Chapter 1. General information
This chapter contains general information about Red Hat Directory Server 11, independent of the minor version.
1.1. Directory Server support policy and life cycle
For details, see the Red Hat Directory Server Errata Support Policy document.
1.2. General hardware requirements
The hardware requirements are based on tests run with the following prerequisites:
- The server uses default indexes.
- Each LDAP entry has a size of 1.5 KB and 30 or more attributes.
1.2.1. Disk space
The following table provides guidelines for the recommended disk space for Directory Server based on the number of entries.
Table 1.1. Required disk space
| Number of entries | Database size | Database cache | Server and logs | Total disk space |
|---|---|---|---|---|
| 10,000 - 500,000 | 2 GB | 2 GB | 4 GB | 8 GB |
| 500,000 - 1,000,000 | 5 GB | 2 GB | 4 GB | 11 GB |
| 1,000,000 - 5,000,000 | 21 GB | 2 GB | 4 GB | 27 GB |
| 5,000,000 - 10,000,000 | 42 GB | 2 GB | 4 GB | 48 GB |
The total disk space does not include space for backups and replication metadata. With enabled replication, its metadata can require up to 10% more of the total disk space.
A replication changelog with 1 million changes can add at least 315 MB to the total disk space requirement.
The temporary file system (tmpfs) mounted in /dev/shm/ should have at least 4 GB of available space to store RHDS temporary files.
1.2.2. Required RAM
Make sure your system has enough RAM available to keep the entire database in cache. The required RAM size can be higher than the recommended one depending on server configuration and usage patterns.
Table 1.2. Required RAM size
| Number of entries | Entry cache | Entry cache with replication [a] | Database cache | DN cache | NDN cache | Total RAM size [b] |
|---|---|---|---|---|---|---|
| 10,000 - 500,000 | 4 GB | 5 GB | 1.5 GB | 45 MB | 160 MB | 7 GB |
| 500,000 - 1,000,000 | 8 GB | 10 GB | 1.5 GB | 90 MB | 320 MB | 12 GB |
| 1,000,000 - 5,000,000 | 40 GB | 50 GB | 1.5 GB | 450 MB | 1.6 GB | 54 GB |
| 5,000,000 - 10,000,000 | 80 GB | 100 GB | 1.5 GB | 900 MB | 3.2 GB | 106 GB |
[a]
Entry cache with replication includes the entry’s replication state and metadata.
[b]
Total RAM size assumes you enabled replication.
| ||||||
1.3. Software conflicts
Directory Server cannot be installed on any system that has a Red Hat Enterprise Linux Identity Management (IdM) server installed. Likewise, no Red Hat Enterprise Linux IdM server can be installed on a system with a Directory Server instance.
1.4. Notes about migrating to Directory Server 11
Consider the following information if you want to migrate an existing Directory Server 10 environment to Directory Server 11.
New command-line utilities in Directory Server 11
Directory Server 11 provides new command line utilities to manage server instances and users. These utilities replace the Perl scripts used for management tasks in Directory Server 10 and earlier versions.
For a list of commands in previous versions and their replacements in Directory Server 11, see the Command-line utilities replaced in Red Hat Directory Server 11 appendix in the Red Hat Directory Server Installation Guide.
The Perl scripts used for management tasks in Directory Server 10 and earlier versions are still available in the 389-ds-base-legacy-tools package. However, Red Hat only supports the new dsconf, dsctl, dscreate, and dsidm command-line utilities.
The Directory Server 11 default password storage scheme was changed to PBKDF2-SHA512
Directory Server 11 now uses the PBKDF2-SHA512 scheme as a default password storage scheme, which is more secure than SSHA, SSHA512, and other schemes. Therefore, if some of your applications, such as freeradius, do not support the PBKDF2-SHA512 scheme, and you must set a weaker password storage scheme back, note that Directory Server updates user passwords not only when an application adds or modifies the user entry, but also during a successful bind operation. However, you can disable an update on bind operations by setting the nsslapd-enable-upgrade-hash parameter in the cn=config entry to off.
Migration procedure
For a procedure about migrating Directory Server 10 to Directory Server 11, see the corresponding chapter in the Red Hat Directory Server Installation Guide.
