OpenText™ Directory Services CE 22.

Release Notes

Product Released: 2020-10-12

1 Introduction
These Release Notes provide an overview of Directory Services 22.4, including new features, delivery
information, and supported platforms.

OpenText recommends that you read these Release Notes in conjunction with the documentation
included with the software package. If any conflicts exist, the Release Notes supersede the other
documentation.

We also recommend that you check OpenText My Support for any patches or documentation updates
that may have been posted after the initial release of this product.

1.1 Release Notes revision history

Revision date Sections revised Description of revisions

2016-03-15 First release. All new content.

2016-03-31 Installation Notes, Known Note about an upgrade conflict on Windows

Issues when files are in use.

2016-04-12 Supported Environments Added Oracle Access Manager to the WAM

support list

2016-05-26 Patches, Fixed & Known Updates for OTDS 16.0.1 (OTDS-1600-001)
Issues

2016-09-24 Patches, Fixed & Known Updates for OTDS 16.0.2 (OTDS-1602)
Issues

2016-10-14 All sections. Edits to formatting.

2016-12-01 Patches, Fixed & Known Updates for OTDS 16.0.3 (OTDS-1603)
Issues

2017-03-01 Patches, Fixed & Known Updates for OTDS 16.2.0 (OTDS-1620)
Issues

2017-04-28 All sections. Edits to formatting and version fixes.

2017-06-01 Patches, Fixed & Known Updates for OTDS 16.2.1 (OTDS-1621-EP2)
Issues

2017-06-21 Documentation Errata Added a new documentation update.

2017-09-06 Patches, Fixes & Known Updates for OTDS 16.2.2 (OTDS-1622-EP2)
Issues

2017-12-06 Patches, Fixes & Known Updates for OTDS 16.2.3 (OTDS-1623-EP2)
Issues

Directory Services 22.4 Release Notes 3

 Revision date Sections revised Description of revisions

2018-03-13 Patches, Fixed & Known Updated for OTDS 16.2.4 (OTDS-1624-EP2)
Issues
Virtualization support for ESXi Windows Server
Updated Platform support 2016

2018-06-15 Patches, Fixed & Known Updated for OTDS 16.4.1 (OTDS-1641)
Issues
TomEE Support added directly for clarification.
Updated Platform Support Support present since OTDS 16.0.1.

2018-08-27 Known Issues Updated Issue with JDK 8U181

2018-09-21 Patches, Fixed & Known Updated for OTDS 16.4.2 (OTDS-1642)
Issues

2018-12-12 Patches, Fixed & Known Updated for OTDS 16.4.3 (OTDS-1643)
Issues
Added deprecated support of Java 7 to section
2.2.

2019-03-06 Patches, Fixed & Known Updated for OTDS 16.6.0 (OTDS-1660)
Issues
Updated Java support versions to be clearer

2019-06-25 Patches, Fixed & Known Updated for OTDS 16.6.1 (OTDS-1661)
Issues

2019-09-20 Supported Operating Updated for OTDS 16.6.2 (OTDS-1662)

Systems, Patches, Fixes &
Known Issues

2019-12-20 Patches, Fixes, & Known Updated for OTDS 16.6.3 (OTDS-1663)
Issues, Notes

2020-01-14 Supported Systems Note regarding Load Balancing and

Synchronization

Directory Services 22.4 Release Notes 4

 Revision date Sections revised Description of revisions

2020-02-18 Patches, Fixes, Known Update for OTDS 20.1.1 (OTDS-2011),

Issues, and Support Deprecation of HPUX and AIX support.
Systems

2020-03-20 Patches, Fixes, Known Update for OTDS 20.2.1 (OTDS-2021)

Issues

2020-05-08 Patches, Fixes, Known Update for OTDS 20.2.2

Issues

2020-06-30 Patches, Fixes, Known Update for OTDS 20.2.3

Issues, Supported AD

2020-09-02 Patches, Fixes, Known Update for OTDS 20.3.1

Issues

2020-10-23 Patches, Fixes, Known Update for OTDS 20.4.1

Issues

2020-10-30 Section 2.2 Discontinued OTDS no longer runs OpenDJ internally.

and deprecated features

2021-04-01 Patches, Fixes, Supported Update for OTDS 21.2.0

Virtual OS, Known Issues

2021-07-09 Added SPS (Software Update for OTDS 21.3.0

Protection Services) note,
Fixes, Known Issues

2022-01-15 OpenDJ replacements with Update for OTDS 22.1.0 – Tomcat 10 required
Database, add supported
databases, deprecation of
Websphere and Solaris

Directory Services 22.4 Release Notes 5

 Revision date Sections revised Description of revisions

2022-02-14 Updated the table of Updated links to two guides and removed the
contents and reference to the Tenant Management guide.
documentation sections

2022-04-27 Updated Database Support Additional requirements in leveraging MSSQL

Server

2022-07-22 Added Note to MSSQL Additional information regarding OTDS support

Database Support of MSSQL and related database drivers

2022-09-29 Updated Fixed Issues Added fixed issues for OTDS container builds
section 22.3.1 and 22.3.2

2022-10-12 Updated Fixed Issues Update for OTDS 22.4 Release

section

2023-07-18 Supported Databases Updated Release Notes for support of SQL

Server 2022

2 About Directory Services 22.4

This section provides an overview of Directory Services 22.4.

Directory Services 22.4 manages user and group identity information for OpenText components.
OTDS contains services for identity synchronization and provides single sign on for other OpenText
components.

2.1 New features

New Features in OTDS 22.1
• OTDS replacement of OpenDJ LDAP Server with Database support
• Deprecation of Websphere and Solaris support (Only supported with OTDS 21.3)
• Support for RedHat OpenShift
• Tomcat 10 Required for 22.1.x and later

New Features in OTDS 21.3.0

• Support for an Impersonate connection parameter for Content Server resources

Directory Services 22.4 Release Notes 6

 New Features in OTDS 21.2.0
• Allow %js format on resources to convert multi-valued OTDS attributes to a single-valued
resource attribute
• Support for the “traversal” method of monitoring

New Features in OTDS 20.4.2

• Container Enhancements

New Features in OTDS 20.4.1

• Support for scheduled backup of containers
• Licensing support for ExStream 20.4

New Features in OTDS 20.3.1

• Enhanced container support

New Features in OTDS 20.2.3

• Support for Active Directory 2019
• Support for 2-factor authentication for service accounts
• Partition consolidation notifications
• Password blacklist support (block defined common passwords)
• Email notification upon manually created accounts (non-synchronized)

New Features in OTDS 20.2.2

• Configurable option to redirect non-existing users to a configured URL
• SCIM enhancements
• Audit forgot password requests
• Container enhancements

New Features in OTDS 20.2.1

• Configurable option for Duo username format
• Single user consolidation now restores group memberships

New Features in OTDS 20.1.1

• Added ability to set SameSite attribute on OTDS cookies
• Shareable unique ID per OTDS cluster (replicated instance)
• Configurable “Allowed domains setting” for specific authentication domain bindings
• Password configuration message enhancements
• Ability to enable multi-factor auth based on external IP Address

Directory Services 22.4 Release Notes 7

• Symantec VIP 2-Factor Authentication Support
• Support for empty roots for naming context (eDirectory 9.1.2)
• Web Admin now shows an action spinner when items are loading

New Features in OTDS 16.6.3

• Display password expiry date in OTDS Admin UI
• New OTDS default administrative group name: otdsbusinessadmins

New Features in OTDS 16.6.2

• Confirmed support for Windows Server 2019
• Support SAML2 and JWT profiles for obtaining OAuth tokens (RFC7521/7522/7523)
• “Keep me signed in” functionality on login page
• Configure custom attributes on OAuth client view
• API to return all members of a group recursively

New Features in OTDS 16.6.1

• LinkedIn and Yahoo authentication handlers use the OAuth 2.0 protocol. Previously, they used the
OAuth 1.0 protocol.

New Features in OTDS 16.6.0

• New partitions attributes options

New Features in OTDS 16.4.3

• Java 11 Support
• SCIM 2.0 Push Connector
• Installation Enhancements

New Features in OTDS 16.4.2

• OpenID Connect Support
• Support of OAuth token exchange
• Login page enhancements for electronic signatures

New Features in OTDS 16.4.1

• Application Roles Support
• Java 9 Support
• OAuth Enhancements

New Features in OTDS 16.2.3

• Reporting
• System Monitoring

Directory Services 22.4 Release Notes 8

• Advanced Docker Support (YAML)
• Microsoft AzureAD Support (No hotfix required)

New Features in OTDS 16.2.2

• Microsoft Active Directory 2016 Support
• Notifications
• Microsoft AzureAD Support (Hotfix004 required:
https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=70003809&objAction=browse
&viewType=1)

New Features in OTDS 16.2.1

• Recycle Bin for non-synchronized partitions
• Multi-tenancy improvements
• Support for single sign out
• Support for disabling partitions

New Features in OTDS 16.2.0

• Real time Job Status
• Recycle Bin (User Recovery)
• SCIMv2 Support
• Software Protection Services (SPS)

New Features in OTDS 16.0.3

• SASL LDAP (GSSAPI) Binding Support
• Two-Factor Authentication Enhancements
• REST API Enhancements
• Support of static attribute mappings in Active Directory
• Performance Enhancements to OpenDJ

New Features in OTDS 16.0.2

• Tomcat 8.5 and Tomcat 9 support.
• Support for the import of users and/or groups using XML.
• New email customization options.
• New display columns (User ID and User Name).
• Enhancements to OTDS REST API and SAML.
• Added new system attribute “directory.auth.BaseURL” to allow a configurable OTDS login page.
• Support for javascript in the Format column of a resource.

New Features in OTDS 16.0.1

• New OAuth client configuration option.
• New user and group attribute filter in a synchronized user partition.
• New feature to create a duplicate synchronized user partition.

Directory Services 22.4 Release Notes 9

• Support for Department mapping for Content Server resources.
• New AccountDisabled attribute mapping has been added to the Content Server resource.
• Support for IP address and subnet filtering for the Negotiate authentication handler.
• Support for SiteMinder-generated SAML metadata.
• Support for TomEE+ 8.0.0 or newer.

New Features in OTDS 16.0.0

• OpenText replaces Content Server Directory Services in Content Server V16. Administrators of
Content Server now select whether to install an internal version of OTDS or configure an external,
stand-alone version.
• OTDS has implemented the OpenText Global Help Server, available from the web-based
administration page. This provides users with live access to the latest version of the OTDS online
help.
• Support for OpenText licenses. OTDS now ships with Software Protection Services to handle
OpenText licenses. Currently only Archive Center 16 is supported for licensing.
• New options available to customize the OTDS login page.

2.2 Discontinued and deprecated features

The following features have been discontinued in this release:

• Java 7 is not supported with OTDS 16.4.3 and above.

• Support for the OpenText Administration Client was withdrawn with the release of OpenText
Directory Services 16.0.0. The OTDS web-based administration has been available since the
OTDS 10.5.0 SP1 release. Please refer to the OTDS Installation and Administration guide for
more details.
• Beginning with OTDS 20.2.1, to allow for a more secure deployment, OTDS will no longer run
OpenDJ internally. This separation allows you to choose to run OpenDJ under one account, while
OTDS under Tomcat runs under a more restricted account that has more limited rights and
permissions. For more information, see the OTDS Installation and Administration guide.
• As of OTDS 20.1.1, HPUX and AIX installation files will no longer be posted to My Support.
• OpenText recommends the use of RESTAPIs for all OTDS integrations rather than older
mechanisms such as SOAP.

The following features have been deprecated in this release:

• None

3 Downloads
Downloads for Directory Services are available on My Support.

3.1 Packaging and delivery information

The software for Directory Services includes:

• OpenText Directory services 22.4.0 is available for download from OpenText My Support.

Directory Services 22.4 Release Notes 10

4 Documentation
Documentation for Directory Services is available on My Support.

4.1 Related documentation

The following list contains product information about Directory Services as well as documents that
contain information about supporting or related products.

• OpenText Directory Services Installation and Administration guide

• OpenText Directory Services Cloud Deployment guide

Related videos
For additional video content, see the Directory Services Videos page on My Support.

5 Supported environments and compatibility

This section provides details about supported platforms, systems, and versions.

5.1 Supported systems

Only the products and versions specified in the Release Notes are supported. Other versions
have not been tested and are therefore not officially supported for this version. The Release
Notes contain the definitive list of supported versions. Any other versions mentioned in the
product documentation are superseded by the versions specified in the Release Notes.

If no service pack, maintenance level, patch level or similar is explicitly mentioned for a
specific software version, then OpenText supports all released by the manufacturer for this
version, unless explicitly stated otherwise. However, new major releases of platform
components are not automatically supported.

Note: OTDS does not support load balancers for Enterprise Sync. Load balancers are only
supported for authentication requests.

Java Environment
JDK/JRE downloads are available at: http://www.oracle.com/technetwork/java/javase/downloads/index.html.

Note: 64-bit release of JDK/JRE is required.

Java Edition Supported Version

Java 8 Java 2 Platform Standard Edition Development

Kit 8.0 (JDK 8.0) or
Java 2 Platform Standard Edition Runtime
Environment 8.0 (JRE 8.0) – Update 65 or later.

Java 9 Java 2 Platform Standard Edition Development

Kit 9.0 (JDK 9.0) or

Directory Services 22.4 Release Notes 11

 Java 2 Platform Standard Edition Runtime
Environment 9.0 (JRE 9.0)

Java 11 Support for Oracle Java 11

OpenJDK OpenJDK 8.0 can be used with all supported

Linux Windows platforms – Update 66 or later
for Linux

OpenJDK 11 Support for OpenJDK 11

Java 17 Support for Java 17

Apache Tomcat
Apache Tomcat 10.0 downloads are available at: https://archive.apache.org/dist/tomcat/tomcat-
10/v10.0.27/bin/

Note: 64-bit release of Apache Tomcat is required.

Apache Tomcat Edition Supported Version

Apache Tomcat 10.0 Starting with OTDS 22.1.x Tomcat 10.0 is

supported and required for operation

Tomcat 10.1 is only supported with OTDS 23.1

and newer.

IBM WebSphere
IBM WebSphere is no longer support, starting with OTDS 22.1.x

Enterprise Directories and Third-party Web Access Management

Products
OpenText Directory Services 22.1 was successfully tested and is supported for user synchronization
and authentication with the following Enterprise Directories:

Vendor Enterprise Directory Version Type

Microsoft Active Directory Domain Services 2003-2019 AD
Active Directory LDS LDAPv3

Oracle Directory Server Enterprise Edition 11g LDAPv3

Internet Directory (OID) 11g

Directory Services 22.4 Release Notes 12

 Vendor Enterprise Directory Version Type
Novell eDirectory 8.8 LDAPv3

IBM Domino 8.5 LDAPv3

Tivoli Directory Server 6.3

Apache Directory Server 2.0 LDAPv3

Note: When using Oracle Internet Directory (OID), “Notifications/Search” (Search Method) within the
partition configuration must be set to “unlimited”. This is a defect within OID itself and can be
referenced here:

https://support.oracle.com/epmos/faces/BugDisplay?id=25178637&_adf.ctrl-
state=17kljknnwp_4&_afrLoop=485596843187863

The following third-party Web Access Management (WAM) products are supported by OpenText
Directory Services 16 and newer.

Vendor Web Access Management Product Product Version(s)

Computer Associates SiteMinder v12

Entrust GetAccess, TruePass 8.0

EMC2 Corporation RSA Access Manager 6.1

Oracle Access Manager 11g

Other third-party WAM products might work but they are not supported by OpenText Directory
Services 16 and newer.

Note: WAN LDAP Configuration is not supported

Supported Operating Systems

All supported Operating Systems and Database Systems are 64-bit. All types of zones (whole, global,
sparse) are supported on Solaris 11 (SPARC).

Linux Support – OTDS will be supported on any 64-bit Linux OS with glibc, kernel 2.6.32.49 or newer
and the required Java version.

Vendor Operating System

Microsoft Windows Server 2008 R2 (x86-64)

Directory Services 22.4 Release Notes 13

 Vendor Operating System
Windows Server 2012, 2012 R2 (x86-64)

Windows Server 2016

Windows Server 2019

Red Hat Red Hat Enterprise Linux 6.x (x86-64)

Red Hat Enterprise Linux 7.x (x86-64)

CentOS

Novell SuSE Linux Enterprise Server 11 (x86-64)

OTDS 16.6.3 was the final release version for AIX and HPUX installers

Solaris is no longer supported as of 22.1.x – 21.3 is the final supported version

Supported Databases

Database Version

Postgres 10-14

Pg_tgrm extension is required, either:

• Grant superuser privilege to the JDBC user for first

startup

• Run the following SQL command after creating the

database:

o CREATE EXTENSION IF NOT EXISTS

pg_trgm

Microsoft SQL 2017-2022

Server
• A case-insensitive collation MUST be used for the
database

• Database option to be set:

o “Is Read Committed Snapshot On = True”

o SQL equivalent:

▪ ALTER DATABASE [db_name]

▪ SET READ_COMMITTED_SNAPSHOT ON

In order to use Native Integrated Windows Authentication

with MS SQL Server, the matching version of the MS SQL
JDBC driver must be installed on the system. Check

Directory Services 22.4 Release Notes 14

 Database Version
/otdsws/WEB-INF/lib/mssql-jdbc-<version>.jar for the
required version. At installation time,
append ;integratedSecurity=true to the JDBC URL and
specify dummy values for the username and password.

Oracle 12.2-19.3

• COMPATIBLE must be 12.2.0 or greater

SAP HANA 2.0

• SPS 03 or newer

Supported Virtualization Platforms

All supported Virtualization Platforms are based on 64-bit Operating Systems. Only English versions
of the Operating Systems are supported.

Vendor Virtualization Platform Host Operating System

EMC ESXi 5.0 or newer Windows Server 2008 R2

Windows Server 2012, 2012 R2

Windows Server 2016

Windows Server 2019

See highlighted Linux note in section 4.1.5 regarding Linux

Support

Microsoft Hyper-V R2 Windows Server 2008 R2

Windows Server 2012, 2012 R2

Windows Server 2016

Windows Server 2019

Supported Browsers
This list of supported browsers is for the web-based administration.

Vendor Browser

Microsoft Internet Explorer 11+

Directory Services 22.4 Release Notes 15

 Vendor Browser

Mozilla Firefox ESR

Google Chrome (latest version)

5.2 OpenText product compatibility

This section provides details about which versions of other OpenText products are compatible with
this release of Directory Services 22.4.

Note
For the latest compatibility information for OpenText products, refer to the
Product Compatibility Matrix.

5.3 Language support

Directory Services is currently localized in the following languages. Additional languages may be
available in future releases.

UI = user interface only

B = both user interface and online help

Component Languages

EN DE JA FR IT ZH ES RU

Installation B

Administration B

Login Page UI UI UI UI UI UI UI UI

6 Installation and upgrade notes

This section provides additional installation and upgrade information, including related or third-party
product information and any required critical patches.

6.1 Installation notes

Before you install Directory Services, review these additional installation notes and verify related
product or third-party product requirements.

• When patching Directory Services, it is crucial that the patch is executed from an elevated
command line as outlined in the OpenText Directory Services Installation and Administration
Guide.

Directory Services 22.4 Release Notes 16

6.2 Upgrade notes
Before you upgrade, review these instructions.

• OpenText Directory Services 22.4 supports direct upgrade from release 16. For additional
information, please refer to the OpenText Directory Services Installation and Administration
Guide.

NOTE: OTDS 22.1 requires eDirSync to also be upgraded to 22.1, else eDirSync will not function.

7 Patches
A patch is a piece of software that is designed to fix or improve a computer program or its supporting
data. These may include repairs to security vulnerabilities or resolution of bugs and may also improve
usability or performance.
The following patches must be applied to Directory Services 22.4. OpenText recommends that you
check My Support for any patches or documentation updates that may have been posted after this
release.

7.1 Hotfixes
Hotfixes are small patches that address software issues. Typically, there is no new functionality in a
hotfix. Hotfixes can be cumulative.

Hotfix installation
• https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=64258665&objAction=bro
wse&sort=name

Note: OTDS hotfixes are cumulative

Available hotfixes
The following table lists and describes the hotfixes available for this release.

Hotfix name Additional information Downloads

7.2 Updates
Updates consist of multiple fixes combined into a single patch. An update may also include new
features proactively introduced into the product. Updates are also known as service packs or service
releases. In most cases, updates are cumulative.

Directory Services 22.4 Release Notes 17

7.2.1.1 Fixed issues
This section provides information about past issues that have been fixed in this update.

Issue name Issue description

OTDS-9635 Silent upgrade uses old Tomcat version

OTDS-9598 Cannot login with otadmin after upgrading tenant

environment where a custom login attribute is set.

OTDS-9536 Upgrade install not prompting for Tomcat

OTDS-9521 upgrade using preUpgradeJob - stuck

OTDS-9506 Error when renaming oAuth client
OTDS-9505 Group memberships are not pushed to a SCIM 2.0
resource
OTDS-9498 Users unable to login if
directory.auth.UserNameAttributes contains
oTExtraAttrX
OTDS-9486 Consolidation with resource never shows as completed

OTDS-9467 Search by a user's uid attribute (SCIM externalId) is not

working
OTDS-9465 Error updating session for user
OTDS-9464 Adding/Removing Trusted Sites does not work
consistently across instances

OTDS-9461 HTTP 500 error when adding users to group through

SCIM
OTDS-9454 Fedramp: implement support for labeling of otds-pods
by using helm charts

OTDS-9452 Admin UI page can't refresh after deleting the last item

OTDS-9448 Sync partition consolidation clean up stage consumes

all memory
OTDS-9436 Dialog issues after exiting "Edit Membership" dialog in
Firefox
OTDS-9428 Editing membership within organizational units or
partitions containing parenthesis () causes an 'Invalid
Filter Error' to be returned

OTDS-9406 User prompted to change password after resetting it

themselves
OTDS-9396 Silent upgrade from 10.5 errors out on stopping Tomcat
even if it is not running

Directory Services 22.4 Release Notes 18

 Issue name Issue description
OTDS-9384 OIDC auth handler is initiating logout even if not used
for login
OTDS-9380 Parenthesis in group names causes issues for SCIM
provisioning
OTDS-9367 Unable to set existing empty system attribute on Oracle

OTDS-9365 Password expiry notification emails not working in 22.1

OTDS-9361 OTDS group creation 409 returning incorrect message

(saying "User" instead of "Group")

OTDS-9338 Allow EDirSync to send the same user from separate

sync source to separate OTDS partitions

OTDS-9337 Prefix OTDS stdout logging with legacy log file names
for troubleshooting

OTDS-9330 Unable to use createTimestamp or modifyTimestamp in

LDAP filter
OTDS-9323 DB deadlock in PostgreSQL
OTDS-9283 WSM Push Connectors do not work in OTDS 22.1

OTDS-9281 eDOCS push connector does not work in OTDS 22.1

OTDS-9010 Admin password requested when performing import

OTDS-8375 Show connection health for sync partitions and

resources
OTDS-9372 Recycle bin functionality not working in 22.1

The following issues have been resolved in Software Protection Services (SPS) 22.3.0:

Issue name Issue description

SPS-981 Extended SPS RESTAPI
GET /licensemanagement/licenses/object/usage/{licenseID}
to include access_days and user type
SPS-979 License key security enhancements

The following issues have been resolved in Open Text Directory Services Container 22.3.2:

Directory Services 22.4 Release Notes 19

 Issue name Issue description
OTDS-9798 Unable to allocate license to the user created from an
OAuth client

OTDS-9795 A manual consolidate is required when OTMemberOf is

mapped

OTDS-9793 Add __DEFAULT__ group handling to Content Suite

push connector

SPS-1071 SPS throws error in reporting on floating counter usage

SPS-1070 SPS throws error when leasing with too many

occurrences

SPS-1058 SPS will now consolidate floating licenses upon trailing

application failure or crash

The following issues have been resolved in Open Text Directory Services Container 22.3.1:

Issue name Issue description

OTDS-9710 Oracle DB - OAuth2/OIDC auth handler fails on
isOAuth2HandlerState

OTDS-9709 Unable to import users that reside in OU=Root in

AD/LDAP
OTDS-9703 'Invalid search - unexpected DN' error if where_location
filter specifies a user or group

OTDS-9679 User is removed from auto-provisioned groups on

every other login

OTDS-9651 User can be created with multiple usernames ('cn'

values) through REST API

OTDS-9640 SCIM REST for group entity is missing resourceType in

meta section
OTDS-9543 Sync partition system and custom attributes are
removed after import
OTDS-9378 Remove defaults from values.yaml for public helm
registry
OTDS-9275 OTDS container automation to create required DB and
user

Directory Services 22.4 Release Notes 20

The following issues have been resolved in Open Text Directory Services 22.2.0:

Issue name Issue description

OTDS-9372 Recycle bin functionality not working in 22.1

OTDS-9339 TOMCATSERVICENAME and TOMCAT properties in

SLD file are being reverted during silent upgrade on
Windows

OTDS-9336 LDAP filter without operator used to work

OTDS-9319 NullPointerException in DispatcherImpl::saveCookie

OTDS-9284 com.microsoft.sqlserver.jdbc.SQLServerException:
Violation of PRIMARY KEY constraint
'RESOURCEACCESS_PKEY'

OTDS-9280 otds-deploy command to generate a secure password

hash to be used with OTDS 22.1+

OTDS-9270 Logging issues when audit, notification, SMTP configs

are updated

OTDS-9239 Use of top level OU in access role is not working

OTDS-9226 Improvement to logging for OpenDJ import

OTDS-9225 Import from OpenDJ to database fails if very large

groups exist
OTDS-9224 oTLastLoginTimestamp is not updated when using 2FA

OTDS-9210 OIDC auth handler does not redirect to logout endpoint

OTDS-9198 Login to Administration Client fails with Invalid Ticket

error
OTDS-9196 Breadcrumbs fails to return to partition when viewing
members
OTDS-9195 Create Sync Partition UI stuck when connection is
empty
OTDS-9192 Auth handler not working properly when created via
bootstrap file
OTDS-9187 Consolidation with resource needlessly updating every
user
OTDS-9186 The userAgent value is not reported correctly in a user
sessions response

Directory Services 22.4 Release Notes 21

 Issue name Issue description
OTDS-9185 /oauth2/userinfo not returning tid, scrid and returning
other subscription roles and groups

OTDS-9154 Unable to import cred.internal auth handler from

OpenDJ
OTDS-9148 persistentsession=true does not work when used with
SAML ACS URL
OTDS-9145 OTDS configmap always created in default
namespace.
OTDS-9141 Accessing /otdstenant endpoint without specifying a
tenant results in Internal Server Error

OTDS-9132 access token missing roles and groups when obtained

through inheriting tenant endpoint

OTDS-9130 Partition consolidation significantly slower in 22.1

OTDS-9127 oTMemberOf is being processed on migrated partition

OTDS-9029 SAML - Provide the ability to disable client IP validation

in the SubjectConfirmationData

OTDS-9021 Silent install runs without all requirements

OTDS-8590 Support for StatefulSet k8s controller for static named

pods
OTDS-5673 File added to auth handler lost
OTDS-9083 requestTicketForUser fails when provided username is
not unique

OTDS-8975 Partition count becomes inaccurate when users are

restored from Recycle Bin before being brought back
into scope and removed on subsequent consolidations

The following issues have been resolved in Software Protection Services (SPS) 22.2.0:

Issue name Issue description

SPS-1002 Restore transaction count from a deleted tenant to a
new tenant is not working
SPS-993 Cannot revoke a user from a license counter a second
time

Directory Services 22.4 Release Notes 22

 Issue name Issue description
SPS-964 Automatically revoke reserved seats of deleted users

SPS-447 License rule Occasional.rules.AutoPromote=false not

being honored

The following issues have been resolved in Open Text Directory Services 22.1.0:

Issue name Issue description

OTDS-9083 requestTicketForUser fails when provided username is
not unique

OTDS-8975 Partition count becomes inaccurate when users are

restored from Recycle Bin before being brought back
into scope and removed on subsequent consolidations
OTDS-8870 SCIM requests to a partition with spaces does not work

OTDS-8868 otdsbusinessadmins can edit group but not user

OTDS-8852 Deleting an Access Role does not iterate through all

oTMember entries to remove it's reflexive
oTGroupOfAccessRoles entries at a partition level or
oTGroupOfResources entries user/group level

OTDS-8792 Cannot open OTDS Administration in IE11

OTDS-8788 SAML handler fails to generate AuthnRequest if the

auth request to OTDS contains a nonce with special
characters
OTDS-8760 EDirSync cannot sync a group that contains special
characters
OTDS-8752 Native (TOTP) 2FA returns blank page if user enters
wrong 2FA code
OTDS-8746 No error shown if file upload fails for an auth handler

OTDS-8739 Duplicate provenance log entry logged for object

creation
OTDS-8730 /authentication/headers API should not invoke SAML
and OAuth auth handlers

Directory Services 22.4 Release Notes 23

 Issue name Issue description
OTDS-8714 Icons on the profile menu (top right) are cut-off

OTDS-8713 "Can not get server type:

java.lang.NoClassDefFoundError: Could not initialize
class com.sun.proxy.$Proxy437" occurs when creating
a new sync partition

OTDS-8710 OTDS - Searching in Audit Reports shows error

"Cannot connect to server"

OTDS-8651 Dynamic security clearance level incorrect after CS

session timeout

OTDS-8456 Installation directory shows wrong version on upgrade

OTDS-7626 OTDS Installer script incorrectly parses an equals sign

when it is used as part of the password

The following issues have been resolved in Software Protection Services (SPS) 22.2.0:

Issue name Issue description

SPS-934 Non-ascii characters within ExStream license cause

the key to not install

SPS-923 Can’t display product name for license root allocation

SPS-921 License setup error: No persistence has been

configured (Japanese OS)

SPS-916 Support for Explore 21.4 – Hours and Interactions

The following issues have been resolved in Open Text Directory Services 21.3.0:

Issue name Issue description

OTDS-8668 NullPointerException in OAuth2Handler

OTDS-8535 Disable option available for cred.internal handler but

access denied

OTDS-8512 Security Enhancements

OTDS-8469 Reduce retention time for Tomcat logs

Directory Services 22.4 Release Notes 24

 Issue name Issue description
OTDS-8445 Container IP and Port improvements

OTDS-8414 XMLImport does not execute on an OTDS tenant

instance
OTDS-8052 Resolve installation path issue where legacy path is still
referenced

OTDS-9024 Apache Log4J Library Update

The following issues have been resolved in Open Text Directory Services 21.2.0:

Issue name Issue description

OTDS-8460 Tomcat changes required to support OpenText GKE
Cluster
OTDS-8389 OTDS vulnerabilities found in 21.1 containers

OTDS-8387 Allow %js format on resources to convert multi-valued

OTDS attribute to a single-valued resource attribute

OTDS-8370 Wrong password policy applied for System OAuth client

through tenant endpoint

OTDS-8358 There is no more option to consolidate missing user or

group
OTDS-8347 User/group events are audited twice
OTDS-8327 Able to create a user in a different tenant

OTDS-8289 otdauth service is generating invalid cloud event

OTDS-8282 OTDS email customization is not working as the

documentation is claiming it should.

OTDS-8243 Creating user from CS to OTDS fails "ignoring - old

OTDS server" on CS 16.2.3 or older

OTDS-8242 QualyScan Vulnerabilities

OTDS-8233 Need updates to incorrect Dutch translations

Directory Services 22.4 Release Notes 25

 Issue name Issue description
OTDS-8223 OTDS does not send e-mails when SMTP mailserver
supports only TLS1.2

OTDS-8207 otdsauth service running out of threads

OTDS-8202 RFA context is lost upon SAML logout

OTDS-8200 Able to login to the application even though the user is
not added to the subscription

OTDS-8194 No error shown in group members view

OTDS-8189 "View Recursive Membership" does not work

OTDS-8188 Cannot create sync profile in eDirSync UI

OTDS-7536 provide 'traversal' method to monitoring

OTDS-8136 Sync of some valid user group memberships failing due

to "Could not locate specified child name" error

OTDS-8088 id_token_hint not being sent to OIDC logout endpoint

OTDS-8075 XSS vulnerability in the OTDS admin UI on the Trusted

Sites page

The following issues have been resolved in Open Text Directory Services 20.4.2:
Issue name Issue description
OTDS-8136 Sync of some valid user group memberships failing due
to "Could not locate specified child name" error

OTDS-8088 id_token_hint not being sent to OIDC logout endpoint

OTDS-8075 XSS vulnerability in the OTDS admin UI on the Trusted

Sites page

The following issues have been resolved in Open Text Directory Services 20.4.1:

Issue name Issue description

OTDS-8013 Updating edirsync from 16.x to 20.x shows error "Patch
000 already installed on your machine. You cannot re-
apply this patch"

Directory Services 22.4 Release Notes 26

 Issue name Issue description
OTDS-8000 WSM push connectors do not load. Creating/editing or
pushing to a resource configured with a “WSM Delivery
Server” or “WSM Management Server” results in a
NullPointerException
OTDS-7987 Invalid syntax error on OTOriginalDN

The following issues have been resolved in Open Text Directory Services 20.3.1:

Issue name Issue description

OTDS-7961 Auto-provisioned or externally provisioned users should
not be able to reset their password

OTDS-7960 SAML - No valid SubjectConfirmationData Recipient

found exception if auth handler name contains space or
special chars

OTDS-7951 Disabling an account for the first time does not push
the change to resources

OTDS-7928 Unable to create tenants using API in container

deployment
OTDS-7900 2FA not being enforced on OAuth password grant

OTDS-7899 OpenDJ service on Windows not starting after upgrade

OTDS-7866 OTDS can fail to install on some Windows systems

OTDS-7864 Creating users in Content Server leads to duplicate

user in CS if __NAME__ attribute mapping is not
default

OTDS-7855 OpenID Connect handler - issues with id_token

validation through /authentication/token API

OTDS-7852 SCIM: totalResults= -1 even if there are more pages

OTDS-7837 CS push connector cannot consolidate username

change
OTDS-7828 Users deleted from CS during resource consolidation

Directory Services 22.4 Release Notes 27

 Issue name Issue description
OTDS-7753 OTDS Docker: GNU Bash Privilege Escalation
Vulnerability for Debian

The following issues have been resolved in Open Text Directory Services 20.2.3:

Issue name Issue description

OTDS-7658 Add API endpoint to get a user's current delegated
admin rights
OTDS-7814 SCIM PATCH - cannot update employeeNumber
attribute
OTDS-7811 Reset password is not clearly displayed in password
reset mail
OTDS-7808 Unable to create tenant in OTDS 20.2.1 or 20.2.2

OTDS-7793 Empty user oTMemberOf mapping for LDAP partitions

OTDS-7789 Report end date filter does not work

OTDS-7788 Fix preferredLanguage attribute handling in Admin UI

OTDS-7786 oAuth clientId case sensitive issue

OTDS-7781 otdsapi service logs warning related to
SPSRestLicenses class
OTDS-7779 OAuth client ID with special characters does not work

OTDS-7775 OTDS 16.6.1 or newer does not work on WebSphere

OTDS-7764 Remove option to disable 2-factor authentication for

API requests
OTDS-7763 Role operation errors
OTDS-7761 3PPT - Vulnerability #3 : Insecure Links

OTDS-7751 SAML - OTDS does not verify SubjectConfirmation

(including 'Recipient' attribute) or Audience restriction
on an assertion

OTDS-7749 HELM CHART: error validating data:

ValidationError(Deployment.spec): unknown field
"serviceName"
OTDS-7744 The entry dc=root specified as the search base does
not exist in the Directory Server error after upgrade to
20.2.2 from 16.6.3

Directory Services 22.4 Release Notes 28

 Issue name Issue description
OTDS-7734 NullPointerException when creating a new synced
partition in OTDS 20.2.2
OTDS-7733 Syndication attributes appended to CS license causes
issues for OpenDJ to start after upgrade to 20.2.2

OTDS-7730 Document required catalina.policy rules if Tomcat runs

using Security Manager

OTDS-7729 2-factor auth with a provided code does not work with
Symantec
OTDS-7724 allObjectsNumber does not include roles

OTDS-7720 Error updating or consolidating a synchronized partition

OTDS-7718 Upgrade to 20.2.1 is failing on Linux

OTDS-7717 OT2 access token missing tenant groups

OTDS-7706 OTDS creates duplicate users in Content Server when

__NAME__ attribute mapping uses %l or %u

OTDS-7689 Add grant_types_supported to OIDC metadata

OTDS-7687 Unable to reset or change password on a user that

contains a {ContentServer} password hash

OTDS-7686 tokeninfo call fails when using resourceID in the scope

OTDS-7675 Consolidate option not available on roles

OTDS-7666 3PPT Vulnerability #7: Software Version Numbers

Revealed (Infrastructure)

OTDS-7662 issuer field is wrong in OIDC metadata

OTDS-7660 email setting SMTP configuration and verification

problems

The following issues have been resolved in Open Text Directory Services 20.2.2:

Issue name Issue description

OTDS-7658 Add API endpoint to get a user's current delegated
admin rights

Directory Services 22.4 Release Notes 29

 Issue name Issue description
OTDS-7643 detect tenant at global token endpoint does not work

OTDS-7642 Can't set international email address on users

OTDS-7641 Deploying OTDS fails with OutOfMemoryError

OTDS-7639 Allow bootstrapping a pre-configured resource ID and

secret
OTDS-7637 OTDS bootstrapping does not create resource principal

OTDS-7636 User roles are getting reset on Registration

OTDS-7635 OTDS config environment variables are not POSIX

compliant
OTDS-7634 Cannot consolidate with global resources

OTDS-7632 Add system attribute to allow external sources in

Content Security Policy
OTDS-7629 When oAuth client invokes logout call to OTDS and its
redirect logout URL isn't in Redirect URI's the error
message returned references trusted sites

OTDS-7616 Stack trace when 2FA auth is enabled for Extranet

requests only
OTDS-7607 'scp' claim in access token is missing scopes with
authorization code grant

OTDS-7605 SCIM - specifying a user or group search filter using

"pr" operator results in error

OTDS-7603 SCIM - restrict scope of operations within a partition to

objects created through SCIM

OTDS-7313 OTDS - Mapping AD attribute userAccountControl to

oTExtraAttr with %odn doesn't show the AD attribute
under the user in correct format

The following issues have been resolved in Open Text Directory Services 20.2.1:

Directory Services 22.4 Release Notes 30

 Issue name Issue description
OTDS-7589 CS Push Connector fails if Photo or Manager attribute
is mapped
OTDS-7578 Unable to add to top level OU to an access role

OTDS-7576 OAuth authorization code grant fails if user must

change password
OTDS-7575 Added the OpenDJ attribute “employeenumber” to
available partition attributes

OTDS-7570 OTDS sets wrong issuer for tenants in JWT tokens

OTDS-7569 Groups from different paths in AD are overwritten in CS

when _NAME_ mapping has %l or %u

OTDS-7567 Wrong protocol and port used in tomact webapps –

Docker Container
OTDS-7543 Option to configure username format sent to DUO

OTDS-5804 Consolidating a single user should restore its group

memberships

The following issues have been resolved in Open Text Directory Services 20.1.1:

Directory Services 22.4 Release Notes 31

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-7451 Tenancy 2.0: subscription detection from scope param

does not work on logout URL

OTDS-7450 Unable add a role to a partition in an inheriting tenant

OTDS-7449 /oauth2/auth redirects to /otdstenant/otds.system/login

OTDS-7443 OT2 tenancy 2.0 - password grant fails when using a

global OAuth client

Directory Services 22.4 Release Notes 32

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-7442 java.util.MissingFormatArgumentException when

__GROUP__ attribute mapping points to a non-existing
attribute

OTDS-7432 OTDS - password Reset still available when disabled

for users

OTDS-7430 Unable to restore more that one user at a time

OTDS-7422 Clicking "Refresh" resets search criterion

Directory Services 22.4 Release Notes 33

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-7418 Unable to login into OTDS when 16.6.3 patch is applied

OTDS-7341 OTDS-Monitoring skipped on duplicated partition

OTDS-7247 Mapping 'cn' to any other attribute does not import it for
new users on monitoring

OTDS-7219 Notification fails to delete resulting in repeating emails

OTDS-7020 illegal reflective access call from jaxb

Directory Services 22.4 Release Notes 34

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-6594 Fix wrong password error when adding connection

parameters

OTDS-6395 Modifiying the "Host name or address" in the

"connection information" of a user partition may lead to
an invalid user partition

OTDS-6376 When monitoring is unchecked, group Memberships in

non-synchronized partition are lost when synchronized
user is moved to a different OU

Directory Services 22.4 Release Notes 35

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-5957 Monitoring skipped on duplicated partition

OTDS-5328 No error displayed when creating connection

parameters from the file

OTDS-5073 Adding a file to an auth handler and removing it results

in the file being added

7.2.1.2 Known issues

This section provides information about known issues with this update.

Directory Services 22.4 Release Notes 36

7.2.1.3 Additional information

8 Known issues
There are no known issues with this release.

Directory Services 22.4 Release Notes 37

9 Contact information
OpenText Corporation
275 Frank Tompa Drive
Waterloo, Ontario
Canada, N2L 0A1

For more information, visit the OpenText or My Support websites.

Copyright © 2022 Open Text. All Rights Reserved.

Trademarks owned by Open Text. One or more patents may cover this product. For more information, please visit OpenText Patents Information.
Disclaimer
No Warranties and Limitation of Liability
Every effort has been made to ensure the accuracy of the features and techniques presented in this publication. However, Open Text Corporation and its affiliates accept
no responsibility and offer no warranty whether expressed or implied, for the accuracy of this publication.

38