NetIQ eDirectory 9.2 Service Pack 7 Release Notes

September 2022

NetIQ eDirectory 9.2 SP7 resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the eDirectory Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For a full list of all issues resolved in NetIQ eDirectory 9.x, including all patches and service packs, refer to KM000010604.

For more information about this release and for the latest release notes, see the Documentation Web site. To download this product, see the Product Upgrade Web site.

1.0 What’s New?

eDirectory 9.2 SP7 provides the following key features, enhancements, and fixes in this release:

1.1 Password Policy Enforcement

The password settings of a user can be changed, but as soon as the user logs in, these settings are overwritten by the password policy. This does not only effect password expiration but also PasswordExpirationInterval (Force periodic password changes), Allow user to change password, Require unique passwords. This has the effect that all settings in that regard that were done on user level without assigning a policy are now overwritten by the policy.

For more information about the changes in functionality, see Authentication parameter in the Universal Password Configuration Options section.

1.2 Support for NICI

This release of eDirectory contains NICI, which adds support for OpenSSL 1.0.2zf.

1.3 New Features

eDirectory 9.2 SP7 adds support for (High Valued Attribute) HVAConfig attribute. With the current release (9.2.7) the attributes will be configurable. The deployment process is simple and time efficient. For more information on HVAConfig attribute, see High-Valued Attributes in the NetIQ eDirectory Administration Guide.

1.4 Updates for Dependent Components

This release adds support for the following third-party components:

  • OpenSSL - 1.0.2 zf

  • OpenSUSE Leap 15.3

  • CJSON - 1.7.15

  • Net-SNMP - 5.9.1

  • Xerces - 3.2.3

  • Boost C++ - 1.79

  • ZLib - 1.2.12

  • Log4cxx - 0.13.0

  • ICU - 71.1

1.5 Operating System Support

In addition to the platforms supported in previous releases of eDirectory, this release adds support for the following operating system:

  • Red Hat Enterprise Linux (RHEL) 8.6 and 9.0

  • SUSE Linux Enterprise Server - SLES15 SP4

  • OpenSUSE Leap 15.3 (in docker)

1.6 What’s Deprecated for Removal?

We will be deprecating support for Encrypted Replication in eDirectory 9.2.7. Enable Enhance Background Authentication (EBA) on servers to use an encrypted channel for data transfer.

1.7 What will be deprecated?

We will be deprecating support for SecretStore with our next eDirectory release. There will be no support provided once deprecated.

1.8 Fixed Issues

eDirectory 9.2 SP7 includes the following software fixes that resolve several previous issues:

The PasswordExpirationTime attribute is not added to the user, at login if the Verify whether existing passwords comply with the password policy (verification occurs on login) setting in password policy is set to false.

Fix: Password compliance check has been modified in this release so that the passwordExpirationTime is added even if the setting is false. (Defect 235437).

iMon should be able to release inhibit_move obituaries on objects that have also been deleted

Fix: If an object lands in a state where it has both inhibit_move obituary and either dead or move obituaries then the inhibit move obituary will not progress. This issue is fixed by running the Local Database repair or Single Object repair. (Defect - 236102)

Crash in Flaim's FSGetDomain on a server with heavy LDAP load

Fix: eDirectory crashes while performing bulk / loaded LDAP operations. The eDirectory has been upgraded to read the FSGetDomain properly before accessing. (Defect 297185)

eDirectory 9.2.5 installation and configuration requires new group “eDirAdmin” which breaks customer security rules on multi tree installation

Fix: The application has been updated to provide the flexibility in usage of group facility. The user can input the desired name and is optional. (Defect 501228)

CEF audit events in the CEF-S-cache.log after a blank line aren't processed

Fix: During CEF caching, when events are being sent from CEF-S-cache.log, if a blank line is encountered then the events following it are not sent causing auditing issues. (Defect 434110)

DCS shim crash, crash identified in core stack 3 in the libsal library

Fix: IDM's remote loader was crashing when it was being shutdown. The application or service crash observed during shutdown will not be observed with the libsal library upgrade. (Defect - 502101)

eDir is crashing when Common Event Format (CEF) auditing is ON on the server where UserApp is installed.

Fix: While the CEF auditing is ON, the eDirectory started crashing. The application has been updated to ensure no crash occurs even with large filters. (Defect 508030)

eDir9.2.6 ndsbackup not working with many users

Fix: eDirectory crashes while performing ndsbackup many users operations. This occurs while the admin account is unable to restore users and unable to run ndsbackup. To mitigate this issue, eDirectory has been upgraded to latest tsands library. (Defect 523029).

2.0 System Requirements

For information about prerequisites, hardware requirements, and supported operating systems, see the NetIQ eDirectory Installation Guide.

NOTE:The support for eDirectory has been stopped on the below platforms with this release:

  • Red Hat Enterprise Linux (RHEL) 7.8

  • SUSE Linux Enterprise Server - SLES12SP4

3.0 Installing or Upgrading

To upgrade to eDirectory 9.2 SP7, you need to be on eDirectory 8.8.8.x or 9.x. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.

NOTE:This version of eDirectory is supported by Identity Manager 4.8.6 only. You must upgrade your Identity Manager before using this version of eDirectory.

4.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in the NetIQ eDirectory 9.2 SP7 Release Notes. If you need further assistance with any issue, please contact Technical Support.

5.0 Additional Documentation

5.1 iManager

For iManager information, refer to the iManager online documentation.

5.2 Identity Console

For Identity Console information, refer to identityConsole online Documentation

5.3 Novell International Cryptographic Infrastructure (NICI)

The NICI Administration Guide is included in the eDirectory documentation page.

5.4 eDirectory Issues on Open Enterprise Server

For more information on eDirectory issues on Open Enterprise Server (OES), see OES Readme.