Chapter 6. Red Hat Directory Server 11.0

6.1. System requirements

This section contains information related to installing Directory Server 11.0, including prerequisites and platform requirements.

6.1.1. Supported platforms for Directory Server

Red Hat supports Directory Server 11.0 on the following platforms:

6.1.2. Supported platforms for the Directory Server user interface in Cockpit

Red Hat supports the browser-based Directory Server user interface in Cockpit in the following environments:

Operating systemBrowser

Red Hat Enterprise Linux 8.1

  • Mozilla Firefox 52 and later
  • Chrome 57 and later

Windows Server 2016

  • Mozilla Firefox 52 and later
  • Microsoft Internet Explorer 11
  • Chrome 57 and later

Windows 10

  • Mozilla Firefox 52 and later
  • Microsoft Edge 16 and later
  • Microsoft Internet Explorer 11
  • Chrome 57 and later

6.1.3. Supported platforms for the Windows Synchronization utility

Red Hat supports the Windows Synchronization utility for Active Directory running on:

  • Microsoft Windows Server 2016

6.2. Highlighted updates and new features

This section documents new features and important updates in Directory Server 11.0.

Directory Server introduces new command-line utilities to manage instances

Red Hat Directory Server 11.0 introduces the dscreate, dsconf, and dsctl utilities. These utilities simplify managing Directory Server using the command line. For example, you can now use a command with parameters to configure a feature instead of sending complex LDIF statements to the server.

The following is an overview of the purpose of each utility:

  • Use the dscreate utility to create new Directory Server instances using the interactive mode or an INF file. Note that the INF file format is different from the one the installer used in previous Directory Server versions.
  • Use the dsconf utility to manage Directory Server instances during run time. For example, use dsconf to:

    • Configure settings in the cn=config entry
    • Configure plug-ins
    • Configure replication
    • Back up and restore an instance
  • Use the dsctl utility to manage Directory Server instances while they are offline. For example, use dsctl to:

    • Start and stop an instance
    • Re-index the server database
    • Back up and restore an instance

These utilities replace the Perl and shell scripts marked as deprecated in Directory Server 10. The scripts are still available in the unsupported 389-ds-base-legacy-tools package, however Red Hat only supports managing Directory Server using the new utilities.

Note that configuring Directory Server using LDIF statements is still supported, but Red Hat recommends using the utilities.

For further details about using the utilities, see the Red Hat Directory Server 11 Documentation.

Directory Server now provides a browser-based user interface

This enhancement adds a browser-based interface to Red Hat Directory Server that replaces the Java-based Console used in previous versions. As a result, administrators can now use the Red Hat Enterprise Linux web console to manage Directory Server instances using a browser.

For further details, see the Red Hat Directory Server 11 Documentation.

Note that the browser-based user interface does not contain an LDAP browser.

The default value of the nsslapd-unhashed-pw-switch parameter is now off

In certain situations, for example when synchronizing passwords with Active Directory (AD), a Directory Server plug-in must store the unencrypted password on the hard disk. The nsslapd-unhashed-pw-switch configuration parameter determines whether and how Directory Server stores unencrypted passwords. To improve the security in scenarios that do not require plug-ins to store unencrypted passwords, the default value of the nsslapd-unhashed-pw-switch parameter has been changed in Directory Server 11.0 from on to off.

If you want to configure password synchronization with AD, manually enable nsslapd-unhashed-pw-switch on the Directory Server instance that has the Windows synchronization agreement configured:

# dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-unhashed-pw-switch=on

Highlighted updates and new features in the 389-ds-base packages

Features in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.1 Release Notes:

6.3. Known issues

This section documents known problems and, if applicable, workarounds in Directory Server 11.0.

Directory Server settings that are changed outside the web console’s window are not automatically visible

Because of the design of the Directory Server module in the Red Hat Enterprise Linux 8 web console, the web console does not automatically display the latest settings if a user changes the configuration outside of the console’s window. For example, if you change the configuration using the command line while the web console is open, the new settings are not automatically updated in the web console. This applies also if you change the configuration using the web console on a different computer. To work around the problem, manually refresh the web console in the browser if the configuration has been changed outside the console’s window.

The Directory Server Web Console does not provide an LDAP browser

The web console enables administrators to manage and configure Directory Server 11 instances. However, it does not provide an integrated LDAP browser. To manage users and groups in Directory Server, use the dsidm utility. To display and modify directory entries, use a third-party LDAP browser or the OpenLDAP client utilities provided by the openldap-clients package.