2.1 Installation and Upgrade

2.1.1 The POODLE Security Vulnerability

LDAPS and HTTPS in eDirectory allow SSLv3 for secure communication, and SSLv3 has been found to have protocol vulnerability as per CVE-2014-3566. Therefore, ensure that you disable SSLv3 to prevent POODLE security vulnerability.

To disable SSLv3 through LDAP, set number 128 to the ldapBindRestrictions attribute on the LDAP server object.

Micro Focus plans to fix this issue in a future OES release.

2.1.2 Upgrading from OES 2 SP3 to OES 11 SP3 Fails to Load the Swap Partition

If you are upgrading to OES 11 SP3 from an OES 2 SP3 server that has boot and swap partitions controlled by EVMS, you must manually perform the following steps before the computer reboots to restore the boot and swap disks to the default /dev/system/sys_lx directory:

  1. Update the /etc/fstab file by removing /evms/lvm2 from the swap and root partitions, and modify the /dev/evms/ path from /boot to /dev.

  2. Remove the /evms/lvm2 path from the /boot/grub/menu.lst file.

  3. Optionally, ensure that the /etc/sysconfig/bootloader file has the correct entry for the boot device.

For more information about using YaST to change the mount options, see Changing the Mount Options Before an Upgrade in the OES 11 SP3: Installation Guide.

Micro Focus plans to fix this issue in a future OES release.

2.1.3 Graphical DS Repair Utility Not Selected During an Upgrade

The Graphical DS Repair Utility was added to OES with OES 11 SP1. This tool is automatically installed during a new OES 11 SP1, OES 11 SP2 and OES 11 SP3 installation. If you are upgrading to OES 11 SP3 from OES 2 SP3 or OES 11, you must manually select novell-ndsgrepair under the eDirectory pattern.

2.1.4 xdas Related RPMs Not Selected During an Upgrade

During an upgrade to OES 11 SP3, the following xdas related RPMs are not selected:

  • novell-edirectory-log4cxx

  • novell-edirectory-xdaslog

  • novell-edirectory-xdaslog-conf

  • novell-edirectory-xdasinstrument

  • novell-plugin-instrumentation

    NOTE:novell-plugin-instrumentation RPM is required only on servers that have iManager installed. If you attempt to install this RPM with zypper in novell-plugin-instrumentation command on a server that does not have iManager installed, zypper will install iManager automatically due to the dependencies. This will result in iManger getting installed on all server.

These RPMs are automatically installed during a new OES 11 SP3 installation. If you are upgrading to OES 11 SP3, you must manually select these RPMs under the eDirectory pattern.

2.1.5 Import Untrusted GnuPG Key Pop Up During an OES11 SP3 Install

When you install OES 11 SP3 using the add-on media, the Import Untrusted GnuPG Key pop-up is displayed. Import the key and then proceed.

Micro Focus plans to fix this issue in a future OES release.

2.1.6 The DEFAULT SLP Scope Gets added to the slp.conf File During an Upgrade to OES 11 SP3

When you upgrade an OES server that is configured as an SLP DA to OES 11 SP3, the DEFAULT SLP scope gets added to the slp.conf file along with the SLP scope configured by you. This might result in adding extra load to the OES server.

To prevent the extra load, remove the term DEFAULT from the following line in the /etc/slp.conf file, and restart the OES server for the changes to take effect.

net.slp.useScopes = DEFAULT,<slp scope configured by you>

NOTE:This issue is not applicable to OES servers that point to an SLP DA or whose SLP scope is DEFAULT.

This issue will not be seen in upgrades from OES 11 SP2 to future OES releases.