NetIQ eDirectory 9.1 Release Notes

February 2018

NetIQ eDirectory 9.1 includes new features and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the eDirectory Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For a full list of all issues resolved in NetIQ eDirectory 9.x, including all patches and service packs, refer to TID 7016794, “History of Issues Resolved in NetIQ eDirectory 9.x”.

For more information about this release and for the latest release notes, see the Documentation Web site. To download this product, see the Product Upgrade Web site.

1.0 What’s New?

eDirectory 9.1 provides the following key features, enhancements, and fixes in this release:

1.1 New Features

This release introduces the following new features:

Support for Auditing with CEF

This release introduces Common Event Format (CEF), a standard event format to facilitate the merging and analysis of audit information from multiple components at the distributed system level. The CEF format uses the Syslog message format as a transport mechanism. CEF is an extensible text-based format that is designed to support multiple device types such as on-premise devices and cloud-based services. For more information, see Auditing with CEF in the eDirectory Administration Guide.

New Installer for Windows

eDirectory introduces a new installer for Windows to simplify and improve its install and upgrade processes. Using the new installer, eDirectory installation becomes much faster compared to its previous versions. For more information, see Installing or Upgrading NetIQ eDirectory on Windows in the eDirectory Installation Guide.

Support for LDAP Extended DN Control

This version of eDirectory provides LDAP Extended DN Control which is used with an extended LDAP search to request an extended form of object Distinguished Name. The extended form includes a string representation of Object GUID along with Distinguished Name of the object. For more information, see LDAP Extended DN Control in the eDirectory Administration Guide.

1.2 Enhancements

This release introduces the following enhancements:

Support for Certificates with 8192-bit RSA Keys

Using this version of eDirectory, you can create CA or server certificates with 8192-bit RSA encryption. Ensure that you are using eDirectory 9.1, iManager 3.1 and eDirectory 9.1 PKI Plug-in before configuring a server certificate with 8192-bit RSA public key. For more information, see Using 8192 Bit RSA Keys in Certificates in the eDirectory Administration Guide.

Support for Customizing Default Certificate Generation

This version of eDirectory provides three new options for configuring the CA or server certificates while configuring a new eDirectory server. Using these options, you can set the RSA key size, EC Curve limit and the certificate life for your certificates. For more information, see Creating an Organizational Certificate Authority Object in the eDirectory Administration Guide.

Performance Improvement for Indexing

This version of eDirectory provides the support for prefixing the Ancestor ID with the list of attributes passed while creating a new index. For more information, see Using LDAP Tools on Linux in the eDirectory Administration Guide.

1.3 Updates for Dependent Components

This release adds support for the following dependent components:

  • OpenSSL 1.0.2n

  • NICI 3.1

1.4 Fixed Issues

eDirectory 9.1 includes the following software fixes that resolve several previous issues:

Resolved Security Vulnerabilities

This version of eDirectory resolves security vulnerability CVE-2018-1346.

Roles Object Displays Inconsistent Values After Moving an User Object to a Partitioned Container

Issue: Roles object displays inconsistent values for the Equivalent To Me attribute after moving an user object to a partitioned container.

Fix: This issue is fixed. eDirectory does not display any inconsistent value after moving an user object. (Bug 1062097)

eDirectory Crashes After Upgrading to 9.0 SP4

Issue: eDirectory crashes after upgrading the servers to 9.0 SP4. This happens because the NMAS server tries to load all the methods irrespective of the platform on which eDirectory is installed.

Fix: This issue is fixed. eDirectory loads only the platform specific NMAS methods while logging into the server. (Bug 1064255)

Compound Index Does Not Work After Running ndsrepair

Fix: This issue is fixed. Compound indexes work after running the ndsrepair command.(Bug 1063996)

Administrator Is Unable to Set the Universal Password In Certain Scenarios

Issue: The administrator is unable to set the universal password when Required Unique Passwords and Password History options are enabled.

Fix: This issue is fixed. eDirectory now allows the administrator is set universal password for a user object. (Bug 1048966)

eDirectory Crashes While Searching With Paged Result Control

Issue: eDirectory crashes while Searching With Paged Result Control and complex filters.

Fix: This issue is fixed. (Bug 1044264)

eDirectory Crashes While Upgrading on Windows

Issue: eDirectory crashes while upgrading on Windows.

Fix: This issue is fixed. (Bug 1069516)

eDirectory Displays an Error Message While Trying to Sync Groups

Issue: eDirectory displays an error message while trying to sync groups which are having multiple attributes with high number of values and large values.

Fix: This issue is fixed. (Bug 901663)

eDirectory Fails to Remove ntls.conf file while upgrading to the latest version

Issue: eDirectory fails to remove ntls.conf file from /etc/ld.so.conf.d while upgrading to the latest version. Due to this, other system applications fail.

Fix: This issue is fixed and eDirectory now removes the ntls.conf file successfully. (Bug 1054152)

eDirectory Displays an Error Message While Rebuilding Corrupt Databases

Issue: eDirectory displays an error message while rebuilding the corrupt databases using the ndsrepair utility.

Fix: eDirectory now rebuilds corrupt databases using the ndsrepair utility. (Bug 733350)

1.5 Supported Upgrade Paths

To upgrade to eDirectory 9.1, you need to be on eDirectory 8.8.8.x or above. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

2.0 System Requirements

For information about prerequisites, hardware requirements, and supported operating systems, see the NetIQ eDirectory Installation Guide.

NOTE:This version of eDirectory supports Identity Manager 4.7. For more information, see NetIQ Identity Manager 4.7 Release Notes.

3.0 Installing or Upgrading

To upgrade to eDirectory 9.1, you need to be on eDirectory 8.8.8.x or 9.0.x. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

Table 1 Files Available for eDirectory 9.0

Filename

Description

eDirectory_910_Linux_x86_64.tar.gz

Contains the eDirectory tar file for Linux platforms.

eDirectory_910_Windows_x86_64.exe

Contains the eDirectory executable file for Windows platforms.

eDir_IMANPlugins.npm

Contains the iManager plug-in npm.

Install the NPM as directed in the NetIQ iManager Installation Guide.

4.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

For the list of the known issues in eDirectory 9.0, refer to the Known Issues section in the respective release notes.

4.1 Windows Restarts Automatically When eDirectory Is Installed On a Server Which Has Microsoft SharePoint Installed

Issue: Windows restarts automatically when eDirectory 9.1 is installed on a server which has Microsoft SharePoint installed.

Workaround: You must install VC++ 2017 Redistributable package for your Windows before installing eDirectory.

5.0 Additional Documentation

5.1 iManager

For iManager information, refer to the iManager online documentation.

5.2 Novell International Cryptographic Infrastructure (NICI)

The NICI Administration Guide is included in the eDirectory documentation page.

6.0 Legal Notices

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2018 NetIQ Corporation, a Micro Focus company. All Rights Reserved.