HP-UX Directory Server B.08.10.02 Release Notes (5900-0842, May 2010)
• Support in the Administration Server for Apache 2.2 in addition to Apache 2.0. For use of
Apache 2.2, Apache B.2.2.8.06 or higher is required.
• Additional support for migrating from Sun Java System Directory Server; for more
information, see “Migrating from Sun Java System Directory Server” (page 8).
The following list includes new and changed features that were introduced with HP-UX Directory
Server 8.1 (B.08.10):
• Support for LDAP via UNIX sockets – While RHDS only used TCP sockets for
communication with LDAP clients, HPDS now also supports using UNIX sockets by allowing
LDAP via IPC (LDAPI). This is intended for applications that run on the same host as the
Directory Server.
• DNA plug-in provides automatic numeric attribute assignment – A new plug-in automates
the assignment of numeric IDs, such as the values for uidNumber and gidNumber for POSIX
account entries. The plug-in supports assignment with no risk of collisions in multi-master
replication topologies.
• memberOf plug-in provides a list of group memberships held by each user – Provides a
list of groups in multiple memberOf attributes in each user entry. The new plug-in simplifies
determining what groups a user belongs to. The memberOf attribute can greatly simplify
access control in applications by simplifying verification of a user's group membership.
• Additional options for secure communication between servers – Server to server
connections, such as those used in replication, are enhanced to support SASL/Digest-MD5
and SASL/GSSAPI (Kerberos) authentication, and encryption with Start TLS.
• More flexibility in schema management – Schema can be deployed or modified on-disk
and then reloaded using a new task-based mechanism. Previously, dynamic schema changes
could only be performed via LDAP which offered less control over the organization of the
schema in its persistent on-disk storage.
• Improved Get Effective Rights operation – Whereas the GER operation in RHDS only
showed effective rights for attributes that already existed in an entry, with HPDS, the
operation can now display any effective rights for potential attributes as well (operational
attributes, and those that currently do not exist in the entry but are allowed by schema).
• More tuning for Windows synchronization – In previous releases, the interval at which
the Directory Server checked the Active Directory Server for updates was fixed at five
minutes. This interval is now configurable.
• Option to disallow unauthenticated bind operations – A new configuration attribute allows
the administrator to deny access to LDAP clients that do not provide a password. This allows
improved compatibility with server applications that might misinterpret a Directory Server's
success response to bind operations that lack a password.
• Account policy plug-in provides control over inactive accounts – The new account policy
plug-in tracks login time stamps and provides the administrator with the option to lock
accounts based on the duration of inactivity since the last login time.
• Replication agreements can be prioritized – The multi-master replication plug-in has been
enhanced to allow prioritization of replication agreements. This allows the administrator to
control the order in which multiple replicas are updated. This may be useful, for example,
when you require that a backup master replica be updated completely before updating one
or more read-only replicas accessible by client applications.
3 Upgrade and migration notes
3.1 Upgrading from Red Hat Directory Server 8.0
When you upgrade from Red Hat Directory Server 8.0 to HP-UX Directory Server 8.1, the upgrade
script first saves any configuration files and data that need to be upgraded, storing them in the
archive file /var/opt/dirsrv/upgrade/8.0/cfgPreUpgradeBackup.tar. This archive
is created in addition to any backup that you created manually prior to the upgrade by following
3 Upgrade and migration notes 7