OpenText Directory Services 16.4.2 Release Notes

Open Text Directory Services
Release Notes
16.4.2
Product Released: 2018--09-21
Release Notes Revised: 2018-09-21

Contents
1 Introduction .................................................................................................................................... 4
1.1 Release Notes revision history .................................................................................................. 4
2 About OpenText Directory Services ............................................................................................. 6

2.1 New features.............................................................................................................................. 6
2.1.1 New Features in OTDS 16.4.2 ..................................................................................... 6
2.2 Discontinued and deprecated features ...................................................................................... 8
3 Packaging and documentation ..................................................................................................... 8

3.1 Related documentation .............................................................................................................. 8
3.2 Documentation Errata ................................................................................................................ 8
4 Supported environments and compatibility ................................................................................ 9

4.1 Supported systems .................................................................................................................... 9
4.1.1 Java Environment ......................................................................................................... 9
4.1.2 Apache Tomcat ........................................................................................................... 10
4.1.3 IBM WebSphere ......................................................................................................... 10
4.1.4 Enterprise Directories and Third-party Web Access Management Products ............. 10
4.1.5 Supported Operating Systems ................................................................................... 11
4.1.6 Supported Virtualization Platforms ............................................................................. 12
4.1.7 Supported Browsers ................................................................................................... 12
4.2 OpenText Product Compatibility .............................................................................................. 13
4.3 Language support .................................................................................................................... 13
5 Installation and upgrade notes ................................................................................................... 14

5.1 Installation notes ...................................................................................................................... 14
5.2 Upgrade notes ......................................................................................................................... 14
6 Patches, Hotfixes, and Updates ................................................................................................. 14
OpenText Directory Services 16.4.2 Release Notes

2
7 Fixed Issues .................................................................................................................................. 15
8 Known Issues ............................................................................................................................... 32
9 Contact information ..................................................................................................................... 34

3
1 Introduction
These Release Notes provide an overview of OpenText Directory Services 16.4.2, OTDS, including
new features, delivery information, and supported platforms. OpenText recommends that you read
these Release Notes in conjunction with the documentation included with the software package. If any
conflicts exist, the Release Notes supersede the other documentation.
We also recommend that you check OpenText My Support (https://knowledge.opentext.com/go/otds)

for any patches or documentation updates that may have been posted after the initial release of this
product.
1.1 Release Notes revision history
Revision Date Sections Revised Description of Revisions
2016-03-15 First release. All new content.
2016-03-31 Installation Notes, Note about an upgrade conflict on Windows

Known Issues when files are in use.
2016-04-12 Supported Environments Added Oracle Access Manager to the WAM

support list
2016-05-26 Patches, Fixed & Known Updates for OTDS 16.0.1 (OTDS-1600-001)
Issues
2016-09-24 Patches, Fixed & Known Updates for OTDS 16.0.2 (OTDS-1602)
Issues
2016-10-14 All sections. Edits to formatting.
Issues
Issues
2017-04-28 All sections. Edits to formatting and version fixes.

4
Revision Date Sections Revised Description of Revisions
2017-06-01 Patches, Fixed & Known Updates for OTDS 16.2.1 (OTDS-1621-EP2)
Issues
2017-06-21 Documentation Errata Added a new documentation update.
2017-09-06 Patches, Fixes & Known Updates for OTDS 16.2.2 (OTDS-1622-EP2)
Issues
2017-12-06 Patches, Fixes & Known Updates for OTDS 16.2.3 (OTDS-1623-EP2)
Issues
2018-03-13 Patches, Fixed & Known Updated for OTDS 16.2.4 (OTDS-1624-EP2)
Issues
Virtualization support for ESXi Windows
Updated Platform Server 2016
support
2018-06-15 Patches, Fixed & Known Updated for OTDS 16.4.1 (OTDS-1641)
Issues
TomEE Support added directly for
Updated Platform clarification. Support present since OTDS
Support 16.0.1.
2018-08-27 Known Issues Updated Issue with JDK 8U181
2018-09-21 Patches, Fixed & Known Updated for OTDS 16.4.2 (OTDS-1642)
Issues

5
2 About OpenText Directory Services
OpenText Directory Services 16.4.2 manages user and group identity information for OpenText
components. OTDS contains services for identity synchronization and provides single sign on for
other OpenText components.
2.1 New features

All OTDS updates are cumulative and include the features and fixes from previous updates. OpenText
Directory Services 16.4.2 includes the following new features.
2.1.1 New Features in OTDS 16.4.2

• OpenID Connect Support
• Support of OAuth token exchange
• Login page enhancements for electronic signatures

• Application Roles Support
• Java 9 Support
• OAuth Enhancements

• Reporting
• System Monitoring
• Advanced Docker Support (YAML)
• Microsoft AzureAD Support (No hotfix required)

• Microsoft Active Directory 2016 Support
• Notifications
• Microsoft AzureAD Support (Hotfix004 required:
https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=70003809&objAction=browse
&viewType=1)

• Recycle Bin for non-synchronized partitions

6
• Multi-tenancy improvements
• Support for single sign out
• Support for disabling partitions

• Real time Job Status
• Recycle Bin (User Recovery)
• SCIMv2 Support
• Software Protection Services (SPS)

• SASL LDAP (GSSAPI) Binding Support
• Two-Factor Authentication Enhancements
• REST API Enhancements
• Support of static attribute mappings in Active Directory
• Performance Enhancements to OpenDJ

• Tomcat 8.5 and Tomcat 9 support.
• Support for the import of users and/or groups using XML.
• New email customization options.
• New display columns (User ID and User Name).
• Enhancements to OTDS REST API and SAML.
• Added new system attribute “directory.auth.BaseURL” to allow a configurable OTDS login page.
• Support for javascript in the Format column of a resource.

• New OAuth client configuration option.
• New user and group attribute filter in a synchronized user partition.
• New feature to create a duplicate synchronized user partition.
• Support for Department mapping for Content Server resources.
• New AccountDisabled attribute mapping has been added to the Content Server resource.
• Support for IP address and subnet filtering for the Negotiate authentication handler.
• Support for SiteMinder-generated SAML metadata.
• Support for TomEE+.

• OpenText replaces Content Server Directory Services in Content Server V16. Administrators of
Content Server now select whether to install an internal version of OTDS or configure an external,
stand-alone version.

7
• OTDS has implemented the OpenText Global Help Server, available from the web-based
administration page. This provides users with live access to the latest version of the OTDS online
help.
• Support for OpenText licenses. OTDS now ships with Software Protection Services to handle
OpenText licenses. Currently only Archive Center 16 is supported for licensing.
• New options available to customize the OTDS login page.
2.2 Discontinued and deprecated features

The following features have been discontinued in this release:
• Support for the OpenText Administration Client was withdrawn with the release of OpenText
Directory Services 16.0.0. The OTDS web-based administration has been available since the
OTDS 10.5.0 SP1 release. Please refer to the OTDS Installation and Administration guide for
more details.
3 Packaging and documentation

Downloads and documentation for OpenText Directory Services 16.4.2 are available on OpenText My
Support (https://knowledge.opentext.com/go/otds).
3.1 Related documentation

For additional information about OpenText Directory Services, or for supplemental information about
related products, refer to the following documents, which are available on OpenText My Support
(https://knowledge.opentext.com/go/OTDS).
• For additional information, please visit the Product Information area for OTDS here:
https://knowledge.opentext.com/go/otdspi
3.2 Documentation Errata

There are currently no documentation issues.

8
4 Supported environments and compatibility
This section provides details about supported platforms, systems, and versions.
4.1 Supported systems

Note: Only the products and versions specified in the Release Notes are supported. Other versions
have not been tested and are therefore not officially supported for this version. The Release
Notes contain the definitive list of supported versions. Any other versions mentioned in the
product documentation are superseded by the versions specified in the Release Notes.
If no service pack, maintenance level, patch level or similar is explicitly mentioned for a
specific software version, then OpenText supports all released by the manufacturer for this
version, unless explicitly stated otherwise. However, new major releases of platform
components are not automatically supported.
4.1.1 Java Environment

JDK/JRE downloads are available at: http://www.oracle.com/technetwork/java/javase/downloads/index.html.
Note: 64-bit release of JDK/JRE is required.
Java Edition Supported Version
Java 7 Java 2 Platform Standard Edition Development

Kit 7.0 (JDK 7.0) or
Java 2 Platform Standard Edition Runtime
Environment 7.0 (JRE 7.0) – Update 79

Environment 8.0 (JRE 8.0) – Update 65 or later.

Environment 9.0 (JRE 9.0)
OpenJDK OpenJDK 8.0 can be used with all supported

Linux platforms – Update 66 or later.

9
4.1.2 Apache Tomcat
Apache Tomcat 8.0 downloads are available at: http://tomcat.apache.org/download-80.cgi.
Note: 64-bit release of Apache Tomcat is required.
Apache Tomcat Edition Supported Version
Apache Tomcat 8 Apache Tomcat 8.0.28 is supported as of the

initial release of OTDS 16. Subsequent Tomcat
8.0 releases will also be supported, unless
otherwise stated.
Apache Tomcat 8.5 Supported
Apache Tomcat 9.0M Supported
Apache TomEE+ Beginning with the OTDS 16.0.1 release, OTDS

supports the TomEE+ application server.
4.1.3 IBM WebSphere

IBM WebSphere 8.5.5 is supported as of the initial release of OTDS 16.0.0.
4.1.4 Enterprise Directories and Third-party Web Access Management

Products
OpenText Directory Services 16 was successfully tested and is supported for user synchronization
and authentication with the following Enterprise Directories:
Vendor Enterprise Directory Version Type
Microsoft Active Directory Domain Services 2003-2016 AD

Active Directory LDS LDAPv3
Oracle Directory Server Enterprise Edition 11g LDAPv3
Internet Directory (OID) 11g
Novell eDirectory 8.8 LDAPv3
IBM Domino 8.5 LDAPv3

Tivoli Directory Server 6.3

10
Vendor Enterprise Directory Version Type
Apache Directory Server 2.0 LDAPv3
Note: When using Oracle Internet Directory (OID), “Notifications/Search” (Search Method) within the
partition configuration must be set to “unlimited”. This is a defect within OID itself and can be
referenced here:
https://support.oracle.com/epmos/faces/BugDisplay?id=25178637&_adf.ctrl-
state=17kljknnwp_4&_afrLoop=485596843187863
The following third-party Web Access Management (WAM) products are supported by OpenText
Directory Services 16.
Vendor Web Access Management Product Product Version(s)
Computer Associates SiteMinder v12
Entrust GetAccess, TruePass 8.0
EMC2 Corporation RSA Access Manager 6.1
Oracle Access Manager 11g
Other third-party WAM products might work but they are not supported by OpenText Directory
Services 16.
4.1.5 Supported Operating Systems

All supported Operating Systems and Database Systems are 64-bit. Only English versions of the
Operating Systems are supported. All types of zones (whole, global, sparse) are supported on Solaris
11 (SPARC).
Vendor Operating System
Microsoft Windows Server 2008 R2 (x86-64)
Windows Server 2012, 2012 R2 (x86-64)
Windows Server 2016

11
Vendor Operating System
Oracle Solaris 11 (SPARC)
IBM AIX 7.1 (POWER)
HP HP-UX 11i v3 (Itanium)
Red Hat Red Hat Enterprise Linux 6.x (x86-64)
Red Hat Enterprise Linux 7.x (x86-64)
CentOS
Novell SuSE Linux Enterprise Server 11 (x86-64)
4.1.6 Supported Virtualization Platforms

All supported Virtualization Platforms are based on 64-bit Operating Systems. Only English versions
of the Operating Systems are supported.
Vendor Virtualization Platform Host Operating System
EMC ESXi 5.0 or higher Windows Server 2008 R2
Windows Server 2012, 2012 R2

Windows Server 2016
Red Hat Enterprise Linux 6,

Red Hat Enterprise Linux 7
Microsoft Hyper-V R2 Windows Server 2008 R2
Windows Server 2012, 2012 R2
Windows Server 2016
4.1.7 Supported Browsers

This list of supported browsers is for the web-based administration.

12
Vendor Browser
Microsoft Internet Explorer 11+
Mozilla Firefox ESR
Google Chrome (latest version)
4.2 OpenText Product Compatibility

The section provides details about which versions of other OpenText products are compatible with this
release of OpenText Directory Services 16.4.2.
For the latest compatibility information for OpenText products, refer to the Compatibility Matrix
(https://knowledge.opentext.com/go/matrix) from OpenText My Support
4.3 Language support

OpenText Directory Services is currently localized in the following languages. Future releases may
add additional languages.
Component Languages
EN DE JA FR IT ZH ES RU
Installation B
Administration B
Login Page UI UI UI UI UI UI UI UI
UI = user interface only

B = both user interface and online help

13
5 Installation and upgrade notes
This section provides additional installation and upgrade information, including related or third-party
product information and any required critical patches.
5.1 Installation notes

Before you install OpenText Directory Services, review these additional installation notes and verify
related product or third-party product requirements.
• When patching Directory Services, it is crucial that the patch is executed from an elevated
command line as outlined in the OpenText Directory Services Installation and Administration
Guide.
5.2 Upgrade notes

Before you upgrade, review these instructions.
• OpenText Directory Services 16 supports direct upgrade from release 10.5.0. For additional
information, please refer to the OpenText Directory Services Installation and Administration
Guide.
6 Patches, Hotfixes, and Updates

A patch is a piece of software that is designed to fix or improve a computer program or its supporting
data. These may include repairs to security vulnerabilities or resolution of bugs, and may also improve
usability or performance. On OpenText My Support you will find two general types of patches:
Hotfixes are also known as quick-fixes or bug fixes.
Updates are also known as service packs or service releases.
OpenText recommends that you check OpenText My Support

(https://knowledge.opentext.com/go/otds) for any patches or documentation updates that may have
been posted after this release.
When installing a hotfix, please review the Patch Notes. When installing an update, please refer to the
Installation Guide.

14
7 Fixed Issues
This section provides information about issues fixed in the OTDS 16.4.2 update:
Issue Number Issue Description
OTDS-6629 Users sync'd from Azure to Core via SCIM do not update
existing users correctly
OTDS-6749 Error on trying to validate duplicate partition name
OTDS-6738 getfragment.jsp is missing <meta http-equiv="X-UA-Compatible"

content="IE=edge" /> in header
OTDS-6718 Third party login icons do not work on login page
OTDS-6717 2 factor authentication page does not display
OTDS-6715 REST call /users/<user@domain>/memberof does not respect

resource scoping in supplied ticket
OTDS-6714 OTDS admin UI does not load when deployed on WebSphere
OTDS-6705 High CPU usage and frequent GC with errors in otds.log:

LdapException <entry> cannot be modified because the server
failed to obtain a write lock for this entry after multiple attempts
OTDS-6703 Installation and OpenDJ command line utilities fail with JRE /
JDK 8U181 or 10.0.2
OTDS-6694 Unable to authenticate SAML token through REST API when

using encrypted assertions
OTDS-6689 DELETE logout URL is not sending cookies
OTDS-6681 Tenant data is not migrated during installation
OTDS-6676 NullPointerException when calling /users/{user_id}/sessions

15
Issue Number Issue Description
OTDS-6675 Regression in performance for importing and processing of large

groups
OTDS-6672 Webadmin keeps log file handle
OTDS-6652 oTLastLoginTimestamp is not set for LEAP signup case
OTDS-6649 Unable to login with credentials after attempt with Negotiate

authentication fails
OTDS-6636 Unable to login with credentials after attempted SAML

authentication fails
OTDS-6631 Insufficient contrast for focus frame of buttons and links on login
page
Issue Name Issue Description
OTDS-6629 Users sync'd from Azure to Core via SCIM do not update
existing users correctly
OTDS-6580 Can not view membership of group in RB
OTDS-6578 OTDS user ID incorrect with SCIM when using email address as
username
OTDS-6570 Auto-provisioned accounts bypass domain restrictions
OTDS-6554 User's UUID is not migrated from non-sync'd account to account

sync'd with eDirSync
OTDS-6550 Allow for scripted deployment of cws.war in OTDS docker

container

16
OTDS-6544 Partition-specific session timeouts are not used by http.cookie

handler
OTDS-6523 Member names remain as mixed case after consolidation with

resource setting set to lower and consolidation incorrectly
removes membership of mixed case members
OTDS-6520 OTDS - User/group name case sensitivity is not working with

Non-Sync Partitions
OTDS-6517 InstallationVersionDlg during upgrade from version 10.5.0 would

not show if NOEULA=1 passed
OTDS-6515 OAuth2 authentication handler loses OAuth2 request state
OTDS-6501 Department change is not automatically pushed to Content

Server when using oTMemberOf for the GroupID mapping
OTDS-6485 Audit Logout Events
OTDS-6472 OTDS becomes unresponsive due to deadlock
OTDS-6464 Can not change password in sync partition configuration
OTDS-6456 Account Disabled information is not available in GetAllUsers

OTDS Service
OTDS-6445 Stack trace from SAML handler
OTDS-6431 OTDS update does not recover from incorrect

oTObjectIDInResource
OTDS-6429 Accessibility - Login dialog for SmartUI and basic login fails
WCAG / BITV certification

17
OTDS-6424 Missing HTTP Header Protections
OTDS-6423 Cross-Site Scripting - OTDS - Auth handler creation
OTDS-6422 Cross-Site Scripting - OTDS Login Page - using logon_style

parameter
OTDS-6400 fndext.jar included in OTDS distribution
OTDS-6393 Incorrect response codes from REST API
OTDS-6392 OAuth refresh token grant does not preserve initial scopes
OTDS-6383 First access token upon 2-factor enrolment is missing sub claim
OTDS-6382 New user account not created by sync partition -

ALREADY_EXISTS error is logged in otds.log
OTDS-6380 NullPointerException at
com.opentext.otds.as.OAuthToken.toJWT(OAuthToken.java:318)
OTDS-6364 Can't login with 2-step login if browser autocomplete is used
OTDS-6358 NullPointerException logged when trying to acquire OAuth

access token
OTDS-6357 UnsupportedOperationException after installing 16.2.3
OTDS-6354 SAML auth handler hangs when IdP metadata contains

<EntitiesDescriptor> as the root element instead of
<EntityDescriptor>
OTDS-6333 OAuth2 access token contains incorrect aud claim
OTDS-6321 OTDS deploy fails in creating the OpenDJ backend when using
Java 9

18
OTDS-6274 System config information on one tab is not saved if switch to

other tab and press save
OTDS-5809 Detect out of sync replication
OTDS-6307 Large groups can cause java.lang.OutOfMemoryError: GC

overhead limit exceeded
OTDS-6448 ES and eDirSync do not rename users when user cn attribute is

mapped to mail
OTDS-6447 eDirSync: can't view users and groups
OTDS-6445 Stack trace from SAML handler
OTDS-6431 OTDS update does not recover from incorrect

oTObjectIDInResource
OTDS-6423 Cross-Site Scripting - OTDS - Auth handler creation
OTDS-6422 Cross-Site Scripting - OTDS Login Page - using logon_style

parameter
OTDS-6418 Changes in OTDS may go undetected and not processed /

pushed
OTDS-6394 Partition monitoring - OTDS is loading all members of a group

that is out of scope
OTDS-6393 Incorrect response codes from REST API
OTDS-6392 OAuth refresh token grant does not preserve initial scopes
OTDS-6383 First access token upon 2-factor enrolment is missing sub claim

19
OTDS-6380 NullPointerException at
com.opentext.otds.as.OAuthToken.toJWT(OAuthToken.java:318)
OTDS-6364 Can't login with 2-step login if browser autocomplete is used
OTDS-6358 NullPointerException logged when trying to acquire OAuth

access token
OTDS-6357 UnsupportedOperationException after installing 16.2.3
OTDS-6354 SAML auth handler hangs when IdP metadata contains

<EntitiesDescriptor> as the root element instead of
<EntityDescriptor>
OTDS-6333 OAuth2 access token contains incorrect aud claim
OTDS-6274 System config information on one tab is not saved if switch to

other tab and press save
OTDS-6307 Large groups can cause

java.lang.OutOfMemoryError: GC overhead limit
exceeded
OTDS-6252 OAuth scope is not checked upon refresh token grant
OTDS-6245 ArrayStore Exception thrown when updating user

who has photo attached in OTDS attribute
OTDS-6230 Adding double %% in trusted site causes 'trusted

sites' page not to load
OTDS-6226 Client certificate based authentication not working

20
OTDS-6225 Unable to set up sync using SCIM with Azure AD
OTDS-6206 Unable to change password in Content Server
OTDS-6190 When user authenticates via AzureAD Auto-

Provisioning a "Group already exists" error occur
OTDS-6171 Occasional Stale refresh token (invalid state),

invalid_grant error when refreshing access token
OTDS-6158 otdsauth=no-saml not working when passed within

the return URL of the RFA
OTDS-6155 Login to CS fails if user logged in with OTDS 16.2.0,

then server is upgraded to 16.2.1
OTDS-6140 Resource principal can't authenticate through

OAuth2
OTDS-6034 Rest push connector randomly skips to push update
OTDS-5930 Consolidation removes members when multiple

OTDS groups map to a single resource group
OTDS-6252 OAuth scope is not checked upon refresh token grant
OTDS-6245 ArrayStore Exception thrown when updating user

who has photo attached in OTDS attribute
OTDS-5929 Error when accessing /users/{user_id}/twofactorstate

21
OTDS-6117 Error deleting resource when Licenses OU does not

exist
OTDS-6111 SSO user is incorrectly prompted for password with

2-step login
OTDS-6110 Signed SAML requests are too large due to

unnecessary certificates in <ds:KeyInfo>
OTDS-6107 Time values in OAuth JWT are in milliseconds
OTDS-6093 OTDS doesn't use custom logo on failed OAuth2

login and instead uses otdsws/login2/signin-ot.svg
OTDS-6091 OTDS and EDirSync not guaranteeing a user is

unique across partitions
OTDS-6074 OTDS pushing date/time attributes using LDAP

ASN.1 format
OTDS-6070 OTDS - Authentication cookies should be set with the

Secure attribute by default over SSL
OTDS-6069 OAuth refresh token grant ignores scope parameter
OTDS-6038 Incorrect behavior when a partition administrator

views password policy
OTDS-6025 Removing the AD department attribute from the

otDepartment attribute in OTDS for the partition does
not clear the value in OpenDJ
OTDS-6022 Deleting an Access Role will "Break" the Resource it

was associated to
OTDS-6018 OTDS shutdown hangs on SPS shutdown if startup

failed

22
OTDS-5999 During Linux installation "press any key to continue"

isn't correct
OTDS-5995 A tenant can retrieve data or act on data of another

tenant
OTDS-5988 otds-deploy replication commands should work with

baseDN, not backend
OTDS-5985 Users are not displayed in Admin UI for some

synchronized partitions
OTDS-5961 The URL ":[originalURL]" is not a trusted referral site

error shown after authenticating through the OTDS
login page
OTDS-5941 silent install completes even though a non-complying

password is provided
OTDS-5742 WEB UI should store search filter per screen +

separate for users and groups
OTDS-5907 Adding [email protected] to another partition

locks out the user
OTDS-5906 Issue with automatic provisioning of user containing

multi-byte characters
OTDS-5898 Unbound SDK exception when pulling in groups

when requesting the groups Dirsync cookie
OTDS-5886 OTDS language picker not displaying correctly
OTDS-5880 Content Server migration: group membership is not

migrated to OTDS
OTDS-5877 Problem with password on pwchange is not shown to

the user

23
OTDS-5874 Some OTDS login page flows don't work with

OAuth2 requests
This section provides information about past issues fixed in the OTDS 16.2.1 update:
OTDS-5929 Error when accessing /users/{user_id}/twofactorstate
OTDS-5907 Adding [email protected] to another partition

locks out the user
OTDS-5906 Issue with automatic provisioning of user containing

multi-byte characters
OTDS-5898 Unbound SDK exception when pulling in groups

when requesting the groups Dirsync cookie
OTDS-5886 OTDS language picker not displaying correctly
OTDS-5880 Content Server migration: group membership is not

migrated to OTDS
OTDS-5877 Problem with password on pwchange is not shown to

the user
OTDS-5874 Some OTDS login page flows don't work with

OAuth2 requests
OTDS-5869 requestTicketForUser doesn't work without a target

resource ID when used by OtdsClient
OTDS-5844 Cross-frame vulnerability in otds-admin website after

WebInspect analysis
OTDS-5843 Don't show parameters tab for auth handlers that

don't have parameters

24
OTDS-5836 Strange behavior when using JS formatting on

GroupID user attribute and Department Mapping
XML
OTDS-5814 Invoking PATCH operation on a user or group

removes group membership info
OTDS-5795 eDirSync deletes and creates user when user is

moved in AD
OTDS-5786 Install continues with import after changing selection
OTDS-5773 HTTP error page is displayed with stack trace log
OTDS-5769 Recycle Bin UI doesn't display error returned by

OTDS server
OTDS-5780 REST PATCH operation fails to update a user/group

if caller is a partition admin
OTDS-5780 REST PATCH operation fails to update a user/group

if caller is a partition admin
OTDS-5779 ClassCastException parsing error in SAML handler
OTDS-5768 Incorrect behavior for locked accounts
OTDS-5747 XSS Reflection vulnerability in user creation of

synchronized partitions

25
OTDS-5744 Auto-Provisioning not working when authenticating

using a SAML assertion through
/authentication/token REST API
OTDS-5711 Group rename may not propagate to Content Server

if target name exists
OTDS-5705 When client is delivering a MYSAPSSO2

Ticket/Header the SAP SSO Authentication Handler
does not move on to other Authentication Handlers if
verification of the MYSAPSSO2 Ticket fails
OTDS-5680 RFA parameter lost after SAML logout
OTDS-5649 OTDS doesn’t issue SAML single logout request if

IdP doesn’t support HTTP-Post binding
OTDS-5632 Unable to login to OTDS with synchronized partition

users after install 16.0.3 as a patch
OTDS-5611 Updating synchronized group membership in

resources can fil if child has been renamed with only
case changes
OTDS-5588 Users with umlauts in their names delete from OTDS

on Solaris
OTDS-5512 License without a resource ID cause a null pointer

exception when trying to view the license
OTDS-5503 Can’t uninstall OTDS if Tomcat is uninstalled first
SPS-335 Expired license can be accepted as valid
SPS-293 Allocating a user to a license may not update the

license key usage

26
OTDS-5365 Detect Tomcat 8.5 and 9 service name and install

directory
OTDS-5411 Timeout when consolidating missing groups
OTDS-5535 Can't import an OTDS group with 100,000 members

from AD
OTDS-5534 Grant OAuth refresh token in presence of external

authentication
OTDS-5531 Can not find Tomcat service
OTDS-5513 OTDS consumes all memory when pushing

hundreds of large groups
OTDS-5511 OTDS should remove duplicated DNs from member

list when group is created
OTDS-5505 OTDS is not differentiating between the same UserID

in two different partitions when authentication
requests come from two different resource ID's
OTDS-5492 OAuth2 endpoint doesn't work with tenants
OTDS-5484 OTDS sets incorrect URL for Duo return URL
OTDS-5480 Partition root shows up as OU in access role
OTDS-5479 OTDS should leave comparing members up to the

resource
OTDS-5478 Two factor option 'Don't ask me for a code again

when I log in from this computer' does not work if
selected on the 2-factor setup page

27
OTDS-5477 BufferOverflowException when serializing map into

OTDSTicket
OTDS-5471 REST Connector recreated group membership fails
OTDS-5465 CS users lose privileges on consolidate
OTDS-5464 Large volume of changes in Active Directory causes

OTDS to deadlock
OTDS-5456 Sort by group name or display name is not working

correctly for groups
OTDS-5448 Handle LeaderID=0 in CS push connector
OTDS-5446 SAPSSO Authentication handler does not move on to

subsequent Authentication handlers if the user in the
MYSAPSSO2 Cookie is not recognized
OTDS-5418 Parameters of upgrade not shown
OTDS-5402 otds-edirsync-admin: Actions -> Properties or Edit

Membership of a user not created by a sync profile
causes error.
OTDS-5400 Closing the Properties of OU causes an error.
OTDS-5355 OAuth2 authentication handler doesn't work with

Azure AD OAuth2 authorization server
OTDS-5318 SAML responses processed by Content Server can

be replayed multiple times
OTDS-5245 Inefficient updating of oTMember/oTMemberOf can

cause OpenDJ replication log to grow excessively
large
OTDS-5236 Complex password selection in setup should be

changed

28
OTDS-5235 Setup does not properly handle some special

characters in password
OTDS-5079 User not added/removed by monitoring when using

attribute filter
OTDS-4436 Support "LDAP SASL Mechanisms" to bind/connect

OTDS to AD (GSSAPI; GSS-SPNEGO; EXTERNAL;
DIGEST-MD5)
OTDS-3902 OTDS returns error while activating
OTDS-4340 Additional sorting features added to OTDS Web UI
OTDS-4848 Resource identifier us read-only and can’t be copied
OTDS-5060 Provide Single Sign On (SSO) with REST API
OTDS-5071 Selecting WebSphere as application server type

requests Tomcat directory
OTDS-5076 Support for configurable BaseURL in password reset

emails
OTDS-5080 OTDS retrieving adroot and not finding users in

subdomains
OTDS-5082 Loop when trying to access Web Admin on

WebSphere
OTDS-5084 Consolidate option is available but not functional for

partition administrator

29
OTDS-5086 Ability for the custom REST authentication handler to

send additional HTTP headers
OTDS-5105 -addtenant option fails to add a new tenant
OTDS-5109 Auto-provisioning may not occur when accessing

resource directly rather than /otdsws/login
OTDS-5116 STRICT_SERVLET_COMPLIANCE does not behave

correctly
OTDS-5129 User with “:” in username can’t login to resources
OTDS-5131 Add message to stop OTDS in WebSphere prior to

patching/uninstalling
OTDS-5140 REST push connectors are now self contained
OTDS-5146 Enhancements to emails sent out by OTDS
OTDS-5153 Security – Prevent the creation of a resource with

malicious resource description
OTDS-5154 Security - Prevent administrators from creating

resources with a malicious name
OTDS-5171 Partition with () in the name of the partition,

monitoring is disabled when adding a new location,
monitoring is not resumed after a consolidate
OTDS-5187 Error thrown when unlocking account
OTDS-5204 Not possible to create a synchronization attribute

without injections
OTDS-5299 Add ‘Display Name’ as a valid attribute when filtering

users

30
OTDS-5300 Delegating administration rights in OTDS for OUs

does not behave correctly in all cases
OTDS-5315 WS Trust fails when using java other than Sun java
OTDS-5319 XML import missing attributes that show up on

General tab
OTDS-5322 getGroupFromResourceGroupName and

getGroupInResource web services are missing
OTDS-5326 Missing commas in generated eDirSync file
OTDS-5331 Can proceed with invalid Target Partition
OTDS-5356 DB import fails when optional OTDS attributes are

mapped
OTDS-5385 Javax.xml.crypto.KeySelectorException from SAML

authentication handler
OTDS-5403 “Reset to default” doesn’t invoke

/metadata/defaultmappings
OTDS-5410 Membership I CS not removed when removed in

sync partition

31
8 Known Issues
The following known issues appears to affect all OTDS 16.x versions:
OTDS-6703 Installation and OpenDJ command line utilities fail

with JRE/JDK 8U181 or 10.0.2
The following known issues exist in the OTDS 16.2.3 update:
SPS-448 Content Server unable to contact OTDS when OTDS

is hosted on Tomcat 9
OTDS-5632 After applying 16.0.3 users may not be able to login

to synchronized partition.
** Resave Partition Authentication Handler settings in

order to resolve the issue. Edit the handler and press
save.
OTDS-2977 Installation fails if INSTALLDIR patch contains

spaces on a file system without 8.3 file name support

32
OTDS-5365 Detect Tomcat 8.5 and Tomcat 9.0M service name

and install directory

33
9 Contact information
OpenText Corporation
275 Frank Tompa Drive
Waterloo, Ontario
Canada, N2L 0A1
OpenText My Support: https://support.opentext.com
For more information, visit www.opentext.com
Copyright © 2018 Open Text. All Rights Reserved.
Trademarks owned by Open Text. The list of trademarks is not exhaustive of other trademarks, registered trademarks, product names, company names, brands and
service names mentioned herein are property of Open Text or other respective owners.
34

OpenText Directory Services 16.4.2 Release Notes

Uploaded by

Copyright:

Available Formats

OpenText Directory Services 16.4.2 Release Notes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OpenText Directory Services 16.4.2 Release Notes

Uploaded by

Copyright:

Available Formats

What are some of the new features introduced in OTDS 16.4.2?

What are some of the new features introduced in OTDS 16.4.2?

What are some of the issues addressed in this release?

What are some of the issues addressed in this release?

Open Text Directory Services

Product Released: 2018--09-21

Release Notes Revised: 2018-09-21

2 About OpenText Directory Services ............................................................................................. 6

3 Packaging and documentation ..................................................................................................... 8

4 Supported environments and compatibility ................................................................................ 9

5 Installation and upgrade notes ................................................................................................... 14

6 Patches, Hotfixes, and Updates ................................................................................................. 14