Novell eDirectory 8.6.1 for Solaris January 9, 2002 TABLE OF CONTENTS 1.0 Installation Notes 1.1 System Requirements 1.2 Software Requirements 1.3 Upgrading eDirectory 1.4 Using eDirectory 8.6.1 with DirXML, Novell Account Management, Novell Internet Messaging Services, and ConsoleOne 1.5 ndsconfig Utility 1.6 Uninstallation Notes 2.0 Known Problems and Limitations 2.1 LDAP Service Issues 2.2 Security Issues 2.3 Dynamic Group Issues 2.4 nmasconfig Utility 2.5 iMonitor Issues 3.0 Documentation Issues 3.1 Updated eDirectory Documentation 3.2 Viewing Documentation on the Product CD 3.3 Additional Readme Files 3.4 Additional Information 4.0 Legal Notices 4.1 Disclaimer, Patents, and Copyright 4.2 Novell Trademarks 4.3 Third-Party Trademarks 1.0 Installation Notes 1.1 System Requirements All recommended Solaris OS patches are available at the SunSolve Online Web page (http://sunsolve.sun.com). - Solaris 2.6 (with patch 105591-07 or later) - Solaris 7 (with patch 106327-06 or later for 32-bit systems) - Solaris 7 (with patch 106300-07 or later for 64-bit systems) - Solaris 8 (with patch 109461-02 and 108827-10 or later) - A minimum of 64 MB RAM (128 MB recommended) - 74 MB of disk space to install eDirectory. Additional disk space required based on data. 1.2 Software Requirements - ConsoleOne 1.3 or later 1.3 Upgrading eDirectory 1.3.1 Upgrading to eDirectory 8.6.1 Upgrading to eDirectory 8.6.1 disables the security objects, such as Tree Certificate Authority and Key Material Objects (certificates). They cannot be used anymore. To avoid this, ensure that the NICI migration utility is run prior to the upgrade. Go to support.novell.com to download this utility. 1.3.2 Upgrading an Existing eDirectory Database Running this version of Novell eDirectory on an existing NDS or NDS eDirectory database will upgrade the database format and make it unable to be read by previous versions of NDS or NDS eDirectory. The larger the database, the longer this process may take. For millions of objects, this process could take a number of hours. Using any ndstrace facility shipped with eDirectory (such as ndsiMonitor or ndstrace) will increase the speed of the process. Turn on the Storage Manager option (dstrace +RECM ) and the Change Cache option (dstrace +CHNG). The eDirectory storage manager will upgrade the database format, and then the DIB will be allowed to open. Thereafter, the synchronization process will rebuild the change cache for each replica it holds, and eDirectory will resume normal operation. 1.4 Using eDirectory 8.6.1 with DirXML, Novell Account Management, Novell Internet Messaging Services, and ConsoleOne 1.4.1 DirXML Upgrade to eDirectory 8.6.1 and apply the DirXML patch to interoperate with this release of eDirectory. The DirXML patch is available at support.novell.com. 1.4.2 Novell Account Management eDirectory 8.6.1 cannot be installed on a system with Novell Account Management(NAM). Remove NAM versions earlier than 2.2 from the system and continue to install or upgrade eDirectory 8.6.1. If required, back up your NAM configuration files, such as pam.conf and nss.conf. NAM will interoperate with eDirectory 8.6.1 if it is installed on a separate system. 1.4.3 Novell Internet Messaging Services eDirectory 8.6.1 cannot be installed on a system with Novell Internet Messaging Services(NIMS). Contact Novell Support at support.novell.com for more details. 1.4.4 ConsoleOne ConsoleOne 1.2d and earlier versions will not interoperate with this release of eDirectory. 1.5 ndsconfig Utility Use the ndsconfig utility to configure eDirectory. The ndscfg utility is not supported in this release. 1.6 Uninstallation Notes Do not uninstall a treekey server without first converting a different server to a treekey server. 2.0 Known Problems and Limitations 2.1 LDAP Services Issues LDAP services may fail to load during the secondary server configuration. If LDAP services is not started, use the nldap -u and nldap -l commands to restart the services. 2.2 Security Issues 2.2.1 Browser Support You must use Internet Explorer 5 or later or Netscape Navigator 4 or later to use the certificates generated by Novell Certificate Server for SSL or LDAP connections. Older browsers are not supported. 2.2.2 Compatibility between Certificate Server 2.03 and 2.21 If you run the Certificate Server 2.21 snap-in while generating the Certificate Authority object or a Server Certificate (KMO) object on a server where Certificate Server 2.03 is running, in order to successfully create the object, you will need to use the custom path in the creation wizard. On the Key size screen, deselect the Allow Private Key to Be Exported check box. 2.2.3 Creating Server Certificates If you use ConsoleOne to create a Server Certificate (that is, a Key Material object), and you enable the custom option in the Creation wizard, on the Specify Certificate Parameters screen, you will need to uncheck the Include NDS Alternative Name option. If you don't uncheck this option, the -1222 error message is displayed. 2.3 Dynamic Groups Issues If you enter multiple values in a memberQueryURL attribute, only the first value is used. To avoid any confusion, set only one value for the memberQueryURL attribute, and always use the "replace:" option instead of "add:" to specify a query URL value for the memberQueryURL attribute. 2.4 nmasconfig Utility The nmasconfig utility does not support the Password Change option if you have SSHA-1 hash passwords. 2.5 iMonitor Issues 2.5.1 Browser Compatibility The iMonitor included with this release of eDirectory requires Internet Explorer 5.5 or later. 2.5.2 Browsing for Objects in iMonitor Containing Extended Characters When using iMonitor to browse an eDirectory tree for objects, an object with extended characters in the name might not hyperlink to the object properties correctly. This problem does not happen with any objects that contain double-byte characters. This issue will be resolved in a future release of iMonitor. 2.5.3 Running Custom Reports When running custom reports, enter the URL as follows: /nds/ 3.0 Documentation Issues 3.1 Updated eDirectory Documentation For the latest eDirectory 8.6.1 documentation, including troubleshooting information, see www.novell.com/documentation/lg/ndsedir86/index.html. 3.2 Viewing Documentation on the Product CD This product CD contains documentation for the following products: - Novell eDirectory /DOCUMENTATION/ENGLISH/EDIR86/EDIR86.PDF /DOCUMENTATION/ENGLISH/EDIR86/QSEDIR86.PDF - Novell Client /DOCUMENTATION/ENGLISH/NOCLIENU/NOCLIENU.PDF - Novell Certificate Server /DOCUMENTATION/ENGLISH/CERTSERV/CERTSERV_ADMIN.PDF - ConsoleOne 1.3 /DOCUMENTATION/ENGLISH/CONSOL13/C1_ENU.PDF - Novell Modular Authentication Services (NMAS) /DOCUMENTATION/ENGLISH/NMAS/DOC/NMAS_ADMIN.PDF /DOCUMENTATION/ENGLISH/NMAS/DOC/NMAS_INSTALL.PDF /DOCUMENTATION/ENGLISH/NMAS/DOC/RADIUS.PDF Ensure that you have Adobe Acrobat Reader 4.0 or later to view the .PDF docs. You can download the reader from www.Adobe.com. 3.3 Additional Readme Files For additional information on the contents of this release, see the following sources on the Novell eDirectory CD: - Novell eDirectory for Windows NT/2000: /NT/I386/NDSONNT/README/EN/README.HTML - Novell eDirectory for Solaris: /SOLARIS/README.TXT - Novell eDirectory for Linux: /LINUX/README.TXT - NICI on Windows NT: /NT/I386/SERVERNICI/NI/HELP/EN/README.HTML - Novell Clients: /NT/I386/README.TXT International users of eDirectory 8.6.1 should refer to www.novell.com/documentation/lg/ndsedir86/index.html for translated versions of this readme file. 3.4 Additional Information Before upgrading to eDirectory 8.6.1 on any UNIX platform, you should perform a certificate migration. Refer to Solution #10066455 (http://support.novell.com) in the Novell Knowledge Base for more information. 4.0 Legal Notices 4.1 Disclaimer, Patents, and Copyright Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. U.S. Patent Nos. 5,608,903; 5,671,414; 5,677,851; 5,758,344; 5,784,560; 5,794,232; 5,832,275; 5,832,483; 5,832,487; 5,864,865; 5,870,739; 5,873,079; 5,878,415; 5,884,304; 5,910,803; 5,913,025; 5,933,826; 5,946,467; 5,956,718; 5,956,745; 5,964,872; 5,983,234; 6,002,398; 6,016,499; 6,029,247. U.S. and Foreign Patents Pending. Copyright (C) 2001 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. 4.2 Novell Trademarks Novell, NetWare, and NDS are registered trademarks of Novell, Inc. in the United States and other countries. ConsoleOne, eDirectory, Novell Client, Novell Certificate Server, Novell Internet Messaging System, NIMS, and Novell Modular Authentication Services are trademarks of Novell, Inc. 4.3 Third-Party Trademarks All third-party trademarks are the property of their respective owners.