Red Hat Directory Server 12 release notes

Red Hat Directory Server 12

Noteworthy features and updates related to Red Hat Directory Server 12 (12.0)

Red Hat Customer Content Services

Abstract

The release notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Directory Server 12 and document known issues in this release, as well as notable bug fixes, technology previews, deprecated functionalities, and other details.

Providing feedback on Red Hat documentation

We appreciate your input on our documentation. Please let us know how we could make it better. To do so:

  • For simple comments on specific passages:

    1. Make sure you are viewing the documentation in the Multi-page HTML format. In addition, ensure you see the Feedback button in the upper right corner of the document.
    2. Use your mouse cursor to highlight the part of text that you want to comment on.
    3. Click the Add Feedback pop-up that appears below the highlighted text.
    4. Follow the displayed instructions.
  • For submitting more complex feedback, create a Bugzilla ticket:

    1. Go to the Bugzilla website.
    2. As the Component, use Documentation.
    3. Fill in the Description field with your suggestion for improvement. Include a link to the relevant part(s) of documentation.
    4. Click Submit Bug.

Chapter 1. General information

This chapter contains general information about Red Hat Directory Server 12, independent of the minor version.

1.1. Directory Server support policy and life cycle

For details, see the Red Hat Directory Server Errata Support Policy document.

1.2. Software conflicts

You cannot install Directory Server on a system that has a Red Hat Enterprise Linux Identity Management (IdM) server installed. Likewise, no Red Hat Enterprise Linux IdM server can be installed on a system with a Directory Server instance.

1.3. Migrating to Directory Server 12

For a procedure about migrating Directory Server 11 to Directory Server 12, see the corresponding chapter in the Installing Red Hat Directory Server documentation.

Chapter 2. Red Hat Directory Server 12.0

This section contains information related to installing Directory Server 12.0, including prerequisites and platform requirements.

2.1. System requirements

This section contains information related to installing Directory Server 12.0, including prerequisites and platform requirements.

Supported platforms for Directory Server

Red Hat supports Directory Server 12.0 only on Red Hat Enterprise Linux 9.0 built for AMD64 and Intel 64 architectures.

Directory Server 12.0 is supported running on a Red Hat Enterprise Linux virtual guest on a certified hypervisor. For details, see the Which hypervisors are certified to run Red Hat Enterprise Linux? solution article.

Supported platforms for the Directory Server user interface in the web console

Red Hat supports the browser-based Directory Server user interface in the web console in the following environments:

Operating systemBrowser

Red Hat Enterprise Linux 9.0

  • Mozilla Firefox 91.8.0 and later
  • Chrome 88 and later

Windows Server 2016 and 2019:

  • Mozilla Firefox 91.8.0 and later
  • Chrome 88 and later

Windows 10

  • Mozilla Firefox 91.8.0 and later
  • Microsoft Edge 88 and later
  • Chrome 88 and later

Supported platforms for the Windows Synchronization utility

Red Hat supports the Windows Synchronization utility for Active Directory running on:

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016

2.2. Highlighted updates and new features

This section documents new features and important updates in Directory Server 12.0.

Directory Server 12.0 is based on upstream version 2.0.14

Directory Server 12.0 is based on upstream version 2.0.14 which provides a number of bug fixes and enhancements over the previous version. For a complete list of notable changes, read the upstream release notes before updating:

Highlighted updates and new features in the 389-ds-base packages

Features in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 9.0 Release Notes:

2.3. Bug fixes

This section describes bugs fixed in Directory Server 12.0 that have a significant impact on users.

Manually changing the entry cache configuration now works correctly in the web console.

By default, Directory Server uses automatic cache tuning. However, previously you could not disable the automatic cache tuning setting in the web console and set manually the desired entry cache configuration. This update fixes the problem and, as a result, you can now manually configure the entry cache in the web console.

Fixed typos in different parts of the web console

Previously, different parts of the web console contained mistakes in the text fields. As a consequence, incorrect information messages were displayed to a user. This update fixes the issue and the web console now shows the correct text messages.

Changing the configuration of several plug-ins now works correctly in the web console

Previously, when you tried to change the configuration of a plug-in using the web console, an incorrect error message was displayed, or a loading loop did not disappear. Consequently, you could not save a new configuration or did not know if the configuration was saved successfully. The following plug-in were affected:

  • Posix Winsync plug-in
  • Referential Integrity plug-in
  • RootDN Access Control plug-in
  • Retro Changelog plug-in

This update fixes the issue. As a result, you can now configure these plug-ins using the web console as expected.

Changelog export now works as expected in the web console

Previously in the web console, when exporting the changelog for debugging purposes, you could select both options: Decode Base64 changes and Only Export CSNs. However, only the Export CSNs option was taken into account. In this release, it is possible to check only one of the options, and the changelog is exported according to the selected one as expected.

Configuring credentials and naming aliases for the replication topology report now works correctly in the web console

Previously, you could not set the credentials or naming aliases for the replication topology report using the web console because fields in the pop-up windows Add Report Credentials and Add Report Alias, where you needed to enter the required information, were not writable. In this release, the fields in the pop-up windows are writable, and you can set the report credentials, or configure the naming aliases as expected.

The Directory Server web console now validates logging configuration values

Previously, the Directory Server web console accepted invalid values for different types of logs on the Logging page. As a consequence, an error occurred when the user tried to save the settings. This update adds the validation for the logging configuration values. As a result, the web console does not accept invalid input.

Attributes on the Schema page are no longer editable after using the search feature

Previously, after searching for an attribute in the Schema page of the Directory Server web console, a Cascading Style Sheet (CSS) misconfiguration caused the attribute to be editable. With this update, the edit function is now disabled.

Enabling DNA plug-in no longer fails

Previously, an attempt to enable Distributed Numeric Assignment (DNA) plug-in in the Directory Server web console failed and resulted in a browser error. With this update, enabling DNA plug-in works as expected.

Adding a configuration entry in Account Policy plug-in no longer fails

Previously, an attempt to add a configuration entry in Account Policy plug-in sometimes failed with an error. To fix the problem, this update disables the Create Config button if the Shared Config DN value is not specified.

Import from an LDIF file with replication metadata now works correctly

Previously, importing an LDIF file with replication metadata could cause the replication to fail in certain cases:

In the first case, a replication update vector (RUV) entry placed before the suffix entry in an imported LDIF file was ignored. As a consequence, the replication with the imported replica failed, because of a generation ID mismatch. This update ensures that Directory Server writes the skipped RUV entry at the end of the import.

In the second case, a changelog reinitialized after an RUV mismatch did not contain the starting change sequence numbers (CSNs). As a consequence, the replication with the imported replica failed, because of a missing CSN in the changelog. This update ensures that Directory Server creates the RUV maxcsn entries, when reinitializing the changelog.

As a result, with this update, administrators do not have to reinitialize the replication after importing from an LDIF file that contains replication metadata.

Bug fixes in the 389-ds-base packages

Bug fixes in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 9.0 Release Notes:

2.4. Technology Previews

This section documents unsupported Technology Previews in Directory Server 12.0.

The Directory Server web console provides an LDAP browser as a Technology Preview

An LDAP browser has been added to the Directory Server web console. Using the LDAP Browser tab in the web console, you can:

  • Browse the directory
  • Manage entries, such as users, groups, organizational units (OUs), and custom entries
  • Manage ACI

Note that Red Hat provides this feature as an unsupported Technology Preview.

2.5. Known issues

This section documents known problems and, if applicable, workarounds in Directory Server 12.0.

Directory Server can import LDIF files only from /var/lib/dirsrv/slapd-instance_name/ldif/

The dsconf backend import command requires that you specify the path to the LDIF file you want to import. However, due to file system and SELinux permissions, as well as other operating system restrictions, Directory Server can only import LDIF files from the /var/lib/dirsrv/slapd-instance_name/ldif/ directory. If the LDIF file is stored in a different directory, the import fails with an error similar to the following:

Could not open LDIF file "/tmp/example.ldif", errno 2 (No such file or directory)

To work around this problem:

  1. Move the file to the /var/lib/dirsrv/slapd-instance_name/ldif/ directory:

    # mv /tmp/example.ldif /var/lib/dirsrv/slapd-instance_name/ldif/
  2. Set permissions that allow the dirsrv user to read the file:

    # chown dirsrv /var/lib/dirsrv/slapd-instance_name/ldif/example.ldif
  3. Restore the SELinux context:

    # restorecon -Rv /var/lib/dirsrv/slapd-instance_name/ldif/

Directory Server replication fails after changing password of the replication manager account

After a password change, Directory Server does not properly update the password cache for the replication agreement. As a consequence, when you change the password for the replication manager account, the replication breaks. To work around this problem, restart the Directory Server instance. As a result, the cache is rebuilt at start-up, and the replication connection binds with the new password instead of the old one.

Known issues in the 389-ds-base packages

Known issues in Red Hat Directory Server, that are included in the 389-ds-base packages, are documented in the Red Hat Enterprise Linux 9.0 Release Notes:

2.6. Removed functionality

This section documents functionality that has been removed in Directory Server 12.0.

The nsslapd-subtree-rename-switch parameter has been removed

Previously, administrators could configure Directory Server to prevent moving entries between sub-trees in a database. Due to stability issues, this feature has been removed and, consequently, the nsslapd-subtree-rename-switch parameter no longer exists. As a result, moving entries between sub-trees can no longer be deactivated. As an alternative, if you require this feature, create an access control instruction (ACI).

Legal Notice

Copyright © 2022 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.