Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsConsumer electronicsDIRECTORY 8.1 RELEASE NOTES
12345678910
These release notes contain important information available at the release of Red Hat Directory Server
version 8.2. New features, system requirements, installation notes, known problems, resources, and
other current issues are addressed here. Read this document before beginning to use Directory Server
8.2.
1. New Features in Red Hat Directory Server 8.2
Directory Server 8.2 has introduced many features to make managing the directory service and its data
easier.
1.1. Setting Limits for Anonymous Users
Previously, it was impossible to set resource limits on anonymous users. Resource limits could only be
set on users who existed in the directory. Since anonymous binds didn't correspond to a user entry, only
general Directory Server settings could be applied to anonymous operations. A new attribute, nsslapd-
anonlimitsdn, references a template entry that can be used to define resource limits. All anonymous
binds are treated as that template entry.
For additional security, the new nsslapd-allow-anonymous-access attribute can be set to off to
disable anonymous binds entirely.
1.2. Requiring Secure Connections for Simple Bind
A simple bind is a bind attempt which uses a username-password combination to authenticate to the
server. T he vulnerability in simple binds is that the password is transmitted in plaintext. T he new
nsslapd-require-secure-binds attribute requires that simple binds occur only over a secure
connection (T LS, SASL, or Start T LS).
1.3. Mixing SASL and TLS Connections
In other versions of Directory Server, the server could not be configured to connect over both SASL and
TLS simultaneously. In Red Hat Directory Server 8.2, the server can now have both SASL and T LS
configured and the desired protocol can be used for different server connections.
1.4. Requiring a Minimum Security Strength Factor for Server Connections
The security of the connection is determined by its security strength factor. New configuration and ACI
parameters allow administrators to set the minimum key strength required to process operations.
In Red Hat Directory Server 8.2, it is possible to require operations to occur over a connection with a
certain level of security. The nsslapd-minssf attribute sets the required security factor. The new ssf
keyword for ACIs allows access control rules to be set that require certain operations or users to meet
security strength factors.
1.5. Adding Entry Update Sequence Numbers (USN) for Write Operations
The Entry USN Plug-in provides a way for LDAP clients to know that something in the database has
changed. T his plug-in generates a global update sequence number (USN) for an entry whenever a write
operation occurs.
A new operational attribute, entryusn, stores the latest USN for an entry. This value is calculated
globally, much like change sequence numbers for replication. So, if entry A is updated and has an
entryusn of 1, and then entry B is updated, entry B has anentryusn value of 2. Another attribute,
lastusn, is kept on the root DSE which shows the most recent USN number assigned to any entry in
Red Hat Directory Server 8.2 Red Hat Directory Server 8.2 Release Notes
2