HP-UX Directory Server B.08.10.00 Release Notes - Updated 10/06/2009
• Password policy and account lockout – Enables you to define a set of rules that govern how
passwords and accounts are managed in the directory server.
• Plug-in API – The Directory Server Plug-In API is fully supported for customer use. You
can extend the functionality of the Directory Server by writing your own plug-in functions.
HP provides a Directory Server Plug-In Programmer's Guide for end-user development to
further enhance the directory server for your needs.
• 64-bit versions of the server – HPDS uses 64-bit architecture, enabling you to configure
very large caches. Server scalability is limited only by available memory and storage.
• Roles and class of service – A feature that provides a flexible mechanism for dynamically
grouping and sharing attributes between entries.
• Database encryption – HPDS supports encryption of selected attributes within a database.
• Windows user and group synchronization – HPDS supports Windows Sync, which
synchronizes changes in groups and user entries (including passwords) between HPDS and
Microsoft Active Directory.
2 What is new in HP-UX Directory Server 8.1
• Support for LDAP via UNIX sockets – While RHDS only used TCP sockets for
communication with LDAP clients, HPDS now also supports using UNIX sockets by allowing
LDAP via IPC (LDAPI). This is intended for applications that run on the same host as the
Directory Server.
• DNA plug-in provides automatic numeric attribute assignment – A new plug-in automates
the assignment of numeric IDs, such as the values for uidNumber and gidNumber for POSIX
account entries. The plug-in supports assignment with no risk of collisions in multi-master
replication topologies.
• memberOf plug-in provides a list of group memberships held by each user – Provides a
list of groups in multiple memberOf attributes in each user entry. The new plug-in simplifies
determining what groups a user belongs to. The memberOf attribute can greatly simplify
access control in applications by simplifying verification of a user's group membership.
• Additional options for secure communication between servers – Server to server
connections, such as those used in replication, are enhanced to support SASL/Digest-MD5
and SASL/GSSAPI (Kerberos) authentication, and encryption with Start TLS.
• More flexibility in schema management – Schema can be deployed or modified on-disk
and then reloaded using a new task-based mechanism. Previously, dynamic schema changes
could only be performed via LDAP which offered less control over the organization of the
schema in its persistent on-disk storage.
• Improved Get Effective Rights operation – Whereas the GER operation in RHDS only
showed effective rights for attributes that already existed in an entry, with HPDS, the
operation can now display any effective rights for potential attributes as well (operational
attributes, and those that currently do not exist in the entry but are allowed by schema).
• More tuning for Windows synchronization – In previous releases, the interval at which
the Directory Server checked the Active Directory Server for updates was fixed at five
minutes. This interval is now configurable.
• Option to disallow unauthenticated bind operations – A new configuration attribute allows
the administrator to deny access to LDAP clients that do not provide a password. This allows
improved compatibility with server applications that might misinterpret a Directory Server's
success response to bind operations that lack a password.
• Account policy plug-in provides control over inactive accounts – The new account policy
plug-in tracks login time stamps and provides the administrator with the option to lock
accounts based on the duration of inactivity since the last login time.
• Replication agreements can be prioritized – The multi-master replication plug-in has been
enhanced to allow prioritization of replication agreements. This allows the administrator to
control the order in which multiple replicas are updated. This may be useful, for example,
6