NetIQ eDirectory 9.1 SP2 Release Notes

December 2018

NetIQ eDirectory 9.1 SP2 resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the eDirectory Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For a full list of all issues resolved in NetIQ eDirectory 9.x, including all patches and service packs, refer to TID 7016794, “History of Issues Resolved in NetIQ eDirectory 9.x”.

For more information about this release and for the latest release notes, see the Documentation Web site. To download this product, see the Product Upgrade Web site.

1.0 What’s New?

eDirectory 9.1 SP2 provides the following enhancements, and fixes in this release:

1.1 Enhancement

Enhanced Linux Installer

With this version of eDirectory, the Linux installer has been enhanced to include all the unchanged RPMs from eDirectory 9.1.1 along with those RPMs which have changes made for eDirectory 9.1.2. While upgrading eDirectory from 9.1.1 to 9.1.2, the former will not be upgraded or re-installed. Only the new/modified RPMs from 9.1.2 will be installed/upgraded on your server.

1.2 Operating System Support

In addition to the platforms supported in previous releases of eDirectory, this release adds support for the following operating system:

  • SUSE Linux Enterprise Server (SLES) 15

    NOTE:To use the ndstrace and ldif2dib utilities on SLES 15, install the version 5 of ncurses from the SLES 15 repository.

  • Red Hat Enterprise Linux (RHEL) 6.10

1.3 Fixed Issues

eDirectory 9.1 SP2 includes the following software fixes that resolve several previous issues:

Resolved Security Vulnerabilities

This release resolves the following security vulnerabilities:

  • CVE-2018-17952: Cross site scripting vulnerability in eDirectory prior to 9.1 SP2.

  • CVE-2018-17950: Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2.

LDAP Bind Performance Is Degraded Compared to eDirectory 8.8.8

Issue: LDAP bind performance is degraded due to checks to figure out if user password needs to be re-encrypted with a newly created AES256 tree key.

Fix: With this release, automatic re-encryption of user password is removed. Password re-encryption can be done using the diagpwd utility which is bundled with this version of eDirectory. (Bug 1104045)

LDAP Search Results in High Utilization of eDirectory Server

Issue: LDAP search results in high utilization of the eDirectory server while performing search operation with dereference alias. (Bug 1097995)

eDirectory Exhausts All Ephemeral Ports when Configured with Large Number of Dynamic Groups

Issue: eDirectory exhausts all ephemeral ports when configured with large number of dynamic groups and a large number of dynamic members in each group.

Fix: A new environment variable is introduced with this version of eDirectory. You must set the environment variable NDSD_AGENT_CONTEXT_OPTIMIZATION to true to avoid this issue. (Bug 1075000)

eDirectory Installation Wizard Does Not Respond on Windows 2016 Server

Issue: eDirectory installation wizard does not respond on Windows 2016 server after starting the install.dlm from the NDSCons.exe file.(Bug 1099424)

eDirectory Crashes While Logging In Using the Enhanced Smartcard Method

Issue: eDirectory crashes during login if the license for the enhanced smartcard method has expired. (Bug 1095624)

eDirectory Crashes with the Older Version of SAML Method

Issue: eDirectory crashes due to an invalid assertion is passed to the SAML method.

Fix: Upgrade to the latest version of the SAML method. (Bug 999386)

1.4 Supported Upgrade Paths

To upgrade to eDirectory 9.1 SP2, you need to be on eDirectory 8.8.8.x or above. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

2.0 What’s Deprecated?

The following feature is deprecated in this release:

  • Enhanced Nested Group: We have deprecated support for Nested dynamic groups in 9.1.2 release. The usage of Nested dynamic groups is not a recommended solution due to the complexities of resolving member lists and the nature of dynamic groups. Nested static groups will continue to be supported.

3.0 What will be Deprecated?

The following feature will be deprecated in the upcoming eDirectory 9.2 release:

  • Auditing with XDAS: We will be deprecating support for auditing with XDAS in 9.2. We recommend you to use CEF for auditing.

4.0 System Requirements

For information about prerequisites, hardware requirements, and supported operating systems, see the NetIQ eDirectory Installation Guide.

NOTE:This version of eDirectory supports Identity Manager 4.6.x and 4.7.x.

5.0 Installing or Upgrading

To upgrade to eDirectory 9.1 SP2, you need to be on eDirectory 8.8.8.x or 9.x. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

6.0 Additional Documentation

6.1 iManager

For iManager information, refer to the iManager online documentation.

6.2 Novell International Cryptographic Infrastructure (NICI)

The NICI Administration Guide is included in the eDirectory documentation page.

6.3 eDirectory Issues on Open Enterprise Server (UNIX only)

For more information on eDirectory issues on Open Enterprise Server (OES), see OES Readme.

7.0 Legal Notices

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see

Copyright © 2018 NetIQ Corporation, a Micro Focus company. All Rights Reserved.