HP-UX Directory Server Version 8.1 (B.08.10.07) Release Notes Abstract This document describes enhancements and new features with the current release of the product, migration tips, known problems fixed in the current release, limitations and restrictions, and known issues.
© Copyright 2013, 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents HP secure development lifecycle......................................................................4 1 HP-UX Directory Server features....................................................................5 2 Software requirements addendum.................................................................7 HP-UX Apache-based Web Server..............................................................................................7 3 What is new in HP-UX Directory Server 8.1?............................
HP secure development lifecycle Starting with HP-UX 11i v3 March 2013 update release, HP secure development lifecycle provides the ability to authenticate HP-UX software. Software delivered through this release has been digitally signed using HP's private key. You can now verify the authenticity of the software before installing the products, delivered through this release. To verify the software signatures in signed depot, the following products must be installed on your system: • B.11.31.
1 HP-UX Directory Server features The HP-UX Directory Server 8.1 product replaces the Red Hat Directory Server for HP-UX (RHDS) product line. The HP-UX Directory Server is based on the same open source software as RHDS and includes a straightforward migration process from RHDS. HP-UX Directory Server (HPDS) provides an industry-standard, centralized directory service on which to build your intranet or extranet.
• Password policy and account lockout – Enables you to define a set of rules that govern how passwords and accounts are managed in the directory server. • Plug-in API – The Directory Server Plug-In API is fully supported for customer use. You can extend the functionality of the Directory Server by writing your own plug-in functions. HP provides a Directory Server Plug-In Programmer's Guide for end-user development to further enhance the directory server for your needs.
2 Software requirements addendum This section lists software requirements that are not documented in HP-UX Directory Server Installation Guide. HP-UX Apache-based Web Server The Administration Server uses the Apache web server v2.2 for its operation. The following versions of HP-UX Apache-based Web Server are supported: • B.2.2.15.
3 What is new in HP-UX Directory Server 8.1? B.08.10.07 release of HP-UX Directory Server 8.1 includes new features and fixes to several existing problems. For more information about fixes, see Table 1 (page 12). The following new feature is introduced with HP-UX Directory Server 8.1 (B.08.10.07): • Java6 support: HP-UX Directory Server 8.1 has been enhanced to support the JRE version1.6.0.20.00. Later versions of JRE6 may also work.
◦ Teletex Terminal Identifier ◦ Telex Number • Thread Aware Regex—A new thread aware library is included to improve the throughput of complex regex searches. • Ability to shut off anonymous access—This feature adds a new config switch in cn=config, nsslapd-allow-anonymous-access that allows you to restrict all anonymous access. • Resource limits for anonymously bound clients—Enables to set resource limits (sizelimit, timelimit, lookthroughlimit) specifically for anonymous connections.
The following enhancements were introduced with the release (B.08.10.02): • Support in the Administration Server for Apache 2.2 in addition to Apache 2.0. For use of Apache 2.2, Apache B.2.2.8.06 or higher is required. • Additional support for migrating from Sun Java System Directory Server. • Support for configuration of the HP-UX Directory Server 8.1 in an HP Serviceguard package.
4 Upgrade and migration notes For information about migration (upgrade) paths, see Migration (Upgrade) from Netscape or RedHat or HP Directory Server to HP-UX Directory Server 8.10.05 or later at http://www.hp.com/ go/hpux-security-docs —> HP-UX Directory Server.
5 Defect fixes HP-UX Directory Server B.08.10.07 release The following defects are fixed in the HP-UX Directory Server B.08.10.07 release for HP-UX 11i v2 and v3: Table 1 Fixes in HP-UX Directory Server B.08.10.07 Defect Description QXCR1001279559 Cannot change the user password on multi master replica when user is replicated QXCR1001290148 ns-slapd aborts when removing an entry more than once HP-UX Directory Server B.08.10.
Table 4 Fixes in HP-UX Directory Server B.08.10.03 Defect Description of corrected problem QXCR1001065568 With audit logging enabled, under certain circumstances an information leak might occur. QXCR1001063264 If a supplier changelog is trimmed of changes and a stale LDIF is loaded into a consumer replica, an inconsistent replication state might occur. QXCR1001047835 Running the setup script setup-ds-admin.
Table 7 14 Defect Description of corrected problem QXCR1000927785 When migrating to HP-UX Directory Server 8.1, the ownership of certain legacy instance files might not be retained. For example, legacy files with group ownership other end up after migration with group ownership sys QXCR1000938062 The migration script creates empty backend databases for missing or empty LDIF export files.
6 Limitations and restrictions This section lists problems and limitations known to HP at the time of publication. • Windows Sync is not qualified for B.08.10.04 • To enable core file dumps of ns-slapd and related processes when aborting, system changes are required prior to installation By default for security reasons, processes that acquire a higher user privilege, such as the ns-slapd daemon, are not dumped to a core file when aborting.
7 Issues and workarounds Issues known at time of publication include the following: • On HP-UX 11i v3, the PHCO_42326 patch, which is a pthread library patch, is required to address pthread issues. • QXCR1001038153: If the nsslapd-accesslog-logexpirationtime, nsslapd-auditlog-logexpirationtime, or nsslapd-errorlog-logexpirationtime attribute is missing from dse.ldif, the Admin console incorrectly displays the value of the attribute as set to 1.
• The Administration Console Help button does not function properly Clicking Help in the Administration Console fails and the console displays the error interpreter "/usr/dt/bin/dtksh" not found. The Administration Console uses the Firefox web browser (or the Mozilla web browser, if Firefox is not available from the user's search path) to display help text. When Firefox and Mozilla web browsers start the first time, they attempt to display licensing text in a graphical window.
Workaround Place the CRL in the Administration Server directory /etc/opt/dirsrv/admin-serv. The console can access the CRL file there. • The nsslapd-saslpath attribute is not migrated If you migrate a Directory Server instance to HP-UX Directory Server 8.1, the nsslapd-saslpath attribute is not migrated with the dse.ldif file on the new Directory Server instance. The SASL libraries cannot be loaded. Workaround After you migrate the Directory Server to version 8.
Workaround Use any of the following workarounds: ◦ When you run the setup-ds-admin.pl -u command, by default it uses the following user account: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot. Instead of the default user account, if the cn=Directory manager user account and credentials are used, the upgrade works fine.
8 Support and other resources Information to collect before contacting HP Be sure to have the following information available before you contact HP: • Software product name • Hardware product model number • Operating system type and version • Applicable error message • Third-party hardware or software • Technical support registration number (if applicable) How to contact HP Use the following methods to contact HP technical support: • In the United States, see the Customer Service / Contact HP U
• HP-UX Directory Server configuration, command, and file reference This document provides reference information on the command line scripts, configuration attributes, and log files shipped with the Directory Server. • HP-UX Directory Server console guide This guide covers the basic structure of the Console for both the Directory Server and the Administration Server and provides an overview of how to use the main Console to manage users and access within the Console.
Troubleshooting resources • You can search a technical knowledge database available on the HP Support Center (HPSC) website at Support Center • To seek solutions to problems, you can post messages on the ITRC Forums page at the following website (select the HP-UX area in the Areas of peer problem solving section) at http:// h20566.www2.hp.com/portal/site/hpsc? Typographic conventions This document uses the following typographical conventions: $, # A percent sign represents the C shell system prompt.
9 Documentation feedback HP welcomes your feedback. To make comments and suggestions about product documentation, send a message to docsfeedback@hp.com Include the document title and manufacturing part number in your message. All submissions become the property of HP.
