DXmanager now supports the trust flags allow-downgrading and allow-upgrading.
DXmanager DSAs no longer abort all connections when re-initialized. This was caused by the incorrect handling of allow-downgrading which has been fixed by allowing this option to be user configurable.
The new command set windows-high-resolution-time can prevent problems in which a multiwrite-DISP DSA rejects a delete request that closely follows a modify or create request.
Previously, you could set up only one password policy for each DSA. The only way to apply different password policies was to split the users into separate subtrees, and have each subtree serviced by a separate DSA.
From CA Directory r12 SP12 onwards, you can apply multiple password policies to a single DSA, using the following:
set target-password-policy = policy-name;
DXmanager now supports wildcards in horizontal partitions.
For example:
CA Directory has expanded its support for dynamic group membership searches.
In previous releases, the only filter type supported was (member={DN}).
CA Directory r12 SP12 now supports the filter type (&(A)(B)(C)(...)(member={DN})).
For example, filters of the form (&(objectClass=groupOfNames)(member={DN}) are now accepted.
The dynamic member found in a dynamic group membership search will now be returned with the search results.
When requesting attributes to be returned via an LDAP search request, the name of attributes returned will now be identical to the attribute name requested.
This addresses an issue where specifying, for example, "commonName;binary" would ignore the ;binary option.
Note: The entry DN returned will remain unchanged.
These examples shows how cn is returned as cn and commonName is returned as commonName:
% ldapsearch -h {host} -p {port} -b "c=au" "(oc=*)" cn
dn: cn=user,ou=users,c=au
cn: user
% ldapsearch -h {host} -p {port} -b "c=au" "(oc=*)" commonName
dn: cn=user,ou=users,c=au
commonName: user
The dsp-idle-time logic has been modified to prevent failover from being triggered unnecessarily when both ends of a link time out.
The dsp-idle-time value is now only set on outbound connections to child DSAs using the timer of the local DSA.
Example: How dsp-idle-time works now
In this example, the router is configured with dsp-idle-time = 30, and the data DSA has dsp-idle-time = 60.
The timeout on the DSP link between this router and data DSA is 30 seconds, because it is defined by the sender - in this case, the router.
The user-idle-time and MW multiwrite links are not affected.
CA Directory now supports consumer-initiated DISP. This form of DISP shadowing causes a DISP update to be initiated (pulled) by a consumer DSA. This allows satellite DSAs to be configured and controlled independently of the master.
To enable consumer-initiated DISP, update the DISP agreement to replace initiator = <dsa> supplier with initiator = <dsa> comsumer.
When password policy quality rules are applied to a password update, the rules now to support the UTF-8 character set. In previous releases, these rules considered ASCII characters only.
Note: Ligatures and characters with diacritics are treated as a single character each.
The following commands have been updated:
Includes UTF-8 characters in the substring length.
Includes repetition of UTF-8 characters in the count.
Includes lowercase characters from the 0xc3 UTF-8 range.
Includes uppercase characters from the 0xc3 UTF-8 range.
Includes UTF-8 alpha characters from the 0xc3 UTF-8 range.
Includes UTF-8 alpha characters from the 0xc3 UTF-8 range.
Includes UTF-8 alpha-numeric characters from the 0xc3 UTF-8 range.
Includes UTF-8 characters in the count.
Includes UTF-8 characters in the count.
Excludes UTF-8 alpha-numeric characters from the 0xc3 range from the count.
Two new arguments have been added to DXdumpdb to allow for the selective dumping of entries by object class. A user can elect to exclude or include an arbitrary set of object classes.
If you omit parent entries, the resulting LDIF will not be loadable
All superior object classes need to be specified if included in an entry.
DXdumpdb can now take the following parameters:
Excludes the object classes from the LDIF file. Use a comma-separated list.
Includes the object classes in the LDIF file. Use a comma-separated list.
Examples
This command dumps the entire contents except any inetOrgPerson objects:
dxdumpdb -y inetOrgPerson democorp2
This command dumps only objects that contain either inetOrgPerson or organizationalUnit:
dxdumpdb -j inetOrgPerson,organizationalUnit democorp2
CA Directory is now certified on RedHat EL 6.4 64-bit.
For a full list, see Operating System Support.
|
Copyright © 2013 CA.
All rights reserved.
|
|