Chapter 8. Red Hat Directory Server 12.0
This section contains information related to installing Directory Server 12.0, including prerequisites and platform requirements.
8.1. Highlighted updates and new features
This section documents new features and important updates in Directory Server 12.0.
Directory Server 12.0 is based on upstream version 2.0.14
Directory Server 12.0 is based on upstream version 2.0.14 which provides a number of bug fixes and enhancements over the previous version. For a complete list of notable changes, read the upstream release notes before updating:
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-14.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-13.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-12.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-11.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-10.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-9.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-8.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-7.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-6.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-5.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-4.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-3.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-2.html
- https://directory.fedoraproject.org/docs/389ds/releases/release-2-0-1.html
Highlighted updates and new features in the 389-ds-base
package
Features in Red Hat Directory Server, that are included in the 389-ds-base
package, are documented in the Red Hat Enterprise Linux 9.0 Release Notes:
8.2. Bug fixes
This section describes bugs fixed in Directory Server 12.0 that have a significant impact on users.
Manually changing the entry cache configuration now works correctly in the web console.
By default, Directory Server uses automatic cache tuning. However, previously you could not disable the automatic cache tuning setting in the web console and set manually the desired entry cache configuration. This update fixes the problem and, as a result, you can now manually configure the entry cache in the web console.
Fixed typos in different parts of the web console
Previously, different parts of the web console contained mistakes in the text fields. As a consequence, incorrect information messages were displayed to a user. This update fixes the issue and the web console now shows the correct text messages.
Changing the configuration of several plug-ins now works correctly in the web console
Previously, when you tried to change the configuration of a plug-in using the web console, an incorrect error message was displayed, or a loading loop did not disappear. Consequently, you could not save a new configuration or did not know if the configuration was saved successfully. The following plug-in were affected:
- Posix Winsync plug-in
- Referential Integrity plug-in
- RootDN Access Control plug-in
- Retro Changelog plug-in
This update fixes the issue. As a result, you can now configure these plug-ins using the web console as expected.
Changelog export now works as expected in the web console
Previously in the web console, when exporting the changelog for debugging purposes, you could select both options: Decode Base64 changes
and Only Export CSNs
. However, only the Export CSNs
option was taken into account. In this release, it is possible to check only one of the options, and the changelog is exported according to the selected one as expected.
Configuring credentials and naming aliases for the replication topology report now works correctly in the web console
Previously, you could not set the credentials or naming aliases for the replication topology report using the web console because fields in the pop-up windows Add Report Credentials
and Add Report Alias
, where you needed to enter the required information, were not writable. In this release, the fields in the pop-up windows are writable, and you can set the report credentials, or configure the naming aliases as expected.
The Directory Server web console now validates logging configuration values
Previously, the Directory Server web console accepted invalid values for different types of logs on the Logging
page. As a consequence, an error occurred when the user tried to save the settings. This update adds the validation for the logging configuration values. As a result, the web console does not accept invalid input.
Attributes on the Schema
page are no longer editable after using the search feature
Previously, after searching for an attribute in the Schema
page of the Directory Server web console, a Cascading Style Sheet (CSS) misconfiguration caused the attribute to be editable. With this update, the edit function is now disabled.
Enabling DNA plug-in no longer fails
Previously, an attempt to enable Distributed Numeric Assignment (DNA) plug-in in the Directory Server web console failed and resulted in a browser error. With this update, enabling DNA plug-in works as expected.
Adding a configuration entry in Account Policy plug-in no longer fails
Previously, an attempt to add a configuration entry in Account Policy plug-in sometimes failed with an error. To fix the problem, this update disables the Shared Config DN
value is not specified.
Import from an LDIF file with replication metadata now works correctly
Previously, importing an LDIF file with replication metadata could cause the replication to fail in certain cases:
In the first case, a replication update vector (RUV) entry placed before the suffix entry in an imported LDIF file was ignored. As a consequence, the replication with the imported replica failed, because of a generation ID mismatch. This update ensures that Directory Server writes the skipped RUV entry at the end of the import.
In the second case, a changelog reinitialized after an RUV mismatch did not contain the starting change sequence numbers (CSNs). As a consequence, the replication with the imported replica failed, because of a missing CSN in the changelog. This update ensures that Directory Server creates the RUV maxcsn
entries, when reinitializing the changelog.
As a result, with this update, administrators do not have to reinitialize the replication after importing from an LDIF file that contains replication metadata.
Bug fixes in the 389-ds-base
package
Bug fixes in Red Hat Directory Server, that are included in the 389-ds-base
package, are documented in the Red Hat Enterprise Linux 9.0 Release Notes:
8.3. Technology Previews
This section documents unsupported Technology Previews in Directory Server 12.0.
The Directory Server web console provides an LDAP browser as a Technology Preview
An LDAP browser has been added to the Directory Server web console. Using the LDAP Browser
tab in the web console, you can:
- Browse the directory
- Manage entries, such as users, groups, organizational units (OUs), and custom entries
- Manage ACI
Note that Red Hat provides this feature as an unsupported Technology Preview.
8.4. Known issues
This section documents known problems and, if applicable, workarounds in Directory Server 12.0.
Directory Server can import LDIF files only from /var/lib/dirsrv/slapd-instance_name/ldif/
The dsconf backend import
command requires that you specify the path to the LDIF file you want to import. However, due to file system and SELinux permissions, as well as other operating system restrictions, Directory Server can only import LDIF files from the /var/lib/dirsrv/slapd-instance_name/ldif/
directory. If the LDIF file is stored in a different directory, the import fails with an error similar to the following:
Could not open LDIF file "/tmp/example.ldif", errno 2 (No such file or directory)
To work around this problem:
Move the file to the /var/lib/dirsrv/slapd-instance_name/ldif/ directory:
# mv /tmp/example.ldif /var/lib/dirsrv/slapd-instance_name/ldif/
Set permissions that allow the
dirsrv
user to read the file:# chown dirsrv /var/lib/dirsrv/slapd-instance_name/ldif/example.ldif
Restore the SELinux context:
# restorecon -Rv /var/lib/dirsrv/slapd-instance_name/ldif/
Directory Server replication fails after changing password of the replication manager account
After a password change, Directory Server does not properly update the password cache for the replication agreement. As a consequence, when you change the password for the replication manager account, the replication breaks. To work around this problem, restart the Directory Server instance. As a result, the cache is rebuilt at start-up, and the replication connection binds with the new password instead of the old one.
Known issues in the 389-ds-base
package
Known issues in Red Hat Directory Server, that are included in the 389-ds-base
package, are documented in the Red Hat Enterprise Linux 9.0 Release Notes:
8.5. Removed functionality
This section documents functionality that has been removed in Directory Server 12.0.
The nsslapd-subtree-rename-switch
parameter has been removed
Previously, administrators could configure Directory Server to prevent moving entries between sub-trees in a database. Due to stability issues, this feature has been removed and, consequently, the nsslapd-subtree-rename-switch
parameter no longer exists. As a result, moving entries between sub-trees can no longer be deactivated. As an alternative, if you require this feature, create an access control instruction (ACI).