New Features in Directory Server 6.0

Directory Server 6.0 includes the following new features and enhancements:

• Service manageability command-line tools. Directory Server includes new tools to facilitate command-line management of the server.

• Replication enhancements. These enhancements include: no fixed limit to the number of replication masters, the ability to prioritize replication, a global retro changelog, replicated account lockout data, fast replication restart for recovery (minutes or less), and a fast count of pending replication changes so that you can get accurate status on replication convergence.

• Security enhancements. These enhancements include: additional connection-based access control files, rejection of binds with no password, forced password change after reset, multiple directory superusers, changes to passwords using the LDAP Password Modify Extended Operation specified in RFC 3062, last login time tracking, enhanced auditing for updates performed using proxy authorization, and improved ACI processing performance.

• Enhanced password policy. The new password policy provides a grace login limit, safe password modifications, as well as two new controls, passwordPolicyRequest and passwordPolicyResponse. These controls enable LDAP clients to obtain account status information on LDAP add, delete, modrdn, compare, and search operations. The password policy can now be applied to proxy authentication to prevent client operations when an account is locked.

• New operational attribute for group membership. Entries that are members of static groups now have the operational attribute isMemberOf, which holds the DNs of the static groups to which the members belong.

• Enhancements to static group management. These enhancements include performance improvements for large, multi-valued attributes and membership testing for group entries.

• More configuration changes while the server is online. You can change the configuration of suffixes, indexes, schema, and the replication topology while the server is running.

• Attribute syntax validation on update. When syntax checking is on, all import and update operations are checked to ensure that updated attributes adhere to the syntax definitions.

• Threshold on heap memory. When the threshold is reached, Directory Server attempts to free memory from the entry caches.

• Frozen mode for database backup. You can stop database updates on disk so that a file system snapshot can be taken safely

• Log management improvements. This version of Directory Server brings improvements to time-based log rotation, rotate now functionality for access, error, and audit logs, and configurable permissions for log files. It also provides more flexible logging of users involved in proxy authorization.

• Fine-grained all IDs threshold configuration. You can configure the all IDs threshold individually for each index, saving you disk space.

• Plug-in call ordering. For further information, see Ordering Plug-In Calls in Sun Java System Directory Server Enterprise Edition 6.0 Developer’s Guide.

• SNMP monitoring support. Directory Server now supports the Mail and Directory Management Information Base (MADMAN MIB) for use with Simple Network Management Protocol (SNMP) monitoring agents as described in RFC 2605.

• Monitoring using the Sun Java Enterprise System Monitoring Console. Directory Server supports the use of the Monitoring Console to view monitored data and to produce threshold alarms.

• LDAP utilities and character sets for passwords. The LDAP command-line utilities now convert passwords entered on the command line to UTF8 by default.

  In LDAP, userPassword values are binary. The server therefore sees a password as a string of bytes, which is often not the way that the user sees a password. By converting passwords that a user enters to UTF8, the utilities make it possible for passwords entered on one system to be entered on another system.

• More LDAP controls and extended operations. Directory Server now supports additional LDAP controls and extended operations.

  For a complete list of LDAP controls, see the controls(5dsconf) man page.

  For a complete list of extended operations, see the extended-operations(5dsconf) man page.