eDirectory 8.8.8 Patch 7 supersedes eDirectory 8.8.8 Patch 6.
For a full list of all issues resolved in eDirectory 8.8, including all patches, refer to TID 3426981, “History of Issues Resolved in eDirectory 8.8.x”.
For the list of software fixes and enhancements in the previous releases, see eDirectory 8.8.8 Patch 6 Release Notes.
For information about security services that are bundled with eDirectory and other components used with eDirectory, see Section 7.0, Additional Documentation.
This release includes the following platform updates and fixed issues:
This release introduces the enhanced Certificate Server Plug-In for allowing the Certificate Authority to create default certificates with the CA’s signature algorithm during server health check when the CA is recreated with a new signature algorithm. To do this, enable the HealthCheck - Follow CA's Signing Algorithm under Server Self Provisioning in iManager.
To leverage this feature, upgrade your Certificate Server plug-in and eDirectory to version 8.8 SP8 Patch 7.
In this release, the Java version has been updated to 1.8.0_66.
Linux: There are no manual steps required to update the version of Java. After updating the patch, the Java version will be 1.8.0_66.
Windows: There are no manual steps required to update the version of Java. After updating the patch, the Java version will be 1.8.0_66.
eDirectory 8.8.8 Patch 7 includes the following software fixes that resolve several previous issues:
This patch updates eDirectory to resolve the NTLS vulnerability CVE-2015-3195.
Issue: The memory leaks occur in the CreateListeners and the SetDefaultListenerURLs functions after the LDAP server configuration code path.
Fix: This patch updates the eDirectory code to avoid memory leak while executing the LDAP_server configuration code path.
Issue: While changing the password for a user object, eDirectory sends a Modify Account Security Token event to the Syslog connector. The user name and the domain names were incorrectly placed in the TargetHostName and TargetHostDomain fields of the event.
Fix: This patch updates the XDAS audit library to correctly place the user name and the domain names in the corresponding fields of the event.
Issue: The ‘Follow CA's Signature Algorithm’ feature was not working in all scenarios.
Fix: This patch updates eDirectory to enable the new servers added to the tree to work with the Follow CA’s Signing Algorithm feature.
Issue: After recreating the eDirectory tree’s CA to use the SHA-256, certificates generated through the Certificate Signing Request still use SHA-1 for certificate signing instead of SHA-256.
Fix: The iManager Certificate Server plug-in now provides a new option, Specify Certificate Parameters, to specify the signature algorithm while issuing certificates.
Issue: The Certificate Server fails to generate SSL CertificateDNS when CRL distribution points are changed.
Fix: This patch updates eDirectory to generate the SSL CertificateDNS when the CRL distribution points are changed.
For a detailed list of prerequisites for installing eDirectory, see the NetIQ eDirectory 8.8 SP8 Installation Guide.
To upgrade to eDirectory 8.8.8 Patch 7, go to the NetIQ Downloads page and follow the link that allows you to download the software.
NOTE:eDirectory 8.8.8 Patch 7 contains an older version of PA (Platform Agent) build that does not resolve the issue causing NDSD crash. Click here to download the latest version of PA that resolves this issue.
The installation program provides the ability to upgrade from eDirectory 8.8 SP8 onwards or perform a new installation.
Ensure that you are currently on any one of the following eDirectory versions, before upgrading to eDirectory 8.8.8 Patch 7:
8.8.8 Patch 1
8.8.8 Patch 2
8.8.8 Patch 3
8.8.8 Patch 4
8.8.8 Patch 5
8.8.8 Patch 6
NOTE:If you have eDirectory 8.5.x or 8.6.x, you must first upgrade to eDirectory 8.7.x, then upgrade to eDirectory 8.8 SP8 and later.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
This patch does not support eDirectory on Red Hat Enterprise Linux 7.2 platform.
For iManager information, refer to the iManager online documentation.
For NMAS information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For Password Management information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For Certificate Server information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For NICI information, refer to the NICI online documentation.
For more information on eDirectory issues on Open Enterprise Server (OES), refer to the OES Readme.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2016 NetIQ Corporation, a Micro Focus company. All Rights Reserved.