2. Enhancements Available in Red Hat Enterprise Linux 6.3

A full list of bug fixes, security fixes, and enhancements for the 389-ds-base package is available in the Red Hat Enterprise Linux 6.3 Technical Notes:
This section summarizes the more significant enhancements.

2.1. Auto Membership Plug-in

Being able to assign new entries to groups, automatically, at the time that an account is created ensures that the appropriate policies and functionality are immediately applied to those entries — without requiring administrator intervention.
The Auto Membership Plug-in uses an LDAP search to identify new members for a given static group, and then automatically adds those new entries as members as soon as they are created.
Automembership essentially allows a static group to act similar a dynamic group, at least for adding new members. This can allow administrators to add users to specific user groups, to create special groups for Windows users as part of Windows integration, or to create host groups.
The Auto Membership Plug-in allows sub-filters on results. So, for example, host entries within one IP range could be added to a web servers group while host entries within another IP range could be added to a desktop group, and servers outside either range could be added to a fallback group.
Automatically assigning group membership and the Auto Membership Plug-in are described in the Administrator's Guide and the Configuration, Command, and File Reference.

2.2. New Security Strength Factor Setting for the Root DSE

A new server configuration attribute, nsslapd-minssf-exclude-rootdse, allows security strength factor (SSF) settings to be ignored for queries against the root DSE. This allows clients to access root DSE information which may be required for operations without having to use a secure connection.

2.3. New logconv.pl Script Options

The logconv.pl script parses the access log for a Directory Server instance and provides a summary of connections, binds, operations (by type), and error or return codes.
The logconv.pl could return summaries for the entire log or only within a specified time range. New options have been added that show per-minute (-M) or per-second (-m) statistics, in addition to the summary, for the entire log or for the given time range. These per-minute or per-second statistics are exported to a CSV file, which can be imported into other programs for further analysis.
Additionally, summary statistics have been added for three more operation types:
  • Compares
  • Mod DN
  • Proxy authenticated operations

2.4. Logging Enhancements

The access log information for some operations types has been enhanced:
  • Compare operations now log the DN of the user which initiated the operation.
  • Proxy operations in the access log now include the proxy ID as whom the operation was run (authzid) as well as the real use which ran the operation (dn).

2.5. Deleting Managed Entries Plug-in Configuration

The Managed Entries Plug-in uses child configuration entries to define instance-specific managed entries rules. Previously, these configuration entries could not be deleted, which meant that the only way that a managed entries configuration could be disabled was to set the scope to a null setting.
Now, Managed Entries Plug-in configuration entries can be deleted.