NetIQ eDirectory 9.0 SP1 includes new features and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the eDirectory Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.
For a full list of all issues resolved in NetIQ eDirectory 9.x, including all patches and service packs, refer to TID 7016794, “History of Issues Resolved in NetIQ eDirectory 9.x”.
eDirectory 9.0 SP1 provides the following key features, enhancements, and fixes in this release:
This release introduces the following enhancements:
This release introduces support for trust association of a user or an identity with a group, or the trust association of two users in a domain-specific context for establishing a trust relationship. These events also relate to the association of identities within disparate authentication domains for federation purpose. There are two types of Trust Management events:
Associate Trust: This event is triggered when a new trust association is created.
De-Associate Trust: This event is triggered when an existing trust association is destroyed.
In this release, the Java version has been updated to 1.8.0_92.
There are no manual steps required to update your current version of Java on both Linux and Windows platforms. After updating the service pack, the Java version will be 1.8.0_92.
eDirectory 9.0 SP1 includes the following software fixes that resolve several previous issues:
This patch updates eDirectory to resolve the CLDAP SDK vulnerability (Bug 961635). The OpenSSL libraries are now bundled with CLDAP SDK for both Linux and Windows.
Issue: eDirectory displays an error message while restoring a recently backed up object. This occurs due to the DClient version mismatching between the backup and the restore.
Fix: This issue is fixed. Now eDirectory handles the DClient version correctly between the backup and the restore. (Bug 964463)
Issue: The advanced option of the ndsrepair utility does not handle the INTEGER64 flag while importing a schema from a remote tree.
Fix: This release updates eDirectory to check for the INTEGER64 flag and retain the syntax (octet string) of the imported attribute. (Bug 938888)
Issue: When you search for a dynamic group, the search result does not return all the members of the dynamic group when the group members are distributed across multiple servers. This occurs because eDirectory does not store the referrals before returning the results to the LDAP server.
Fix: This release updates eDirectory to store and follow the referrals properly and correctly return all the members of a dynamic group when they are searched. (Bug 944373)
Issue: eDirectory crashes due to buffer overflow when the DN contains the UID attribute.
Fix: This release updates eDirectory to avoid the buffer overflow. (Bug 954030)
Issue: eDirectory crashes while converting the values of the LDAP attributes to the NDS attribute format due to buffer overflow.
Fix: This release updates eDirectory to handle the memory allocation more effectively to prevent crashing. (Bug 965036)
Issue: eDirectory crashes while using the LDAP Password Modify Extended Operation due to buffer overflow.
Fix: This release updates eDirectory to avoid the buffer overflow. (Bug 967433)
Issue: The LDAP servers become unresponsive under heavy load of write requests when eDirectory runs out of file descriptors. This occurs because the file descriptors are not closed after being removed from the file descriptor’s pool.
Fix: This release updates eDirectory to close the file descriptors after they are removed from the pool. This improves the performance of the LDAP servers. (Bug 961773)
Issue: Upgrading eDirectory to version 8.8 SP8 Patch 8 fails when the locale is set to Japanese. You will also not be prompted for authentication during upgrade.
Fix: This release updates eDirectory to resolve this issue. (Bug 955508)
Issue: Index type for ldapAttributeList attribute does not match on different servers for the same index with the same set of data.
Fix: This release updates eDirectory to check for index type changes and update the changes in the index definition attribute. (Bug 932501)
Issue: LDAP server plug-in doesn’t refresh or prompts you to reload nldap module when a cipher is changed.
Fix: This release updates eDirectory to display a warning message that prompts you to reload the nldap module when a cipher is changed. (Bug 870756)
Issue: The httpKeyMaterialObject attribute value is changed to SSL CertificateDNS after upgrading eDirectory. This occurs when a 3rd party certificate is set as the attribute value instead of the SSL CertificateDNS.
Fix: This release updates eDirectory to resolve this issue. (Bug 957819)
To upgrade to eDirectory 9.0 SP1, you need to be on eDirectory 8.8.8.x or above. For more information on upgrading eDirectory, see the NetIQ eDirecoty Installation Guide.
For information about prerequisites, hardware requirements, and supported operating systems, see the NetIQ eDirectory Installation Guide.
NOTE:This version of eDirectory supports Identity Manager 4.5 SP4. For more information, see NetIQ Identity Manager 4.5 Service Pack 4 Release Notes.
To upgrade to eDirectory 9.0 SP1, you need to be on eDirectory 8.8.8.x or 9.0. For more information on upgrading eDirectory, see the NetIQ eDirecoty Installation Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
For the list of the known issues in eDirectory 9.0, refer to the Known Issues section in the respective release notes.
Issue: Most of the recent browsers support high strength ciphers but iMonitor still allows only medium strength ciphers by default.
Workaround: Configure HTTP service to allow high strength ciphers by default to provide you with more secured iMonitor experience.
Issue: nds-cluster-config utility is moving the eDirectory configuration files to a shared location instead of the default directory (/etc/opt/novell/eDirectory/conf) resulting in an unstable eDirectory cluster configuration.
Workaround: Manually copy the configuration files to the default and to the all other directories where the configuration files are required to run the eDirectory cluster configuration successfully. To move the configuration files, perform the following steps:
Manually delete the /etc/opt/novell/eDirectory/conf directory.
Create the /etc/opt/novell/eDirectory/conf directory and copy the nds.conf file from the shared location and move to /etc/opt/novell/eDirectory/conf/ directory.
Change the value of parameter n4u.server.configdir to /etc/opt/novell/eDirectory/conf in the /etc/opt/novell/eDirectory/conf/nds.conf file.
Replace the content of /etc/opt/novell/eDirectory/conf/.eDir/instance.0 with eDir conf file path ie. /etc/opt/novell/eDirectory/conf/nds.conf.
(Conditional) On SLES 12 and later, perform the following steps:
Navigate to /usr/lib/systemd/system and search for the ndsdtmpl-database-conf-nds.conf file in the directory.
Move the service from ndsdtmpl-database-conf-nds.conf to ndsdtmpl-etc-opt-novell-eDirectory-conf-nds.conf.
In this command, database is the name of your shared folder.
Start eDirectory by using ndsmanage.
NOTE:You must follow the above steps to move the configuration files to the default path after executing the nds-cluster-config command on the second node as well.
Issue: eDirectory crashes after upgrading to the latest version using the 2836 SAML NMAS methods. This occurs due to the unloading of the older method by the NMAS server to load the new method.
Workaround: A new configuration option is provided with the new SAML NMAS method (2837) which allows the latest version of the nmasisnt utility to load the new method only after restarting the eDirectory server.
Issue: The Modify Account, Modify Role and Create Role events are not fully functional in this release. If these three events are enabled, Modify Data Item Attribute event is not thrown for XDAS auditing.
Workaround: You must disable the Modify Account, Modify Role and Create Role events to audit the generic Add Value and Delete Value events. You can also interpret the data from the Modify Data Item Attribute event for the Modify Account, Modify Role and Create Role events.
The eDirectory documentation has been revamped. Content from NMAS Administration Guide, Password Management Guide, and Certificate Server Guide is now part of the eDirectory Administration Guide. Use the following links to access these chapters in the eDirectory Administration Guide:
For iManager information, refer to the iManager online documentation.
The NICI Administration Guide is included in the eDirectory documentation page.
For more information on eDirectory issues on Open Enterprise Server (OES), see OES Readme.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2016 NetIQ Corporation, a Micro Focus company. All Rights Reserved.