Red Hat Directory Server 7.1 SP2 Release Notes
Copyright © 2006 Red Hat, Inc.
Red Hat, Inc.
1801 Varsity Drive
Raleigh NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park NC 27709 USA
rhel-selg(EN)-4-HTML-RHI (2006-03-24-T22:20)
Copyright © 2001 Sun Microsystems, Inc. Used by permission. Copyright © 2006 by Red Hat, Inc. All rights reserved. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/).
Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder.
Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.
All other trademarks referenced herein are the property of their respective owners.
The GPG fingerprint of the security@redhat.com key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
Summary
This service pack for the 7.1 release fixes a number of bugs. There are no new features.
Platform Requirements
Platform requirements for this release are identical to those for 7.1.
Server Support
HP-UX 11i (PA-RISC, 64-bit)
Solaris 9 (SPARC, 32-bit)
Solaris 9 (SPARC, 64-bit)
Red Hat Enterprise Linux 3 Update 4 (x86, 32-bit)
Red Hat Enterprise Linux 4 (x86, 32-bit)
In addition, the Windows Sync module runs on these Windows platforms:
Windows 2003 Server
Windows 2000 Server
Windows NT SAM Registry
Client Support
This release supports the following browsers for Admin Express, a web interface for administrators, and online Help, which is for administrators only:
Firefox 1.0 (RHEL 3 & 4, Solaris 9)
Mozilla 1.4 (HP-UX)
Mozilla 1.4.3 (RHEL 3, Solaris 9)
Mozilla 1.7.3 (RHEL 4)
This release will support the following browsers for end user access to the Org Tool and Phonebook applications:
Firefox 1.0 (RHEL 3 & 4, Solaris 9)
Mozilla 1.4 (HP-UX)
Mozilla 1.4.3 (RHEL 3, Solaris 9)
Mozilla 1.7.3 (RHEL 4)
Microsoft Internet Explorer 6.0 (Windows XP only)
Installing Red Hat Directory Server 7.1 SP2
To install Red Hat Directory Server 7.1 SP2 on Solaris and HP-UX, you must have Red Hat Directory Server 7.1 already installed. To install Red Hat Directory Server 7.1 SP2 on Red Hat Enterprise Linux, you may choose to upgrade your existing installation (refer to the Section called Installing Red Hat Directory Server 7.1 SP2 on Red Hat Enterprise Linux) or install a new server using the RPM package. For instructions on installation of Red Hat Directory Server 7.1, refer to the Red Hat Directory Server Installation Guide at the following URL:
http://www.redhat.com/docs/manuals/dir-server/install/7.1/index.html
Obtaining Packages
Red Hat Network (RHN) (http://rhn.redhat.com) is the software distribution mechanism for most Red Hat customers. You may have received account login information for RHN, including entitlements for the Red Hat Directory Server 7.1 release. If so, you need to use the RHN website to obtain your software. Once you are logged into RHN, go to Channels (view complete list if needed) and in the Red Hat Directory Server 7.1 channel, go to the Downloads tab. The Solaris 9 32-bit and 64-bit packages can be found there under the ISOs list as well as the tarball (.tar.gz file) archive for the source code. Note that the files are tarball (.tar.gz) archive files, not ISO images.
Customers looking for RPMs for Red Hat Enterprise Linux can access these files from the RHN website or via up2date, using an account with entitlements for the Red Hat Directory Server 7.1 release. There are also ISO images containing both RPM and SRPM package files, available as downloads for the Red Hat Directory Server 7.1 channel. The RPM packages can be downloaded and installed in the usual manner. The ISO images can be downloaded and burned on to a CD-recordable media using the appropriate software.
For Red Hat Enterprise Linux 4, if you created a CD from an ISO image and want the install CD to autorun when inserted into the CD-ROM drive, you will need to set the appropriate settings in Applications -> Preferences -> Removable storage.
For Red Hat Enterprise Linux installed from the CD, it will install using the Package Management Tool. You will need to run /opt/redhat-ds/setup/setup to configure your new Red Hat Directory Server once the package is installed.
Installing Red Hat Directory Server 7.1 SP2 on Red Hat Enterprise Linux
Once you have installed Red Hat Directory Server 7.1 on your Red Hat Enterprise Linux 3 or 4 system, follow the steps below to perform an upgrade to Red Hat Directory Server 7.1 SP2.
On Red Hat Enterprise Linux 3, run the following command as root:
rpm -U redhat-ds-7.1SP2-3.RHEL3.i386.opt.rpm
On Red Hat Enterprise Linux 4, run the following command as root:
rpm -U redhat-ds-7.1SP2-3.RHEL4.i386.opt.rpm
Installing Red Hat Directory Server 7.1 SP2 on Solaris and HP-UX
Once you have installed Red Hat Directory Server 7.1, follow the steps below to perform an upgrade to Red Hat Directory Server 7.1 SP2.
On your Directory Server 7.1 host machine, log in as root or superuser (su).
Create a new directory for the new 7.1 Directory Server. For example:
mkdir ds71sp2
Change to the newly created directory:
cd ds71sp2
Download the Directory Server product binaries file to the directory you created.
Unpack the product binaries file by typing
gzip -dc filename.tar.gz | tar -xvof -
where filename corresponds to the product binaries that you want to unpack.
In the list of files, locate the setup program.
Run the setup program by issuing the following command from the installation directory:
./setup
The setup program asks if you would like to proceed with the setup. Press
[Y] to continue.The setup program asks you if you agree to the license terms. Press
[Y] to agree with the license terms.When prompted to enter the server root (or the installation directory), enter the full path to the location where your Directory Server 7.1 is installed.
By default, the setup program provides the following path:
/opt/redhat-ds/servers
If your 7.1 Directory Server is installed in a different path, be sure to supply that path. Once you supply the correct path, press
[Enter] .If you have entered the correct location of your Red Hat Directory Server 7.1 installation, you will be prompted for the administration server password. At the prompt, enter the password for the Configuration Administrator. Upgrade will then commence.
Installing Windows Sync for Red Hat Directory Server 7.1 SP2
If you are running Red Hat Directory Server in conjunction with Windows Active Directory services, refer to the following instructions to install Windows Sync for Red Hat Directory Server 7.1 SP2.
Follow the uninstall section of Red Hat Directory Server Administration Guide to uninstall the Password and User Synchronization (NT only) services on the Windows system. Refer to the following URL for more information:
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2878810
Note that the SSL dbs or keystore will be preserved and can be re-used after upgrade is complete.
Copy and install the updated msi file(s) from <Red Hat Directory Server root>/winsync/ to the Windows system.
Reboot the Windows system after re-installing the Password and User (NT only) Synchronization services.
Bug Fixes
Table 1 lists the bugs addressed in Red Hat Directory Server 7.1, either via bug fixes or available supported workarounds.
Table 1. Bugs addressed in Red Hat Directory Server 7.1
| Bug Number | Description |
|---|---|
| 179135, 179137 | Evgeny Legerov discovered several flaws affecting Fedora Directory Server using the GLEG ProtoVer LDAP test suite. A remote attacker who is able to connect to the directory server could send malicious requests that would cause the server to crash, leading to a denial of service. (CVE-2006-0451, CVE-2006-0452, CVE-2006-0453) |
| 185477 | In previous 7.x versions of Red Hat Directory Server, importing a malformed parent entry and some child entries resulted in the child entries being successfully added without a parent. This issue has been fixed. |
| 175897 | There was an issue in evaluating intersection of multiple range searches when the attribute of each range search is different from each other. For example, &(attr1 <= val1)(attr2 >= val2). The issue has been fixed. |
| 175063 | When an ldif file contains an entry with the dn that includes escaped double quotes, importing the entry could possibly fail and the entry is skipped. The subsequent reindex fails due to the skip. The issue has been fixed. |
| 185765 | The password sync tool leaked memory. This issue has been fixed. |
| 181827 | Deleting an attribute value by trimming it's value to an empty string in Active Directory did not sync to Red Hat Directory Server. This issue has been fixed. |
| 173687 | When the Directory Server's effective user and the real user are different, there was a small window that creates log files owned by the real user that should be owned by the effective user. This issue has been fixed. |
| 184585 | Red Hat Directory Server did not allow a re-bind using SASL on the same connection, returning error 49. This issue has been fixed. |
| 186657 | Sustained heavy password modification load on the Active Directory side could potentially crash passsync.exe. This issue has been fixed. |
Known Issues
Table 2 lists the known issues in Red Hat Directory Server 7.1 SP2.
Table 2. Known issues in Red Hat Directory Server 7.1 SP2
| Bug Number | Description |
|---|---|
| 183222 | Directory Server could hang when running VLV search and update operations simultaneously. |
| 192901 | A subtree search of a parent entry with no children using an exact match filter whose search attribute does not exist (for example, using filter (uid=nosuchvalue) on an organizational unit) erroneously returns that parent entry. |