Issues

During an update or upgrade installation the cert8.db file is written again.If you used this default file for your certificates they are lost.

To prevent such type of errors, use another filename for your certificates and set the corresponding environment variable.

During the DirX Identity installation the agent batch files in the bin directory of the installation path are overwritten.If you changed something in these files (for example more memory for the Java processes) this information is lost.

To avoid this problem, you should copy the agent batch file before you perform the changes.To use the copied and changed files, set the link from the Agent objects in the DirX Identity configuration database (Connectivity Configuration Data → Agents) to the new files.

In a distributed environment be sure that all DirX Identity servers where this agent shall run have a copy of the changed file.

The configuration runs a set of scripts during an upgrade installation to delete superfluous objects.

With the InitialConfiguration step “Connectivity Schema and Data Configuration” the outdated objects listed in the files containing “Hub” in the name are deleted in the Connectivity configuration.With the step “Domain configuration” the outdated objects of the specific domain listed in the files containing “Role” in the name are deleted in the Provisioning configuration.

If you have added parts of the deleted objects for example in the context of a collection import, you can either run the scripts again as described below or just delete the objects listed in the files with the Identity Manager.

These files with objects to be deleted exist:

If you have to delete the objects again after the InitialConfiguration run, which can only happen in the context of a collection import or other ldif file import after the InitialConfiguration, you can run the scripts again.

To run the scripts for deletion of objects listed in *.ldif files:

Open a dos prompt,

change to the directory install_path\confdb\data,

call ..\..\bin\metacp ..\tcl\load.ldif.change.tcl OutdatedObjects_filename trace_filename

To run the scripts for deletion of objects listed in *.txt files:

Open a dos prompt,

change to the directory install_path*\confdb\data*,

call ..\..\bin\metacp ..\tcl\removeSubtree.tcl user password server port ssl subtree_dn tracefile for every subtree dn listed in the *.txt file.

Because the removeSubtree.tcl script must be called for every subtree it is easier to delete the subtrees with the Identity Manager.

Running migration.bat from the folder

install-path\GUI\migration\CreateDxrUids

can result in the

Set uid value for object dn failed.

Cause could be that you extended your object description for example with save scripts. To solve this problem be sure that the DirX Identity Manager and the migration script use the same ClassPath.

Updating an existing and used sample domain can result in doubled memberships at accounts and groups. That means the dxrMemberADD and dxrMemberOK are both filled with the same members.

This problem comes from the fact that initially the members are all in ADD state. If you played with the sample domain, some or all of the members go to OK state. Updating the sample domain during an upgrade adds all ADD states again.

You can easily correct this problem if you resolve all users of the My-Company domain.

Run the Privilege resolution with the filter (objectClass=dxrUser). This resolves all users and corrects these doubled memberships.

If an attribute is filled in the LDAP directory with multiple values and the object description for this attribute is defined as single value, errors could occur that were hard to find.

Starting with DirX Identity V8.2B such inconsistencies are reported via a warning message:

WAR(STG617): Multiple values exist for single value property '<attributename>' of dn=…​

If you encounter such a warning, check the corresponding object description of that object and correct it.