HP-UX Directory Server Version 8.1 (B.08.10.05) Release Notes HP-UX 11i v3 Abstract This document describes enhancements and new features with the current release of the product, migration tips, known problems fixed in the current release, limitations and restrictions, and known issues.
© Copyright 2012, 2013, 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents HP secure development lifecycle......................................................................4 1 HP-UX Directory Server features....................................................................5 2 Software requirements addendum.................................................................7 HP-UX Apache-based Web Server..............................................................................................7 3 What is new in HP-UX Directory Server 8.1?............................
HP secure development lifecycle Starting with HP-UX 11i v3 March 2013 update release, HP secure development lifecycle provides the ability to authenticate HP-UX software. Software delivered through this release has been digitally signed using HP's private key. You can now verify the authenticity of the software before installing the products, delivered through this release. To verify the software signatures in signed depot, the following products must be installed on your system: • B.11.31.
1 HP-UX Directory Server features The HP-UX Directory Server 8.1 product replaces the Red Hat Directory Server for HP-UX (RHDS) product line. The HP-UX Directory Server is based on the same open source software as RHDS and includes a straightforward migration process from RHDS. HP-UX Directory Server (HPDS) provides an industry-standard, centralized directory service on which to build your intranet or extranet.
• Password policy and account lockout – Enables you to define a set of rules that govern how passwords and accounts are managed in the directory server. • Plug-in API – The Directory Server Plug-In API is fully supported for customer use. You can extend the functionality of the Directory Server by writing your own plug-in functions. HP provides a Directory Server Plug-In Programmer's Guide for end-user development to further enhance the directory server for your needs.
2 Software requirements addendum This section lists software requirements that are not documented in HP-UX Directory Server Installation Guide. HP-UX Apache-based Web Server The Administration Server uses the Apache web server v2.0 or v2.2 for its operation. HP recommends that v2.2 be used because v2.0 will be deprecated for the next release. The following versions of HP-UX Apache-based Web Server are supported: • B.2.0.50.01 and higher, except version B.2.0.59.
3 What is new in HP-UX Directory Server 8.1? B.08.10.05 release of HP-UX Directory Server 8.1 includes new features and fixes to several existing problems. For more information about fixes, see Table 1 (page 12). The following new and changed features are introduced for HP-UX 11i v3 HP Integrity system (B.08.10.
• Thread Aware Regex—A new thread aware library is included to improve the throughput of complex regex searches. • Ability to shut off anonymous access—This feature adds a new config switch in cn=config, nsslapd-allow-anonymous-access that allows you to restrict all anonymous access. • Resource limits for anonymously bound clients—Enables to set resource limits (sizelimit, timelimit, lookthroughlimit) specifically for anonymous connections.
a Serviceguard package, see the HP Serviceguard documentation, available at the following location: http://www.hp.com/go/hpux-serviceguard-docs The following new and changed features were introduced with HP-UX Directory Server 8.1 (B.08.10.00): 10 • Support for LDAP via UNIX sockets—While RHDS only used TCP sockets for communication with LDAP clients, HPDS now also supports using UNIX sockets by allowing LDAP via IPC (LDAPI).
4 Upgrade and migration notes For information about migration (upgrade) paths, see Migration (Upgrade) from Netscape or RedHat or HP Directory Server to HP-UX Directory Server 8.10.05 or later at http://www.hp.com/ go/hpux-security-docs —> HP-UX Directory Server.
5 Defect fixes HP-UX Directory Server B.08.10.05 release for HP-UX 11i v3 The following defects are fixed in the HP-UX Directory Server B.08.10.05 release for HP-UX v3 HP Integrity system: Table 1 Fixes in HP-UX Directory Server B.08.10.05 Defect Description QXCR1001272195 HPDS 8.10.04 reports “No such file or directory” if id2entry.db4 is greater than 2 GB. QXCR1001210702 The Replication Update Vector (RUV) details are not updated in database or memory when HUB is promoted to supplier role.
HP-UX Directory Server B.08.10.02 release The following defect is fixed in the HP-UX Directory Server B.08.10.02 release for HP-UX 11i v2 and v3: Table 4 Fixes in HP-UX Directory Server B.08.10.02 Defect Description of corrected problem QXCR1000977427 The log rotationinfo file is corrupted at startup. As a result, log files that were created before the restart are not removed after they expire. HP-UX Directory Server B.08.10.01release The following defects are fixed in the HP-UX Directory Server B.08.
Table 6 (continued) 14 Defect Description of corrected problem QXCR1000555503 In some steps of the Certificate Request Wizard in the Directory Server Console, clicking Help fails to display the help information. An error page is displayed instead. QXCR1000936776 Replicas might be inconsistent if a master experiences a disorderly shutdown while being updated. In particular, when the master is started again and resumes replication, it might fail to transmit the last change before the shutdown occurred.
6 Limitations and restrictions This section lists problems and limitations known to HP at the time of publication. • Windows Sync is not qualified for B.08.10.04 • To enable core file dumps of ns-slapd and related processes when aborting, system changes are required prior to installation By default for security reasons, processes that acquire a higher user privilege, such as the ns-slapd daemon, are not dumped to a core file when aborting.
7 Issues and workarounds Issues known at time of publication include the following: • On HP-UX 11i v3, the PHCO_42326 patch, which is a pthread library patch, is required to address pthread issues. • QXCR1001038153: If the nsslapd-accesslog-logexpirationtime, nsslapd-auditlog-logexpirationtime, or nsslapd-errorlog-logexpirationtime attribute is missing from dse.ldif, the Admin console incorrectly displays the value of the attribute as set to 1.
• The Administration Console Help button does not function properly Clicking Help in the Administration Console fails and the console displays the error interpreter "/usr/dt/bin/dtksh" not found. The Administration Console uses the Firefox web browser (or the Mozilla web browser, if Firefox is not available from the user's search path) to display help text. When Firefox and Mozilla web browsers start the first time, they attempt to display licensing text in a graphical window.
Workaround Place the CRL in the Administration Server directory /etc/opt/dirsrv/admin-serv. The console can access the CRL file there. • The nsslapd-saslpath attribute is not migrated If you migrate a Directory Server instance to HP-UX Directory Server 8.1, the nsslapd-saslpath attribute is not migrated with the dse.ldif file on the new Directory Server instance. The SASL libraries cannot be loaded. Workaround After you migrate the Directory Server to version 8.
Workaround Use any of the following workarounds: ◦ When you run the setup-ds-admin.pl -u command, by default it uses the following user account: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot. Instead of the default user account, if the cn=Directory manager user account and credentials are used, the upgrade works fine.
8 Support and other resources Information to collect before contacting HP Be sure to have the following information available before you contact HP: • Software product name • Hardware product model number • Operating system type and version • Applicable error message • Third-party hardware or software • Technical support registration number (if applicable) How to contact HP Use the following methods to contact HP technical support: • In the United States, see the Customer Service / Contact HP U
• HP-UX Directory Server configuration, command, and file reference This document provides reference information on the command line scripts, configuration attributes, and log files shipped with the Directory Server. • HP-UX Directory Server console guide This guide covers the basic structure of the Console for both the Directory Server and the Administration Server and provides an overview of how to use the main Console to manage users and access within the Console.
Troubleshooting resources • You can search a technical knowledge database available on the HP Support Center (HPSC) website at Support Center • To seek solutions to problems, you can post messages on the ITRC Forums page at the following website (select the HP-UX area in the Areas of peer problem solving section) at http:// h20566.www2.hp.com/portal/site/hpsc? Typographic conventions This document uses the following typographical conventions: $, # A percent sign represents the C shell system prompt.
9 Documentation feedback HP welcomes your feedback. To make comments and suggestions about product documentation, send a message to docsfeedback@hp.com Include the document title and manufacturing part number in your message. All submissions become the property of HP.
