Oracle Unified Directory 12.2.1.4.230406 BP includes the following new features and enhancements:

This section describes bundle patches and explains differences between bundle patches, interim patches (also known as patch set exceptions), and patch sets.

Stack patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Quarterly Stack Patch Bundles (Doc ID 2657920.1) at https://support.oracle.com.

A bundle patch is an official Oracle patch for Oracle Unified Directory. In a bundle patch release string, the fifth digit indicated the bundle patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the form "YYMMDD" where:

• YY is the last 2 digits of the year

• MM is the numeric month (2 digits)

• DD is the numeric day of the month (2 digits)

Each bundle patch includes libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in a bundle patch are tested and certified to work with one another. Each bundle patch is cumulative. That is, the latest bundle patch includes all fixes in earlier bundle patches for the same release.

In contrast to a bundle patch, an interim patch addressed only one issue for a single component. Although each interim patch was an official Oracle patch, it was not a complete product distribution and did not include packages for every component. An interim patch included only the libraries and files that had been rebuilt to implement a specific fix for a specific component.

You may also know an interim patch as: security one-off, exception release, x-fix, PSE, MLR, or hotfix.

A patch set is a mechanism for delivering fully tested and integrated product fixes. A patch set can include new functionality. Each patch set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. All of the fixes in a patch set are tested and certified to work with one another on the specified platforms.

Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that Customers apply these certified patches. For more information on these patches, see the note Certification of Underlying or Shared Component Patches for Identity Management Products (Doc ID 2627261.1) at https://support.oracle.com.

Before you run OPatch, find the OPatch utility in the Oracle home (ORACLE_HOME) and verify that you have the latest version.

Complete the following steps before you apply the bundle patch:

• Verify that the OPatch version is 13.9.4.2.7 or higher.

  1. Access and log into My Oracle Support at the following location:

     https://support.oracle.com/

  2. In the Search Knowledge Base field, enter 1587524.1. This is the ID of the document that describes Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c.

  3. In the search results, click the link corresponding to document ID 1587524.1.

  4. In the document, click the Patch 28186730 link which will take you to the screen where you can obtain the OPatch 13.9.4.2.7 or higher version.

• Verify the OUI Inventory:

  OPatch needs access to a valid OUI inventory to apply patches. Validate the OUI inventory with the following commands:

  Unix

  $ opatch lsinventory

  Windows

  opatch.bat lsinventory

  If the command throws errors than contact Oracle Support and work to validate and verify the inventory setup before proceeding.

• Confirm the executables appear in your system PATH.

  Unix

  $ which opatch

  $ which unzip

  Windows

  where opatch.bat

  where unzip

  If the command errors out, contact Oracle Support and work to validate and verify the inventory setup before proceeding. If either of these executables do not show in the PATH, correct the problem before proceeding.

• Create a location for storing the unzipped patch. This location will be referred to later in the document as PATCH_TOP.

Before you apply the bundle patch for Oracle Unified Directory 12c (12.2.1.4.0), you must set the environment variable and stop all the Directory Server instances and domains.

You must complete the following prerequisites for applying the bundle patch:

1. Set ORACLE_HOME environment variable to Oracle Middleware Home Location (under which OUD is installed).

   For example:

   Unix

   $ <bash> export ORACLE_HOME="Oracle Middleware Home Location"

   Windows

   <prompt> set ORACLE_HOME="Oracle Middleware Home Location"

2. Verify that ORACLE_HOME is set correctly by running the following command.

   Unix

   ls $ORACLE_HOME/OPatch/opatch

   Windows

   dir %ORACLE_HOME%\OPatch\opatch.bat

3. Stop all the Directory Server instances and domains where Oracle Unified Directory Services Manager (OUDSM) is installed, depending upon the domain configuration.

   1. Stop Standalone Oracle Unified Directory Server

      If you installed Oracle Unified Directory in a Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) mode, stop all the Directory Server instances using the stop-ds command.

      Unix

      ORACLE_HOME/INSTANCE_NAME/OUD/bin/stop-ds

      Windows

      ORACLE_HOME\INSTANCE_NAME\OUD\bat\stop-ds.bat

   2. Stop Collocated Oracle Unified Directory Server

      If you installed Oracle Unified Directory in a Collocated Oracle Unified Directory Server (Managed through WebLogic server) mode, complete the following steps:

      1. Stop the OUD instance by running the following command from command line interface.

         Unix

         DOMAIN_HOME/bin/stopComponent.sh INSTANCE_NAME

         Windows

         DOMAIN_HOME\bin\stopComponent.bat INSTANCE_NAME

      2. Stop the node manager.

         Unix

         DOMAIN_HOME/bin/stopNodeManager.sh

         Windows

         DOMAIN_HOME\bin\stopNodeManager.cmd

      3. Stop the Oracle WebLogic Administration Server.

         Unix

         DOMAIN_HOME/bin/stopWebLogic.sh

         Windows

         DOMAIN_HOME\bin\stopWebLogic.cmd

   3. Stop the Oracle Directory Integration Platform and OUDSM Configured in a Single Domain

      Note:

      This is optional only for configurations with DIP/OUDSM in a Single Domain.

      If you added OUDSM and Oracle Directory Integration Platform in a single domain, you must stop the Admin Server and Managed Server.

      1. Stop the Oracle Directory Integration Platform Managed Server:

         Unix

         DOMAIN_HOME/bin/stopManagedWebLogic.sh

         Windows

         DOMAIN_HOME\bin\stopManagedWebLogic.cmd

      2. Stop the Oracle WebLogic Administration Server:

         Unix

         DOMAIN_HOME/bin/stopWebLogic.sh

         Windows

         DOMAIN_HOME\bin\stopWebLogic.cmd

Use OPatch to perform the necessary steps for applying a patch to an Oracle home.

$ORACLE_HOME/OPatch/opatch

Unzip the patch zip file and run OPatch to apply the patch.

1. Unzip the patch zip file into the PATCH_TOP , where PATCH_TOP is a directory path that temporarily contains the patch for installation.

   Unix

   $ unzip -d PATCH_TOP p35263333_122140_Generic.zip 

   Windows

   unzip -d PATCH_TOP p35263333_122140_Generic.zip

   Note:

   On Windows, the unzip command has a limitation of 256 characters in the path name. If you encounter this, use an alternate ZIP utility such as 7-Zip to unzip the patch. For example, run the following command to unzip using 7-Zip:

   "c:\Program Files\7-Zip\7z.exe" x p35263333_122140_Generic.zip

2. Set your current directory to the directory where the patch is located. For example:

   Unix

   $ cd PATCH_TOP/35263333

   Windows

   cd PATCH_TOP\35263333

3. Run OPatch to apply the patch.

   Unix

   $ [ORACLE_HOME]/OPatch/opatch apply

   Windows

   [ORACLE_HOME]\OPatch\opatch.bat apply

You need to perform certain tasks after applying the bundle patch.

1. Verify if the Oracle Unified Directory installation has been patched by running the start-ds command.

   For example:

   Unix

   $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds -F

   Windows

   [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat -F

   Note:

   OUD patch version can be determined from the output, based on the values for Build ID, Platform Version and Label Identifier fields.
2. Upgrade Oracle Unified Directory server instances that are associated with the ORACLE_HOME directory.

   Note:

   From October 21 BP (12.2.1.4.211008), this Step 2 of --upgrade is not required.

   For example:

   Unix

   $ [ORACLE_HOME]/<OUD-Instance-Path>/OUD/bin/start-ds --upgrade

   Windows

   [ORACLE_HOME]/<OUD-Instance-Path>\OUD\bat\start-ds.bat --upgrade

   The preceding step is executed to upgrade OUD instance according to the patched version of OUD in ORACLE_HOME. If start-ds is executed to start OUD instance without executing start-ds --upgrade, following message will be displayed: Instance needs to be upgraded. Please run the start-ds command with the option "--upgrade"

3. Start all the Directory Server instances depending upon the domain configuration.

   Start Standalone Oracle Unified Directory Server

   If you installed Oracle Unified Directory in a Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) mode, start all the Directory Server instances using the start-ds command. For example:

   Unix

   $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds

   Windows

   [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat

   Start Collocated Oracle Unified Directory Server

   If you installed Oracle Unified Directory in a Collocated Oracle Unified Directory Server (Managed through WebLogic server) mode, complete the following steps:

   1. Start the Oracle WebLogic Administration Server.

      Unix

      DOMAIN_NAME/bin/startWebLogic.sh

      Windows

      DOMAIN_HOME\bin\startWebLogic.cmd

   2. Start the node manager.

      Unix

      $DOMAIN_NAME/bin/startNodeManager.sh

      Windows

      DOMAIN_HOME\bin\startNodeManager.cmd

   3. Start the OUD instance by running the following command from command line interface.

      Unix

      startComponent.sh INSTANCE_NAME

      For example:

      $DOMAIN_HOME/bin/startComponent.sh oud1

      where oud1 is the instance name/server name created using WLST

      Windows

      startComponent.bat INSTANCE_NAME

      For example:

      DOMAIN_HOME\bin\startComponent.bat oud1

      where oud1 is the instance name/server name created using WLST

4. If you created and configured a Weblogic domain for OUDSM then you must restart the Administration Server. Allow the application server instance to redeploy the new oudsm.ear file in the patch.
5. If you added OUDSM and Oracle Directory Integration Platform in a single domain, you must start the Admin Server and Managed Server.

   1. Start the Oracle WebLogic Administration Server.

      Unix

      DOMAIN_HOME/bin/startWebLogic.sh

      Windows

      DOMAIN_HOME\bin\startWebLogic.cmd

   2. Start the Oracle Directory Integration Platform Managed Server:

      Unix

      DOMAIN_HOME/bin/startManagedWebLogic.sh <wls_ods1> <ADMIN_SERVER_URL>

      Windows

      DOMAIN_HOME\bin\startManagedWebLogic.cmd <wls_ods1> <ADMIN_SERVER_URL>

      Where managed_server_name specifies the name of the Managed Server (The default value is wls_ods1.) and admin_url specifies the listen address (host name, IP address, or DNS name) and port number of the domain's Administration Server.

6. You may need to update Config.ldif file to remove PIN file.
   1. The attributes ds-cfg-key-store-pin-file, ds-cfg-trust-store-pin-file, and ds-cfg-key-pin-file are not removed for an upgraded instance for backward compatibility. You will see a warning during upgrade process stating that those attributes are still populated. Use dsconfig to remove the value of the attributes after upgrade has been done successfully.
   2. If a truststore configuration entry does not have its pin attribute populated then you will see a warning during upgrade and server startup. Use dsconfig to update the pin attribute with the password of the truststore to prevent those warnings.
   3. While creating a new instance with SSL port disabled, the default configuration entry for any disabled keystore or truststore would still have attribute ds-cfg-key-store-pin-file populated. This can be ignored. Whenever you enable that keystore or trusstore then you will have to reset the pin-file attribute. You need to provide the pin of the keystore or truststore by using the pin attribute only.
   4. Any error messages seen for disabled keystore/truststore during upgrade or server startup can be ignored.

This step is optional. You can create a File Based Access Control Log publisher for diagnosing ACI evaluation. This publisher should be disabled as soon as diagnostic is over as it impacts server performance.

dsconfig create-log-publisher \
         --publisher-name "ACI logger" \
         --type file-based-access-control \
         --set enabled:true \
         --set log-file:logs/acilog \
         --hostname serverHostName --port 4444 \
         --trustAll --bindDN cn=Directory\ Manager \
         --bindPasswordFile passwordFile \
         --no-prompt

dn: cn=ACI logger,cn=Loggers,cn=config
         objectClass: ds-cfg-log-publisher
         objectClass: ds-cfg-access-control-log-publisher
         objectClass: ds-cfg-file-based-access-control-log-publisher
         objectClass: top
         ds-cfg-enabled: true
         ds-cfg-java-class: org.opends.server.loggers.accesscontrol.TextAccessControlLogPublisher
         ds-cfg-asynchronous: true
         cn: ACI logger
         ds-cfg-log-file-permissions: 640
         ds-cfg-log-file: logs/acilog

If you experience any problems after installing the bundle patch, you can remove the bundle patch.

1. Set the ORACLE_HOME environment variable for Oracle Middleware Home Location (Where Oracle Unified Directory is installed).

   Unix

   $ <bash> export ORACLE_HOME="Oracle Home Location"

   Windows

   <prompt> set ORACLE_HOME="Oracle Home Location"

2. Verify the OUI inventory by running the following command:

   Unix

   $ [ORACLE_HOME]/OPatch/opatch lsinventory

   Windows

   [ORACLE_HOME]\OPatch\opatch.bat lsinventory

3. Run OPatch to deinstall the patch:

   Unix

   $ [ORACLE_HOME]/OPatch/opatch rollback -id 35263333

   Windows

   [ORACLE_HOME]\OPatch\opatch.bat rollback -id 35263333

4. In the case of a Directory Server instance created after the application of this patch, once the patch is removed, the instance buildinfo still looks like:
   $ cat [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo 12.2.1.4.230406.0634
5. The instance buildinfo must be manually changed back:

   $ cp [ORACLE_HOME]/oud/config/buildinfo [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo

   For example,

   $ cat [ORACLE_HOME]/<dsInstanceName>/OUD/config/buildinfo 12.2.1.4.230406.0634

6. After removing the bundle patch, start the OUD instance by running the following command:
   Unix

   $ [ORACLE_HOME]/<dsInstanceName>/OUD/bin/start-ds 

   Windows

   [ORACLE_HOME]\<dsInstanceName>\OUD\bat\start-ds.bat 

After roll-backup, restore configuration and schema from the backup before you start an OUD instance.

This section lists the issues resolved in 12c (12.2.1.4.0) Release.

• Resolved Issues in OUD Bundle Patch (12.2.1.4.230406)
• Resolved Issues in OUD Bundle Patch (12.2.1.4.221009)
• Resolved Issues in OUD Bundle Patch (12.2.1.4.220405)
• Resolved Issues in OUD Bundle Patch (12.2.1.4.211008)
• Resolved Issues in OUD Bundle Patch (12.2.1.4.210406)
• Resolved Issues in OUD Bundle Patch (12.2.1.4.200827)
• Resolved Issues in OUD Bundle Patch (12.2.1.4.200526)
• Resolved Issues in OUD Bundle Patch 12.2.1.4.200204

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.230406:

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.221009:

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.220405:

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.211008:

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.210406:

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200827:

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200526:

The following table lists the issues resolved in OUD Bundle Patch 12.2.1.4.200204:

For known issues and workarounds, log in to My Oracle Support, and then search for 2602696.1 or 2636943.1, which is the ID of the document, Oracle Fusion Middleware 12.2.1.4.0 Known Issues.

For Known Issues specific to Oracle Unified Directory Bundle Patches, search for Doc ID 2636943.1 in My Oracle Support.

For information about OPatch issues, log in to My Oracle Support and use the OPatch version provided with the product.

This section describes documentation updates for this release.

(bppatchnumber/files/oracle.idm.oud.odsm/12.2.1.4.0/oracle.idm.oud.odsm.symbol/odsm/oudsm.ear)

$ORACLE_HOME/oud/odsm/oudsm.ear

For more information, see the following resources:

• Oracle Fusion Middleware Documentation

  This contains documentation for all Oracle Fusion Middleware 12c products.

• Oracle Technology Network

  This site contains additional documentation that is not included as part of the documentation libraries.

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.