Release Summary › New and Changed Features › New and Changed Features in SP7

New and Changed Features in SP7

Configure Your Query Log

The set query-log-advanced command has been created, to help you configure your query log.

Using this command, you can make the query log include the following information:

• Whether each request was sent over SSL.
• The source of each request
• Any LDAP controls known/supported by the DSA.
• The LDAP error name and number in an error response.
• The time taken for each update to successfully complete.
• The attributes requested on each search, instead of the count of attributes being returned. This option performs the same function as the set query-log-show-eis command.

More information:

set query-log-advanced—Set Advanced Logging Options

set query-log-show-eis Command—Show or Hide eis Information in Query log

Listen on All Returned DNS Addresses

CA Directory has been enhanced to listen on all returned DNS addresses. This ensures correct fail-over even if some of the returned addresses are not valid.

CA Directory queries the DNS for a particular logical address (hostname). If more than one physical address is returned, all are retained.

In case the first address is not valid, the DSA will failover to the second, etc. Previously, only the first address would be accepted.

Note that the returned addresses are still screened according to preference. That is, if IPv4 is preferred, only IPv4 addresses will be accepted;

If IPv6 is preferred, only IPv6 addresses will be accepted; if no preference is stated, we will accept all the IPv6 addresses followed by all the IPv4 addresses.

Preference is expressed by using the prefixes tcp, ip, ipv6, ipv4. All except for ipv4 and ipv6 prefer IPv6 followed by IPv4.

The prefix ipv6 specifies only IPv6 addresses and ipv4 specifies only IPv4 addresses.

User Passwords Replicated as Hashed Passwords

Attribute values for userPassword are now replicated as hashed passwords rather than in cleartext, assuring that the stored values of master and replica DSAs are exactly the same even when using salted hashes.

Alarm Log Now Reports Datastore Usage at Startup

An ALARM has been added to the alarm log at startup reporting on datastore size, used bytes, and reclaimable bytes.

Server Side Sorting Works with Router DSAs

Server Side Sorting (RFC 2891) has been enhanced to work via Router DSAs.

Size Limits for Simple Paged Results

Size limits for Simple Paged Results LDAP control searches are now applied to the page rather than to the complete result set.

UNIX Installation Defaults to 64-bit

The UNIX install will default to the 64-bit CA Directory when both 32-bit and 64-bit versions are available in the install package.

Deprecated Command: clear schema

The clear schema command is now deprecated.

You can now add new schema at any time with the init command. If you change schema, such as ldap-names, restart the DSA for the changes to take effect.

If you change the syntax of attribute types, you need to dump and reload. This has not changed.

New Command: set interrupt-searches

The new command set interrupt-searches = true allows searches to be abandoned and prevents long searches blocking updates.

This new command must be used in conjunction with the set dxgrid-queue = true command.

More information:

set interrupt-searches Command—Interrupt a Search to Allow an Update to Proceed

set dxgrid-queue Command—Add a Queue in Front of Data Store

Certifications

CA Directory is now certified on the following:

• Windows 7 SP1 64-bit
• Windows 2008 R2 SP1 64-bit
• RHEL 6.0 64-bit
• RHEL 6.1 64-bit

Note: For more information see Operating System Support.