Chapter 5. Red Hat Directory Server 11.5

5.1. System requirements

This section contains information related to installing Directory Server 11.5, including prerequisites and platform requirements.

5.1.1. Supported platforms for Directory Server

Red Hat supports Directory Server 11.5 only on Red Hat Enterprise Linux 8.6 built for AMD64 and Intel 64 architectures.

Directory Server 11.5 is supported running on a Red Hat Enterprise Linux virtual guest on a certified hypervisor. For details, see the Which hypervisors are certified to run Red Hat Enterprise Linux? solution article.

5.1.2. Supported platforms for the Directory Server user interface in the web console

Red Hat supports the browser-based Directory Server user interface in the web console in the following environments:

Operating systemBrowser

Red Hat Enterprise Linux 8.6

  • Mozilla Firefox 91.7.0 and later
  • Chrome 88 and later

Windows Server 2016 and 2019:

  • Mozilla Firefox 91.7.0 and later
  • Chrome 88 and later

Windows 10

  • Mozilla Firefox 91.7.0 and later
  • Microsoft Edge 88 and later
  • Chrome 88 and later

5.1.3. Supported platforms for the Windows Synchronization utility

Red Hat supports the Windows Synchronization utility for Active Directory running on:

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016

5.2. Highlighted updates and new features

This section documents new features and important updates in Directory Server 11.5.

Directory Server rebased to version 1.4.3.28

The 389-ds-base packages have been upgraded to upstream version 1.4.3.28 which provides a number of bug fixes and enhancements over the previous version:

  • A potential deadlock in replicas has been fixed.
  • The server no longer terminates unexpectedly when the dnaInterval is set to 0.
  • The performance of connection handling has been improved.
  • Improved performance of targetfilter in access control instructions (ACI).

Highlighted updates and new features in the 389-ds-base packages

Features in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.6 Release Notes:

5.3. Technology Previews

This section documents unsupported Technology Previews in Directory Server 11.5.

The Directory Server web console provides an LDAP browser as Technology Preview

An LDAP browser has been added to the Directory Server web console. Using the LDAP Browser tab in the web console, you can:

  • Browse the directory
  • Manage entries, such as users, groups, organizational units (OUs), and custom entries
  • Manage ACI

Note that Red Hat provides this feature as an unsupported Technology Preview.

Bug fixes in the 389-ds-base packages

Bug fixes in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.6 Release Notes:

5.4. Known issues

This section documents known problems and, if applicable, workarounds in Directory Server 11.5.

Directory Server settings that are changed outside the web console’s window are not automatically visible

Because of the design of the Directory Server module in the Red Hat Enterprise Linux 8 web console, the web console does not automatically display the latest settings if a user changes the configuration outside of the console’s window. For example, if you change the configuration using the command line while the web console is open, the new settings are not automatically updated in the web console. This applies also if you change the configuration using the web console on a different computer. To work around the problem, manually refresh the web console in the browser if the configuration has been changed outside the console’s window.

Configuring a referral for a suffix fails in Directory Server

If you set a back-end referral in Directory Server, setting the state of the backend using the dsconf <instance_name> backend suffix set --state referral command fails with the following error:

Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state

As a consequence, configuring a referral for suffixes fail. To work around the problem:

  1. Set the nsslapd-referral parameter manually:

    # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com
    
    dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
    changetype: modify
    add: nsslapd-referral
    nsslapd-referral: ldap://remote_server:389/dc=example,dc=com
  2. Set the back-end state:

    # dsconf <instance_name> backend suffix set --state referral

As a result, with the workaround, you can configure a referral for a suffix.

Directory Server replication fails after changing password of the replication manager account

After a password change, Directory Server does not properly update the password cache for the replication agreement. As a consequence, when you change the password for the replication manager account, the replication breaks. To work around this problem, restart the Directory Server instance. As a result, the cache is rebuilt at start-up, and the replication connection binds with the new password instead of the old one.

Known issues in the 389-ds-base packages

Known issues in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 8.6 Release Notes: