NetIQ eDirectory 8.8 SP8 Patch 4 includes new features and resolves several previous issues. The installation program provides the ability to upgrade from eDirectory 8.8 SP8 onwards or perform a new installation.
For a full list of all issues resolved in eDirectory 8.8, including all patches, refer to TID 3426981, “History of Issues Resolved in eDirectory 8.8.x”.
For information about what’s new in previous releases, see the “Previous Releases” section in the NetIQ eDirectory online documentation Web site.
For information about security services that are bundled with eDirectory and other components used with eDirectory, see Section 5.0, Additional Documentation.
This section lists the new functionalities and features for this release:
iMonitor supports the following browers:
Internet Explorer 11
Mozilla Firefox 34.0.5
NOTE:Check the currently installed NetIQ and third-party applications to determine if eDirectory 8.8 SP8 is supported before upgrading your existing eDirectory environment. It is also highly recommended that you back up eDirectory prior to any upgrades.
You can use any one of the platforms listed below.
Windows Server 2008 (x64) (Standard/Enterprise/Data Center Edition) and its service packs
Windows Server 2008 R2 (Standard/Enterprise/Data Center Edition) and its service packs
Windows 2012 Server
Windows Server 2012 R2
You must use an account that has administrative rights to install eDirectory 8.8 SP8 on Windows Server 2008 R2.
Windows desktop versions are not supported.
You can run the operating systems mentioned above in a virtual mode on the following hypervisors:
Windows Server 2008 R2 Virtualization with Hyper-V
For a detailed list of prerequisites for installing eDirectory on a Windows server, see the NetIQ eDirectory 8.8 SP8 Installation Guide.
When you try to add an eDirectory 8.8 SP8 server from a Windows host to an existing tree running on a different host, it might fail if the firewall is enabled.
To work around this issue, enable SLP services and an NCP port (default 524) in the firewall to allow the secondary server addition.
In some cases, schema extensions do not synchronize fast enough to the lower levels of a tree where the first new eDirectory 8.8 SP8 server is being installed, so some features are not completely installed.
This problem can be avoided by manually extending the schema in your tree before you install eDirectory 8.8 SP8, using the eDirectory 8.8 SP8 schema files located in the <Unzip Location>\Novell\NDS\x64 folder.
For more information on extending the schema, refer to the “Extending the Schema on Windows” section in the NetIQ eDirectory 8.8 SP8 Administration Guide.
When eDirectory 8.8 SP8 is installed on a Windows computer already containing the Novell Client, eDirectory installs an SLP service, but sets the service to manual mode so that it does not run when the server is booted. eDirectory then uses the SLP service from the Novell Client. If the Novell Client is removed, leaving no SLP service for eDirectory to use, you must manually start the SLP service, or change it to start automatically when the server boots.
On Windows, eDirectory listens on all interfaces configured on the computer for NCP, HTTP, HTTPS, LDAP and LDAPS by default. Adding a new network interface address to the computer, and restarting eDirectory will make it start listening on that address automatically, and have referrals also added correspondingly.
If you have eDirectory 8.5.x or 8.6.x, you must first upgrade to eDirectory 8.7.x, then upgrade to eDirectory 8.8 SP8.
The following error is displayed:
Admin user does not have enough rights to modify the tree schema.
To resolve this issue, complete the following steps:
From the Administrator Login page of eDirectory installation, browse to and select the admin user.
Specify the password, then clickto continue.
If you upgrade an eDirectory server on which the eDirectory instrumentation is installed, the eDirectory instrumentation files are not upgraded automatically. Therefore, you must manually upgrade the eDirectory instrumentation files.
NOTE:eDirectory instrumentation is automatically installed with Identity Manager 4.0.
For more information on upgrading the instrumentation, refer to the NetIQ eDirectory 8.8 SP8 Installation Guide.
When specifying the eDirectory information during the installation, if an invalid Server object container type is specified, the installation does not detect the error until later, and the eDirectory installation fails with a -611 or -634 error.
The valid Server object container types are:
Organizational Unit (OU)
The following sections provide information on known issues at the time of the product release.
If you install NetIQ Identity Manager 4.0.2 on a computer running eDirectory 8.8 SP8, the setup program displays the following error:
Valid version of NMAS not found
The error message states NMAS 8.8.8 is not a valid version and asks if you want to proceed with the installation process. Ignore the error, and click Yes. The installation process completes successfully.
This is observed for utilities such as DSRepair, DSMerge, and DSBrowse.
To view the help files for these utilities, open them directly by double-clicking them in the folder they are located in. For example, C:/Novell/NDS/NLS/Nihongo for the Japanese help file.
If the login fails during the secondary server installation, click thebutton next to the Administrator Login Name dialog box. After this, you might see an error message and a dialog box prompting you to enter an IP address. Enter the IP address of any server in the tree, preferably the Master server of the partition to which the server is being added.
If the server is running on a port number other than 524, enter the port number as well such as 220.127.116.11:1524. This connects to the server, displays the tree name, and prompts for a login name and password. Follow the dialog boxes to continue with the installation. Ensure that the time between the primary and secondary servers is synchronized.
When you upgrade to eDirectory 8.8 SP8 and enable encrypted replication, replication fails in rare scenarios.
To work around this issue:
In NetIQ iManager, select, then select the NCP Server object.
Under the General tab, select.
Addfrom Unvalued Attributes to Valued Attributes with the certificate name. For example, .
eDirectory installation fails when the install files are run from a path that contains double-byte or extended ASCII characters.
The installer fails to find the correct path to load the rt.jar file. This issue does not occur if the eDirectory installation folder has a relatively short path. For example, eDirectory installation can fail if the length of the folder path is more than 115 characters.
SNMP stops working after installing eDirectory and displays the following error message:
SNMP subagent error -672
To workaround this issue, perform the following steps:
Install and configure SNMP service after eDirectory is installed.
Run the dssnmpsupport.exe on your eDirectory server.
NOTE:Apply dssnmpsupport.exe only if MpsSvc service is running on the eDirectory server.
By default, eDirectory disables logging for a failed login event. To enable this, configure the Nsure Audit settings for eDirectory to log the Add Value events in the NCP server object. You also need to enable the intruder detection on containers where auditing of these events is required. For more information, see TID 10092488.
The eDirectory 8.8.8 Patch 4 non-root comes with an empty <eDirectroy install path>/sbin/pre_ndsd_start, this causes the paths for Identity Manager not to be set, and therefore not being able to start.
For more information about this workaround, see TID 7016136.
DHost crashes if the administrator logs off when a repair window is still open. When you run a repair utility, all the repair windows must be closed before logging out of the Windows session.
When you invoke any of the eDirectory utilities except DSTrace, the Interactive dialog box appears.
To launch and continue using the invoked utility, click theoption in the Interactive dialog box.
Windows Server 2012 and Windows Server 2012 R2 do not allow interactive services by default. To allow interactive services, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows and change NoInteractiveServices from to . Reboot the computer to start the interactive services detection service.
NOTE:When configuring the Directory Agent for eDirectory module (ds.dlm), ensure that you exit the ds.dlm dialog box to continue using the eDirectory services.
The NetIQ eDirectory Management Toolbox (eMBox) does not handle double-byte characters for setting a roll-forward directory through the eMBox client and iManager. This can still be done by using DSBK.
In a French localized Windows environment, if you try to run the utility for configuring eDirectory on a cluster (dsclusterconfig.exe), the localized O option does not work. You must provide the corresponding English Y option for the utility to run.
If you use the dsclusterconfig.exe utility in a Japanese localized Windows environment, the utility displays corrupted Japanese characters in the Windows terminal. You must change the localization settings for the utility to use English in order to properly configure eDirectory.
Symantec Network Threat Protection conflicts with IPv6 addresses. If you want to use IPv6 addresses in iManager 2.7.7, and your computer is running Network Threat Protection, you must disable Network Threat Protection.
If your eDirectory uses LDAPS protocol with SSLv3 for a secure communication, be aware that SSLv3 is vulnerable to POODLE attack as per CVE-2014-3566.
To disable SSLv3 in the LDAPS protocol, perform the following steps:
Download and install the latest iManager plug-in for eDirectory from the NetIQ Downloads Web site.
Launch iManager and click.
Click LDAP>LDAP Options>View LDAP Server, select LDAP Server.
Enable theand click .
NOTE:In non-English environment you cannot access the Disable SSLv3 option. To access this option change the preferred display language to English.
Unload and load the LDAP Services for eDirectory.
For more information, see Loading and Unloading LDAP Services for eDirectory.
For other protocols that eDirectory uses, SSLv3 is disabled by default.
For iManager information, refer to the iManager online documentation.
For NMAS information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For Password Management information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For Certificate Server information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For NICI information, refer to the NICI online documentation.
NetIQ Corporation, and its affiliates, have intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2015 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.