5.3. Bug Fixes

Important

Note that this document only contains release notes for features which are not available in the base Red Hat Enterprise Linux 7.3 release. Many of the new features and bug fixes in Red Hat Directory Server are in the 389-ds-base package, and those are documented in Red Hat Enterprise Linux 7.3 Release Notes.
Directory Server 10.1 fixes the following bugs:

Ownership and file mode of certificate files is now correctly reset during upgrade

Previously, the backup process for certificate files during an upgrade did not honor file ownership and file modes. This bug has been fixed and the upgrade process now correctly preserves both.

The Administration Console no longer uses outdated ciphers

Previously, the default cipher suite selected when enabling SSL using the Administration Console was the outdated fortezza cipher suite. Consequently, the Directory Server logged the following error messages when starting: 
SSL alert: Cipher suite fortezza_null is not available in NSS 3.19.  Ignoring fortezza_null
SSL alert: Cipher suite fortezza is not available in NSS 3.19.  Ignoring fortezza
SSL alert: Cipher suite fortezza_rc4_128_sha is not available in NSS 3.19.  Ignoring fortezza_rc4_128_sha
With this update, the Console does not enable the fortezza cipher suite by default. As a result, Directory Server does not use outdated ciphers by default in this situation.

An obsolete description for was removed from the help

The Help page on the Server Info screen in the Administration Console previously showed the Security level field, which indicated whether the server used "domestic" (US-based, 128-bit) or "export" (non-US based, 40-bit) ciphers. This field was previously removed from the actual Server Info screen as it was no longer relevant, but was left in the help page by mistake. This update removes all mentions of this field from the help page as well.

Directory Server Console window can no longer be located off-screen at startup

Red Hat Directory Server Console window coordinates are stored in user preferences in the o=netscaperoot suffix. Previously, if the console was used by the same user on two different systems with different monitor setups, it was possible for the coordinates to be off screen on one of them, and consequently the console window could be hidden after logging in. This update adds a check which compares saved window coordinates with the current screen size, and resets the window location if currently outside the screen, which ensures the window is always visible.

setup-ds-admin.pl no longer fails after running remove-ds-admin.pl due to missing configuration files

Previously, executing the remove-ds-admin.pl script removed files in the Administration Server configuration directory if no backup was available for them. Consequently, if the user executed the setup-ds-admin.pl script after running remove-ds-admin.pl, the setup script failed. The problem occurred in the following situations:
  • when remove-ds-admin.pl was executed repeatedly
  • when remove-ds-admin.pl was executed without executing the setup-ds-admin.pl first
Instead of removing the files, remove-ds-admin.pl now overrides them from backup if one is available. As a result, the script no longer removes files that do not have a backup, and setup-ds-admin.pl no longer fails in this situation.

URLs for git repositories in 389-admin.spec now use HTTPS

Previously, several URLs for the git.fedorahosted.org repositories in the 389-admin.spec file used the insecure HTTP protocol. The URLs have been updated to use the HTTPS protocol instead. As a result, content from the git repositories is now downloaded securely over HTTPS.

An architecture mismatch between the 64-bit DS Console and the 32-bit JRE no longer causes the Console to become unresponsive

When using the 64-bit version of the Directory Server Console with the 32-bit version of the Java Runtime Environment (JRE), the Console became unresponsive when the user tried to connect to an Administration Server over HTTPS using the Console. This update ensures that the exception causing this bug is handled properly. As a result, the Console logs a meaningful message and exits in the described situation.