NetIQ eDirectory 9.1 SP1 includes new features and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the eDirectory Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.
For a full list of all issues resolved in NetIQ eDirectory 9.x, including all patches and service packs, refer to TID 7016794, “History of Issues Resolved in NetIQ eDirectory 9.x”.
For more information about this release and for the latest release notes, see the Documentation Web site. To download this product, see the Product Upgrade Web site.
eDirectory 9.1 SP1 provides the following key features, and fixes in this release:
This release introduces the following new features:
With this version of eDirectory, the CRL configuration can be disabled while validating the certificates. To disable the CRL configuration, you must set the environment variable NDSD_DISABLE_CRL_CONFIG to any value on the RootCA. For more information, see TID 7022461.
NOTE:If your eDirectory tree is already configured with CRL, ensure that you remove the CRL configuration objects (objectclass: ndspkiCRLConfiguration) and CRL Distribution point objects (objectclass: cRLDistributionPoint) manually before upgrading eDirectory.
In this release, the supported Java version is 1.8.0_172.
In addition to the platforms introduced in previous releases of eDirectory, this release adds support for the following operating system:
Red Hat Linux Enterprise (RHEL) 7.5
eDirectory 9.1 SP1 includes the following software fixes that resolve several previous issues:
This release resolves the following security vulnerabilities:
CVE-2018-12461
Issue: Some of the DS syntaxes are not uniquely mapped to LDAP syntaxes. This occurs in eDirectory 9.1 and below. (Bug 1083230)
Issue: eDirectory memory build up is observed after upgrading to OES 2018. This happens due to the server certificate which is referred in the LDAP object, is missing from the eDirectory tree. (Bug 1078170)
Issue: eDirectory crashes when base class information of an object is empty. (Bug 1084314)
Issue: eDirectory crashes while renewing the server certificates. (Bug 1077211)
Issue: eDirectory disables the LDAP secure port after LDAP refresh. This occurs if trusted root container is configured with the LDAP server. (Bug 1084980)
Issue: Continuous LDAP operations which require remote NMAS login causes NMAS connection leak. This issue is found after upgrading the eDirectory server from 8.8.8.x to 9.0.3. (Bug 1064912)
Issue: eDirectory sets the frequency of automatic CRL issuance to default (two weeks) after restarting the server. (Bug 1080529)
Issue: xdasauditds module is unable to load with the UDP protocol for syslog appender. (Bug 1082476)
Issue: The performance of ldapsearch is affected when time and size limits are used with the ldapsearch operation. (Bug 1086824)
Issue: eDirectory displays random warning messages in the ndsd.log file on Linux. (Bug 1053916)
Issue: Paged search returns the same value for all the pages. This happens when paged search is used on queries when no index is selected. (Bug 1071840)
Issue: XDAS and CEF modules cause high CPU utilization making the eDirectory servers non-responsive. (Bug 1085431)
Issue: User is unable to login to the eDirectory server using the tree name. This happens on eDirectory version 9.0 and above. (Bug 1085605)
Issue: User is unable to upload LDIF files using the ICE tool when the default locale is changed to Japanese. (Bug 1085622)
To upgrade to eDirectory 9.1 SP1, you need to be on eDirectory 8.8.8.x or above. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.
For information about prerequisites, hardware requirements, and supported operating systems, see the NetIQ eDirectory Installation Guide.
NOTE:This version of eDirectory supports Identity Manager 4.7 and later. For more information, see NetIQ Identity Manager 4.7 Service Pack 1 Release Notes.
To upgrade to eDirectory 9.1 SP1, you need to be on eDirectory 8.8.8.x or 9.0. For more information on upgrading eDirectory, see the NetIQ eDirectory Installation Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
For the list of the known issues in eDirectory 9.0, refer to the Known Issues section in the respective release notes.
Issue: eDirectory is unable to validate certificates after recreating the CA when eDirectory is upgraded to the latest version or installed in a custom location.
Workaround: If eDirectory installation path is anything other than C:\NetIQ\eDirectory (on Windows) and /var/opt/novell/eDirectory (on Linux), you must specify the correct CRL file path with respect to the eDirectory installation path when you recreate the TREE CA or while creating the CRL object. You must choose the Custom option in iManager plug-in while recreating the CA from the Configure Certificate Authority Wizard and specify the correct CRL file path to avoid any error.
Issue: eDirectory crashes after upgrading to the latest version. This happens because, the SAML method was not upgraded after upgrading the eDirectory server.
Workaround: You must upgrade the SAML method after upgrading the eDirectory server.
Issue: eDirectory crashes after enabling the log debug level. This also truncates the ndsd.log file.
Workaround: NetIQ recommends you to enable Journal event caching before enabling the log debug level.
Issue: There is a minimal impact on the LDAP bind performances after upgrading eDirectory to 9.x without causing any functionality loss.
Workaround: There is no workaround at this moment.
Issue: ICE bulk load performance is impacted when a delay in data synchronization is introduced. This happens after upgrading eDirectory from 8.8.8.7 to 9.1.1.
Workaround: You should not introduce any delay in data synchronization between eDirectory servers.
For iManager information, refer to the iManager online documentation.
The NICI Administration Guide is included in the eDirectory documentation page.
For more information on eDirectory issues on Open Enterprise Server (OES), see OES Readme.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2018 NetIQ Corporation, a Micro Focus company. All Rights Reserved.