Red Hat Directory Server 7.1 SP1 Release Notes

Copyright © 2005 Red Hat, Inc.

Red Hat, Inc.

      1801 Varsity Drive
      Raleigh NC 27606-2072 USA
      Phone: +1 919 754 3700
      Phone: 888 733 4281
      Fax: +1 919 754 3701
      PO Box 13588
      Research Triangle Park NC 27709 USA
    

Copyright © 2001 Sun Microsystems, Inc. Used by permission. Copyright © 2005 by Red Hat, Inc. All rights reserved. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/).

Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder.

Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder.

Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.

All other trademarks referenced herein are the property of their respective owners.

The GPG fingerprint of the security@redhat.com key is:

CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E

Summary

This service pack for the 7.1 release fixes a number of bugs. There are no new features.

Platform Requirements

Platform requirements for this release are identical to those for 7.1.

Server Support

  • HP-UX 11i (PA-RISC, 64-bit)

  • Solaris 9 (SPARC, 32-bit)

  • Solaris 9 (SPARC, 64-bit)

  • RHEL 3 Update 4(x86, 32-bit)

  • RHEL 4 base version (x86, 32-bit)

In addition, the Windows Sync module runs on these Windows platforms:

  • Windows 2003 Active Directory (new in this release)

  • Windows 2000 Active Directory

  • Windows NT SAM Registry

Client Support

This release supports the following browsers for Admin Express, a web interface for administrators, and online Help, which is for administrators only:

  • Firefox 1.0 (RHEL 3 & 4, Solaris 9)

  • Mozilla 1.4 (HP-UX)

  • Mozilla 1.4.3 (RHEL 3, Solaris 9)

  • Mozilla 1.7.3 (RHEL 4)

This release will support the following browsers for end user access to the Org Tool and Phonebook applications:

  • Firefox 1.0 (RHEL 3 & 4, Solaris 9)

  • Mozilla 1.4 (HP-UX)

  • Mozilla 1.4.3 (RHEL 3, Solaris 9)

  • Mozilla 1.7.3 (RHEL 4

  • Microsoft Internet Explorer 6.0 (Windows XP only)

Installing Red Hat Directory Server 7.1 SP1

To install Red Hat Directory Server 7.1 SP1 on Solaris and HP-UX, you must have Red Hat Directory Server 7.1 already installed. To install Red Hat Directory Server 7.1 SP1 on Red Hat Enterprise Linux, you may choose to upgrade your existing installation (refer to the Section called Installing Red Hat Directory Server 7.1 SP1 on Red Hat Enterprise Linux) or install a new server using the RPM package. For instructions on installation of Red Hat Directory Server 7.1, refer to the Red Hat Directory Server Installation Guide at the following URL:

http://www.redhat.com/docs/manuals/dir-server/install/7.1/index.html

Obtaining Packages

Red Hat Network (RHN) (http://rhn.redhat.com) is the software distribution mechanism for most Red Hat customers. You may have received account login information for RHN, including entitlements for the Red Hat Directory Server 7.1 release. If so, you need to use the RHN website to obtain your software. Once you are logged into RHN, go to Channels (view complete list if needed) and in the Red Hat Directory Server 7.1 channel, go to the Downloads tab. The Solaris 9 32-bit and 64-bit packages can be found there under the ISOs list as well as the tarball (.tar.gz file) archive for the source code. Note that the files are tarball (.tar.gz) archive files, not ISO images.

Customers looking for RPMs for Red Hat Enterprise Linux can access these files from the RHN website or via up2date, using an account with entitlements for the Red Hat Directory Server 7.1 release. There are also ISO images containing both RPM and SRPM package files, available as downloads for the Red Hat Directory Server 7.1 channel. The RPM packages can be downloaded and installed in the usual manner. The ISO images can be downloaded and burned on to a CD-recordable media using the appropriate software.

For Red Hat Enterprise Linux 4, if you created a CD from an ISO image and want the install CD to autorun when inserted into the CD-ROM drive, you will need to set the appropriate settings in Applications -> Preferences -> Removable storage.

For Red Hat Enterprise Linux installed from the CD, it will install using the Package Management Tool. You will need to run /opt/redhat-ds/setup/setup to configure your new Red Hat Directory Server once the package is installed.

Installing Red Hat Directory Server 7.1 SP1 on Red Hat Enterprise Linux

Once you have installed Red Hat Directory Server 7.1 on your Red Hat Enterprise Linux 3 or 4 system, follow the steps below to perform an upgrade to Red Hat Directory Server 7.1 SP1.

  • On Red Hat Enterprise Linux 3, run the following command as root: 

    rpm -U redhat-ds-7.1SP1-3.RHEL3.i386.opt.rpm

  • On Red Hat Enterprise Linux 4, run the following command as root: 

    rpm -U redhat-ds-7.1SP1-3.RHEL4.i386.opt.rpm

Installing Red Hat Directory Server 7.1 SP1 on Solaris and HP-UX

Once you have installed Red Hat Directory Server 7.1, follow the steps below to perform an upgrade to Red Hat Directory Server 7.1 SP1.

  1. On your Directory Server 7.1 host machine, log in as root or superuser (su).

  2. Create a new directory for the new 7.1 Directory Server. For example:

    mkdir ds71sp1

    Change to the newly created directory: 

    cd ds71sp1

  3. Download the Directory Server product binaries file to the directory you created.

  4. Unpack the product binaries file by typing 

    gunzip -dc filename.tar.gz | tar -xvof -

    where filename corresponds to the product binaries that you want to unpack.

  5. In the list of files, locate the setup program.

  6. Run the setup program by issuing the following command from the installation directory: 

    ./setup

  7. The setup program asks if you would like to proceed with the setup. Press [Y] to continue.

  8. The setup program asks you if you agree to the license terms. Press [Y] to agree with the license terms.

  9. When prompted to enter the server root (or the installation directory), enter the full path to the location where your Directory Server 7.1 is installed.

    By default, the setup program provides the following path: 

    /opt/redhat-ds/servers

    If your 7.1 Directory Server is installed in a different path, be sure to supply that path. Once you supply the correct path, press [Enter].

  10. If you have entered the correct location of your Red Hat Directory Server 7.1 installation, you will be prompted for the administration server password. At the prompt, enter the password for the Configuration Administrator. Upgrade will then commence.

Installing Windows Sync for Red Hat Directory Server 7.1 SP1

If you are running Red Hat Directory Server in conjunction with Windows Active Directory services, refer to the following instructions to install Windows Sync for Red Hat Directory Server 7.1 SP1.

  1. Follow the uninstall section of Red Hat Directory Server Administration Guide to uninstall the Password and User Synchronization (NT only) services on the Windows system. Refer to the following URL for more information:

    http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2878810

  2. Note that the SSL dbs or keystore will be preserved and can be re-used after upgrade is complete.

  3. Copy and install the updated msi file(s) from <Red Hat Directory Server root>/winsync/ to the Windows system.

  4. Reboot the Windows system after re-installing the Password and User (NT only) Synchronization services.

Bug Fixes

Table 1 lists the bugs addressed in Red Hat Directory Server 7.1, either via bug fixes or available supported workarounds.

Table 1. Bugs addressed in Red Hat Directory Server 7.1

Bug NumberDescription
169954 WinSync full initialization against Active Directory may hang. This issue has been fixed.
170135

To debug WinSync turn on a higher log level in Windows registry, if needed:

  • In the Windows registry, set the HKLM->Software->PasswordSync/->/LogLevel/" key to "1".

  • Restart the passsync service

  • A setting of "0" turns it back off. [a]

  • Restart the passsync service after each change.

155276 The directory server crashes if a user attempts to restore the database from a backup that is a subset of the current server configuration, which occurs if a new backend has been added to the server since the creation of the backup set. This issue has been fixed.
160003 There is a missing shared library for online database re-indexing. The library has been added to the library path..
164834 Ldap modify or replace may allow multiple attributes with the same value. This issue has been fixed.
164836 The attribute uniqueness plugin now correctly enforces uniqueness individually within each subtree for which it is configured. For example, if you configure the plugin to enforce uid uniqueness in both the "ou=sales,dc=example,dc=com" and "ou=engineering,dc=example,dc=com" subtrees, you should be able to create a "uid=test" entry in both subtrees, but not twice in the same subtree.
164843 In Red Hat Directory Server 7.1, indexing of multi-valued attributes with language subtypes was not handled correctly. This issue has been fixed.
165228 Package dependencies have been corrected.
168222 Red Hat Enterprise Linux 4 installations require the xorg-x11-deprecated-libs package; RPM dependency checks have been corrected.
169388 Trimming an attribute value would not be detected by WinSync. This issue has been fixed.
170071 If Red Hat Directory Server 7.1 attempts to sync a group entry from DS to NT without the NTgroupType attribute present, the sync service will try to sync this entry repeatedly and unsuccessfully. This issue has been fixed.
170328 Configuration modifications for the PassSync Service may not be saved in the registry. This issue has been fixed.
170556 If Red Hat Directory Server is unreachable, the PassSync service will not attempt to sync any entries until a new modification from Windows occurs. This issue has been addressed such that now a re-try attempt will occur.
170558 Chapter 18, "Windows Sync", in the Red Hat Directory Server 7.1 Administration Guide documents that users must download Network Security Services (NSS) from the Mozilla FTP site to setup SSL for the Password Sync Service. Red Hat Directory Server now includes the necessary files to accomplish this task.
147585 If a plugin is used, there is no way to get the original search base distinguished name (DN). This issue has been fixed.
151678 When a new instance is created, the default access control instructions (ACI) contained a malformed userDN. This issue has been fixed.
159037 If Windows users are inside of a sub-container in your sync suffix, the PassSync service would not sync password changes for those entries. This issue has been fixed.
160589 On recent hyper-threaded systems, the admin server would fail to startup due to a problem with the IBM Just in Time (JIT) compiler. This has been fixed by disbling JIT in the Admin Server.
165640 Repeatedly creating and deleting a view crashes the directory server. This issue has been fixed.
165641 Search requests may cause a server crash if non-UTF8 data is used. This issue has been fixed.
167761

Performing a Directory Server console entry search and then attempting to edit an entry found during that search resulted in the following error:

Error reading object 'dn: uid=test,ou=people,dc=example,dc=com'. 
The error sent by the server was: 'Unknown error'.

This issue has been fixed.

Notes:
a. Note that in Red Hat Directory Server 7.1 only level "1" will generate log output. From Red Hat Directory Server 7.1 SP1 and subsequent releases, errors will be logged even at level "0".

Known Issues

Table 2 lists the known issues in Red Hat Directory Server 7.1 SP1.

Table 2. Known issues in Red Hat Directory Server 7.1

Bug NumberDescription
170149

If a new container is created underneath the sync suffix, the entries in the sub-containers will not sync automatically.

To work around this issue, if new containers are created underneath the sync suffixes, then a full re-sync is required before entries under the sub-containers are synced.

170432 When using the WinSync feature to synchronize with Active Directory, the DomainUsersGroup will sync but will not contain any members. This is because Active Directory does not use the members and membersof attributes to specify members of a group for this group type.
170454

The WinSync feature does not support using Red Hat Directory Server as an intermediary between two active directories. The following cannot be used as a replication topology:

AD1 <---> RHDS <---> AD2
172584 Running the uninstall script may fail on Solaris and HP-UX. If uninstall fails, choose yes to continue. Once the uninstall has finished, remove the remaining server files manually.