Release Summary › New and Changed Features › New and Changed Features in SP10

New and Changed Features in SP10

Changes to View Phase Filters

The maximum size of an expanded view phase filter is now configurable and the default size has been increased to 32KB.

The new command sets the maximum size (in KB) that a view phase filter can expand to, when substituting values from previous phases:

set max-view-filter = size;

Disable LDAP Controls

It is now possible to disable individual LDAP controls. The following command will prevent controls from being recognized:

set excluded-controls = [tree-delete] [,] [virtual-list-view];

Importing NTLM and LM Hashes

CA Directory now allows importing NTLM or LM hashes from Microsoft Active Directory.

Improved Handling of Inconsistent auth-levels

Improvements have been made to how CA Directory handles the configuration problem that allows a user to bind and perform an update at an authentication level (min-auth) that isn't included in the knowledge 'auth-levels' of multi-write peer DSAs. This scenario would cause the DSA to produce an assertion failure and crash.

• The knowledge 'auth-levels' and link upgrading/downgrading are now validated to ensure consistency across CA Directory multi-write peers. An alarm will be produced if an inconsistency is detected.
• If an update is performed by a user at an authentication level that is not supported by the current DSAs knowledge 'auth-levels', then an alarm is produced and the update isn't replicated.

To avoid this situation the 'set min-auth/authentication' setting will be deprecated in future releases. This will be derived from the knowledge 'auth-levels'.

Any DSAs that are controlled by DXmanager are not affected by these changes.

Multiple Password Policies for Each DSA

It is now possible to set up multiple password policies. The default password policy is called Default. Without special action, password policy configuration commands apply to the default password policy. Therefore, CA Directory r12 SP10 can read the configuration of previous versions of DXgrid and behave in the expected manner.

To create other password policies we need the following command :

set target-password-policy = <string>, <precedence>;

This command establishes a new password policy called <string>. (<precedence>, a positive integer, is currently ignored.) This new password policy when created inherits the default password policy. However, further password policy commands will modify this password policy and not the default password policy.

An exception to this rule is that the following commands apply to all password policies.

set password-force-change = true;
set password-allow-locking = true;
set password-allow-ignore-expired = true;
set password-allow-ignore-suspended = true;

New Command for Protecting Items from admin-users

The following new command protects items from admin-users:

set admin-protected-items = { users target ... };

The new command is similar to the set protected-items command, but it protects items with a precedence greater than that of admin users. This command can therefore be used to protect items from admin-users. It does not protect items from super-users.

Horizontal Partitioning Now Supports Renames

Entries can now be renamed from one horizontal partition to another provided the number of entries subordinate to the target entry is less than the rename threshold established with

set rename-threshold = number-of-entries;

The default rename-threshold is 10.

TCP Addresses

When using the 'tcp' address prefix, the DSA now collects all the matching IPv6 addresses followed by all the matching IPv4 addresses. This now allows clients to connect with a matching IPv4 address without having to modify the knowledge file.

Certifications

CA Directory is now certified on the following platforms:

• Solaris 11 x86
• CentOS 6.2 64-bit
• CentOS 6.1 64-bit
• RedHat EL 6.2

For a list of allsupported operation systems, see Operating System Support.