Copyright © 2008 Red Hat
Copyright © 2008 Red Hat. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later with the restrictions noted below (the latest version of the OPL is presently available at http://www.opencontent.org/openpub/).
Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder.
Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.
All other trademarks referenced herein are the property of their respective owners.
The GPG fingerprint of the security@redhat.com key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
1801 Varsity Drive
Raleigh, NC 27606-2072
USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park, NC 27709
USA
This is a service pack release for bug fixes and patches for the 7.1 version of Red Hat Directory Server. These Release Notes contain important information available at the time of the release of Red Hat Directory Server 7.1 SP4. System requirements, installation notes, known problems, resources, and other current issues are addressed here. Read this document before beginning to use Directory Server 7.1 SP4.
There are no new features in Directory Server 7.1 SP4.
This section contains information related to installing and upgrading Red Hat Directory Server 7.1 SP4, including prerequisites and hardware or platform requirements.
Directory Server 7.1 SP4 is supported on the following platforms:
HP-UX 11i (PA-RISC, 64-bit)
Red Hat Enterprise Linux 3 Update 4 (i386, 32-bit)
Red Hat Enterprise Linux 4 (i386, 32-bit)
Sun Solaris 9 (SPARC, 32-bit)
Sun Solaris 9 (SPARC, 64-bit)
The Directory Server Console is supported on the following platforms:
HP-UX 11i (PA-RISC, 64-bit)
Red Hat Enterprise Linux 3 Update 4 (i386, 32-bit)
Red Hat Enterprise Linux 4 (i386, 32-bit)
Sun Solaris 9 (SPARC, 32-bit)
Sun Solaris 9 (SPARC, 64-bit)
Windows XP
Windows 2000 Server
Windows 2003 Server
The Directory Server Console can be installed on additional Windows platforms at an additional cost.
The Windows Sync tool runs on these Windows platforms:
Windows 2003 Active Directory
Windows 2000 Active Directory
Windows NT SAM Registry
Directory Server 7.1 SP4 supports the following browsers to access web-based interfaces, such as Admin Express and online help tools for administrators and Org Chart and Phonebook for all users:
Firefox 1.0 (Red Hat Enterprise Linux 3 and 4 and Solaris 9)
Mozilla 1.4 (HP-UX)
Mozilla 1.4.3 (Red Hat Enterprise Linux 3 and Solaris 9)
Mozilla 1.7.3 (Red Hat Enterprise Linux 4)
Microsoft Internet Explorer 6.0 (Windows; supported only for Org Chart and Phonebook)
Red Hat Directory Server web tools like Admin Express and Org Chart are not supported on Netscape browsers or any browser running on Mac.
To install Directory Server 7.1 SP4 on Red Hat Enterprise Linux, simply download the RPM and either upgrade the existing installation with the rpm -U flag, as described in Section 2.2, “Installing Directory Server 7.1 SP4 on Red Hat Enterprise Linux”, or install a new Directory Server using the RPM package with the rpm -i flag, and configure the server.
To install Red Hat Directory Server 7.1 SP4 on Solaris and HP-UX, Red Hat Directory Server 7.1 must already be installed. It is not necessary to install any other service packs first, nor is it necessary to remove previous service packs.
For instructions on installing and configuring Directory Server 7.1 SP4, see the Directory Server Installation Guide, available at http://www.redhat.com/docs/manuals/dir-server/install/7.1/index.html.
Red Hat Network (RHN) (http://rhn.redhat.com) is the software distribution mechanism for Red Hat customers. When purchasing the entitlements for Red Hat Directory Server 7.1 SP4, you will also have received account login information for Red Hat Network.
Log into Red Hat Network.
Go to the Channels tab, and select the Red Hat Directory Server 7.1 channel. Browse through the complete channel list if needed.
Go to the Downloads tab in the Red Hat Directory Server 7.1 channel, and download the Red Hat Directory Server packages.
The files are tarball (.tar.gz) archive files, not ISO images.
ISO images containing both RPM and SRPM package files are available as downloads through the Red Hat Directory Server 7.1 channel. The RPM packages can be downloaded and installed in the usual manner. The ISO images can be downloaded and burned on to a CD-recordable media using the appropriate software.
The Solaris 9 64-bit packages can be found there under the ISOs list, as well as the tarball (.tar.gz file) archive for the source code.
On Red Hat Enterprise Linux, it is possible to upgrade an existing installation with the rpm -U flag or install a new Directory Server using the RPM package with the rpm -i flag.
RPMs for Directory Server 7.1 SP4 are also available to Red Hat Enterprise Linux users by running up2date using an account with entitlements for the Red Hat Directory Server 7.1 SP4 release.
To upgrade Red Hat Directory Server 7.1 (or 7.1 service pack 1, 2, or 3) on a Red Hat Enterprise Linux 3 or 4 system:
Log in as root.
Run rpm to upgrade the Directory Server using the package appropriate for your version of Red Hat Enterprise Linux.
For Red Hat Enterprise Linux 3:
rpm -U redhat-ds-7.1SP4-7.RHEL3.i386.rpm
For Red Hat Enterprise Linux 4:
rpm -U redhat-ds-7.1SP4-7.RHEL4.i386.rpm
To install a new installation of Red Hat Directory Server 7.1SP4:
Log in as root.
Run rpm to install the Directory Server using the package appropriate for your version of Red Hat Enterprise Linux.
For Red Hat Enterprise Linux 3:
rpm -i redhat-ds-7.1SP4-7.RHEL3.i386.rpm
For Red Hat Enterprise Linux 4:
rpm -i redhat-ds-7.1SP4-7.RHEL4.i386.rpm
Go through the configuration process as described in the Directory Server Installation Guide.
Red Hat Directory Server 7.1 must already be installed before install version 71.SP4. It is not necessary to install any other service packs first, nor is it necessary to remove any previous service packs.
After installing Red Hat Directory Server 7.1 on a Sun Solaris or HP-UX server, upgrade to Red Hat Directory Server 7.1 SP4.
Log in as root.
Create a new directory for the new Directory Server service pack version.
mkdir ds71sp4
Open the new directory.
cd ds71sp4
Download the Directory Server product binaries file to this directory.
Unpack the product binaries.
gzip -dc filename.tar.gz | tar -xvof -
filename is the product binaries file.
Locate the setup program, and run it from the installation directory.
./setup
Supply the configuration information as prompted by the installer. An upgrade usually requires this information:
Agreeing to the setup and licensing terms.
The full path to the server root directory (the installation directory) where Directory Server 7.1 is located; by default, this is /opt/redhat-ds/servers.
The Configuration Administrator's password for the Directory Server 7.1 instance.
The upgrade process beings after all of the 7.1 instance information is given.
If Windows synchronization will be used on a Windows server in conjunction with a Red Hat Directory Server 7.1 server, then install the 7.1SP4 Windows Sync services on the Windows machine:
Uninstall the Password Sync services. If the Windows sync peer is an NT server, then also uninstall the User Sync service. This is described in the Directory Server 7.1 Administrator's Guide, available at http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2878810.
The SSL databases or keystore are preserved and can be re-used after upgrade is complete.
Copy the the updated msi files from /opt/redhat-ds/winsync/ to the Windows system.
Double-click the new msi files to install them.
Reboot the Windows system after re-installing the Password Sync and, on NT, User Sync services.
Perform a full resynchronization between the Directory Server and Windows sync servers.
In the Directory Server Console, click the Configuration tab.
Expand the Replication folder in the left navigation window.
Click the name of the Directory Server database which is synchronized with the Windows directory, and select the sync agreement.
Select manual synchronization from the drop-down menu.
The following are some of the most important bugs fixed for Directory Server 7.1 SP4.
| Bug Number | Related Bug Number | Description |
|---|---|---|
| 171081 | 429042 |
If an LDAP operation (such as ldapsearch) was issued while the server was creating a browsing index for the suffix, the Directory Server would hang.
|
| 176302 | 429045 | If a bind operation returned LDAP controls, as in pass-through authentication, the server crashed. |
| 183222, 243820 | 429046, 429067 | If multiple, simultaneous LDAP operations were issued on entries which were indexed in a VLV index, the Directory Server would hang. |
| 196523, 219586, 428764 | 429047, 429057, 429172 | There were minor memory leaks in replication, SASL, indexing, and other operations. |
| 202890 | 429049 |
If a log rotation file, such as access.rotationinfo, had a log size value of 0 bytes, the Directory Server crashed at startup.
|
| 204808 | 429051 | Intermittently, LDAP search operations would timeout and fail on 64-bit platforms. |
| 208058 | 429056 |
Sending data larger than 512 bytes through SASL GSS-API connections would fail with the message decoding error.
|
| 229513 | 429058 |
When the password lockout option was set, previous login failures were not cleared from the passwordCount attribute even after a successful login.
|
| 231507 | 429059 | If an entry has a NULL attribute value for an attribute that is in a VLV index, the Directory Server crashed when the entry was edited. |
| 238630 | 429062 | Repeatedly removing and adding the same replica and replication agreement crashed the Directory Server. |
| 240583 | 429063, 428866 | There were random operation failures if simultaneous, multiple SASL operations were initiated. |
| 240897 | 429065 | While VLV indexes were created, the server would ignore stop operations, and any stop operation sent during the index creation time would hang. |
| 247725 | 429068 | When an entry with invalid DN syntax was added, the Directory Server crashed instead of rejecting the entry. |
| 288321 | 429069 | A modify operation that included an invalid attribute value would crash the server. |
| 297221 | 429070 | Malformed member URLs (such as missing the terminal parenthesis) for dynamic groups crashed the Directory Server. |
| 311851 | 429071 | Previously, SASL mappings were hard-coded. In Directory Server 7.1 SP4, the SASL mappings use regular expressions that are dynamically generated when the server is created. One change is that an asterisk (*) can no longer be used in the SASL mapping search filter. |
| 314851 | 429072 | Repeatedly creating and deleting databases with VLV indexes crashed the Directory Server. |
| 339791 | 395121 | Editing an entry with an attribute with non-ASCII values and indexed with a substring index crashed the Directory Server. |
| 428163 | 428159 | SASL operations did not properly switch the SASL IO function set to the original IO function set. |
| 429793 | 430180 | The Directory Server crashed during online replication initialization if the data included any entry larger than 80% of the entry cache size. |
| 429799 | 430146 | Online replication initialization would hang endlessly if the import data included two consecutive entries which totaled more than 80% of the entry cache size. |
The following are some of the most important known issues in Directory Server 7.1 SP4. When possible, supported workarounds are also described.
| Bug Number | Description | Workaround |
|---|---|---|
| 171140 |
Upgrading the Windows Sync service on the Windows server from version 7.1 to version 7.1 SP1 or higher (including 7.1 SP4) requires two things:
| |
| 200799 | The Directory Server Console allows the internal user SIE to authenticate to login. This account should be prohibited. | Log into the Console only as the proper admin user, not the SIE user. |
| 311851 | SASL mapping entries are dynamically created and stored in the configuration file at the instance generation. The mapping entries are associated with the primary suffix. If a second root suffix is added and entries under the second suffix need to be mapped by SASL mapping, there are no mapping entries created for them. The original SASL mapping entries point to the first suffix. | Manually create SASL mapping entries that are associated with the second suffix. |
| 429631 | If a Windows directory is synchronized with a virtual directory tree in Red Hat Directory Server, then the Red Hat Directory Server crashes when synchronization is initiated. | Do not use virtual branch entries as the synchronization database. |