Open Text Directory Services

Release Notes
20.4.2

Product Released: 2020-11-30

Release Notes Revised: 2021-02-23

Contents
1 Introduction .................................................................................................................................... 4
1.1 Release Notes revision history .................................................................................................. 4

2 About Open Text Directory Services ............................................................................................ 6

2.1 New features.............................................................................................................................. 6
New Features in OTDS 20.4.2 ..................................................................................... 6
New Features in OTDS 20.4.1 ..................................................................................... 7
New Features in OTDS 20.3.1 ..................................................................................... 7
New Features in OTDS 20.2.3 ..................................................................................... 7
New Features in OTDS 20.2.2 ..................................................................................... 7
New Features in OTDS 20.2.1 ..................................................................................... 7
New Features in OTDS 20.1.1 ..................................................................................... 7
New Features in OTDS 16.6.3 ..................................................................................... 7
New Features in OTDS 16.6.2 ..................................................................................... 7
New Features in OTDS 16.6.1 ..................................................................................... 8
New Features in OTDS 16.6.0 ..................................................................................... 8
New Features in OTDS 16.4.3 ..................................................................................... 8
New Features in OTDS 16.4.2 ..................................................................................... 8
New Features in OTDS 16.4.1 ..................................................................................... 8
New Features in OTDS 16.2.3 ..................................................................................... 8
New Features in OTDS 16.2.2 ..................................................................................... 8
New Features in OTDS 16.2.1 ..................................................................................... 9
New Features in OTDS 16.2.0 ..................................................................................... 9
New Features in OTDS 16.0.3 ..................................................................................... 9
New Features in OTDS 16.0.2 ..................................................................................... 9
New Features in OTDS 16.0.1 ..................................................................................... 9
New Features in OTDS 16.0.0 ..................................................................................... 9
2.2 Discontinued and deprecated features .................................................................................... 10

3 Packaging and documentation ................................................................................................... 10

3.1 Packaging and delivery information ........................................................................................ 10
3.2 Related documentation ............................................................................................................ 10
3.3 Documentation errata .............................................................................................................. 11

4 Supported environments and compatibility .............................................................................. 11

4.1 Supported systems .................................................................................................................. 11
Java Environment ....................................................................................................... 11

Open Text Directory Services 20.4.2 Release Notes 2

 Apache Tomcat ........................................................................................................... 12
IBM WebSphere ......................................................................................................... 12
Enterprise Directories and Third-party Web Access Management Products ............. 12
Supported Operating Systems ................................................................................... 13
Supported Virtualization Platforms ............................................................................. 14
Supported Browsers ................................................................................................... 14
4.2 OpenText product compatibility ............................................................................................... 14
4.3 Language support .................................................................................................................... 15

5 Installation and upgrade notes ................................................................................................... 15

5.1 Installation notes ...................................................................................................................... 15
5.2 Upgrade notes ......................................................................................................................... 16

6 Patches ......................................................................................................................................... 16

6 Hotfixes ......................................................................................................................................... 16
7 Fixed Issues .................................................................................................................................. 17

8 Known issues ............................................................................................................................... 28

9 Contact information ..................................................................................................................... 29

Open Text Directory Services 20.4.2 Release Notes 3

1 Introduction
These Release Notes provide an overview of Open Text Directory Services 20.4.2, including new
features, delivery information, and supported platforms.

OpenText recommends that you read these Release Notes in conjunction with the documentation
included with the software package. If any conflicts exist, the Release Notes supersede the other
documentation.

We also recommend that you check OpenText My Support (https://support.opentext.com) for any
patches or documentation updates that may have been posted after the initial release of this product.

1.1 Release Notes revision history

Revision date Sections revised Description of revisions

2016-03-15 First release. All new content.

2016-03-31 Installation Notes, Note about an upgrade conflict on Windows

Known Issues when files are in use.

2016-04-12 Supported Environments Added Oracle Access Manager to the WAM

support list

2016-05-26 Patches, Fixed & Known Updates for OTDS 16.0.1 (OTDS-1600-001)
Issues

2016-09-24 Patches, Fixed & Known Updates for OTDS 16.0.2 (OTDS-1602)
Issues

2016-10-14 All sections. Edits to formatting.

2016-12-01 Patches, Fixed & Known Updates for OTDS 16.0.3 (OTDS-1603)
Issues

2017-03-01 Patches, Fixed & Known Updates for OTDS 16.2.0 (OTDS-1620)
Issues

2017-04-28 All sections. Edits to formatting and version fixes.

2017-06-01 Patches, Fixed & Known Updates for OTDS 16.2.1 (OTDS-1621-EP2)
Issues

2017-06-21 Documentation Errata Added a new documentation update.

2017-09-06 Patches, Fixes & Known Updates for OTDS 16.2.2 (OTDS-1622-EP2)
Issues

2017-12-06 Patches, Fixes & Known Updates for OTDS 16.2.3 (OTDS-1623-EP2)
Issues

Open Text Directory Services 20.4.2 Release Notes 4

 Revision date Sections revised Description of revisions

2018-03-13 Patches, Fixed & Known Updated for OTDS 16.2.4 (OTDS-1624-EP2)
Issues
Virtualization support for ESXi Windows Server
Updated Platform 2016
support

2018-06-15 Patches, Fixed & Known Updated for OTDS 16.4.1 (OTDS-1641)
Issues
TomEE Support added directly for clarification.
Updated Platform Support present since OTDS 16.0.1.
Support

2018-08-27 Known Issues Updated Issue with JDK 8U181

2018-09-21 Patches, Fixed & Known Updated for OTDS 16.4.2 (OTDS-1642)
Issues

2018-12-12 Patches, Fixed & Known Updated for OTDS 16.4.3 (OTDS-1643)
Issues
Added deprecated support of Java 7 to section
2.2.

2019-03-06 Patches, Fixed & Known Updated for OTDS 16.6.0 (OTDS-1660)
Issues
Updated Java support versions to be clearer

2019-06-25 Patches, Fixed & Known Updated for OTDS 16.6.1 (OTDS-1661)
Issues

2019-09-20 Supported Operating Updated for OTDS 16.6.2 (OTDS-1662)

Systems, Patches, Fixes
& Known Issues

2019-12-20 Patches, Fixes, & Updated for OTDS 16.6.3 (OTDS-1663)

Known Issues, Notes

2020-01-14 Supported Systems Note regarding Load Balancing and

Synchronization

Open Text Directory Services 20.4.2 Release Notes 5

 Revision date Sections revised Description of revisions

2020-02-18 Patches, Fixes, Known Update for OTDS 20.1.1 (OTDS-2011),

Issues, and Support Deprecation of HPUX and AIX support.
Systems

2020-03-20 Patches, Fixes, Known Update for OTDS 20.2.1 (OTDS-2021)

Issues

2020-05-08 Patches, Fixes, Known Update for OTDS 20.2.2

Issues

2020-06-30 Patches, Fixes, Known Update for OTDS 20.2.3

Issues, Supported AD

2020-09-02 Patches, Fixes, Known Update for OTDS 20.3.1

Issues

2020-10-23 Patches, Fixes, Known Update for OTDS 20.4.1

Issues

2020-10-30 Section 2.2 OTDS no longer runs OpenDJ internally.

Discontinued and
deprecated features

2020-11-30

2 About Open Text Directory Services

Open Text Directory Services 20.4.2 manages user and group identity information for OpenText
components. OTDS contains services for identity synchronization and provides single sign on for
other OpenText components.

2.1 New features

All OTDS updates are cumulative and include the features and fixes from previous updates. Open
Text Directory Services 20.4.2 includes the following new features

New Features in OTDS 20.4.2

• Container Enhancements

Open Text Directory Services 20.4.2 Release Notes 6

 New Features in OTDS 20.4.1
• Support for scheduled backup of containers
• Licensing support for ExStream 20.4

New Features in OTDS 20.3.1

• Enhanced container support

New Features in OTDS 20.2.3

• Support for Active Directory 2019
• Support for 2-factor authentication for service accounts
• Partition consolidation notifications
• Password blacklist support (block defined common passwords)
• Email notification upon manually created accounts (non-synchronized)

New Features in OTDS 20.2.2

• Configurable option to redirect non-existing users to a configured URL
• SCIM enhancements
• Audit forgot password requests
• Container enhancements

New Features in OTDS 20.2.1

• Configurable option for Duo username format
• Single user consolidation now restores group memberships

New Features in OTDS 20.1.1

• Added ability to set SameSite attribute on OTDS cookies
• Shareable unique ID per OTDS cluster (replicated instance)
• Configurable “Allowed domains setting” for specific authentication domain bindings
• Password configuration message enhancements
• Ability to enable multi-factor auth based on external IP Address
• Symantec VIP 2-Factor Authentication Support
• Support for empty roots for naming context (eDirectory 9.1.2)
• Web Admin now shows an action spinner when items are loading

New Features in OTDS 16.6.3

• Display password expiry date in OTDS Admin UI
• New OTDS default administrative group name: otdsbusinessadmins

New Features in OTDS 16.6.2

• Confirmed support for Windows Server 2019
• Support SAML2 and JWT profiles for obtaining OAuth tokens (RFC7521/7522/7523)

Open Text Directory Services 20.4.2 Release Notes 7

• “Keep me signed in” functionality on login page
• Configure custom attributes on OAuth client view
• API to return all members of a group recursively

New Features in OTDS 16.6.1

• LinkedIn and Yahoo authentication handlers use the OAuth 2.0 protocol. Previously, they used the
OAuth 1.0 protocol.

New Features in OTDS 16.6.0

• New partitions attributes options

New Features in OTDS 16.4.3

• Java 11 Support
• SCIM 2.0 Push Connector
• Installation Enhancements

New Features in OTDS 16.4.2

• OpenID Connect Support
• Support of OAuth token exchange
• Login page enhancements for electronic signatures

New Features in OTDS 16.4.1

• Application Roles Support
• Java 9 Support
• OAuth Enhancements

New Features in OTDS 16.2.3

• Reporting
• System Monitoring
• Advanced Docker Support (YAML)
• Microsoft AzureAD Support (No hotfix required)

New Features in OTDS 16.2.2

• Microsoft Active Directory 2016 Support
• Notifications
• Microsoft AzureAD Support (Hotfix004 required:
https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=70003809&objAction=browse
&viewType=1)

Open Text Directory Services 20.4.2 Release Notes 8

 New Features in OTDS 16.2.1
• Recycle Bin for non-synchronized partitions
• Multi-tenancy improvements
• Support for single sign out
• Support for disabling partitions

New Features in OTDS 16.2.0

• Real time Job Status
• Recycle Bin (User Recovery)
• SCIMv2 Support
• Software Protection Services (SPS)

New Features in OTDS 16.0.3

• SASL LDAP (GSSAPI) Binding Support
• Two-Factor Authentication Enhancements
• REST API Enhancements
• Support of static attribute mappings in Active Directory
• Performance Enhancements to OpenDJ

New Features in OTDS 16.0.2

• Tomcat 8.5 and Tomcat 9 support.
• Support for the import of users and/or groups using XML.
• New email customization options.
• New display columns (User ID and User Name).
• Enhancements to OTDS REST API and SAML.
• Added new system attribute “directory.auth.BaseURL” to allow a configurable OTDS login page.
• Support for javascript in the Format column of a resource.

New Features in OTDS 16.0.1

• New OAuth client configuration option.
• New user and group attribute filter in a synchronized user partition.
• New feature to create a duplicate synchronized user partition.
• Support for Department mapping for Content Server resources.
• New AccountDisabled attribute mapping has been added to the Content Server resource.
• Support for IP address and subnet filtering for the Negotiate authentication handler.
• Support for SiteMinder-generated SAML metadata.
• Support for TomEE+ 8.0.0 or newer.

New Features in OTDS 16.0.0

• OpenText replaces Content Server Directory Services in Content Server V16. Administrators of
Content Server now select whether to install an internal version of OTDS or configure an external,
stand-alone version.

Open Text Directory Services 20.4.2 Release Notes 9

• OTDS has implemented the OpenText Global Help Server, available from the web-based
administration page. This provides users with live access to the latest version of the OTDS online
help.
• Support for OpenText licenses. OTDS now ships with Software Protection Services to handle
OpenText licenses. Currently only Archive Center 16 is supported for licensing.
• New options available to customize the OTDS login page.

2.2 Discontinued and deprecated features

The following features are discontinued in this release:

• Java 7 is not supported with OTDS 16.4.3 and above.

• Support for the OpenText Administration Client was withdrawn with the release of OpenText
Directory Services 16.0.0. The OTDS web-based administration has been available since the
OTDS 10.5.0 SP1 release. Please refer to the OTDS Installation and Administration guide for
more details.
• Beginning with OTDS 20.2.1, to allow for a more secure deployment, OTDS will no longer run
OpenDJ internally. This separation allows you to choose to run OpenDJ under one account, while
OTDS under Tomcat runs under a more restricted account that has more limited rights and
permissions. For more information, see the OTDS Installation and Administration guide.
• As of OTDS 20.1.1, HPUX and AIX installation files will no longer be posted to MySupport.
• OpenText recommends the use of RESTAPIs for all OTDS integrations rather than older
mechanisms such as SOAP.

3 Packaging and documentation

Downloads and documentation for Open Text Directory Services are available on OpenText My
Support (https://support.opentext.com).

Note
Documentation that is installed with the product or packaged with the
product download is current at the time of release. Documentation
updates made after a release are available for download on OpenText
My Support (https://support.opentext.com).

3.1 Packaging and delivery information

The software and documentation for Open Text Directory Services includes:

• OpenText Directory services 20.4.2 is available for download from MySupport.

3.2 Related documentation

For additional information about Open Text Directory Services, or for supplemental information about
related products, refer to the following documents, which are available on OpenText My Support
(https://support.opentext.com).

Open Text Directory Services 20.4.2 Release Notes 10

3.3 Documentation errata
There are currently no documentation issues

4 Supported environments and compatibility

This section provides details about supported platforms, systems, and versions.

4.1 Supported systems

Note: Only the products and versions specified in the Release Notes are supported. Other versions
have not been tested and are therefore not officially supported for this version. The Release
Notes contain the definitive list of supported versions. Any other versions mentioned in the
product documentation are superseded by the versions specified in the Release Notes.

If no service pack, maintenance level, patch level or similar is explicitly mentioned for a
specific software version, then OpenText supports all released by the manufacturer for this
version, unless explicitly stated otherwise. However, new major releases of platform
components are not automatically supported.

Note: OTDS does not support load balancers for Enterprise Sync. Load balancers are only
supported for authentication requests.

Java Environment
JDK/JRE downloads are available at: http://www.oracle.com/technetwork/java/javase/downloads/index.html.

Note: 64-bit release of JDK/JRE is required.

Java Edition Supported Version

Java 8 Java 2 Platform Standard Edition Development

Kit 8.0 (JDK 8.0) or
Java 2 Platform Standard Edition Runtime
Environment 8.0 (JRE 8.0) – Update 65 or later.

Java 9 Java 2 Platform Standard Edition Development

Kit 9.0 (JDK 9.0) or
Java 2 Platform Standard Edition Runtime
Environment 9.0 (JRE 9.0)

Java 11 Support for Oracle Java 11

OpenJDK OpenJDK 8.0 can be used with all supported

Linux Windows platforms – Update 66 or later
for Linux

OpenJDK 11 Support for OpenJDK 11

Open Text Directory Services 20.4.2 Release Notes 11

 Apache Tomcat
Apache Tomcat 8.0 downloads are available at: http://tomcat.apache.org/download-80.cgi.

Note: 64-bit release of Apache Tomcat is required.

Apache Tomcat Edition Supported Version

Apache Tomcat 8 Apache Tomcat 8.0.28 is supported as of the

initial release of OTDS 16. Subsequent Tomcat
8.0 releases will also be supported, unless
otherwise stated.

Apache Tomcat 8.5 Supported

Apache Tomcat 9.0 Supported

Apache TomEE+ 8.0.0 or newer Beginning with the OTDS 16.0.1 release, OTDS
supports the TomEE+ 8.0.0 or newer application
server.

IBM WebSphere
IBM WebSphere 8.5.5 is supported as of the initial release of OTDS 16.0.0.

Enterprise Directories and Third-party Web Access Management

Products
OpenText Directory Services 16 was successfully tested and is supported for user synchronization
and authentication with the following Enterprise Directories:

Vendor Enterprise Directory Version Type

Microsoft Active Directory Domain Services 2003-2019 AD
Active Directory LDS LDAPv3

Oracle Directory Server Enterprise Edition 11g LDAPv3

Internet Directory (OID) 11g

Novell eDirectory 8.8 LDAPv3

IBM Domino 8.5 LDAPv3

Tivoli Directory Server 6.3

Apache Directory Server 2.0 LDAPv3

Open Text Directory Services 20.4.2 Release Notes 12

Note: When using Oracle Internet Directory (OID), “Notifications/Search” (Search Method) within the
partition configuration must be set to “unlimited”. This is a defect within OID itself and can be
referenced here:

https://support.oracle.com/epmos/faces/BugDisplay?id=25178637&_adf.ctrl-
state=17kljknnwp_4&_afrLoop=485596843187863

The following third-party Web Access Management (WAM) products are supported by OpenText
Directory Services 16 and newer.

Vendor Web Access Management Product Product Version(s)

Computer Associates SiteMinder v12

Entrust GetAccess, TruePass 8.0

EMC2 Corporation RSA Access Manager 6.1

Oracle Access Manager 11g

Other third-party WAM products might work but they are not supported by OpenText Directory
Services 16 and newer.

Supported Operating Systems

All supported Operating Systems and Database Systems are 64-bit. All types of zones (whole, global,
sparse) are supported on Solaris 11 (SPARC). OTDS will work on any 64-bit Linux OS with glibc,
kernel 2.6.32.49 or newer and the required Java version.

Vendor Operating System

Microsoft Windows Server 2008 R2 (x86-64)

Windows Server 2012, 2012 R2 (x86-64)

Windows Server 2016

Windows Server 2019

Oracle Solaris 11 (SPARC)

Red Hat Red Hat Enterprise Linux 6.x (x86-64)

Red Hat Enterprise Linux 7.x (x86-64)

CentOS

Open Text Directory Services 20.4.2 Release Notes 13

 Vendor Operating System

Novell SuSE Linux Enterprise Server 11 (x86-64)

• OTDS 16.6.3 was the final release version for AIX and HPUX installers. Beginning with
version 20.1.1, only Solaris, Linux, and Windows versions are available.

Supported Virtualization Platforms

All supported Virtualization Platforms are based on 64-bit Operating Systems. Only English versions
of the Operating Systems are supported.

Vendor Virtualization Platform Host Operating System

EMC ESXi 5.0 or newer Windows Server 2008 R2

Windows Server 2012, 2012 R2

Windows Server 2016

Red Hat Enterprise Linux 6,

Red Hat Enterprise Linux 7

Microsoft Hyper-V R2 Windows Server 2008 R2

Windows Server 2012, 2012 R2

Windows Server 2016

Supported Browsers
This list of supported browsers is for the web-based administration.

Vendor Browser

Microsoft Internet Explorer 11+

Mozilla Firefox ESR

Google Chrome (latest version)

4.2 OpenText product compatibility

The section provides details about which versions of other OpenText products are compatible with this
release of Open Text Directory Services 20.4.2.

Open Text Directory Services 20.4.2 Release Notes 14

 Note
For the latest compatibility information for OpenText products, refer to the
Compatibility Matrix (https://knowledge.opentext.com/go/matrix) on
OpenText My Support.

Note
For Enterprise Directory Synchronization integration, it is highly
recommended to use the same corresponding OTDS version. In
cases OTDS version can be higher than Enterprise Directory
Synchronization due to OTDS’ backward compatibilities. It is
considered best practice to use the latest versions whenever
possible.

4.3 Language support

Open Text Directory Services is currently localized in the following languages. Additional languages
may be available in future releases.

Component Languages

EN DE JA FR IT ZH ES RU

Installation B

Administration B

Login Page UI UI UI UI UI UI UI UI

UI = user interface only

B = both user interface and online help

5 Installation and upgrade notes

This section provides additional installation and upgrade information, including related or third-party
product information and any required critical patches.

5.1 Installation notes

Before you install Open Text Directory Services, review these additional installation notes and verify
related product or third-party product requirements.

• When patching Directory Services, it is crucial that the patch is executed from an elevated
command line as outlined in the OpenText Directory Services Installation and Administration
Guide.

For OTDS versions 20.2.1 or newer:

Open Text Directory Services 20.4.2 Release Notes 15

To allow for a more secure deployment, OTDS will no longer run OpenDJ internally. This separation
allows you to choose to run OpenDJ under one account, while OTDS under Tomcat runs under a
more restricted account that has more limited rights and permissions.

• On Windows, an OpenDJ Server service will be created. You can now choose to run OpenDJ
under a LocalSystem account, while Tomcat runs under a LocalService account.
• On UNIX and Linux, OpenDJ must be manually started, or a daemon/service must be
registered for it. In addition, the OPENDJ_JAVA_HOME environment variable must be
defined to point to the JDK/JRE to be used to run OpenDJ.

The commands to start and stop the service are:

– /<otds_install_dir>/opendj/bin/start-ds
– /<otds_install_dir>/opendj/bin/stop-ds

5.2 Upgrade notes

Before you upgrade, review these instructions.

• OpenText Directory Services 16 supports direct upgrade from release 10.5.0. For additional
information, please refer to the OpenText Directory Services Installation and Administration
Guide.

6 Patches
A patch is a piece of software that is designed to fix or improve a computer program or its supporting
data. These may include repairs to security vulnerabilities or resolution of bugs, and may also improve
usability or performance. On OpenText My Support you will find two general types of patches.
Hotfixes are also known as quick-fixes or bug fixes. Updates are also known as service packs or
service releases.

The following patches must be applied to Open Text Directory Services 20.4.2. OpenText
recommends that you check OpenText My Support (https://support.opentext.com) for any patches or
documentation updates that may have been posted after this release.

Note: If you are using two-factor authentication functionality provided by OTDS, and you have two-
factor authentication settings configured on a specific group(s), you must run a repair operation on
that group.
In OTDS administration, select Actions->Consolidate-> Verify and Repair on the specific group(s) in
order for the two-factor authentication settings to remain in effect for the users of the group.

If two-factor authentication settings were configured on a partition or on specific users only, no action
is required.

6 Hotfixes
Hotfixes are small patches that address software issues. Typically, there is no new functionality in a
hotfix. Hotfixes can be cumulative. Hotfixes for OTDS can be found:

• https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=64258665&objAction=bro
wse&sort=name

Open Text Directory Services 20.4.2 Release Notes 16

7 Fixed Issues
Updates consist of a number of fixes combined into a single patch. Typically, the minor version
number of the product will increase, for example from 2.0 to 2.1. An update may also include new
features proactively introduced into the product. In most cases, updates are cumulative.

This section provides information about past issues that have been fixed in this update.

The following issues have been resolved in Open Text Directory Services 20.4.2:

Issue name Issue description

OTDS-8136 Sync of some valid user group memberships failing due
to "Could not locate specified child name" error

OTDS-8088 id_token_hint not being sent to OIDC logout endpoint

OTDS-8075 XSS vulnerability in the OTDS admin UI on the Trusted

Sites page

The following issues have been resolved in Open Text Directory Services 20.4.1:

Issue name Issue description

OTDS-8013 Updating edirsync from 16.x to 20.x shows error "Patch
000 already installed on your machine. You cannot re-
apply this patch"
OTDS-8000 WSM push connectors do not load. Creating/editing or
pushing to a resource configured with a “WSM Delivery
Server” or “WSM Management Server” results in a
NullPointerException
OTDS-7987 Invalid syntax error on OTOriginalDN

The following issues have been resolved in Open Text Directory Services 20.3.1:

Issue name Issue description

OTDS-7961 Auto-provisioned or externally provisioned users should
not be able to reset their password

OTDS-7960 SAML - No valid SubjectConfirmationData Recipient

found exception if auth handler name contains space or
special chars

Open Text Directory Services 20.4.2 Release Notes 17

 Issue name Issue description
OTDS-7951 Disabling an account for the first time does not push
the change to resources

OTDS-7928 Unable to create tenants using API in container

deployment
OTDS-7900 2FA not being enforced on OAuth password grant

OTDS-7899 OpenDJ service on Windows not starting after upgrade

OTDS-7866 OTDS can fail to install on some Windows systems

OTDS-7864 Creating users in Content Server leads to duplicate

user in CS if __NAME__ attribute mapping is not
default

OTDS-7855 OpenID Connect handler - issues with id_token

validation through /authentication/token API

OTDS-7852 SCIM: totalResults= -1 even if there are more pages

OTDS-7837 CS push connector cannot consolidate username

change
OTDS-7828 Users deleted from CS during resource consolidation

OTDS-7753 OTDS Docker: GNU Bash Privilege Escalation

Vulnerability for Debian

The following issues have been resolved in Open Text Directory Services 20.2.3:

Issue name Issue description

OTDS-7658 Add API endpoint to get a user's current delegated
admin rights
OTDS-7814 SCIM PATCH - cannot update employeeNumber
attribute
OTDS-7811 Reset password is not clearly displayed in password
reset mail
OTDS-7808 Unable to create tenant in OTDS 20.2.1 or 20.2.2

OTDS-7793 Empty user oTMemberOf mapping for LDAP partitions

OTDS-7789 Report end date filter does not work

OTDS-7788 Fix preferredLanguage attribute handling in Admin UI

Open Text Directory Services 20.4.2 Release Notes 18

 Issue name Issue description
OTDS-7786 oAuth clientId case sensitive issue
OTDS-7781 otdsapi service logs warning related to
SPSRestLicenses class
OTDS-7779 OAuth client ID with special characters does not work

OTDS-7775 OTDS 16.6.1 or newer does not work on WebSphere

OTDS-7764 Remove option to disable 2-factor authentication for

API requests
OTDS-7763 Role operation errors
OTDS-7761 3PPT - Vulnerability #3 : Insecure Links

OTDS-7751 SAML - OTDS does not verify SubjectConfirmation

(including 'Recipient' attribute) or Audience restriction
on an assertion

OTDS-7749 HELM CHART: error validating data:

ValidationError(Deployment.spec): unknown field
"serviceName"
OTDS-7744 The entry dc=root specified as the search base does
not exist in the Directory Server error after upgrade to
20.2.2 from 16.6.3

OTDS-7734 NullPointerException when creating a new synced

partition in OTDS 20.2.2
OTDS-7733 Syndication attributes appended to CS license causes
issues for OpenDJ to start after upgrade to 20.2.2

OTDS-7730 Document required catalina.policy rules if Tomcat runs

using Security Manager

OTDS-7729 2-factor auth with a provided code does not work with
Symantec
OTDS-7724 allObjectsNumber does not include roles

OTDS-7720 Error updating or consolidating a synchronized partition

OTDS-7718 Upgrade to 20.2.1 is failing on Linux

OTDS-7717 OT2 access token missing tenant groups

OTDS-7706 OTDS creates duplicate users in Content Server when

__NAME__ attribute mapping uses %l or %u

Open Text Directory Services 20.4.2 Release Notes 19

 Issue name Issue description
OTDS-7689 Add grant_types_supported to OIDC metadata

OTDS-7687 Unable to reset or change password on a user

that contains a {ContentServer} password hash

OTDS-7686 tokeninfo call fails when using resourceID in the

scope
OTDS-7675 Consolidate option not available on roles

OTDS-7666 3PPT Vulnerability #7: Software Version Numbers

Revealed (Infrastructure)

OTDS-7662 issuer field is wrong in OIDC metadata

OTDS-7660 email setting SMTP configuration and verification

problems

The following issues have been resolved in Open Text Directory Services 20.2.2:

Issue name Issue description

OTDS-7658 Add API endpoint to get a user's current delegated
admin rights
OTDS-7643 detect tenant at global token endpoint does not work

OTDS-7642 Can't set international email address on users

OTDS-7641 Deploying OTDS fails with OutOfMemoryError

OTDS-7639 Allow bootstrapping a pre-configured resource ID and

secret
OTDS-7637 OTDS bootstrapping does not create resource principal

OTDS-7636 User roles are getting reset on Registration

OTDS-7635 OTDS config environment variables are not POSIX

compliant
OTDS-7634 Cannot consolidate with global resources

OTDS-7632 Add system attribute to allow external sources in

Content Security Policy

Open Text Directory Services 20.4.2 Release Notes 20

 Issue name Issue description
OTDS-7629 When oAuth client invokes logout call to OTDS and its
redirect logout URL isn't in Redirect URI's the error
message returned references trusted sites

OTDS-7616 Stack trace when 2FA auth is enabled for Extranet

requests only
OTDS-7607 'scp' claim in access token is missing scopes with
authorization code grant

OTDS-7605 SCIM - specifying a user or group search filter using

"pr" operator results in error

OTDS-7603 SCIM - restrict scope of operations within a partition to

objects created through SCIM

OTDS-7313 OTDS - Mapping AD attribute userAccountControl to

oTExtraAttr with %odn doesn't show the AD attribute
under the user in correct format

The following issues have been resolved in Open Text Directory Services 20.2.1:

Issue name Issue description

OTDS-7589 CS Push Connector fails if Photo or Manager attribute
is mapped
OTDS-7578 Unable to add to top level OU to an access role

OTDS-7576 OAuth authorization code grant fails if user must

change password
OTDS-7575 Added the OpenDJ attribute “employeenumber” to
available partition attributes

OTDS-7570 OTDS sets wrong issuer for tenants in JWT tokens

OTDS-7569 Groups from different paths in AD are overwritten in CS

when _NAME_ mapping has %l or %u

OTDS-7567 Wrong protocol and port used in tomact webapps –

Docker Container
OTDS-7543 Option to configure username format sent to DUO

Open Text Directory Services 20.4.2 Release Notes 21

 Issue name Issue description
OTDS-5804 Consolidating a single user should restore its group
memberships

The following issues have been resolved in Open Text Directory Services 20.1.1:

Open Text Directory Services 20.4.2 Release Notes 22

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-7451 Tenancy 2.0: subscription detection from scope param

does not work on logout URL

OTDS-7450 Unable add a role to a partition in an inheriting tenant

OTDS-7449 /oauth2/auth redirects to /otdstenant/otds.system/login

OTDS-7443 OT2 tenancy 2.0 - password grant fails when using a

global OAuth client

Open Text Directory Services 20.4.2 Release Notes 23

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-7442 java.util.MissingFormatArgumentException when

__GROUP__ attribute mapping points to a non-existing
attribute

OTDS-7432 OTDS - password Reset still available when disabled

for users

OTDS-7430 Unable to restore more that one user at a time

OTDS-7422 Clicking "Refresh" resets search criterion

Open Text Directory Services 20.4.2 Release Notes 24

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-7418 Unable to login into OTDS when 16.6.3 patch is applied

OTDS-7341 OTDS-Monitoring skipped on duplicated partition

OTDS-7247 Mapping 'cn' to any other attribute does not import it for
new users on monitoring

OTDS-7219 Notification fails to delete resulting in repeating emails

OTDS-7020 illegal reflective access call from jaxb

Open Text Directory Services 20.4.2 Release Notes 25

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-6594 Fix wrong password error when adding connection

parameters

OTDS-6395 Modifiying the "Host name or address" in the

"connection information" of a user partition may lead to
an invalid user partition

OTDS-6376 When monitoring is unchecked, group Memberships in

non-synchronized partition are lost when synchronized
user is moved to a different OU

Open Text Directory Services 20.4.2 Release Notes 26

 Issue name Issue description

OTDS-7527 500 error in SCIM group search if user UUID doesn't

exist

OTDS-7523 User/group search fails when invoked by a resource

principal when RestrictedReadOnlyAccess is enabled

OTDS-7522 Repeated auth failures when account lockout is not

enabled can result in denial of service

OTDS-7514 SCIM Provisioning - groups attribute not returned on

users

OTDS-7513 SCIM Provisioning - search using multi-valued attribute

does not work

OTDS-7512 SCIM Provisioning - PATCH op on enterprise attributes

does not get processed

OTDS-7494 Resource credentials don't work on tenant

OTDS-7483 /resources/{resourceID}/groupinresource does not work

OTDS-7478 CORS requests are not permitted to the OIDC well-

known endpoint

OTDS-7475 Tenancy 2.0: Salesforce Connected App Callback URL

OTDS-7474 Prevent creation of a tenant that has a conflicting name

OTDS-7468 SCIM - Fails to provision group with " and " or " or " in
the name

OTDS-7461 Listing members that contain a '+' sign does not work

OTDS-7453 OTDS session not working when custom URL is used

OTDS-5957 Monitoring skipped on duplicated partition

OTDS-5328 No error displayed when creating connection

parameters from the file

OTDS-5073 Adding a file to an auth handler and removing it results

in the file being added

Open Text Directory Services 20.4.2 Release Notes 27

8 Known issues
There are no known issues with this release.

Open Text Directory Services 20.4.2 Release Notes 28

9 Contact information
OpenText Corporation
275 Frank Tompa Drive
Waterloo, Ontario
Canada, N2L 0A1

OpenText My Support: https://support.opentext.com

For more information, visit www.opentext.com

Copyright © 2020 Open Text. All Rights Reserved.

Trademarks owned by Open Text. One or more patents may cover this product. For more information, please visit https://www.opentext.com/patents.
Disclaimer
No Warranties and Limitation of Liability
Every effort has been made to ensure the accuracy of the features and techniques presented in this publication. However, Open Text Corporation and its affiliates accept
no responsibility and offer no warranty whether expressed or implied, for the accuracy of this publication.

29