NetIQ eDirectory 9.1 SP1 Release Notes

June 2018

NetIQ eDirectory 9.1 SP1 includes new features and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the eDirectory Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For a full list of all issues resolved in NetIQ eDirectory 9.x, including all patches and service packs, refer to TID 7016794, “History of Issues Resolved in NetIQ eDirectory 9.x”.

For more information about this release and for the latest release notes, see the Documentation Web site. To download this product, see the Product Upgrade Web site.

1.0 What’s New?

eDirectory 9.1 SP1 provides the following key features, and fixes in this release:

1.1 New Features

This release introduces the following new features:

Capability to Disable CRL Configuration

With this version of eDirectory, the CRL configuration can be disabled while validating the certificates. To disable the CRL configuration, you must set the environment variable NDSD_DISABLE_CRL_CONFIG to any value on the RootCA. For more information, see TID 7022461.

NOTE:If your eDirectory tree is already configured with CRL, ensure that you remove the CRL configuration objects (objectclass: ndspkiCRLConfiguration) and CRL Distribution point objects (objectclass: cRLDistributionPoint) manually before upgrading eDirectory.

1.2 Updates for Dependent Components

In this release, the supported Java version is 1.8.0_172.

1.3 Operating System Support

In addition to the platforms introduced in previous releases of eDirectory, this release adds support for the following operating system:

  • Red Hat Linux Enterprise (RHEL) 7.5

1.4 Fixed Issues

eDirectory 9.1 SP1 includes the following software fixes that resolve several previous issues:

Resolved Security Vulnerabilities

This release resolves the following security vulnerabilities:

  • CVE-2018-12461

Some of the DS Syntaxes Are Not Uniquely Mapped to LDAP Syntaxes

Issue: Some of the DS syntaxes are not uniquely mapped to LDAP syntaxes. This occurs in eDirectory 9.1 and below. (Bug 1083230)

eDirectory Memory Build Up Is Observed With OES 2018

Issue: eDirectory memory build up is observed after upgrading to OES 2018. This happens due to the server certificate which is referred in the LDAP object, is missing from the eDirectory tree. (Bug 1078170)

eDirectory Crashes When Base Class Is Empty

Issue: eDirectory crashes when base class information of an object is empty. (Bug 1084314)

eDirectory Crashes While Renewing the Server Certificates

Issue: eDirectory crashes while renewing the server certificates. (Bug 1077211)

eDirectory Disables the LDAP Secure Port After LDAP Refresh

Issue: eDirectory disables the LDAP secure port after LDAP refresh. This occurs if trusted root container is configured with the LDAP server. (Bug 1084980)

NMAS Connection Fails After Upgrading the eDirectory Server

Issue: Continuous LDAP operations which require remote NMAS login causes NMAS connection leak. This issue is found after upgrading the eDirectory server from 8.8.8.x to 9.0.3. (Bug 1064912)

eDirectory Sets the Auto CRL Issuing Frequency to Default After Restart

Issue: eDirectory sets the frequency of automatic CRL issuance to default (two weeks) after restarting the server. (Bug 1080529)

xdasauditds Module Fails to Load with the UDP Protocol for Syslog Appender

Issue: xdasauditds module is unable to load with the UDP protocol for syslog appender. (Bug 1082476)

ldapsearch Performance Is Affected When Time and Size Limits Are Used

Issue: The performance of ldapsearch is affected when time and size limits are used with the ldapsearch operation. (Bug 1086824)

eDirectory Displays Random Warning Messages in the ndsd.log On Linux

Issue: eDirectory displays random warning messages in the ndsd.log file on Linux. (Bug 1053916)

Paged Search Returns the Same Value for All Pages

Issue: Paged search returns the same value for all the pages. This happens when paged search is used on queries when no index is selected. (Bug 1071840)

XDAS and CEF Modules Cause High CPU Utilization

Issue: XDAS and CEF modules cause high CPU utilization making the eDirectory servers non-responsive. (Bug 1085431)

User Is Unable to Login to eDirectory Using the Tree Name

Issue: User is unable to login to the eDirectory server using the tree name. This happens on eDirectory version 9.0 and above. (Bug 1085605)

Uploading LDIF file Using the ICE tool Fails When Locale Is Set to Japanese

Issue: User is unable to upload LDIF files using the ICE tool when the default locale is changed to Japanese. (Bug 1085622)

1.5 Supported Upgrade Paths

To upgrade to eDirectory 9.1 SP1, you need to be on eDirectory 8.8.8.x or above. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

2.0 System Requirements

For information about prerequisites, hardware requirements, and supported operating systems, see the NetIQ eDirectory Installation Guide.

NOTE:This version of eDirectory supports Identity Manager 4.7 and later. For more information, see NetIQ Identity Manager 4.7 Service Pack 1 Release Notes.

3.0 Installing or Upgrading

To upgrade to eDirectory 9.1 SP1, you need to be on eDirectory 8.8.8.x or 9.0. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

4.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

For the list of the known issues in eDirectory 9.0, refer to the Known Issues section in the respective release notes.

4.1 eDirectory Is Unable to Validate Certificates After Recreating the Tree CA

Issue: eDirectory is unable to validate certificates after recreating the CA when eDirectory is upgraded to the latest version or installed in a custom location.

Workaround: If eDirectory installation path is anything other than C:\NetIQ\eDirectory (on Windows) and /var/opt/novell/eDirectory (on Linux), you must specify the correct CRL file path with respect to the eDirectory installation path when you recreate the TREE CA or while creating the CRL object. You must choose the Custom option in iManager plug-in while recreating the CA from the Configure Certificate Authority Wizard and specify the correct CRL file path to avoid any error.

4.2 eDirectory Crashes After Upgrading to the Latest Version

Issue: eDirectory crashes after upgrading to the latest version. This happens because, the SAML method was not upgraded after upgrading the eDirectory server.

Workaround: You must upgrade the SAML method after upgrading the eDirectory server.

4.3 eDirectory Crashes After Enabling the Log Debug Level

Issue: eDirectory crashes after enabling the log debug level. This also truncates the ndsd.log file.

Workaround: NetIQ recommends you to enable Journal event caching before enabling the log debug level.

4.4 LDAP Bind Performances Are Impacted

Issue: There is a minimal impact on the LDAP bind performances after upgrading eDirectory to 9.x without causing any functionality loss.

Workaround: There is no workaround at this moment.

4.5 ICE Bulk Load Performance Is Impacted

Issue: ICE bulk load performance is impacted when a delay in data synchronization is introduced. This happens after upgrading eDirectory from to 9.1.1.

Workaround: You should not introduce any delay in data synchronization between eDirectory servers.

5.0 Additional Documentation

5.1 iManager

For iManager information, refer to the iManager online documentation.

5.2 Novell International Cryptographic Infrastructure (NICI)

The NICI Administration Guide is included in the eDirectory documentation page.

5.3 eDirectory Issues on Open Enterprise Server (UNIX only)

For more information on eDirectory issues on Open Enterprise Server (OES), see OES Readme.

6.0 Legal Notices

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see

Copyright © 2018 NetIQ Corporation, a Micro Focus company. All Rights Reserved.