[389-users] Announcing testing release of 389 1.2.3

Fri Oct 9 14:41:33 UTC 2009

The 389 team is pleased to announce that the 389 Directory Server 
version 1.2.3 is available for testing.  The packages are available from 
the testing repositories, not the official release repositories yet. We 
are seeking feedback. The two new packages available for testing are:

* 389-ds-base-1.2.3
* 389-admin-1.1.9

Instructions for installing these from the testing repositories:
 yum install --enablerepo=updates-testing 389-ds # Fedora new install
 yum upgrade --enablerepo=updates-testing 389-ds-base 389-admin 
389-console # Fedora upgrade
or EL5
 yum install --enablerepo=dirsrv-testing --enablerepo=idmcommon-testing 
389-ds # new install
 yum upgrade --enablerepo=dirsrv-testing --enablerepo=idmcommon-testing 
389-ds-base 389-admin 389-console # upgrade

See http://directory.fedoraproject.org/wiki/Download for more 
information about setting up yum access.

Release Notes: http://directory.fedoraproject.org/wiki/Release_Notes
Install Guide: http://directory.fedoraproject.org/wiki/Install_Guide
Download: http://directory.fedoraproject.org/wiki/Download

=== Notes ===
NOTE: If using the FC6 (EL5) packages, _you must update your yum repo 
files_ - the URLs have changed.  See 
http://directory.fedoraproject.org/wiki/Download for more information.

NOTE: Fedora versions below 10 are no longer supported.  If you are 
running Fedora 9 or earlier, you should upgrade.

NOTE: This release is branded as '''389'''.  All of the RPMs have been 
marked as obsoleting their Fedora DS counterparts.  When upgrading via 
yum, you must use yum '''upgrade''' (not update) so that the obsoletes 
will be processed.

NOTE: If you are using the console, after installing the updates, you 
must run '''setup-ds-admin.pl -u''' to refresh your console and admin 
server configuration with the new version information.  1.2.3 fixes some 
bugs related to update - it will remove old Fedora servers from the 
console, and will preserve TLS/SSL configuration.  See the buglist below.

NOTE: '''389-console''' is the command to run the console.  This 
replaces fedora-idm-console.

=== New features ===
* Ability to set resource limits (sizelimit, timelimit, look through 
limit) specifically for anonymous connections
** This is useful when you want to have different limits for regular 
users and anonymous users
** Set the attribute '''nsslapd-anonlimitsdn''' in cn=config to the DN 
of the entry that you want to use as the "template" entry.  This is a 
dummy entry that you have to create.  Then you set whatever resource 
limits you want to apply to anonymous to that dummy entry, and those 
limits will apply to anonymous users.

* Access based on the security strength of the connection
** There is a new ACI keyword - '''minssf''' - this allows you to set 
access control based on how secure the connection is
** There is a global server setting in cn=config - '''nsslapd-minssf''' 
- that allows you to reject operations based on how secure the connection is

* Ability to shut off anonymous access
** This adds a new config switch in cn=config - 
'''nsslapd-allow-anonymous-access''' - that allows one to restrict all 
anonymous access.  When this is enabled, the connection dispatch code 
will only allow BIND operations through for an unauthenticated user.  
The BIND code will only allow the operation through if it's not an 
anonymous or unauthenticated BIND.

=== Bugs Fixed ===
This release contains several bug fixes.  The complete list of bugs 
fixed is found at the link below.  Note that bugs marked as MODIFIED 
have been fixed but are still in testing.
* Tracking bug for 1.2.3 release - 
[https://bugzilla.redhat.com/showdependencytree.cgi?id=519216&hide_resolved=0 
https://bugzilla.redhat.com/showdependencytree.cgi?id=519216&hide_resolved=0]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091009/9057e9c4/attachment.bin>