Chapter 6. Red Hat Directory Server 11.0
6.1. System requirements
This section contains information related to installing Directory Server 11.0, including prerequisites and platform requirements.
6.1.1. Supported platforms for Directory Server
Red Hat supports Directory Server 11.0 on the following platforms:
Red Hat Enterprise Linux 8.1Note
Directory Server 11.0 is supported running on a Red Hat Enterprise Linux virtual guest on a certified hypervisor. For details, see the Which hypervisors are certified to run Red Hat Enterprise Linux? solution article.
6.1.2. Supported platforms for the Directory Server user interface in Cockpit
Red Hat supports the browser-based Directory Server user interface in Cockpit in the following environments:
Red Hat Enterprise Linux 8.1
Windows Server 2016
6.1.3. Supported platforms for the Windows Synchronization utility
Red Hat supports the Windows Synchronization utility for Active Directory running on:
- Microsoft Windows Server 2016
6.2. Highlighted updates and new features
This section documents new features and important updates in Directory Server 11.0.
Directory Server introduces new command-line utilities to manage instances
Red Hat Directory Server 11.0 introduces the
dsctl utilities. These utilities simplify managing Directory Server using the command line. For example, you can now use a command with parameters to configure a feature instead of sending complex LDIF statements to the server.
The following is an overview of the purpose of each utility:
dscreateutility to create new Directory Server instances using the interactive mode or an INF file. Note that the INF file format is different from the one the installer used in previous Directory Server versions.
dsconfutility to manage Directory Server instances during run time. For example, use
Configure settings in the
- Configure plug-ins
- Configure replication
- Back up and restore an instance
- Configure settings in the
dsctlutility to manage Directory Server instances while they are offline. For example, use
- Start and stop an instance
- Re-index the server database
- Back up and restore an instance
These utilities replace the Perl and shell scripts marked as deprecated in Directory Server 10. The scripts are still available in the unsupported
389-ds-base-legacy-tools package, however Red Hat only supports managing Directory Server using the new utilities.
Note that configuring Directory Server using LDIF statements is still supported, but Red Hat recommends using the utilities.
For further details about using the utilities, see the Red Hat Directory Server 11 Documentation.
Directory Server now provides a browser-based user interface
This enhancement adds a browser-based interface to Red Hat Directory Server that replaces the Java-based Console used in previous versions. As a result, administrators can now use the Red Hat Enterprise Linux web console to manage Directory Server instances using a browser.
For further details, see the Red Hat Directory Server 11 Documentation.
Note that the browser-based user interface does not contain an LDAP browser.
The default value of the
nsslapd-unhashed-pw-switch parameter is now
In certain situations, for example when synchronizing passwords with Active Directory (AD), a Directory Server plug-in must store the unencrypted password on the hard disk. The
nsslapd-unhashed-pw-switch configuration parameter determines whether and how Directory Server stores unencrypted passwords. To improve the security in scenarios that do not require plug-ins to store unencrypted passwords, the default value of the
nsslapd-unhashed-pw-switch parameter has been changed in Directory Server 11.0 from
If you want to configure password synchronization with AD, manually enable
nsslapd-unhashed-pw-switch on the Directory Server instance that has the Windows synchronization agreement configured:
# dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-unhashed-pw-switch=on
Highlighted updates and new features in the
Features in Red Hat Directory Server, that are included in the
389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.1 Release Notes:
6.3. Known issues
This section documents known problems and, if applicable, workarounds in Directory Server 11.0.
Directory Server settings that are changed outside the web console’s window are not automatically visible
Because of the design of the Directory Server module in the Red Hat Enterprise Linux 8 web console, the web console does not automatically display the latest settings if a user changes the configuration outside of the console’s window. For example, if you change the configuration using the command line while the web console is open, the new settings are not automatically updated in the web console. This applies also if you change the configuration using the web console on a different computer. To work around the problem, manually refresh the web console in the browser if the configuration has been changed outside the console’s window.
The Directory Server Web Console does not provide an LDAP browser
The web console enables administrators to manage and configure Directory Server 11 instances. However, it does not provide an integrated LDAP browser. To manage users and groups in Directory Server, use the
dsidm utility. To display and modify directory entries, use a third-party LDAP browser or the OpenLDAP client utilities provided by the