Chapter 5. Red Hat Directory Server 11.1

5.1. System requirements

This section contains information related to installing Directory Server 11.1, including prerequisites and platform requirements.

5.1.1. Supported platforms for Directory Server

Red Hat supports Directory Server 11.1 on the following platforms:

5.1.2. Supported platforms for the Directory Server user interface in Cockpit

Red Hat supports the browser-based Directory Server user interface in Cockpit in the following environments:

Operating systemBrowser

Red Hat Enterprise Linux 8.2

  • Mozilla Firefox 68.3 and later
  • Chrome 58 and later

Windows Server 2016 and 2019:

  • Mozilla Firefox 68.3 and later
  • Chrome 58 and later

Windows 10

  • Mozilla Firefox 68.3 and later
  • Microsoft Edge 16 and later
  • Chrome 58 and later

5.1.3. Supported platforms for the Windows Synchronization utility

Red Hat supports the Windows Synchronization utility for Active Directory running on:

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016

5.2. Highlighted updates and new features

This section documents new features and important updates in Directory Server 11.1.

Directory Server rebased to version 1.4.2.4

The 389-ds-base packages have been upgraded to upstream version 1.4.2.4, which provides a number of bug fixes and enhancements over the previous version. For a complete list of notable changes, read the upstream release notes before updating:

A health check feature has been added to Directory Server

This enhancement adds a health check feature to Directory Server. The dsctl healthcheck command performs read-only operations on a Directory Server instance and reports, for example, if the instance is configured properly or if replication agreements are working correctly.

Highlighted updates and new features in the 389-ds-base packages

Features in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.2 Release Notes:

5.3. Bug fixes

This section describes bugs fixed in Directory Server 11.1 that have a significant impact on users.

Bug fixes in the 389-ds-base packages

Bug fixes in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.2 Release Notes:

5.4. Known issues

This section documents known problems and, if applicable, workarounds in Directory Server 11.1.

Directory Server settings that are changed outside the web console’s window are not automatically visible

Because of the design of the Directory Server module in the Red Hat Enterprise Linux 8 web console, the web console does not automatically display the latest settings if a user changes the configuration outside of the console’s window. For example, if you change the configuration using the command line while the web console is open, the new settings are not automatically updated in the web console. This applies also if you change the configuration using the web console on a different computer. To work around the problem, manually refresh the web console in the browser if the configuration has been changed outside the console’s window.

The Directory Server Web Console does not provide an LDAP browser

The web console enables administrators to manage and configure Directory Server 11 instances. However, it does not provide an integrated LDAP browser. To manage users and groups in Directory Server, use the dsidm utility. To display and modify directory entries, use a third-party LDAP browser or the OpenLDAP client utilities provided by the openldap-clients package.

Known issues in the 389-ds-base packages

Known issues in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.2 Release Notes:

5.5. Removed Functionality

This section documents features that have been removed from Directory Server 11.1.

The nunc-stans framework has been removed

The nunc-stans framework has been removed from Directory Server, and the server now uses the improved core connection handling mechanism in Directory Server.

If you previously enabled the framework manually, Directory Server logs the following warning:

WARN - slapd_daemon - cn=config: nsslapd-enable-nunc-stans is on. nunc-stans has been deprecated and this flag is now ignored.
WARN - slapd_daemon - cn=config: nsslapd-enable-nunc-stans should be set to off or deleted from cn=config.

To prevent Directory Server from logging this warning, remove the nsslapd-enable-nunc-stans from the cn=config entry:

$ ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
dn: cn=config
changetype: modify
delete: nsslapd-enable-nunc-stans