New and Changed Features in SP10

Release Summary › New and Changed Features › New and Changed Features in SP10

New and Changed Features in SP10

Changes to View Phase Filters

The maximum size of an expanded view phase filter is now configurable and the default size has been increased to 32KB.

The new command sets the maximum size (in KB) that a view phase filter can expand to, when substituting values from previous phases:

set max-view-filter = size;

Disable LDAP Controls

It is now possible to disable individual LDAP controls. The following command will prevent controls from being recognized:

set excluded-controls = [tree-delete] [,] [virtual-list-view];

In CA Directory r12 SP10 CR1, this command has been extended to the following:

set excluded-controls = [tree-delete] [,] [virtual-list-view] [,] [simple-paged-results];

Importing NTLM and LM Hashes

CA Directory now allows importing NTLM or LM hashes from Microsoft Active Directory.

Improved Handling of Inconsistent auth-levels

Improvements have been made to how CA Directory handles the configuration problem that allows a user to bind and perform an update at an authentication level (min-auth) that isn't included in the knowledge 'auth-levels' of multi-write peer DSAs. This scenario would cause the DSA to produce an assertion failure and crash.

The knowledge 'auth-levels' and link upgrading/downgrading are now validated to ensure consistency across CA Directory multi-write peers. An alarm will be produced if an inconsistency is detected.
If an update is performed by a user at an authentication level that is not supported by the current DSAs knowledge 'auth-levels', then an alarm is produced and the update isn't replicated.

To avoid this situation the 'set min-auth/authentication' setting will be deprecated in future releases. This will be derived from the knowledge 'auth-levels'.

Any DSAs that are controlled by DXmanager are not affected by these changes.

Multiple Password Policies for Each DSA

It is now possible to set up multiple password policies for a DSA, using the following command:

set target-password-policy = policy-name, precedence;

More information:

set target-password-policy Command—Create Multiple Password Policies

New Command for Protecting Items from admin-users

The following new command protects items from admin-users:

set admin-protected-items = { users target ... };

The new command is similar to the set protected-items command, but it protects items with a precedence greater than that of admin users. This command can therefore be used to protect items from admin-users. It does not protect items from super-users.

Horizontal Partitioning Now Supports Renames

Entries can now be renamed from one horizontal partition to another provided the number of entries subordinate to the target entry is less than the rename threshold established with

set rename-threshold = number-of-entries;

The default rename-threshold is 10.

TCP Addresses

When using the 'tcp' address prefix, the DSA now collects all the matching IPv6 addresses followed by all the matching IPv4 addresses. This now allows clients to connect with a matching IPv4 address without having to modify the knowledge file.

Certifications

CA Directory is now certified on the following platforms:

Solaris 11 x86
CentOS 6.2 64-bit
CentOS 6.1 64-bit
RedHat EL 6.2

For a list of allsupported operation systems, see Operating System Support.