The 389 team is pleased to announce that the 389 Directory Server
version 1.2.3 is available for testing. The packages are available from
the testing repositories, not the official release repositories yet. We
are seeking feedback. The two new packages available for testing are:
Instructions for installing these from the testing repositories:
yum install --enablerepo=updates-testing 389-ds # Fedora new install
yum upgrade --enablerepo=updates-testing 389-ds-base 389-admin
389-console # Fedora upgrade
yum install --enablerepo=dirsrv-testing --enablerepo=idmcommon-testing
389-ds # new install
yum upgrade --enablerepo=dirsrv-testing --enablerepo=idmcommon-testing
389-ds-base 389-admin 389-console # upgrade
See http://directory.fedoraproject.org/wiki/Download for more
information about setting up yum access.
Release Notes: http://directory.fedoraproject.org/wiki/Release_Notes
Install Guide: http://directory.fedoraproject.org/wiki/Install_Guide
=== Notes ===
NOTE: If using the FC6 (EL5) packages, _you must update your yum repo
files_ - the URLs have changed. See
http://directory.fedoraproject.org/wiki/Download for more information.
NOTE: Fedora versions below 10 are no longer supported. If you are
running Fedora 9 or earlier, you should upgrade.
NOTE: This release is branded as '''389'''. All of the RPMs have been
marked as obsoleting their Fedora DS counterparts. When upgrading via
yum, you must use yum '''upgrade''' (not update) so that the obsoletes
will be processed.
NOTE: If you are using the console, after installing the updates, you
must run '''setup-ds-admin.pl -u''' to refresh your console and admin
server configuration with the new version information. 1.2.3 fixes some
bugs related to update - it will remove old Fedora servers from the
console, and will preserve TLS/SSL configuration. See the buglist below.
NOTE: '''389-console''' is the command to run the console. This
=== New features ===
* Ability to set resource limits (sizelimit, timelimit, look through
limit) specifically for anonymous connections
** This is useful when you want to have different limits for regular
users and anonymous users
** Set the attribute '''nsslapd-anonlimitsdn''' in cn=config to the DN
of the entry that you want to use as the "template" entry. This is a
dummy entry that you have to create. Then you set whatever resource
limits you want to apply to anonymous to that dummy entry, and those
limits will apply to anonymous users.
* Access based on the security strength of the connection
** There is a new ACI keyword - '''minssf''' - this allows you to set
access control based on how secure the connection is
** There is a global server setting in cn=config - '''nsslapd-minssf'''
- that allows you to reject operations based on how secure the connection is
* Ability to shut off anonymous access
** This adds a new config switch in cn=config -
'''nsslapd-allow-anonymous-access''' - that allows one to restrict all
anonymous access. When this is enabled, the connection dispatch code
will only allow BIND operations through for an unauthenticated user.
The BIND code will only allow the operation through if it's not an
anonymous or unauthenticated BIND.
=== Bugs Fixed ===
This release contains several bug fixes. The complete list of bugs
fixed is found at the link below. Note that bugs marked as MODIFIED
have been fixed but are still in testing.
* Tracking bug for 1.2.3 release -