Copyright © 2008 Red Hat, Inc.
Copyright © 2008 Red Hat, Inc.. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later with the restrictions noted below (the latest version of the OPL is presently available at http://www.opencontent.org/openpub/).
Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder.
Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries.
All other trademarks referenced herein are the property of their respective owners.
The GPG fingerprint of the security@redhat.com key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
1801 Varsity Drive
Raleigh, NC 27606-2072USAPhone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588Research Triangle Park, NC 27709USA
Updated: October 29, 2008
These Release Notes contain important information available at the time of the release of Red Hat Directory Server 8.0. New features, system requirements, installation notes, known problems, resources, and other current issues are addressed here. Read this document before beginning to use Directory Server 8.0.
Directory Server 8.0 includes several new features for enhanced authentication and password security, changed platform support, and support for IPv6 clients. Directory Server 8.0 also introduces a new, standards-based filesystem architecture.
Directory Server 8.0 components have been split into multiple, separate components. Rather than being installed into a single installation directory, Directory Server follows the Filesystem Hierarchy Standard (FHS), which distributes the libraries and files. This new FHS layout more closely integrates Directory Server with its base operating system and leverages existing platform components, such as the Apache web server. The FHS layout will also minimize the overhead of creating and deploying patches and updates.
The existing SHA support in Directory Server has been extended to support for SHA-256, SHA-384, SHA-512, and MD5 algorithms. These algorithms are used for hashed password storage to offset any potential insecurities in the existing SHA-1 hashing algorithm.
Directory Server 8.0 extends and strengthens its support for SASL authentication using the GSS-API to a Kerberos domain. Additional SASL tools have been added to the Mozilla LDAP C SDK.
Password syntax checking enforces rules for password strings, so that any password has to meet or exceed certain criteria. Directory Server 8.0 adds password syntax checking to better enforce its password policies. All password syntax checking can be applied globally, per subtree, or per user.
In changes to the default password policies, the default minimum password length in Directory Server 8.0 has been set to eight characters, and checks for trivial words has been improved. A trivial word is any value stored in the uid, cn, sn, givenName, ou, or mail attributes of the user's entry. Additionally, Directory Server 8.0 includes more password enforcement options, providing different optional categories for the password syntax:
Minimum number of digit characters (0-9)
Minimum number of ASCII alphabetic characters, both upper- and lower-case
Minimum number of uppercase ASCII alphabetic characters
Minimum number of lowercase ASCII alphabetic characters
Minimum number of special ASCII characters, such as !@#$
Minimum number of 8-bit characters
Maximum number of times that the same character can be immediately repeated, such as aaabbb
Minimum number of character categories required per password; a category can be upper- or lower-case letters, special characters, digits, or 8-bit characters
Directory Server 8.0 accepts incoming connections from IPv6 clients. Additionally, IPv6 support has been added to the LDAP SDK, so many command-line tools and scripts included with Directory Server 8.0 can understand and use IPv6 addresses.
Directory Server will not interpret IPv6 addresses in access control instructions or use IPv6 connections for operations such as replication and chaining.
Directory Server 8.0 is supported on the following platforms:
HP-UX 11i Itanium/IPF
Red Hat Enterprise Linux 4 i386 (32-bit)
Red Hat Enterprise Linux 4 x86_64 (64-bit)
Red Hat Enterprise Linux 5 i386 (32-bit)
Red Hat Enterprise Linux 5 x86_64 (64-bit)
Red Hat Directory Server 8.0 is supported running on a virtual guest on Red Hat Enterprise Linux 5 Virtualization Server.
Sun Solaris 9 (SPARC v9, 64-bit)