Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Updates Available in Red Hat Enterprise Linux 6.3

Red Hat Directory Server 9.0.1

Enhancements to the 389-ds Package

December 6, 2011


The 389-ds-base package, and several dependencies, have been updated in Red Hat Enterprise Linux 6.3. These new packages provide additional functionality that was not available in the initial release of Red Hat Directory Server 9.0 on Red Hat Enterprise Linux 6.2.
Directory Server 9.0 instances still running on Red Hat Enterprise Linux 6.2 will not have these new features. The enhancements to the 389-ds-base package does not affect the Directory Server Console or the Administration Server.
This documentation is no longer maintained. For details, see Section 1, “Deprecated Documentation”.
Red Hat Enterprise Linux 6.2 and 6.3 both include the core 389-ds-base package as part of its distribution. This package provides the central Directory Server functionality and comprises the Directory Server instance and associated tools. Red Hat Directory Server 9.0.1 includes additional functionality on top of the 389-ds-base through the Directory Server Console and Admin Server and other supporting tools.
Red Hat Enterprise Linux 6.3 includes enhancements to the 389-ds-base package which introduce some extended functionality. When the underlying operating system is upgraded to Red Hat Enterprise Linux 6.3, any installed Directory Server instance will receive this new functionality because of the upgraded 389-ds-base package.
This document covers the enhancements included in the Red Hat Enterprise Linux 6.3 update. Any Directory Server 9.0.1 instances running on Red Hat Enterprise Linux 6.0, 6.1, or 6.2 will not have this enhanced functionality.

1. Deprecated Documentation


Note that as of June 10, 2017, the support for Red Hat Directory Server 9 has ended. For details, see Red Hat Directory Server Life Cycle policy. Red Hat recommends users of Directory Server 9 to update to the latest version.
Due to the end of the maintenance phase of this product, this documentation is no longer updated. Use it only as a reference!

2. Enhancements Available in Red Hat Enterprise Linux 6.3

A full list of bug fixes, security fixes, and enhancements for the 389-ds-base package is available in the Red Hat Enterprise Linux 6.3 Technical Notes:
This section summarizes the more significant enhancements.

2.1. Auto Membership Plug-in

Being able to assign new entries to groups, automatically, at the time that an account is created ensures that the appropriate policies and functionality are immediately applied to those entries — without requiring administrator intervention.
The Auto Membership Plug-in uses an LDAP search to identify new members for a given static group, and then automatically adds those new entries as members as soon as they are created.
Automembership essentially allows a static group to act similar a dynamic group, at least for adding new members. This can allow administrators to add users to specific user groups, to create special groups for Windows users as part of Windows integration, or to create host groups.
The Auto Membership Plug-in allows sub-filters on results. So, for example, host entries within one IP range could be added to a web servers group while host entries within another IP range could be added to a desktop group, and servers outside either range could be added to a fallback group.
Automatically assigning group membership and the Auto Membership Plug-in are described in the Administrator's Guide and the Configuration, Command, and File Reference.

2.2. New Security Strength Factor Setting for the Root DSE

A new server configuration attribute, nsslapd-minssf-exclude-rootdse, allows security strength factor (SSF) settings to be ignored for queries against the root DSE. This allows clients to access root DSE information which may be required for operations without having to use a secure connection.

2.3. New Script Options

The script parses the access log for a Directory Server instance and provides a summary of connections, binds, operations (by type), and error or return codes.
The could return summaries for the entire log or only within a specified time range. New options have been added that show per-minute (-M) or per-second (-m) statistics, in addition to the summary, for the entire log or for the given time range. These per-minute or per-second statistics are exported to a CSV file, which can be imported into other programs for further analysis.
Additionally, summary statistics have been added for three more operation types:
  • Compares
  • Mod DN
  • Proxy authenticated operations

2.4. Logging Enhancements

The access log information for some operations types has been enhanced:
  • Compare operations now log the DN of the user which initiated the operation.
  • Proxy operations in the access log now include the proxy ID as whom the operation was run (authzid) as well as the real use which ran the operation (dn).

2.5. Deleting Managed Entries Plug-in Configuration

The Managed Entries Plug-in uses child configuration entries to define instance-specific managed entries rules. Previously, these configuration entries could not be deleted, which meant that the only way that a managed entries configuration could be disabled was to set the scope to a null setting.
Now, Managed Entries Plug-in configuration entries can be deleted.

Legal Notice

Copyright © 2012 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.