Chapter 2. Red Hat Directory Server 11.7
Learn about new system requirements, updates and new features, known issues, and deprecated functionality implemented in Directory Server 11.7.
2.1. System requirements
2.1.1. Hardware requirements
The full list of hardware requirements is available in the Hardware requirements section of the General information chapter.
2.1.2. Software requirements
Lean about required platforms for Directory Server packages, the web console, and windows synchronization.
2.1.2.1. Supported platforms for Directory Server
Red Hat supports Directory Server 11.7 if it runs on the following platforms:
- A Red Hat Enterprise Linux 8.8 built for AMD64 and Intel 64 architectures.
- A Red Hat Enterprise Linux virtual guest on a certified hypervisor. For details, see the Which hypervisors are certified to run Red Hat Enterprise Linux? solution article.
2.1.2.2. Supported platforms for the Directory Server user interface in the web console
Red Hat supports the browser-based Directory Server user interface in the web console in the following environments:
| Operating system | Browser |
|---|---|
| Red Hat Enterprise Linux 8.8 |
|
| Windows Server 2016 and 2019: |
|
| Windows 10 |
|
2.1.2.3. Supported platforms for the Windows Synchronization utility
Red Hat supports the Windows Synchronization utility for Active Directory running on:
- Microsoft Windows Server 2019
- Microsoft Windows Server 2016
2.2. Important updates and new features
Learn about new features and important updates in Directory Server 11.7.
Directory Server rebased to version 1.4.3.34
The 389-ds-base packages have been upgraded to upstream version 1.4.3.34.
Important updates and new features in the 389-ds-base packages
The Red Hat Directory Server features that are included in the 389-ds-base packages are documented in the Red Hat Enterprise Linux 8.8 Release Notes:
2.3. Bug fixes
Learn about bugs fixed in Directory Server 11.7 that have a significant impact on users.
Bug fixes in the 389-ds-base packages
The Red Hat Directory Server bug fixes that are included in the 389-ds-base packages are documented in the Red Hat Enterprise Linux 8.8 Release Notes:
2.4. Known issues
Learn about known problems and, if applicable, workarounds in Directory Server 11.7.
Access log displays an error message during Directory Server installation in FIPS mode
When you install Directory Server in the FIPS mode, the access log file displays the following error message:
[time_stamp] - WARN - slapd_do_all_nss_ssl_init - ERROR: TLS is not enabled, and the machine is in FIPS mode. Some functionality won’t work correctly (for example, users with PBKDF2_SHA256 password scheme won’t be able to log in). It’s highly advisable to enable TLS on this instance.
Such behavior happens because at first, Directory Server finds that TLS is not initialized and logs the error message. However, later when the dscreate utility completes TLS initialization and enables security, the error message is no longer present. (BZ#2153668)
Directory Server settings that are changed outside the web console’s window are not automatically visible
Because of the design of the Directory Server module in the Red Hat Enterprise Linux 8 web console, the web console does not automatically display the latest settings if a user changes the configuration outside of the console’s window. For example, if you change the configuration using the command line while the web console is open, the new settings are not automatically updated in the web console. This applies also if you change the configuration using the web console on a different computer. To work around the problem, manually refresh the web console in the browser if the configuration has been changed outside the console’s window.
(BZ#1654281)
Configuring a referral for a suffix fails in Directory Server
If you set a back-end referral in Directory Server, setting the state of the backend using the dsconf <instance_name> backend suffix set --state referral command fails with the following error:
Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state
As a consequence, configuring a referral for suffixes fail. To work around the problem:
Set the
nsslapd-referralparameter manually:# ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: modify add: nsslapd-referral nsslapd-referral: ldap://remote_server:389/dc=example,dc=comSet the back-end state:
# dsconf <instance_name> backend suffix set --state referral
As a result, with the workaround, you can configure a referral for a suffix.
(BZ#2063033)
Directory Server replication fails after changing password of the replication manager account
After a password change, Directory Server does not properly update the password cache for the replication agreement. As a consequence, when you change the password for the replication manager account, the replication breaks. To work around this problem, restart the Directory Server instance. As a result, the cache is rebuilt at start-up, and the replication connection binds with the new password instead of the old one.
(BZ#2101473)
Known issues in the 389-ds-base packages
Red Hat Directory Server known issues that affect 389-ds-base packages are documented in Red Hat Enterprise Linux 8.8 8.8 Release Notes: