These release notes contain important information about Version 5.0 release of iPlanet Directory Access Router (iDAR). New features and enhancements, installation notes, known problems, and other late-breaking issues are addressed here. Read this document before you begin installing and using iDAR.
These release notes contain the following sections:
This release of iDAR includes the following changes (when compared to iDAR, version 2.1):
The complete set of iDAR documentation for this release includes the following:
The release notes contain information on new features of this release, software/hardware requirements for installing the product, important notes and known bugs, last-minute product information, and how to send feedback.
This document describes how to plan for and install iDAR. Read this document next, after you've read these release notes. Both HTML and PDF versions of this document are provided.
This document provides detailed information on configuring and maintaining iDAR. Both HTML and PDF versions of this document are provided.
After you run the setup script as described in the installation instructions, check this file for a list of documentation installed with the product: <server-root>/manual/en/idar/index.htm, where <server-root> is your iDAR installation directory. For the release notes, check this directory: <server-root>/bin/idar.
For the latest information about iDAR, including current release notes, technical notes, and deployment information, check this web site: http://docs.iplanet.com/docs/manuals/dar.html
This section contains important notes about the following:
If you have an existing installation of iDAR 2.1, a tool has been provided to assist in the conversion of iDAR 2.1 configuration into one recognized by iDAR 5.0's console-based configuration. Using the configuration tool, you can import existing iDAR 2.1 configuration objects from an LDIF file into an instance of iPlanet Directory Server functioning as the configuration directory. This tool is useful for porting existing iDAR installations to this version of iDAR 5.0, which uses the iPlanet Console.
You can find the configuration tool in the following directory:
<server-root>/bin/idar/admin/script
Note that configuration objects are expected to appear in a known location in the directory (currently ou=dar-config, o=netscaperoot) and conform to a predefined structure. The tool is invoked as follows:
ImportConfigurationLdif <options> ldif
where, ldif is a required directive indicating where the tool is to find the LDIF file containing iDAR configuration objects and options can be substituted with the following:
For example, the following command imports objects from the specified LDIF file, sample.ldif:
ImportConfigurationLdif -D uid=admin,ou=Administrators,ou=TopologyManagement,
o=netscaperoot -w admin sample.ldif
Chapter 5, "Configuring System Parameters" and Chapter 12, "Configuring Security" of the iDAR Administrator's Guide document how to set up iDAR for SSL-enabled communication. Here are a few additional notes that you should take into consideration when setting up iDAR for SSL-enabled communication:
On iPlanet Directory Server (versions 4.11 and later), use the Certificate Setup Wizard, which can be launched from within the console, to import any necessary CA certificates. You might also have to make the appropriate changes to the certmap.conf file. For more information on setting up the Directory Server, check the Directory Server documentation at: http://docs.iplanet.com/docs/manuals/directory.html
In iDAR, the file <server-root>/idar-<hostname>/etc/rootcerts.pem contains a list of root certificates in the PEM format. This list includes most of the common root CA certificates, but certificates such as "Thawte TEST CA" will have to be added as needed.
Note that there can be up to three certificate paths involved, each with potentially different root certificates:
On platforms other than Windows NT, iDAR cannot generate core files if the attribute ids-proxy-con-userid in the ids-proxy-sch-GlobalConfiguration object class is set to something other than the user that started the iDAR process. If you want iDAR to generate a core file in case it fails unexpectedly, set the above mentioned attribute to the same user that starts the iDAR process.
A utility has been provided that allows you to retrieve iDAR's configuration from a directory and store it in a file in the LDIF format. This file can then be sent to product support for help with configuration problems or you can tell iDAR to use this file to configure itself on startup. (Check the iDAR Administrator's Guide for information related to the tailor.txt file.)
You can find the utility in the following directory:
<server-root>/bin/idar/server/scripts/
The utility takes the following options. Both options are required.
For example, the following command will read the tailor.txt file, retrieve the configuration from the location specified in the tailor.txt file, and save the configuration in the tailor.ldif file. (This example assumes the current working directory is an iDAR instance directory and the iDARPrintConfig command's location is in the environment's "PATH".)
iDARPrintConfig -t tailor.txt -o tailor.ldif
Note that the command does not actually print anything. It downloads the configuration for further consideration.
This section lists known problems and provides workarounds for some of the problems that you may encounter with the product. Numbers enclosed within square brackets, for example, [548588], are bug numbers. Bug numbers are useful when discussing issues with Technical Support or Professional Services.
The iDAR uninstallation must not be done simultaneously with the removal of its corresponding Administration Server. The reason for this is that when everything is being removed, the uninstall program stops the Administration Server and removes its service manager entry prior to iDAR's uninstall routines being given the opportunity to remove its configuration. Because iDAR depends on the Administration Server to carry out an uninstallation task, the Administration Sever should be up and functioning when iDAR is being uninstalled. If iDAR is uninstalled simultaneously with the Administration Server, it will leave its configuration subordinate to ou=dar-config, o=NetscapeRoot in the configuration repository untouched. This could cause undesired behavior with iDAR, should you reinstall iDAR on the same host and use the same configuration repository subsequently as it could see residual "belongs to" entries.
Manual remedy should you not heed this advice: find all entries subordinate to ou=dar-config, o=NetscapeRoot whose ids-proxy-sch-belongs-to matches the host in question and remove the attribute. Note that the entry may be removed only if the entry no longer possesses any value for the ids-proxy-sch-belongs-to attribute.
This section contains the list of bugs that have been resolved in this release of iDAR:
Bug Number
Description
certreq invoked with no option returns with file open errors
Windows configuration tool only supports default install path
If you have problems with iPlanet Directory Access Router, contact iPlanet customer support using one of the following mechanisms:
From this location, the CaseTracker and CaseView tools are available for logging problems; these tools are available to customers with appropriate maintenance contracts.
So that we can best assist you in resolving problems, please have the following information available when you contact support:
You may also find it useful to subscribe to the following interest group, where iPlanet Directory Server topics are discussed:
snews://secnews.netscape.com/netscape.dev.directory
Useful iPlanet information can be found at the following Internet locations:
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Java, iPlanet, and all Sun, Java, and iPlanet based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the U.S. and other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape Communications Corporation, which may be registered in other countries.
Last Updated July 23, 2001