Novell Home

My Favorites

Close

Please to see your favorites.

History of Issues Resolved in eDirectory 8.8.x

This document (3426981) is provided subject to the disclaimer at the end of this document.

Environment

Novell eDirectory 8.8 for All Platforms

Resolution

This TID documents all patches and fixes for eDirectory 8.8 SPx.
 
For a list of eDirectory Security Component issues resolved prior to 8.8 SP6 Patch 2, please refer to the following:
Security component fixes are now listed along with those for eDirectory.
 
For a list of all iManager 2.7 issues resolved please refer to the following:

Additional Information

_____________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP8 Patch 2 Hotfix 1 (Standalone & OES11 SP2)
June 2014
 
NTLS & LDAPSSL
NTLS OES11 SP2 version 8.8.8.1-0.7.1
- OpenSSL security vulnerability  (CVE-2014-0224)  (Bug 881950)
 
_____________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP8 Patch 2 (Standalone & OES11 SP2)
May 2014
NDSD 20803.05
NMAS\PKI 8.8.8.2

NDSD
- NDSD coring in findInRdnCache  (Bug 870257)
- After upgrading to OES11 SP1 NDSD consumes all memory if iPrint is also running  (Bug 869829)
- Not all LDAP objects are being returned due to incorrect rights calculation  (Bug 871234)
- Unable to move users between containers if encrypted attributes are in use  (Bug 860969)
- MSGW driver does not stop successfully using any tool  (Bug 854929)
- Multiple cores resolved for OES11 SP2  (Bug 838211)
- NDSD cores due to RFL file handle incorrectly getting set to null during a race condition  (Bug 653702)

LDAP
- Extended match for syn_time based filter is coring LDAP  (Bug 871233)
- LDAP cores due to the globalRefList getting corrupted  (Bug 872158)
- NDSD is coring coming up through AddDNToQueue  (Bug 870258)
- Memory leak when performing a page search with a base scope  (Bug 863460)
- Plugin: improve usability of the LDAP attribute and class map tab  (Bug 627162)

NMAS
- Cannot set a subnet as an address restriction  (Bug 868818)
- NMAS methods: clicking on the Radius tunnel tab for the modify user or profile task results in unknown error  (Bug 857593)
- Enhancement in NMAS and Novell client to configure alerts to be sent before password expires  (Bug 848871/797937)
 
INSTALL
- Ndsconfig fails if IPv6 is disabled and no IPv6 address is assigned (Bug 878146)
- Patch installer prompting to install novell-AUDTplatformagent  (Bug 860120)
AUDIT
- Enabled IPv6 in apr module  (Bug 871312)
- Connections via an Audit Connector fail due to Java rejecting a certificate key less than 1024 bits (Bug 854994)
 
Other
NDSCONFIG - enhancement to allow ndsconfig to consume the ndspassstore password  (Bug 872160)
NDSDETECT - utility to check for replica inconsistency  (Bug 842524)
SMS - TSANDS rebranding change affected 3rd party backup applications  (Bug 870298)
ICE PLUGIN - fails with a buffer overflow if a port value greater than 65535 is specified  (Bug 862788)
XDAS PLUGIN - we now specify the filename, edirxdas.sch, required if schema has not been extended  (Bug 855318)

_____________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP8 Patch 1 HotFix 1 (Standalone & OES11 SP2)
February 2014
libnldap.so.1.0.0
OES: oes11sp2-edirectory-888-patch1-hot-patch-8911 
LDAP
- After applying eDirectory 8.8 SP8 Patch 1 the server is coring in LDAP  (Bug 864542)

_____________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP8 Patch 1 (Standalone & OES11 SP2)
January 2014
NDSD 20802.09  (OES11SP2: 20802.08)
NMAS\PKI 8.8.8.1

NDSD
- Core upon startup with LDAP monitoring enabled  (Bug 847592)
- Dclient: enhancement to provide better dclient logging esp. in CIFS\OES environments  (Bug 851780)
- Dclient: is resending packets if response times out resulting in error: -625  (Bug 851790)
- Chance of two NDSD processes running resulting in slow return from rcndsd status  (Bug 854860)
- IDM Roles and Resource driver returning fewer members than a dynamic group contains  (Bug 854375)
- Dynamic Group evaluation is sometimes returning not all members or none at all (Bug 854376\850841\834288)
- Jclient: when salvaging a file in iManager > 2GB the size returned is incorrec  (Bug 765431)
- Jclient: deleted time for salvage list in iManager is incorrect (Bug 840144)
- Event activity counter in iMonitor for "Unknown Process (-127)" continues to climb if Asynchronous Sync is enabled  (Bug 846143)
- Script now prevents multiple instances of NDSD from occurring on OES  (Bug 854863)
- DSFW: duplicate objectsids could occur if the domain replica for a DC is removed and added back  (Bug 784194)

LDAP
- NDSD crash while using a complex LDAP filter on the GUID attribute  (Bug 846920)
- LDAP server prints an incomplete IPv6 address in ndstrace  (Bug 838598)
- DSFW: time returned from LDAP for time syntax attributes will display as full Generalized Time  (Bug 659683)

NMAS
- C Client: segmentation fault due to junk value returned as reply buffer size  (Bug 843414)
- C Client: IASC\NESCM client login fails with error: -1622 / 0xFFFFF9AA  (Bug 840757)
- Versioning changed to handle four digits  (Bug 841787)
- OES\DSFW: nspmDoNotExpirePassword value was not being honored  (Bug 791629)
- IDM driver is allowing extended characters when NMAS policy disallows  (Bug 843413)
- NMAS XDAS event data missing Observer's SysAddr field  (Bug 832803)
- Created link from old to new SONAME for backward compatibility: libnmas.so.3 --> libnmas.so.8  (Bug 845437)
- Enhancement: provides a new API, SPM_NWCCGetPassword(), to retrieve universal password  (Bug 850209)

PKI
- Error: -1403 re-creating a server's certificates with self-provisioning turned on  (Bug 854747)

XDAS\AUDIT
- Auditing: NDSD cores if both LDAP auditing and event caching are enabled  (Bug 847626)
- Create entry and add value events not thrown when "Create Account" of "Account Management Events" is selected in iManager  (Bug 812164)
- Password change event reported as successful even though the change had failed  (Bug 852033)
- Add value event had a few attributes not associated to object class  (Bug 853809)
- Not all attributes get reported on user creation if multiple object classes are selected  (Bug 854409)
- One event lost in cache file if connection is lost then restored to an auditing (tcp) server  (Bug 854412)

MISC
- Secret Store causing NDSD to consume all memory  (Bug 843415)
- Secret Store now accepts four digit versions  (Bug 847478)
- Install\Upgrade: backup of NDSD script not occurring  (Bug 846556)
- Ndsconfig now adds the error code when 'unable to check the duplicate server context' error is returned  (Bug 736267)
- ICE sch handler: ICE cores trying to compare schema in a LDIF file  (Bug 854373)

PLUGINS
- ICE plugin saving admin password in clear text within the catalina.out file  (Bug 852786/849200)
- ICE plugin echos " * " same number of digits as password  (Bug 852143)
- ICE plugin security vulnerability - not verifying text for inputs  (Bug 854891)
- LDAP server object creation fails with ComponentCreationException  (Bug 841785)
- PKI Plugin: incorrect LDAP and HTTP ports are added to the CRL Distribution Point in a pure IPv6 setup  (Bug 837990)

_____________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP8 (Standalones only - no OES)
September 2013
NDSD 20801.46
NMAS 8.8.8.0
NMAS Methods 2.8.3.6
PKI  8.8.8
NICI 2.7.7
NTLS 8.8.8

NDSD
- Scalability Enhancement: optimization of obituary process by removal of DRLs  (Bug 722379)
- Scalability Enhancement: addition of dynamic and static cpu utilization policies for skulk optimizations  (Bug 817367)
- Scalability Enhancement: in partition mode, after 8 retries on an error -698 SkulkerProc would sleep for 30 minutes  (Bug 820208)
- Scalability Enhancement: added the ability to override the max threads based on synchronization method used  (Bug 822160/817375)
- Scalability Enhancement: optimized logic used when filling a data packet with objects to be skulked  (Bug 825451)
- Scalability Enhancement: background process scheduling improved on the Windows platform  (Bug 826606)
- Scalability Enhancement: skulker not scheduled immediately on RHEL and Windows when outbound is reenabled  (Bug 829633)
- Scalability Enhancement: after changing synchronization modes SkulkerWorkerProc waits an hour  (Bug 830069)
- Scalability Enhancement: max ring deltas drift when there are more than 12 servers in a ring  (Bug 735087/764631)
- Scalability Enhancement: change cache optimizations with addition of configurable purger and skulk delays  (Bug 735219)
- Scalability Enhancement: removal of the OK_TO_PURGE flag from the obituary process  (Bug 598924)
- Scalability Enhancement: Advanced Referral Costing (ARC) is now enabled by default  (Bug 773367)
- Enhancement: XDAS: memory as well as disk can be used to store events in the queue to minimize memory buildup  (Bug 368747/798226)
- Enhancement: event data is compressed before writing to filesystem ows  (Bug 824935)
- Enhancement: XDAS journal thread reads ahead in order to optimize decompression of data  (Bug 824930)
- Enhancement: Additional functionality to the last login update settings for eDirectory  (Bug 769558/823479)
- Enhancement: dstrace now shows the name of the obit type and flag name instead of number  (Bug 776147)
- eDirectory 8.8 SP7 installation fails on Windows 2008 and 2012 if iManager 2.7 SP6 is alrready installed  (Bug 834132)
- Synchronized up to time is not correct when running "ndsrepair -E"  (Bug 787376)
- Windows dclient programs starting with more threads (and thus memory) than required  (Bug 829684)
- Setting the janitor interval in trace was not getting written to the nds.conf file  (Bug 807575)
- Inactive replicas need to be excluded from the 6 month difference check when computing synch window  (Bug 827146)
- Inactive replicas should be excluded when calculating the send\receive max ring deltas  (Bug 827145)
- Proper error message now returned to Novell client when concurency max is reached  (Bug 407025)
- Windows: SYAtomic apis for windows do not use the right apis based on whether it is a 32 or 64 bit platform  (Bug 827711)
- Jclient: Tomcat crashes when creating a new folder in iManager with special characters are very long name  (Bug 801658)
- Google perftools - libtcmalloc: Driver hangs as a child process when parent calls fork  (Bug 786644/628857)
- Google perftools - libtcmalloc: was not generating heap files (Bug 786644)

LDAP
- Enhancement: sub-tree-delete control added  (Bug 816192/817782)
- Enhancement: generalized time support added  (Bug 831157/776893/659683)
- Enhancement: permissive modify control feature added via attribute "ldapPermissiveModify"  (Bug 831158)
- Enhancement: events did not have client address  (Bug 810666)
- Enhancement: SLAPI framework now captures client IP address  (Bug 827717)
- LDAP cores during startup when a new attribute is added to the LDAP group without a mapping  (Bug 655405)
- Clear text search when encrypted attributes are enabled returns incorrect error  (Bug 138963)

NMAS
- Enhancement: client address now present in NMAS XDAS event data for events generated using NMAS LDAP extentions  (Bug 827014)
- NMAS collector now shows the source IP  (Bug 837240/834441)
- Enhancement: provide an option to not lock a mobile user's account if password used is in their password history  (Bug 751928)
- Methods:  problems with managing radius user when ldap service is not listening on all ip addresses  (Bug 723709)
- nmasinst can now be passed a password via an environment variable or file  (Bug 287548)

PKI
- Unable to import certificate: Error: -1403  (Bug 698098)
- PKI will not create CRL distribution points by default per RFC - enforcement is optional (Bug 785204)
- SAS Object gets created incorrectly during OES install  (Bug 830759)
- Creating a CA in iManager's tree view results in a CA with no Host Server entry  (Bug 704983)
- Generating user certificates on 64 bit dual/quad core machines causing segfault  (Bug 637679)

NICI
- Enhancement: changes to assure Code Safe operations (Bug 796498)
- Crash due to memory corruption  (Bug 785392)

XDAS
- NDSD dumping core when xdasauditds is unloaded and reloaded many times  (Bug 649175)
- Problems sending data events from syslog connector to eDirectory syslog collector  (Bug 826138)
- NDSD cores after loading xdasauditds if the xdasconfig.properties file is misconfigured  (Bug 780854)
- Enhancement: address of client is now displayed as part of the 'SysAddr' attribute for initiator  (Bug 824920)
- Unloading the xdasauditds module a second time can result in a hang  (Bug 757675)
- Collector enhancement to obtain client IP address  (Bug 825132)
- Plugin enhancements  (Bug 831151)

IMONITOR
- Random segmentation fault while browsing in iMonitor when change cache is in use and ARC is enabled  (Bug 821161)
- Hexdump not properly displaying for GUID

UTILITIES\MISC
- DSTRACE: enhanced interactive services compatibility for Windows  (Bug 831159)
- NDSCONFIG: Ldapinterface values added with -P option are now given preference over default listeners  (Bug 825851)
- NDSPASSSTORE: Encrypted password not being created for second instance  (Bug 661047)
- NDSMANAGE: now validates input prior to creating a new instance  (Bug 139056)
- NDSSTAT: returns incorrect data when run as non-root user  (Bug 641515)
- LDAP C SDK: Windows application crashes when it calls the API ldap_url_desc2str()  (Bug 789953)
- Install Enhancement: Windows 2012 platform is now supported  (Bug 787820)
- Install: nds-install -j now correctly upgrades the rpm as well as the dib from an older 32 version to 64 bit  (Bug 825921/824140)
- Install: schema.log now properly shows the sch file upon which the extention is being performed  (Bug 798086)
- Install: ensure non-root files and directories have permissions of 755 recursively for all files and directories  (Bug 826261)
- Install: new "-f" switch added for non-supported forced upgrades for versions earlier than 8.8 SP2  (Bug 828413)

ICE
- ICE does not properly check for a maximum character count of 32 for attribute names and class names  (Bug 733418)
names.

SLP
- Enhancement: updated SLP on Windows to version 2.0 for support of IPv6  (Bug 819275)

_____________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 6 Hotfix 1 (Standalone & OES11 SP1)
June 2014
 
NTLS & LDAPSSL
NTLS OES11 SP1 version 2.0.6.1-4.1
NTLS OES2 SP3 version 2.0.6.1-0.13
- OpenSSL security vulnerability  (CVE-2014-0224)  (Bug 882471)
________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 6
May 2014
NDSD 20707.00
NMAS 3.3.4.6
PKI 3.3.11

NDSD
- NDSD coring in findInRdnCache  (Bug 861363)
- After upgrading to OES11 SP1 NDSD consumes all memory if iPrint is also running  (Bug 825235)
- Not all LDAP objects are being returned due to incorrect rights calculation  (Bug 852987)
- Unable to move users between containers if encrypted attributes are in use  (Bug 612236)

LDAP
- LDAP cores due to the globalRefList getting corrupted in a low memory condition  (Bug 858797)
- NDSD is coring coming up through AddDNToQueue  (Bug 843952/799046)
- Memory leak when performing a page search with a base scope  (Bug 866828)
- Extended match for syn_time based filter is coring LDAP  (Bug 867466)

NMAS
- Resolved concurrent connection issues  (Bug 841299)

PKI
- Install fails with a -601 error while configuring the SAS server object (Bug 812707)

Other
NDSCONFIG - enhancement to allow ndsconfig to consume the ndspassstore password  (Bug 812295)
AUDIT - Connections via an Audit Connector fail due to Java rejecting a certificate key less than 1024 bits (Bug 870286)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 5 HotFix 1
February 2014
libnldap.so.1.0.0
OES: oes11sp1-edirectory-887-patch5-8910
 
NLDAP
- After applying eDirectory 8.8 SP7 Patch 5 the server is coring in LDAP  (Bug 861711)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 5
January 2014
NDSD 20706.00
NMAS 3.3.4.5
PKI 3.3.10
SecretStore 3.4.5.3
Jclient 8.8.7.5.1
XDAS 8.8.7.5

NDSD
- IDM Roles and Resource driver returning fewer members than a dynamic group contains  (Bug 834288)
- NDSD taking too long to return the status of the NDSD process  (Bug 828292)
- Dynamic Group evaluation is sometimes returning not all members or none at all  (Bug 850841)
- 6 month time difference when calculating sync window vectors need to exclude inactive replicas from the check  (Bug 827143)
- Ndsrepair is reporting all asterisks instead of last synchronized time for a server  (Bug 828431)
- Script now prevents multiple instances of NDSD from occurring on OES  (Bug 828370)

NMAS
- Generate Password Noun does not follow password policy setting for disallowing Extended characters  (Bug 823735)

LDAP
- NDSD crash while using a complex LDAP filter on the GUID attribute  (Bug 855289)

PKI
- Error: -1403 re-creating a server's certificates with self-provisioning turned on  (Bug 831961)

XDAS\AUDIT
- Create entry and add value events not thrown when "Create Account" of "Account Management Events" is selected in iManager  (Bug 843238)
- One event lost in cache file if connection is lost then restored to an auditing (tcp) server  (Bug 790885)
- Create entry and add value events not thrown when "Create Account" of "Account Management Events" is selected in iManager  (Bug 790885)
- Password change event reported as successful even though the change had failed  (Bug 674932)
- Add value event had a few attributes not associated to object class  (Bug 840649)
- Documentation updated to reflect the use of logrotate - n4u.server.log-file-size to be deprecated  (Bug 830170)
- Custom classes and attributes aren't displayed in Audit Configuration - XDASRoles  (Bug 815756)

IMONITOR
- Max ring deltas, send deltas and receive deltas do not exclude inactive replica numbers in TVs  (Bug 852034)

PLUGINS
- ICE plugin saving admin password in clear text within the catalina.out file  (Bug 854883)
- ICE plugin shows to have a Remote Code Execution security vulnerability  (Bug 779108)

MISC
- ICE sch handler: ICE cores trying to compare schema in a LDIF file  (Bug 815762)
- Installation now returns the error code should install fail with unable to check the duplicate server context  (Bug 854890)
- Documentation updated for SLAPI Plug-In for Character Replacement  (Bug 799861)

______________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 4 Hotfix 1
September 2013
NDSserv rpm version 8.8.7.4 Release 16

NDSD
- After updating server to 8.8 SP7 Patch 4 the server is coring every hour in CheckBacklinks  (Bug 834429)
- Possible replica inconsistency when an error occurs during replication  (Bug 832813)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 4
August 2013
NDSD 20705.00
NMAS 3.3.4.4
PKI 3.3.9
SecretStore 3.4.4

NDSD
- Scalability Enhancement: with many partitions max ring deltas grow  (Bug 827135)
- Memory leak and crash on startup if a wildcard IP address value was put into the LDAP referralExcludeFilter attribute  (Bug 829199)
- Thread exhaustion: NDSD_EVENT_MAX_WORKERS now defaults to 24 during the SEV calculation  (Bug 820290\798812)
- Replica attribute is not getting updated on external references is on the Security container  (Bug 691741)
- DSfW server cores in SlapiGetObjectExtension  (Bug 798134)
- Dsrepair - report synch status returning all asterisks for some servers instead of dates  (Bug 828431)
- Java out of memory errors and\or crashes when Role Resource Service driver evaluates dynamic groups  (Bug 800310)
- Core due to ARC trying to start for an invalid connection handle  (Bug 821383)
- Getting incorrect member counts when querying dynamic groups  (Bug 815892)
- LDAP search results inconsistent due to missed rights in rights buffer cache  (Bug 811980)
- NDSD_USE_RBC parameter is not resulting in a significant increase in performance  (Bug 825834)
LDAP
- Change to allow worker limit  (Bug 771123)
- Crash due to race condition resulting in not grabbing proper mutex  (Bug 807251)
- After the default certificates are auto re-created the LDAP refresh cycle now picks the new ones up  (Bug 798225)
- Vulnerablity fix for CBC3 ciphers  (Bug 798408) (CVE-2011-3389)

NMAS
- The sasUpdateLoginTimeInterval can now specify under what time interval login attributes on users are updated  (Bug 807432)
- If sasUpdateLoginTimeInterval attribute was defined and login occurred at 23:59h the Last Login Time was removed  (Bug 806455)

PKI
- Dhost crashing when creating default certificates while ndstrace is running with PKI flag  (Bug 826107)

IMONITOR
- Protocol Weak CBC Mode Vulnerability port 8030/tcp over SSL  (Bug 762193) (CVE-2011-3389)
- DHost HTTP stack needs to set httpOnly and secure (when secure) in the cookie headers  (Bug 772926)

DSTRACE
- When searching on a binary value such as GUID the filter is not properly displayed  (Bug 570926)

PLUGINS
- LDAP: Unable to add, modify or delete a class or attribute mapping on the LDAP group object after applying iManager 2.7.6 Patch 1  (Bug 829971)
- XDAS: Custom attributes and classes are not available for selection  (Bug 826586/826589)
- NMAS: A warning is now displayed if another method is added to the default NDS login sequence  (Bug 265235)
- PKI: Exported certificates cannot be imported  (Bug 827706)

SECRETSTORE
- Resolves a coring issue caused by improper mutex  (Bug 713422)
- When running repair while NLDAP is unloaded NDSD cores  (Bug 820772)

MISC
- Novell-getcore updated to version 1.2.08-20130220  (Bug 815718)
- NDSinit script is not restored if patching is aborted  (Bug 817078/715711)
- Installer no longer asks if 32 bit xdaslog or expat rpms are to be installed  (Bug 817003)
- DSFW: DSFW enabled users are not having their loginShell attribute automatically populated  (Bug 764483)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 3
May 2013
NDSD 20704.00
NMAS 3.3.4.3
PKI 3.3.8.0

NDSD
- Scalability Enhancement: replication order was based on a LIFO (stack vs. queue) model  (Bug 764631)
- Scalability Enhancement: error -6015: server attempts to spawn a sync thread to a server it is already outbounding to  (Bug 777478)
- Scalability Enhancement: optimized the rescheduling of outbound attempts to servers that last returned a -698  (Bug 785602)
- CIFS requests fail due to server being out of contexts  (Bug 798818)
- CIFS authentications fail with 625 and 626 errors when user replica server is restarted  (Bug 797889)
- OES:  UID number attribute lookups for NON-LUM-ENABLED users causing high utilization  (Bug 766503)
- DSfW: ADC install fails NDSD error: bad password (-222)  (Bug 801331)
- New report in iMonitor to quickly retrieve the values of obituaries and change cache counts  (Bug 628731\793151)
- NDSD crashes in libnldap.so after applying November 2012 eDirectory Patch 8.8.7 Patch 2  (Bug 795674)
- Backlinker causing threads to be spawned for the server to itself  (Bug 789943)
- Single object repair forcing a rebuild of change cache  (Bug 728147)
- Replica pointer for external reference server not being updated correctly by the backlinker  (Bug 807438)
- Jclient: Unable to set/view user rights to files on cluster volumes from 'Rights to Files and Folder' on iManager workstation  (Bug 790260)
- Jclient: iManager is only displaying 128 files\folders from 'Rights to Files and Folders'  (Bug 790645)
- Jclient for IDM: when setting the expiration date on a role past the year 2038 it is saved as 1963 in the assigned role  (Bug 700470/809371)
- OES NCP: NDSD crashed due to incorrect arguments  (Bug 800373)

LDAP
- Added ability to create a RDN index so name=xxx searches can be performed more quickly  (Bug 770648)
- During LDAP attribute 'add' and 'delete' operations ndstrace displays 'replace'  (Bug 777805)
- NDSD crash due to memory overwrite while populating the NDSSearchReferral list  (Bug 785681)
- LDAP SDK: NDSD crash due to stack corruption  (Bug 794656)
- LDAP server is not starting if schema has not been extended  (Bug 768918)
- LDAP and LDAPS interfaces become missing on DSFW server resulting in a failed install  (Bug 799053)

REPAIR
- Cleanup -649 errors seen in iMonitor caused by USED_BY obituaries with a length greater than 64K  (Bug 784174)

NMAS
- Microsoft Complexity Requirements (3 out of 5) treats a space as a special character  (Bug 744479)
- Enhancement:  UpdateLoginTimeInterval to specify an interval during which login attributes are not updated at login  (Bug 757314)
- Login attributes needlessly updated on user when admin unlocks account  (Bug 795819)

IMONITOR/HTTPSTK
- Displaying aliased OUs as servers in the "Know Servers" list  (Bug 794137)
- Changes made to harden httpstk against XSS attacks  (Bug 783675)

NDSCONFIG
- eDirectory should not load the database if the binaries are reverted to a prior version  (Bug 809097)
MIGRATE/TRANSFER
- eDirectory cores after ID-Swap/Transfer ID  (Bug 410719)
- Transfer ID needs to be re-executed only the failed sub step but not all  (Bug 787110)
- Error: 35323 The NICI files fail to copy while in the transfer ID section during an OES migration  (Bug 740035)

NDSPASSTORE
- Now sadmin username is
- The SAdmin user is now case insensitive  (Bug 732605)

ICE
- Ability to run multiple instances of ICE  (Bug 747223)

XDAS
- When xdasauditds loads before eDirectory events do not get logged  (Bug 783040)
SLP
- SLP is coring on the Windows platform due to memory corruption  (Bug 793607)
- SLP.exe runs but will not register listening on a routeable address  (Bug 740859)
- DHOST crashing when network communication is lost  (Bug 774683)

PLUGINS
- Non-OES: XDAS iManager plugin not correctly setting the attributes required for XDAS audit to work  (Bug 771951)
- XDAS plugin now has the ability to filter events based on the class or attribute level  (Bug 711630)
- Unable to deselect both the DS and LDAP components on the eDirectory server auditing page  (Bug 655907)
- No way provided to select the classes under the XDASAccounts section  (Bug 711627)
DOCUMENTATION
- Additional detail added to documentation about the xdasconfig.properties file and configuration  (Bug 793773/789565)


________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 2 Hot Patch 1 (Only for OES11SP1)
January 2013
NDSD
- NDSD crashes in libnldap.so with latest November 2012 eDirectory Patch for 8.8.7  (Bug 795674)
- LDAP and LDAPS interfaces are lost on DSFW server after installing eDir887patch2 + OES11SP1 Nov Patches  (Bug 799053)


_________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 2 (20703.00)
December 2012
NMAS 3.3.4.2
PKI 3.3.7
Challenge\Response 2.8.3.5

NDSD
- User authentication fails with a -602 error: Failed to fetch SEV list  (Bug 701587)
- FLAIM: when performing a LDAP search on a non-existent user using a complex filter err = no such entry (-601) is returned  (Bug 608436)
- NCP: NDSD cores allocating a connection slot  (OES Bug 710806)  (Non-OES Bug 692389)
- NDSD cores on PDC in DSFW environment iterating nested groups (Bug 719736/711799/750982)
- CIFS core during sub-tree search  (Bug 751962)
- Security Vulnerability: eDirectory DoS dhost request with certains characters  (Bug 772895) (CVE-2012-0429)
- Security Vulnerability: eDirectory Authorization Mechanism Bypass  (Bug 772898) (CVE-2012-0430)
- Security Vulnerability: eDirectory Cross Site Scripting exploit  (Bug 772899) (CVE-2012-0428)
- Nauditds.dlm fails to initialize completely during initial eDirectory startup  (Bug 773787)
- Special external references not getting purged when no longer in use  (Bug 775479)
- DSFW enhancement to support 'ObjectSID=<SID>' as a filter string to integrate XenDesktop 5.x  (Bug 780215)
- Security Vulnerability: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow  (Bug 785272) (CVE-2012-0432)

LDAP
- Referrals not correctly populated when ldapserver's interface has a different address than the hosts file  (Bug 181124)
- LDAP SDK: CIFS terminates with a segmentation fault  (Bug 735840)
- NDSD goes to 100% utilization when ldapsearch is dereferencing aliases with the "-a" option  (Bug 770437)
- NDSD coring in DSAiterator  (Bug 787164)
- Provide an option to disable paged control searches - NDSD_NLDAP_DISABLE_PAGED_SEARCH  (Bug 691565)

NMAS
- ndsd coring in findEntry  (Bug 773737)
- OES Plugins:  plug-in for Security Policy object does not work to define new Clearances or Catagories  (Bug 650302)
- Diagpwd tool shows "!" for Simple and NDS passwords when password contains special characters  (Bug 775846)

PKI
- Server Self-Provisioning feature corrupts certificates when running on multi-instance server  (Bug 744610)
- PKI Invalidity Reason: 15  (Bug 782951

NDSREPAIR
- Added a new switch (-NLD) to remove license objects after the last NetWare server is removed from tree  (Bug 681961)

DSFW:
- Kerberos authentication failing  (Bug 744792/756978)

IMONITOR
- Monitoring the DIB writer shows "Unregistered" for the verb\process  (Bug 767566)

NDSPASSSTORE
- Not able to create the password store for non-root installations  (Bug 619810/780223)

XDAS
- NDSD dumps core if only ip address (not port number) is specified for the syslog server  (Bug 680361)

NDSCHECK
- Ndscheck fails when only one interface is listning for ldap requests  (Bug 779019)

OTHER
- NMAS (Challenge\Response):  Client hangs for 5 minutes when entering wrong answer during Challenge\Response  (Bug 766931)

DOCUMENTATION
- Bug 760378

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 Patch 1 (20702.02)
August 2012
NMAS 3.3.4.1
PKI 3.3.6

NDSD
- Object modifications taking longer on the Windows platform than on Linux  (Bug 759576)
- Installing an eDirectory patch on Windows 2008 fails stating that the installed patch is of a later version  (Bug 766254)
- Dclient: CIFS cored in Dlient DDCResolvename() while authenticating user  (Bug 760251)
resulted in
- Alias objects not being returned during searches in iMonitor or iManager  (Bug 738688)
- Dynamic group rights issue  (Bug 765688)
- NDSD core from libslp.so.1  (Bug 492605)
- NDSD core after upgrading eDirectory to 64-bit on Solaris  (Bug 750264)
- NDSD cores when adding over 15 replica to a partition due to corrupt TV's  (Bug 763802)
- Jclient: segfaulting due to memory leak in java buffer  (Bug 754196)
NOTE: this is not a full fix as it requires a fix in OES' NCP as well.
- OES\Jclient: Salvage of files containing special characters using iManager is not working properly  (Bug 753280)
- Filtering of eDirectory instrumentation audit events does not work  (Bug 760017)
- NDSD grows in virtual and resident memory with eDirectory Instrumentation auditing enabled  (Bug 759149)

LDAP
- LDAP control information is now shown in ndstrace  (Bug 757770)
- Added the ability to control when attributes are moved to the attribute container to avoid Error: -6029  (Bug 722114)
- Error: LDAP clients fail: duplicate context xxxxxxxxxx in DuplicateNDSContext, err = transport failure ( -625 )  (Bug 603440)

NMAS
- On Solaris an LDAP search on login time returned, "loginTime: 19700101000000Z"  (Bug  734632)
- Error: -222 when changing a user's password with write rights to the Password Management attribute  (Bug 768754)
- CIFS authorization failure resulting in memory\cpu buildup  (Bug 749516)
- OES: Dclient DDCGetSEVList function does not return cifs users GUID causing authorization failure and Memory/CPU buildup  (Bug 749516)
- NDSD coring in wordcopy_fwd_dest_aligned libc function  (Bug 742226)
- Unable to set password with CTR-ALT-DEL when NESCM is set as the default login method  (Bug 729006)

NMAS Methods 2.8.3.3
 - SASL-GSSAPI method cored server (lib LSMKRB5LIN_X64.SO)  (Bug 706600)
 - NovellClientWindows7SP2_LOC:20111026:RU:French translation instead of Russian translation in "Challenge questions" dialog  (Bug 728309)

PKI 3.3.6
- eDirectory on windows PKI health check incorrectly reports missing SDI keys  (Bug 758538)
- Need to add support to Plug-in for RFC 2985 (Certificate Extensions in a CSR)  (Bug 608413)
- iManager crash when exporting Certificate Authority's private key  (Bug 747099)
- Error: -1218 when creating user certificates for multiple users  (Bug 752942)

NDSTRACE
- When using " tail -f " to view the ndstrace.log no updates are seen after the log hits its fmax size  (Bug 685772)

INSTALL\MIGRATE
- OES: Transfer ID migration fails during DIB copy from NOWS SBE to OES11  (Bug 758254)
- Patching eDirectory on a patched RH 6.2 results in rpmReadSignature failed error  (Bug 709190\763802) (TID 7006535)

IMONITOR
- Reports scheduled to run in iMonitor are empty  (Bug 741864)

DOCUMENTATION
- Bugs 655090, 754078, 760378, 764528, 767080, 767083, 770718, 771692, 772052, 772061

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP7 (20701.48)
April 30, 2012
NMAS 3.3.4
NMAS client 3.5.0
NTLS 2.0.6.1
NICI 2.7.6
PKI 3.3.6
PA 2.0.2 FP7

NDSD
- Dclient:  -625 error when NCP sends on idle connection and recieves watchdog packets instead of a NCP reply  (Bug 679767)
- Ndsrepair is not clearing up -618's on invalid move destination values for a moved object  (Bug 747257)
- SAL: low memory situation causes ndsd to core because initialization occured even though a memory allocation request returned an error  (Bug 743543)
- SAL: NDSD takes an inordinate amount of time to shut down  (Bug 750213)
- Dclient: memberQueryURL is read incorrectly on Solaris when the attribute is of boolean syntax  (Bug 652388)
- Fragger code change to resolve segfaults  (Bug 750373/737794)
- Google-perftools that ships with eDirectory causes a core  (Bug 727458)
- XDAS attribute xdasDSConfiguration did not contain a unique OID  (Bug 679299)
- Changing the location of the nds.log has no effect  (Bug 726221)
- Utilities: starting NDSD with a rcndsd start results in a double slash location, //opt/novell/eDirectory/sbin/ndsd  (Bug 744440)
- Utilties - ndsconfig: allows ports greater than 65535  (Bug 700237)
- Dclient: memberQueryURL is read incorrectly on Solaris when the attribute is of boolean syntax  (Bug 652388)

LDAP
- Dereference aliases options affects LDAP modify and deletion operation  (Bug 678607)
- NDSD cores when ldif is used to add schema without a syntax  (Bug 368323)
- Adding group to a nested group is requiring rights to attributes other than those being modified  (Bug 692091)
- eDirectory returns error 48 'Anonymous Simple Bind Disabled' for authenticated TLS bind  (Bug 733188)

IMONITOR
- Error 301 returned after 100 obituary reports have been run  (Bug 740705)
- Scheduled obituary report cores NDSD due to buffer overflow  (Bug 674836)

DSTRACE
- Ndstrace causes ndsd to hang when left running from a terminated session  (Bug 744840)

ICE
- When importing a .sch file via ICE it strips the default ACL from the user class defintion  (Bug 733189)

Installation/Utilities
- NDS-uninstall is showing List of Components  (Bug 641939)
- NLDAP_check fails for non-root installs when NDSHOME=/opt/*  (Bug 667006)
- Upgrading from 873 to 886 on AIX fails returning a message that saying " Novell eDirectory components are already installed on your system "  (Bug 729740)
- Installation fails on AIX 6.1 returning, " This is not a supported platform for eDirectory "  (Bug 662655)
- Installation fails on RHEL 6.0 returning, " This is not a supported platform for eDirectory "  (Bug 674289/674292)
- Upgrading eDirectory on Solaris returns error, " NOVLsubagx already Installed "  (Bug 704377)
- Installation on RHEL 6 with selinux resulted in eDir changing permissions on /etc  (Bug 714169)
- Dates in logs now in YYYY-MM-DD format  (Bug 714186)
- Initial install of eDirectory now sets the default number of threads to 256  (Bug 735110)
- OES: loading IDM 4.01 results in Error initializing DirXML: java.lang.NoClassDefFoundError  (Bug 711550)
- eDirectory should only take ownership of /etc/opt/novell and /opt/novell  (Bug 738842)
- Ndsconfig not taking 64bytes double byte charaters as server context  (Bug 138890)
- Many localization fixes
OES
- DSFW: Unable to create users with MMC due to the Top superclass on Person  (Bug 517837)
- AFP: users cannot authenticate even when running  (Bug 719853/666692)
- NCP: Segfault due to connection reuse (Bug 632850)
- NCP: salvage and purge are failing  (Bug 707740)
- NCP: NSS "Create" right allows users to see all directories on volume  (Bug 709385/713950)

Plugins
- When deleting one attribute value in iManager two values are removed  Bug 654145)

Instrumentation
- Password Change failure should not be included in the 'User password Changes' Report (Bug 674932)

Enhancements
- Graphical interface for ndsrepair  (Bug 499750)
- Alternate location of ndsrepair temporary file  (Bug 653829)
- Symbols exposed  (Bug 396440)
- Change cache report utility  (Bug 594512)
- HA support for eDirectory  (Bug 757008)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 Patch 7 (only for OES2SP3\OES11 November 2012 patch)
(20608.00)
December 2012
NDSD
- Security Vulnerability: eDirectory DoS dhost request with certains characters  (Bug 772895)
- Security Vulnerability: eDirectory Authorization Mechanism Bypass  (Bug 772898)
- Security Vulnerability: eDirectory Cross Site Scripting exploit  (Bug 772899)
- Security Vulnerability: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow  (Bug 785272)
- Security Vulnerability: eDirectory Authorization Mechanism Bypass  (Bug 788942)
- Security Vulnerability: eDirectory DoS dhost request with certains characters  (Bug 788943)
- Security Vulnerability: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow  (Bug 788946)
HTTPSTK
- Security Vulnerability: eDirectory Cross Site Scripting exploit  (Bug 788944)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 Patch 6 (only for OES2SP3\OES11 July 2012 patch)
(20607.00)
August 07, 2012
NMAS 3.3.3.6

NDSD
- Client connections getting marked with -625 when using FIRST_WATCHDOG_PACKET parameter  (Bug 679767)
- eDirectory returns error 48 'Anonymous Simple Bind Disabled' for authenticated TLS bind  (Bug 733188)
- Dynamic group rights issue  (Bug 765688)

NMAS
- CIFS authorization failure resulting in memory\cpu buildup  (Bug 749516)

________________________________________________________________________________________________________________________

Issues resolved in eDirectory 8.8 SP6 Patch 5 (20606.01)
March 13, 2012
NMAS 3.3.3.4
NTLS 2.0.6.1
PKI 3.3.5
NICI 2.7.6

NDSD
- Security Vulnerability:  Authenticated buffer overflow in jclient resulting in an iManager crash  (Bug 729659)  (CVE-2010-1929)
- Added the ability to control when attributes are moved to the attribute container to avoid Error: -6029  (Bug 722114)
- Added the ability to manually cost replica referrals for iManager  (Bug 716177)
- Fragger code optimization to prevent ncp thread exhaustion with many failed logins  (Bug 709252)
- Objects being referenced that are renamed no longer bump revision to avoid modification time errors in ndsrepair  (Bug 679695)

LDAP
- LDAP returns syntax violation (-613) Invalid GeneralizedTime time syntax when submitting RBPM delegation / proxy  assignments  (Bug 732601)
- Security Vulnerability in eDirectory RelativeToFullDN Parsing Remote Code (Bug 729314)
- Race condition resulted in LDAP searches periodically failing with " result 80: NDS error: transport failure (-625) to connection"  (Bug 645068)
- Memory corruption issue resulting in a core in FreeNDSReferralList resolved  (Bug 544781)

NDSCONFIG
- Ndsconfig hung during the configuration of eDirectory after the server certificate association  (Bug 731025/709252)

NDSTRACE
- When using " tail -f " to view the ndstrace.log no updates are seen after the log hits its fmax size  (Bug 685772)

XDAS
- NDSD coring due to missing null check (Bug 741945)

OTHER
- Unsatisfied dependancy errors when running an rpm -V on some rpms  (Bug 723142)
- Novell-ncpenc version not getting updated  (Bug 646083)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 Patch 4 Hotfix
(LDAP Module: 20605.01)
December 21, 2011
LDAP
- New and existing proxy and delegation assignments with no expiration results in Error: -613  (Bug 732601) (TID 7009824)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 Patch 4 (OES: 20605.00  Non-OES:20605.01)
November Patch  - OES
November 18, 2011 - Non-OES
NDSD
- Error: LDAP clients fail: duplicate context xxxxxxxxxx in DuplicateNDSContext, err = transport failure ( -625 )  (Bug 603440)
- Novell-tomcat crashing in iManager while getting EffectivePrivileges from NCP server object  (Bug 716920)
- LDAP server quits responding to requests returns error -785 FERR_CALLBACK_FAILURE on non-present member  (Bug 686631)
- Auditds memory leak in event system filtering  (Bug 711114)
- Unable to create IDM drivers after applying 8.8 SP6 Patch 3  (Bug 707182\706664)
- Windows userdump in RightsBuffersCache::addRightsBuffer  (Bug 700720)
- Connection leak when CIFS user resolved a DFS junction  (Bug 714117)
  NOTE: to completely resolve the issue a new DFS library (Bug 711729) and CIFS FTF (Bug 708093) are required.
- NDSD requires manual start after an installation on RedHat 6  (Bug 704124)
- Unable to set directory quotas for a NSS volume in iManager  (Bug 679777)
- iManager -> replica view: does not show the partition type correctly  (Bug 705661)

NDS PASSSTORE
- Memory leak resolved  (Bug 707573)

TSANDS
- Tsands will load into SMDRD address space even if NDSD is not loaded  (Bug 687114)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 Patch 3 (20604.10)
August 13, 2011 - Standalones
NMAS 3.3.3.4
NMAS client 3.4.7
PKI 3.3.5

NEW FEATURES
- RHEL 6.0 is added as an eDirectory platform.
- XDAS is now supported on OES2 SP3
- The eDirectory patch installer now also patches eDirectory's security components
- iManager plugin support for Firefox 4 and Internet Explorer 9

NDSD
- Double free jclient crash with Java 1.50 on OES2 SP2  (Bug 561350)
- New switch to add ancestor id to newly created indexes  (Bug 699536)
- Novell eDirectory now supports RHEL 6 (Bug 702821) and AIX 6.1 (Bug 662655)
- ADPH fails provisoioning of user when UniqueDomainID is not present  (Bug 700308/697064)

LDAP
- NDSD cores in malloc during dsfw cross domain logins and share access configured.  (Bug 527929)
- NDSD cores when a LDAP search contains " networkAddress=* " (Bug 681607)
- wbinfo -i is unable to retrieve user info for users with large group memberships  (Bug 669505)

NDSREPAIR
- Core in ndsrepair when there is an error copying nds to ndt  (Bug 682595)

IMONITOR
- iMonitor Core when getinfo with curl  (Bug 674716)

DSFW
- DSfW Kerberos authentication to Access Manager fails with upnSuffixes set to NULL  (Bug 628224)
- User with 20 characters or more can not login to DSfW domain  (Bug 689673)

TSANDS
- Browsing the file system using Commvault explorer causes SMDR to crash with a segfault  (Bug 660752)

PATCH INSTALLER
- The eDirectory patch installer now also installs updated security components  (Bug 701453)

SECURITY COMPONENTS
(PKI 3.3.5, NICI 2.7.6, NTLS 2.0.6.1, NMAS 3.3.3.4, NMAS Methods 2.8.3.2)

NMAS
- NMAS authentications leaking connections  (Bug 674033)
- NMAS Client: Rebrand NMAS Password Window  (Bug 630551)
- Build:  Cyclic dependancies removed  (Bug 662456)
- Login performance degradation when using XDAS auditing  (Bug 637713)
Note: This patch now adds OES2 SP3 as an additional platform supported by XDAS.

PKI
- CertMutual method fails on Linux due to not getting CRL  (Bug 681667)

NTLS
- Security vulnerability in OpenSSL  (Bug 674938) (CVE-2010-4180)

METHODS
- Principal creation fails when the principal keys are provided from a keytab file  (Bug 676960)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 Patch 2 (20603.06)
May 19, 2011 - standalones
April 11, 2011 - OES 2 SP3 channel
NMAS 3.3.3.3

NDSD
- NDSD consumes memory during file system operations  (Bug 678848)
- NCP server renames by limber bumping revision attributes  (Bug 671007)
- Subtree searches taking a long time to complete on a custom attribute even if indexed  (Bug 622339)
- Error:  -168 when moving a group  (Bug 582240)
- Core when calculating rights for the NCP server object  (Bug 603529)
- Security Denial of Service Vulnerability  (Bug 658774) (ZDI-CAN-445)
- LDAP server not calculating edirectory rights correctly with nested group static member  (Bug 632914)
- When there are many HTTP connections ndsd takes too long to unload  (Bug 623055)

LDAP
- SAML logins misinterpret Network Address Restrictions  (Bug 649181)
- Security Vulnerability: LDAP unbounded malloc causes DoS  (Bug 634792)
- NDSD memory buildup when paged results control is used in query  (Bug 608507)
- Date window used by LDAP is different than window used by iManager  (Bug 621128)
- Search for entryDN returns error 785 instead of 601 if entryDN does not exist  (Bug 634386)
- Core when search contains an invalid base dn with no attributes requested with events enabled and instrumentation loaded  (Bug 638051)

DSREPAIR
- An alternate temporary database directory can now be specified  (Bug 653829)

DSTRACE
- When unloading ndstrace a -660 error is returned "dstrace module could not be unloaded"  (Bug 630309)
- File size is getting reset to zero once the max is reached  (Bug 647270)

HTTPSTK
- Cipher is being set to the default of medium even if set to high  (Bug 492350)

SNMP
- Trap 48 being sent when limber is triggered

NDSCONFIG
- Segmentation fault if binaries are not run from the directory containing them  (Bug 639869)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 Patch 1 (20602.00)
December 22, 2010
(NOTE:  Patch 1 of eDirectory 8.8 SP6 was only released with OES 2 SP3.)
NMAS 3.3.3.1

NDSD
- Error -168 when moving a group  (Bug 582240)
- Revision was not increased after an attribute change which prevented the new value from being synch'd (DSFW).  (Bug 625440\637742)

Install\Migrate:
- Transfer ID from OES2SP3 to OES2SP3 is failing during the DIB copy phase  (Bug 649285)

________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP6 (20601.18)
October 15, 2010
NMAS 3.3.3 (Security Services Bundle 2.0.10)
NMAS Client 3.4.5
NMAS Methods 2.8.3.0
NTLS 2.0.6
PKI 3.3.4
NICI 2.7.6
PA 2.0.2 FP7

DS\NDSD
- Schema extension failed during nds configuration for a container admin due to mismatched versions of nmas.sch  (Bug 629792)
- Two errors seen on Windows:  " Error: (C:\Novell\NDS\DIBFiles\nds.db) must be closed because of a 0xC22E error " is being logged in the dhost.log and a Error: -785 is seen in trace  (Bug 622336)
- NULL pointer fixes (Bug 614674)
- Ancestor ID upgrade taking a long time to complete and -6014 errors are seen in dstrace (Bug 604830)
- Check login restrictions resulting in an Error: -649 Insufficient Buffer  (Bug 576708)
- Permissions were not restricted enough on certain configuration files  (Bug 572622)
- Enhancement:  extended the the ability to samify objects across partitions  (Bug 570269)
- Upper limit for schema values not displayed correctly on 64 bit in iMonitor  (Bug 564035)
- 64 Bit OES: oldest pwdFailureTime value is now removed after the number has reached the ceiling of 100  (Bug 530637)
- Jclient:  Error -672 returned when adding a member to a RBS Role  (Bug 412890)
- Performance improvements in ICE bulk uploads  (Bug 243775)

NLDAP
- LDAP Server cores in RemoveIterator  (Bug 545469)
- NULL pointer fixes  (Bug 614674 & 598309)
- Memory leak fixs  (Bug 614674 & 545469)
- SLAPI plugin - ldapsearches with underscores before the "*" pattern search are not returning results properly  (Bug 569561)
- When search selection is empty the server is not returning entries to the client via the SLAPI plugin  (Bug 561280)
- rootDSE stats were not entirely accurate  (Bug 542748)
- Connection build up when disallowing anonymous simple binds  (Bug 512552)
- LDAP trace was displaying network address values in an unreadable (binary) format  (Bug 497822)
- Now events contain the class name when a user monitors events through an ldap monitor client  (Bug 301553)
- The IP address for an LDAP event report is given via a connection event  (Bug 154457)
- NLDAP is able bind to a specific interface  (Bug 138913)
- LBURP:  operation is timing out while uploading 5M objects on a dib of 10M  (Bug 138724)

DSREPAIR
- The -zc switch is now available on Linux  (Bug 612344)
- When attempting to run a " ndsrepair -P -Ad " to correct future timestamps Error: -637 was being icorrectly reported as Error: -469398712  (Bug 609838)
- Ndsrepair returning invalid error code:  returns Error 2080738120 instead of Error -634  (Bug 592327)
- When promoting a server to be a master repair incorrectly reported this server was changed to a RW  (Bug 548067)
- Current and maximum transaction ID's are now printed in decimal as well as hex  (Bug 532992)
- Repair now correctly evaluates the time since the last backup (Bug 579479)
- The -ah switch was added (Bug 579479)

NDSTRACE
- Was not displaying the escape character in the filter  (Bug 482161)

NDS PASSTORE
- Unable to set passwords for two instances  (Bug 556783)
- More detailed logging about success or failure is now available in the ndsd.log  (Bug 540673)

NDSCONFIG
- ERROR: ndsconfig return value = 52 is being returned when re-configuring after responding Yes and No to the prompts " Are you sure? " to de-configure  (Bug 570293)
- Unable to set the minimum cypher level for iMonitor via ndsconfig with error: " value 0 is out of range "  (Bug 540231)
- Now returns the value of n4u.nds.bindery-context= properly  (Bug 522900)
- Ndsconfig now ignores values specified on the command line if these values have been exported from the nds.conf  (Bug 179221)

NDSSTAT
- Ndsstat will now display whether the instance is 32 or 64 bit  (Bug 642504 & 484958)
- Running " ndsstat --config-file " without a config file present was generating a core  (Bug 571827)

SNMP
- Ndssnmpsa-1.log file was not correctly adding new data to the log file once reaching 1MB in size  (Bug 615543)

SLP
- NDSslp package has been removed from the *nix builds as only OpenSLP is supported  (Bug 525696)

IMONITOR
- Clicking on "DirXML Summary" page in iMonitor cores server (Bug 591087)
- Flagged partitions suspect when subordinate references were incorrectly determined to be missing  (Bug 550241)
- Allow for dumping the hex value  (Bug 229501)

DSBK
- Error -5993 when restoring to a drive that the source did not have  (Bug 593782)
- DSBK did not support multiple instances via command line  (Bug 185172)
- The dependancy on the dsbk.conf file has been removed  (Bug 138967)

PLUGINS
- LDAP plugin fixes issue where setting LDAP server object to use high cyphers resulted in lower cyphers being used  (Bug 359754)

INSTALL/DSI
- When upgrading from eDirectory 8.7 SP3 the ndssnmpsa-1.log file was being created under /var/log/ directory instead of /var/opt/novell/eDirectory/log  (Bug 615543)
- Incorrect calculation of max characters resulting in inability to install an OES1 SP2 server into a context with more than 64 characters  (Bug 595635)
- The install now automatically install both the Server and Administration Utility components  (Bug 578538)
- Windows health check fails when ncp server object is moved but we still read the old context from the ndsinfo.ni file  (Bug 550950)
- Installing on SLES 10 SP3 results in the message, " This is not a supported platform for eDirectory "  (Bug 550400)
- AIX nonroot builds are placing the real files under eDirectory/opt/novell/eDirectory/lib/ rather than symbolic links  (Bug 529080)
- Added additional checks to ensure the correct bit version was installed to the right plat for Windows  (Bug 525695)
- Install was failing with Platform not Supported errors when the /etc/issue file was modified  (Bug 515717)
- When upgrading the installer will only ask once for the admin's credentials before performing the pre-upgrade health check for the instance  (Bug 510438)
- AIX:  install fails if Server was first installed and later the eDirectory Administration Utilities is selected to be installed  (Bug 509466)
- Installation of NICI failing due to no /etc/opt/novell/nici.cfg file present after upgrading from 873x  (Bug 507832 & 507264)
- Upgrades from 873x would fail if the dib was in a non-standard location  (Bug 505659)

INSTRUMENTATION
- LDAP server NOW reports only one DSE_LDAP_SEARCHRESPONSE event with error -4 when the search limit is exceeded  (Bug 579537)
- Installing the eDirectory instrumentation fails with a dependancy error  (Bug 564923)
- Using XDAS the server's log file now has Tree name in Domain field.
- On the CHANGE_CONN_STATE event we now report the serverDN (the target U) in the dotted format and now specify the correct target type (V)  (Bug 437241)
- Create event does not have the class name  (Bug 601358)

_____________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 Patch 6 Hotfix 2 (NetWare Only)
June 2014
NTLS & LLDAPSSL
- OpenSSL security vulnerability  (CVE-2014-0224)  (Bug 882771)
________________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 Patch 6 Hotfix 1 (All Platforms)
(LDAP Module: 20506.06)
NMAS 3.3.2.5
NTLS 2.0.5.1

December 21, 2011
LDAP:
- New and existing proxy and delegation assignments with no expiration results in Error: -613  (Bug 732601) (TID 7009824)

________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 Patch 6
(OES:  20506.07  NON-OES: 20506.06 )
April 29 2011 - Standalones
April 11 2011 - OES 2 SP3 channel
DS\NDSD
-Subtree query is taking a very long time to process on a custom attribute even with value index (Bug 622339)
-Ndsd coring in free after ComputeRightsFromACLsByBruteForce (Bug 603529)
-NCP server renames by limber increasing revision attributes on all objects referencing master ncp server causing excess synchronization and timesync errors. (Bug 671007)
-Ndsd not shutting down requiring kill to stop process (Bug 623055)
-Security Vulnerability: eDirectory Malformed NCP Request Denial of Service [ZDI-CAN-445] (Bug 658774)
DSREPAIR
-Ndsrepair needs to be able to specify an alternate location for the temp files (Bug 653829)
-Provide a switch to disable NDO file creation during a local repair (Bug 652495)

NLDAP
-SAML logins misinterpret network address restriction (Bug 649181/640866)
-ldapsearch for entryDN returns error -785 if DN does not exist (Bug 622339)
-Core when search contains an invalid base dn with no attributes requested with events enabled and instrumentation loaded  (Bug 638051)
-Date window used by LDAP is different than window used by iManager (Bug 621128)
-LDAP unbounded malloc causes Denial of Service (Bug 634792)
-Ndsd builds up memory when paged results control is used in query (Bug 608507)

DCLIENT
-Error -618 when moving a group (Bug 582240)

IMONITOR/HTTPSTK
-httpstk cipher is getting set to default MEDIUM even if bind restriction level is greater HIGH (Bug 492350)

INSTALL
-eDir 8.8.5 Patch 4 displays message about the memory manager used being changed (Bug 611004)
-eDir upgrade to 8.8.5 removes PKI files and does not replace them (Bug 559746)
-eDir patch installer fails if novell-NOVLice is not installed on the system (Bug 643038)

NDSCONFIG
-Bindery name for the server is not changed if the server is renamed. (Bug 647715)

________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 Patch 5
(OES: 20505.03     NON-OES: 20505.07 )
DS\NDSD:
- Obituary performance improvements (Bug 411049)
- Added the ability to disable in and\or outbound synch on startup via the environment variables NDSD_DISABLE_INBOUND and NDSD_DISABLE_OUTBOUND set in the startup script (Bug 592649)
- Excessive verbosity in logging resulted in many ' Out of order segment ' errors (Bug 521978) (TID 7000074)
- Code change made to prevent debug option from being set that resulted in syslog messages such as ' kernel: prune_queue: c=3b97e6c4 '  (Bug 629079)
- Moving user objects across partitions boundries via LDAP results in an -785 error (Bug 608223)
- Intruder detection counter would increment on Linux if there was a "Verify Password" failure due to no NULL check (Bug 601564)
- Dynamic groupmembership members were returned out of the scope (Bug 601080)

DSREPAIR
- Repair now correctly evaluates the time since the last backup (Bug 579479)
- After running a repair with database locked all IDM operations are failing with a Error: -670 (Bug 579479)

NLDAP
- Null pointer core in get_len_atts (Bug 629101)
- Cisco Call Manager integration (Bug 614732 and 617940)
- Core in reallocation of memory for a LDAP URL (Bug 597882)
- Bluecoat persistent search causing malloc error (Bug 580984)

JCLIENT
- Installing eDirectory 8.8 SP5 Patch 4 breaks iManager and IDM  (Bug 612271) (TID 7006240)

INSTRUMENTATION
- User object class not being displayed in the event data (Bug 605152)
- The user name is not being displayed in subject of a logout event (Bug 573801)

________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 Patch 4 (20504.13)
DS\NDSD:
- Obituaries not processing on 64 bit eDirectory servers.  (Bug 566160)
- Server crashes while updating security equivalences to users  (Bug 594799)
- After upgrade to eDirectory 8.8.5 Patch 3, rbs role assignment doesn't work due to missing "Security Equal" reference to the role.  (Bug 587950)
- When a user get a "equivalenttome" for a group a corresponding "security equals" was not created.  (Bug 585070)
- Ex-ref servers core backlinking after a partition root is renamed.  (Bug 581877)
- Security vulnerability - NDSD cores when passed a bad verb.  (ZDI-CAN-477)  (Bug 571244)
- Enhancement to remove partition boundries (LDAP access to ancestorID) from DSFW search operations.  (Bug 570274)
- Ndsrepair opening and closing the database twice due to mishandling of the file timestamps.  (Bug 241501)
NLDAP:
- Bluecoat Agent causes DSLOADER memory growth  (Bug 595828)
- LDAP server was returning a "Unwilling to perform" error when DSFW performed rpc calls with the sort control set.  (Bug 591392)
- Bluecoat agent crashing due to the internal type address populated with a length of 0.  (Bug 589787)
- Complex filters not handled properly using the SLAPI plugin.  (Bug 578666)
- LDAP searches cannot distinguish between underscores and spaces - New SLAPI enhancement  (Bug 206379/429201/568768)
- LDAP searches only returning data that public has access to.  (Bug 525932)
NDSREPAIR\DSREPAIR:
- Enhancement:  To track -618s due to an invalid object reference added a switch to check all objects referenced by that attribute and purge if need be.  (Bug 490647)
iMonitor:
- Problems authenticating with the sadmin user using a ndspassstore generated password.  (Bug 566651)

DHOST:
- Security Vulnerability - eDirectory buffer overflow  (CVE-2009-4653) (Bug 588883)

HTTPSTK:
- Security Vulnerability - eDirectory DHOST Predictable Session Cookie  (Bug 586854)

Patch Installer:
- Patch installer would fail on Linux if the patch was on read-only media.  (Bug 582538)
- Patch installer on RedHat 5.1 failing with a syntax error.  (Bug 576030/570489)
- Solaris: Patch installer fails while installing NOVLembox into a Solaris zone.  (Bug 569043)
- Duplicate files laid down on NetWare.  (Bug 542561)

Instrumentation:
- Instumentation is reporting change password event twice.  (Bug 536175)
- If an add or delete value audit event is generated for an attribute of PATH syntax, the path component is truncated after the first character.  (Bug 527690/507887)

Other:
- Windows: SAL - Dhost crashing in NCP_ScanOldObjects.  (Bug 558433)
- Ndspassstore echoing password in clear text on screen.  (Bug 540674)
- NDS Portability SAL - server cores if number of attributes to be indexed were more than the max allowed (10).  (Bug 530714)
- Ndscheck only reporting up to 11 servers in a ring due to an insufficient buffer size.  (Bug 503523)

________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 Patch 3 (20503.15)
DS\NDSD:
- On DSFW searches were crossing the partition boundry  (Bug 559787)
- New replica add is transitioning to a on state and missing subordinate objects  (Bug 534832)
- Adding octet list data through LDAP results in a core  (Bug 534249)
- Large operations on group membership using Jclient/dclient causes port usage build-up  (Bug 531313)
- Core in NDSD during startup while querying SLP information  (Bug 531019)
- Synchronizing an object with an octet string attribute followed by a stream attribute larger than 64K results in Error: -641  (Bug 530279)
- Memory overwrite when handling an add value SNMP event causes core  (Bug 528062)
- Paged result control returns incorrect results on a base search with filter objectclass=user  (Bug 524010)
- Synchronization slowed due to database lock help by SLP advertizing  (Bug 208708)

NLDAP:
- String case compare prevented [Inheritance Mask] from being displayed on search  (Bug 545126)
- Memory overwrite caused core in FreeNDSReferralList  (Bug 544781)
- Attribute size returned improperly as -1  (Bug 542834)
- NLDAP did not first try to resolve its server information locally on startup  (Bug 538752)
- Some searches failing with Error: -253 and -625 due to double free  (Bug 521755/470944)
- Paged Search Control does not respect Server side size limit restrictions  (Bug 515907)
- Core and Hang due to deadlock when Bluecoat is monitoring events  (Bug 514433)
- LDAP bind to secure port (ldaps) with SASL GSSAPI fails  (Bug 506279)
- Persistent Search does not generate events for referenced objects on delete events  (Bug 502981)

NDSREPAIR\DSREPAIR:
- We no longer lock the database on every repair  (Bug 548958)

NDSCONSOLE:
- Windows:  NDSConsole remains empty with multiple ip addresses but NCP is bound to only one  (Bug 496888)

HTTPSTK:
- Windows:  traffic thrown on port 8028 drives dhost into high utilization  (Bug 537717)

DSTRACE\NDSTRACE:
- Syntax and attribute data reversed in dstrace output  (Bug 531892)

IMONITOR:
- NDSD dumping core when performing a validate entry on the partiton object  (Bug 549540)
- Accessing iMonitor summary page results in NDSD quickly climbing in memory usage and high utilization (Bug 529692)
- iMonitor schema pages randomly display -732 errors due to request going as public  (Bug 511640)

LDIF2DIB:
- LDIF2DIB is not properly handling special, delimiter and escape characters in a ldif file  (Bug 524120)

EMBOX:
- Security Vulnerability: embox SOAP request causes eDirectory to core  [ZDI-CAN-440]  (Bug 548503)

INSTALL:
- NetWare: The 8.8 SP5 Patch 2 install was writing incorrect data to the products.dat file [EDIR_IR=8.5.%MARK]  (Bug 557288)
- 8.8 SP5 Patch 2 install would abort due to incorrect version comparision install.conf  (Bug 556774)
- Shared library error running ndsconfig due to ldconfig not being run after autostart  (Bug 537571)
- Error: -634 (no referrals) during SecretStore configuration  (Bug 534991)
- Windows: Installation on 64 bit Windows 2008 SP1 is failing with "launch.exe has stopped working"  (Bug 529845)
- Old SAS rpm not properly being uninstalled resulting in TCP and TLS ports not listening  (Bug 520123)
- 8.8 SP5 FTF1 install failing during version check requiring a forced install  (Bug 520108)

NDS PASSTORE:
- Resolved issue where SAdmin was allowed to login with a null password  (Bug 556624)
- Problems with sadmin authentication after ndspassstore password set (Bug 535559)
(NOTE: this is still an issue on the Solaris platform)
- Ndspasstore utility was not includedin OES2 SP2  (Bug 532719)
- Incorrect compare on password length  (Bug 527851)

MIGRATION:
- ID Transfer was emptying the nds.conf and if aborted original entries were not restored  (Bug 545582)

Other:
- Windows 2008 R2 now supported  (Bug 551017)
- Resolved:  Access Manager would fail on shared secrets when the external datastore is eDirectory 8.8 SP5 64 bit and Secret Store is enabled.

________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 Patch 2 (20502.05)
(Note: the binary of the version in the patch channel still shows (20501.00)
DS\NDSD:
- Win: Dhost crashing on Windows 2008 R2 while uploading user through ice  (Bug 540188)
- Ndsd script fails if nds.conf has duplicate lines  (Bug 415092)
- Nssmu returns a -676 when multiple nics are installed  (Bug 226615)

NLDAP:
- OES-DSfW: Auditing now provides pid, uid and gid numbers of the process that made LDAPI request  (Bug 510901)
- OES: LUM configuration running namconfig add results in a core dump in NLDAP module  (Bug 488237)
- Ldap_get_effective_priviledges_list extension missing on upgrade  (Bug 493527)

DHOST
- Security Vulnerability: Heap Overflow in dhost.exe  (Bug 524344)

NCPSERVER
- NSL hangs after creating new application credentials  (Bug 481856)

NDSCONFIG
- OES - Migration: Ndsconfig taking the hosts name and using this for server name if -m is used but -S parameter is not used (Bug 532611)
(See migration issue below)

HTTPSTK
- Windows cross-site scripting vulnerability fixed  (Bug 544859) (SECUNIA ADVISORY ID: SA36930)

IMONITOR
- Core when accessing /nds/summary/ page when treename is close to character limit of 32  (Bug 531468)

SECRET STORE
- Loading and unloading the nldap modules results in the ldap server not listening on port 389  (Bug 411806)
(Note: this fix did not make it into the AIX build)
- New value for sssActiveServerList gets added each time server reboots  (Bug 476308)

DSBK
- Dsbk on NetWare opening a new screen which must be closed affecting scripting of the utility  (Bug 544427)

TSANDS
- Xplat: Root was being returned as .T=TREENAME instead of .TREENAME breaking backup products  (Bug 543471\530159)

INSTALL
- NW: Patch install laying down duplicate files  (Bug 542561)
- 'missing LSB tags' warning message while installing other packages.  (Bug 495807)
(Pre-scripts are now copied from /etc/init.d to /opt/novell/eDirectory/sbin/)

MIGRATION
- Stream files not properly migrated  (Bug 512609)
- Migedir fails to execute DIB backup if the source server has NCP over UDP disabled  (Bug 489211\479573)
- Support for older versions of eDirectory  (Bug 479047)
- Id transfer getting Error: -634 during SAS configuration  (Bug 482640)
- DSI for 64 bit fixes not retrying SAS configuration if it fails  (Bug 477423)
- The transfer id migration is not resetting the migration if the tool is not closed between projects resulting in host name and LUM errors.  (Bug 536336) (TID 7004358)
- Cannot write to /etc directory due to problems with transfer id migrating the hosts file (Bug 537454)
- Error 0xfffdffb2 after the file synch operation going from a NetWare compressed volume to Linux uncompressed file system  (Bug 532825)
- Additional source NetWare and eDirectory version support (NW51Sp8, NW65SP5 and eDir 862, 871, 873 and 88)  (Bug 516812/428669)

DS SDK
- OES: if the nds.conf has been moved and their are multiple nics nssAdminInstall fails with Error: -634  (Bug 479536)

LDAP SDK
- Windows: SSL functionalities not working in C LDAP (ssleay32.dll not found errors)  (Bug 550299)
- LDAP modify not reporting an error for malformed ldif file  (Bug 124443)
- Clicking on anything other than NSL login prompt on Vista results in password window disappearing and system does not respond  (Bug 302027/305290)

IMGR PLUGINS:
- Keytab file not getting deleted after creating a new principal  (Bug 481359)
- Kerberos plugin fails to create LDAP service principal if realm name is specified as part of prinicipal name  (Bug 481722)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 FTF1 (20501.00)
DS\NDSD:
- Moving dynamic group breaks the result set (Bug 495129)
- When there are many objects in a container iManager is very slow to display them (Bug 497659)
- eDirectory will no longer stale connections if running on OES - hang condition (Bug 493121)
- Clients wait endlessly for a response from the server due to no reply from fragger - hang condition (Bug 492268)
- Searching for users in iManager takes a very long time to return them (Bug 426644)
- Error: -719 Invalid value handle being returned when validating an entry (Bug 500676)
- Coring when ShouldYieldNameBaseLock is called without a lock (Bug 508698)
- Ndsd cores on 64 bit platform when predicate statistics is enabled (Bug 506033)
- ACL performance degraded when performing LDAP searches with objectclass=* (Bug 505576)
- n4u.server.log-file parameter not observed when determining message logging (Bug 507813)
- NSL Schema Extension tool giving Error: -789 modifying inetOrgPerson objectclass (Bug 513827)
- Segmentation fault inputing non-integer when ldapconfig get asks for instance number (Bug 514234)
- RefreshBinderyContext not getting kicked off when setting bindery context in ndstrace (Bug 518761)
- n4u.nds.bindery-context parameter not being observed. Only the server's context is used (Bug 518484)
- DClient unable to read nds.conf when relocated (Bug 509866)
- If two NIC cards configured DDCGetDefaultAddress API is not returning the correct address (Bug 509866)
- Error: -625 returned when installing OES2 if NCP Packet Signature is set to 2 (Bug 340798)
- NSS failing to receive FQDN change event when object is moved or renamed (Bug 507345)
- Dclient fix to prevent novell-cifs from crashing or stopping (Bug 508138\501356\504016)
- DSFW: No ADC can be installed. ADPH throws -6090 error (Bug 516442)
- _ndsdb.ini no longer requires extra cr/lf to correctly parse last line (Bug 519968)
NLDAP:
- Core when regestered for search event and attribute not attribute value is returned (Bug 497452)
- After upgrading to 885, LDAP cores ndsd in Linux (stricmp) - abends on NetWare (ndsevtMonitorEventsHandler) (Bug 513041)
- 64 Bit core when event monitoring is enabled and DSExpert subscibes to skulk events (Bug 512589)
- Ndsd hangs if there is an invalid base DN (Bug 503350)
- NDSD cores due to symbol conflict (Bug 515056)
- NetWare: server cores in the ndsevteventshandler when a high rate of events are generated (Bug 520174)
DSREPAIR:
- " -sw " switch added to verify references on all objects with a particular attribute (Bug 490647)
- Ndo backup files are now created more frequently (Bug 485116)
- " -sx " switch now timestamps and marks attribute non-present (Bug 500430)
- " -sd " switch now available on Linux (Bug 500431)

NCPENGINE:
- OES SLP: The bindery.novell service for cluster resources are not getting refreshed prior to the lifespan timeout (Bug 505217)
- OES: High utilization due to deadlock (Bug 497701)
IMONITOR:
- Not populating the replica number and replica state correctly when viewing the schema root object on 64 bit plat (Bug 497943)
- 64 Bit diagnostic logger gives inconsistent behavior (coring/header values missing) (Bug 519371)

DHOSTCON:
- When loading dhostcon on Windows 2008 with eDirectory 885 64 bit installed the utility reports that dclient.dll is not available.  (Bug 505639)

OES MIGRATION:
- When a project is stopped and later continued trustee modifications made to the source are not applied to the target (Bug 503785)
- Transfer ID not possible when target server is located under OU's with extended character names (Bug 485072)
- Migedir needs to check for supported eDirectory versions (Bug 428669)
- Migedir failed to execute a dib backup if the source has NCP over UDP disabled (Bug 489211)

LDIF2DIB:
- Ldif2dib not updating parent/sibling records correctly resulting in corruption (Bug 526779)

ICE:
- Ice incorrectly interprets a result code of ' 0 ' as an error and sends error code ' 80 ' (Bug 508096)

PLUGINS:
- ICE not correctly parsing the DS_PUBLIC_READ flag for an attribute when extending schema (Bug 481334)

NDSPATH:
- Conditional check added so interactive message is not generated if placed in /root/.bashrc or profile files (Bug 507130)

BUILDS:- Modules and utilities' versions were not correctly incremented (Bug 503781)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 (20219.15)
NMAS 3.3.2
NMAS Methods 2.8.2.0 (Security Services Bundle 2.0.9)
NTLS 2.0.5
PKI 3.3.3
NICI 2.7.6

DS\NDSD:
- Potential crash and replies ignored to ncpengine due to bad parameter passed on 64 bit eDirectory (Bug 493124)
- Re-evaluation of entitlements returns invalid information and is inconsistent (Bug 419539)
- Write out the current transaction id in eDirectory and repair log (Bug 476432/470937)
- Ndsd cores in unload code path when utilities such as ndsrepair are unloaded " RemoveFromWorkQueue " (Bug 293386)
- LDAP persistent search should not report events for objects a server does not hold (Bug 211999)
- Option to open ndsd with corrupted/lost RFL files (Bug 386748)
- Nested Groups are not disabled when nestedConfig is set to 1 (Bug 433529)
- Error: Ignoring request to overwrite future value from entry, time not synchronized (-659) (Bug 456076)
- Intruder lockout behavior change to match eDir 8.7.3: when lockout time is set to 0 account stays locked (Bug 449224)
- Ndsd now cleans up old FRS files upon starting (Bug 426219)
- On 64 bit eDirectory with a preallocated cache of 7GB LDAP is not listening on its ports after a restart (Bug 395134)
- Security Vulnerability: Malformed bind LDAP packet causes eDir crash (Bug 492692)
- Shutting down eDirectory via the ndsd script leads to a hang and high utilization (Bug 465309)
- Security Vulnerability: LDAP causes ndsd to core when using multiple wild-cards '.' in RDN (Bug 458504)
- eDirectory is not obeying the value in n4u.nds.advertise-life-time when calculating when to perform SLP re-registration (Bug 458171)
- Server hang\unresponsiveness due to a deadlock condition for EventTableMutex (Bug 473956)
- DS\NDSD abends after appling 8.8 SP4.  Functions: DSuniicmp CheckServerDBLanguage (Bug 448299)
LDAP:
- Invalid "Ignored duplicate LDAP attr" messages in dstrace when refreshing the LDAP server (Bug 434935)
- Ldapconfig does not return correct bind restriction description for non-zero values (Bug 420243)
- Installation not creating secondary LDAP mappings for certificate revocation list attributes (Bug 411025)
- Network address restrictions now apply during to LDAP logins when NDSD_TRY_NMASLOGIN_FIRST = true (Bug 138797/349397)
- Intruder detection now reflects attempted LDAP bind addess when NDSD_TRY_NMASLOGIN_FIRST = true (Bug 138797)
- Doublefree causing NDSD to core (Bug 431770)
- Memory leak fix (Bug 431770)
- On a LDAP bind the intruder lockout address is not correctly showing on a user object (Bug 158719)
- LDAP now continues to server LDAP requests while the ancestor ID population operation completes after an upgrade (Bug 477053)
- Ndsd cores when deleting via an ldif file an object that does not exist (Bug 434728)
- Ndsd cores in when printing in dstrace strings longer than 1024 characters (Bug 399188)
- Memory Corruption fix: Ndsd cores in LDAP when a Bluecoat appliance monitors events (Bug 344893/427322)
- Memory Corruption fix: NLDAP abends when using iManager 2.7 to administer NSL (Bug 431670)
- Getting inconsistent/different number of results from the same LDAP query (Bug 455750)
- LDAP client aborts search but search continues on the server (Bug 431502)
- LDAP now returns queries based on structuralObjectClass (Bug 486098)
- eDirectory 64 bit LDAP cores ndsd in CCS_InjectKey function (Bug 474577)
- LDAP cores ndsd mmc is used to delete more than 50 objects (Bug 443689)

DSREPAIR:
- Dsrepair on Windows now also uses SLP when repairing network addresses (Bug 327446)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- Repair now fixes invalid destination ID's (moveDestID) causing -618 errors in the obituary report (Bug 468225)
- Segmentation fault due to # before comment in nds.conf (Bug 459873)

NCPENGINE:
- Windows Server logins failing and server -625 errors in trace due to connection number no longer associated to client (Bug 366087) (TID 7000041)

NDSCONFIG:
- Ndsmanage and ndsconfig should not just use the server hostname as the ncp server name and should check to ensure they are unique for multi-instances (Bug 385792)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- eDirectory upgrade replacing existing LDAP certificates (Bug 470459)
- Now detects whether it is being run under OES and returns user to the command prompt (Bug 460252)
(NOTE: The " -x " parameter can override the behavior.  This can be dangerous as OES services can be broken after using ndsconfig or ndsmanage when adding or removin) eDirectory from an OES server!)

NDSSTAT:
- Segmentation fault due to # before comment in nds.conf (Bug 459873)
- " Ndsstat -s " is not filtering out cluster objects resulting in long delays and high utilization (Bug 488167)

NDSMANAGE:
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- Now detects whether it is being run under OES and returns user to the command prompt (Bug 460252)
(NOTE: The " -x " parameter can override the behaviour.  This can be dangerous as OES services can be broken after using ndsconfig or ndsmanage when adding or removin) eDirectory from an OES server!)

IMONITOR:
- Localization fixes (Bug 346614/450485)
- When making agent changes in iMonitor login update was being disabled (Bug 417104)
- Security vulnerability in iMonitor: Accept-Language Buffer Overflow (Bug 484007/446342)
- iMonitor not displaying gifs and icons correctly (Bug 464204/457373)
- iMonitor displays incorrect data when clicking on an error in the error index (Bug 458195)
- iMonitor health screen reports that the "Local Replica issued future time" is not healthy when in the proper range (Bug 475686)
- OES2 sp1 64bit box cores in iMonitor with event tracing turned on in dstrace (Bug 482586)

INSTALL:
- Permission changes on eDirectory directory for Windows platform (Bug 330498)
- Channel updates for eDirectory are now cumulative (Bug 448493)
- Installation on Windows fails with a PKI error if binaries and dib file directory are on different drives (Bug 366960)
- eDirectory installation fails on RHEL 5.3 with error, Unable to install (Bug 476368)
- Ndsconfig reporting there is a missing library due to library path missing (Bug 462461)
- Incorrect 64 bit library paths in novell-NDSbase.conf (Bug 459280)
- Install now checks for supported platforms (Bug 428664)
- Error: " NMAS login method could not be created -663 " during installation because dib was locked (Bug 409211)
- All instances are now brought down after the health check when upgrading (Bug 409123)
- OES Upgrade fails after first entering an incorrect password even if correct one is entered - ifolder errors (Bug 327332/386901)

NDSCONSOLE:
- Clearing a connection in NDSConsole terminates the utility (Bug 441854)

SNMP:
- Ndssnmpsa fails to start with error, Unable to load library: libnetsnmp.so.5 (Bug 481041/481353)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)

IMANAGER PLUGINS:
- Localization fixes (Bug 395575)

NDSAUTOTRACE:
- Ndsautotrace ported from eDirectory 8.7.3 to 8.8 SP5 (Bug 4576940)

LDIF2DIB:
- Ldif2dib errors wirth error "Directory Full (-153)" or " no alloc space error " when uploading users with ldif2dib (Bug 335112/154628/485496/161234)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)

DSBK\eMBox:
- Added the " -e " NICI backup\restore functionality back to the utilities (Bug 176623\426046)
- eMBox causing dhost to crash on Windows if dhost is restarted multiple times (Bug 408240)

NDSPATH:
- NDSPath script not exporting the path for non-root installations when run under certain directories (Bug 162441)

ICE:
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- Ndsd cores when uploading via LDAP users with base64 encoded passwords (Bug 416690)
- Error: " too many templates items " returned when exporting via ICE an object with more than 128 characters in dn (Bug 468841)

OTHER:
- Ndsd coring with Platform Agent loaded (Bug 455711)
- Dhost iConsole is displaying the text " trial version " when reporting eDirectory version (Bug 427186)
- Novell-getcore script updated (Bug 464551)
- Jclnt missing in OES and other platforms causing problems in IDM (Bug 449042)
- Httpstk server's cipher usage now configurable (Bug 434764)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP4 FTF1 (20217.07)

DS\NDSD:
- Inconsistent returns from LDAP due to FLAIM reuse of frs file (Bug 455750)
- IDM 3.6 Role based entitlements returning inconsistent results (Bug 419539)
- Intruder lockout reset interval of 0 now locks account indefinately via LDAP access (Bug 449224)
- Custom location has errors writing to log due to an incorrect location for log file (Bug 343753)
- Error: time not synchronized (-659) during a timestamp collision seen in an IDM environment (Bug 456076)
- NDSD cores when using ICE with a LDIF file using LBURP (Bug 434728)
- Added trace messages to improve the ability to track the external reference server creating the unknown object (Bug 459276)
- NDSD cores when binding via LDAP as a user with multiple '.' in the RDN.  When RDNs exceed the maximum length error: ERR_ILLEGAL_DS_NAME will be displayed (Bug 458504)
- Shutting down eDirectory via the ndsd script leads to a hang and high utilization (Bug 465309)
- NDSD cores in FLAIM while executing DSAIteratorsearch due to null pointer (Bug 393474)
NTLS:
- Enabling priority synchronization leads to memory fragmentation (Bug 431489)
LDAP:
- LDAP cores NDSD due to reuse of TLS socket (Bug 431783)
- When a LDAP search connection terminates the search the search request stops as well (Bug 431502)
- NLDAP abends after upgrading to eDir 88 when using a Bluecoat monitoring appliance (Bug 344893/427322)
- NDSD cores while performing a LDAP trace in which a query is greater than 1024 characters (Bug 399188)
- NDSD cores when using ICE to import users with base64 encoded passwords (Bug 416690)
IMONITOR:
- Localization fixes for iMonitor (Bug 450485)
- When changing database cache settings in iMonitor it also re-enables login update settings (Bug 417104)
- Security Vulnerability: Accept-Language Buffer Overflow (Bug 446342)
_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP4 (20217.06)
NOTE: this version was released for only NetWare 6.5 SP8 and OES 2 SP1.
NMAS 3.3.1
NMAS Methods 2.8.1.0

NDS:
- Network Address concurrency fix:  the port is no longer added to the network address value for a user object (Bug 403301)
- NDSD cored in ID-swap during migration due to empty line in ndsconfig get for server interfaces return (Bug 417311)
- Error: -672 adding members to a RBS role during RBS configuration (Bug 412890)
- Browsing a container holding 7000 objects with ConsoleOne would cause the server to go into high utilization  (Bug 403278)
- Ndsd start-up script incorrectly determining the log directory when a custom location is used (Bug 343753)
- LDAP concurrency is now tracked the same for NetWare and Linux (Bug 301437)
- FLAIM fix for DSfW ndsrepair -R hanging (Bug 288843)

DSREPAIR:
- Dsrepair gives error NCP Server object: it does not have a Public Key on cluster objects (Bug 427317)
- Errors when checking volume objects when cluster objects are present (Bug 264544)

LDAP:
- Memory leak in LDAP server (Bug 434862)
- NDSD cores and memory buildup due to auditing LDAP events (Bug 394957)
- Memory buildup due to incorrect iterator being destroyed (Bug 296389)
- LDAP add performance significantly improved (Bug 243774)

IMONITOR:
- NDSD cores when directly accessing an entry in iMonitor (Bug 444943)
- iMonitor now only allows Medium and High ciphers (Bug 412286)

MIGRATION:
- ID Transfer migration fails with non-replica source (Bug 439921)
- eDirectory migration to OES using command line tools: Migndscheck error integer expression expected (Bug 391935)
- eDirectory migration to OES using command line tools: Migndscheck error unary expression expected (Bug 391934)
- eDirectory migration to OES using command line tools: Error: -626. Remove dependency for dib (Bug 391935)
- eDirectory migration to OES using command line tools: Log files going into wrong directory (Bug 391935)

INSTALL:
- Install with IDM 3.5.1 fails.  nds-install.log shows: cannot create /opt/novell/eDirectory/lib/libjclnt.so: File exists
 (Bug 421299)
- Install now appends to the previous install log (Bug 390950)
- Channel now correctly shuts down ndsd during update (Bug 154431)

IMANAGER PLUGINS:
- Creating a new LDAP group gives it an incorrect ldapconfigversion, version 9 instead of 10 (Bug 417578)
- ICE plug-in gives a System Error when including attributes to export (Bug 412045)
- LDAP plug-in reverts back to Dreference Alias back to true on refresh (Bug 411873)
- LDAP LDAPXS extension info is now added to a new LDAP server on creation (Bug 408602)
- Translation fixes (Bug 305175) (Bug 303696) (Bug 158982)
- Error message not correctly being displayed when created a SNMP group (Bug 137351)

NDSBACKUP:
- Object now gets auxClassCompatibility flags added on restore (Bug 416052)
- Entry MTS is now timestamped and object class re-added on restore (bug 307559)

DSTRACE:
- Ndstrace no longer goes into high when loading it via script with -l option (Bug 408004)
- Ndstrace --version now returns the correct version (Bug 329707)
NDSSTAT:
- Ndstat --version now returns the correct version (Bug 329707)
NDSSCH:
- now prompts again on incorrect password entry before failing on schema extension during IDM install (Bug 392326)

NDSLOGIN:
- OES specific:  ndslogin does not immediately return an error if user's fqn is incorrect (Bug 371653)
DCLIENT\JCLIENT:
- NetWare: Error: -222 when setting a password rather than the specific JCLIENT reason code for why password does not meet policy (Bug 354721) (See also Bug 217901)
- Custom schema attributes' OID's cannot be changed other than with ndsconfig (Bug 354720)(Bug 300977)(Bug 285829)(Bug 145729) (TID 3220775)
- Attributes cannot be removed from Auxiliary classes (Bug 145727) (TID 3220775)
ICE:
- ICE now logs path of ldif file and command used to its log file (Bug 164690)
TSANDS:
- Was attempting to cache entire dib before backup (Bug 142381)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP3 FTF3 (20216.89)
NDS:
- Inconsistent returns from LDAP due to FLAIM reuse of frs file (Bug 455750)
- IDM 3.6 Role based entitlements returning inconsistent results (Bug 419539)
- Intruder lockout reset interval of 0 now locks account indefinitely via LDAP access (Bug 449224)
- Custom location has errors writing to log due to an incorrect location for log file (Bug 343753)
- Error: time not synchronized (-659) during a time-stamp collision seen in an IDM environment (Bug 456076)
- NDSD cores when using ICE with a LDIF file using LBURP (Bug 434728)
- Added trace messages to improve the ability to track the external reference server creating the unknown object (Bug 459276)
- NDSD cores when binding via LDAP as a user with multiple '.' in the RDN.  When RDNs exceed the maximum length error: ERR_ILLEGAL_DS_NAME will be displayed (Bug 458504)
- Memory corruption issue (Bug 413580)
- Shutting down eDirectory via the ndsd script leads to a hang and high utilization (Bug 465309)
- NDSD cores in FLAIM while executing DSAIteratorsearch due to null pointer (Bug 393474)

DSREPAIR:
- Error "-618" inconsistent database due to buildup of transaction id's (Bug 437795)

NTLS:
- Enabling priority synchronization leads to memory fragmentation (Bug 431489)

LDAP:
- LDAP cores NDSD due to reuse of TLS socket (Bug 431783)
- When a LDAP search connection terminates the search the search request stops as well (Bug 431502)
- NLDAP abends after upgrading to eDir 88 when using a Bluecoat monitoring appliance (Bug 344893/427322)
- NDSD cores while performing a LDAP trace in which a query is greater than 1024 characters (Bug 399188)
- NDSD cores when using ICE to import users with base64 encoded passwords (Bug 416690)
IMONITOR:
- Localization fixes for iMonitor (Bug 450485)
- When changing database cache settings in iMonitor it also re-enables login update settings (Bug 417104)
OTHER:
- eDir install using rpm fails due to 64 bit module dependencies on 32 bit NICI (Bug 467858\470594\470984\470596)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP3 FTF2 (20216.87)
NDS
- Browsing a container holding 7000 objects with ConsoleOne would cause the server to go into high utilization  (Bug 403278)
- ConsoleOne not showing all objects and an additional sorting fix  (Bug 410976)
- Mutex fix to resolve unresponsiveness  (Bug 414846)
- Installation hangs at LUM configuration - mutex deadlock fix in FLAIM (Bug 417236)
- Server core trying to free an uninitialized value  (Bug 417619)
- Security Vulnerability - Resolved issue where a NCP heap overflow vulnerability existed.  (ZDI-CAN-335) (Bug 396819)
- Nested groups not disabled when setting their nestedConfig value to 1  (Bug 433529)
- NetWare abends when setting the NDS Bindery Mask in Monitor - missing msg file  (Bug 411021)
(NOTE: The Description field still shows <<< BAD MESSAGE >>> when setting via the set command)
- Core when running ndstrace and the ndstrace.cfg file is corrupt (Bug 403864)
- Core when running " ndsindex -W "- updated CLDAP SDK (Bug 349954)
- Core when auditing monitored events  (Bug 411425)

DSLOADER
- Invalid time value output in dstrace (Bug 415269)

LDAP
- UNIX - Server with login disabled causes intruder count to increase resulting in LDAP client lockout  (Bug 288797)
- LDAP server failing with duplicate context -625 errors  (Bug 420389)
- LDAP not rpc compliant for anonymous search request (Bug 412766)

DSREPAIR
- WIN32 - Dhost crashes on Windows when running repair (Bug 374744)

DHOST
- NTLS dumps on Windows (Bug 413022)

DSTRACE
- Invalid error codes in dstrace  (Bug 426349)

SAL
-UNIX - IDM engine stops when IDM driver is restarted (Bug 406016)

NDSBACKUP
 - Ndsbackup not adding the auxClassCompatibility flag and not time-stamping entries  (Bug 307559)

INSTALL - After upgrading eDirectory the message, " Background Object Upgrade " [FERR_OLD_VIEW] would never complete  (Bug 411721)
_________________________________________________________________________________________________________________

Issues resolved in eDirectory 8.8 SP3 Instrumentation Fix  (Also considered 8.8 SP3 FTF1)
(This only contains a cross platform Audit eDir Agent 8.08.03)
All Platforms:
- Resolves an issue where eDirectory login and logout events were not being properly tracked within Sentinel. (Bug 380814)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP3 (20216.83)
NMAS 3.3.0 (Security Bundle 2.0.7)
NMAS Methods 2.8.0.0
NDS
- Heap overflow vulnerability fix (Bug 396819 396817)
- eDirectory connections buildup (Bug 379559)
- Could not import user with a DN of 250 UTF-8 characters [Japan] (Bug 378635)
- Dstrace now shows a LDAP message that details what LDAP to eDir schema mapping is used when modifying schema (Bug 377121)
- Moving objects can result in stale\inconsistent acl values (Bug 272056\347450)
- Groupmembership query return in LDAP very slow due to nestedgroups code addition (Bug 346181)
- Using nested groups, groupmembership values returned when given name is queried (Bug 336377)
- ICE fails to extend schema if no OID is specified (Bug 376047)
- Linux - Ndsmanage returned "Invalid Selection" when running after su'ing to root.  (Bug 378424/337829)
- Solaris - ndsd cores when setting the NDSD_USE_STDIO parameter to get around the file descriptor limit. (Bug 406009)
- Linux\Unix - made a change to concurrency so that the behavior matches that of NetWare (Bug#406041\369952)  (TID 7001188)
- Windows - security vulnerability due to remote exploitation of memory corruption (Bug 373852)
- Double free core when adding schema via LDAP with no syntax specified (Bug 368323)
- User with supervisor rights to the NCP server object can now monitor events (Bug 359077)
- 10% better performance in reading references during backup (Bug 356413)
- OES install and configure dialog fails when there are multiple instances (Bug 347328)
- Ndsd memory leak when running with IDM 3.5.1 (296747)
- Starting ndsd with rcndsd start -ndb then issuing a rcndsd stop results in a core (Bug 296276)
- ICE with lburp adding container at wrong level in tree (Bug 293273)
-  Limber now clears invalid members from a group (Bug 220868)
- Ndsd install failing with 55555 (Invalid Treename) when tree name was stored in small caps (Bug 215603)
- Cannot read GUID attribute on tree root when LDAP server does not hold a copy of root (Bug 138763)
DSREPAIR\NDSREPAIR
- Cluster objects showing as servers when performing a time synch report (Bug 385838)
- Error -168 returned when running a repair with the rebuild database option (Bug 378136)
- Local database repair and single object repair no longer check references by default (Bug 334627)
- Request schema from tree when local server does not hold root results in a -601 error (Bug 307180)
- Win32 - dhost would crash when running repair and logging out of session while task ran (Bug 297160)
- Running repair with create temp database option set and ndsd starting with the -ndb option hangs (Bug 296276)

LDAP
- Bind performance improvement (Bug 288370)
- Buffer overflow security vulnerability (Bug 373853)
- When replacing the value of an attribute error: -722 (Operational Schema Mismatch) is returned (Bug 335277)
- Querying a single attribute value when multiple values exist all are returned (Bug 365347)
- Persistent search by LUM cores server (Bug 371685\360025)
- Resolved crash on Windows due to memory corruption (Bug 359982)
- Using a wildcard on value searched results in duplicate returns (Bug 357766)

NCPENGINE
- Windows crash in ncpengine (Bug 396576)
- Ncpengine core in GetCLSDataStruct (Bug 372984)

iMonitor
- Reference check is no longer enabled by default [-AG] (Bug 381773)
- Error -5993 returned when symlink is used for the trace file location (Bug 378851)
- Now displays both the ID and DN of the entries in the Ancestor ID list (Bug 339673)
- iMonior displayed a non-present group membership after member is removed from a nested group (Bug 335227)
- Requests serviced from cache is now calculated correctly (Bug 326955)

NDSTRACE
- Ndstrace showed no output with the +pkii flag (Bug 389904)
- Selective partition synch now works as with 873 (Bug 389675)
- "*J" now kicks off the janitor process and "*f" kicks off the flatcleaner
- Ndstrace -c connection count displayed increased from 160 to 1500 (Bug 373480)

ICE
- ICE incorrectly returns that schema is already extended when in fact schema was changed (Bug 376043)
- ICE now inserts a CR followed by a LF on non-Unix platforms (Bug 329515)
- ICE now line wraps at column 76 instead of 77 (Bug 329512)

SNMP
- DSSNMPSA losses connection sending traps - fails with Error: -732 (Bug 403358)
NDSCONFIG - Linux\Unix - ndsconfig can now set n4u.server.mask-port-number back to 1 (Bug 397443)

HTTPSTK
- Cross site scripting vulnerability (Bug 387429)
- Vulnerability fix - Language header heap overflow (Bug 379882)
- Vulnerability fix - content length header heap overflow (Bug 379880)

IMANAGER EDIRECTORY PLUGINS
- Error unable to connect message when importing with ICE (Bug 410171)
- Random mapping deleted when deleting a LDAP attribute mapping (337768)
- ICE export does not allow ordering of attributes when specifying a type of delimited text (Bug 370129)
- When setting to use high ciphers the ldapbindrestrictions is now set to 48 (48= none and cioher_high) (Bug 359754)
- LDAP Options incorrectly expanding sub-entries when clicking on plus sign (Bug 353045)
- ICE plugin failed to import or export data from disk with error code of 236 (Bug 347332)

DIBCLONE
- Dibclone no longer copies the IDM DirXML-ServerKey attribute on the pseudoserver object (364333)

SNMP
- NetWare - sys:\tmp\dssnmpsa_log.tmp consuming all disk space (Bug 363490)

SCRIPTS
- NDSD script - If a core file exists an alert is displayed on startup (Bug 338794)
- NDS-UNINSTALL - printing multiple users for all instances (Bug 291524)
- Ndsconfig upgrade proceeding when wrong password is entered (Bug 171477)

Enhancements:
- ACL Caching (363907)
- LDAP Event Monitoring
- 64 bit SLES version

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 FTF3 (20216.63)
NOTE:  This update was only for OES SP2 and contained only security vulnerability fixes which are listed below.
Security vulnerability: content-Length header heap overflow. (Bug 379880) (CVE-2008-4478) (TID 7000087)

Security vulnerability: dhost accept language header heap overflow.  (Bug 379882) (CVE-2008-4479) (TID 7000086)
Security vulnerability: eDirectory core protocol opcode 0x0F heap overflow. (Bug 396817) (CVE-2008-4478) (TID 7001184)
Security vulnerability: eDirectory core protocol opcode 0x24 heap overflow. (Bug 396819) (CVE-2008-4480) (TID 7001183)
Security vulnerability: remote exploitation of eDirectory NCP memory corruption.  (Bug 373852) (IDEF2996) (TID 7001185)
Security vulnerability: httpstk allows cross site scripting.  (Bug 387429) (CVE-2008-0925) (TID 3460217)
oes2-novell-NDSserv-5626-0
oes2-security-components-5649-0

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 FTF2 (20216.62)
Linux:
- Ndsd shutdown can take 30 seconds or more. (Bug#333244 TID#7000304)
- LDAP server stores the port number in the Network Address attribute which is breaking the "limit concurrent connection" feature. (Bug#364902)
- Ndsd core due to memory corruption with long RDN. (Bug#360025)
- Crash on createField$FlmRecord. (Bug 358919)
- LDAP query returns duplicate objects after object rename. (Bug#340156 TID#3766486)
- Security Vulnerability: LDAP buffer overflow. (Bugzilla#373853 TID#3843876)
- Running ndsrepair -R -l yes results in a message, A database rebuild required. (Bug#334627
- Error -55555 (sb -630) returned on RedHat server when using ndsconfig -p and treename was stored with lowercase.
- Error -625 bad connection due to server destroying a connection without verifying the owner. (Bug#357872 TID#7000041)
Linux/Solaris:
- Drepair -n0 does not remove all network addresses. (Bug#207182)
NetWare:
- Memory leak in NLDAP.NLM when doing searches with alias dereferencing turned on.(Bug#350873 TID#7000303)
- Running dsrepair -rc locks up server due to a lock on a stream file. (Bug#354448 TID#3135150)

Windows:
- Dhost crashes when logging off while repair window is open. (Bug#297160 TID#3594113)
- DHOST crashes when binding with unicode password. (Bug#359982 TID#3653724)
- Provide a configuration option to allow admins to keep the port # on network addresses. (Bug#369952)

Solaris:
- Remove the fix priority scheduling for Solaris. (Bug#385601)

Xplat:
- Objects can become unknown after partition and delete operations. (Bug#354165)
- Cross Site Scripting vulnerability in iMonitor. (Bug#353004 TID#3460217)
- LDAPS allows ssl2 when ldap bind restriction is set to HIGH. (Bug#364036
- LDAP Server now passes objectclass to create event. (Bug#301553)
- Added a permanent configuration parameter to prevent LDAP from expiring user accounts after changing the minimum password length. (Bug#357815 TID#3565677)
- Enable users who have rights on the NCP server object to monitor events. (Bug#359077)
- LDAP does not return any results if the search filter contains a * and this results in making the filter longer than than a sized attribute. (Bug#301811 TID#3648007)
- Added dynamic member query url extension so that dynamic group searches work against filtered replicas. (Bug#306741)
- Inconsistent flaim block size reported by iMonitor when under load. (Bug#329091)
- Security Vulnerability: Oversized DN Stack Overflow. (Bug#306096/378635)
- Ndsrepair would fail when running repair with the rebuild entire database option. Error: -168. (Bug#378136)
- Security vulnerability: Integer overflow stack corruption. (Bug#368832 TID#3694858)
- Clients using contextless login were unable to login during peak login time. (Bug#357473 TID#3779031)
- 785 error when running repair. (Bug#291853)
- Ndsd cores when accessing iMonitor due to incorrect url parsing. (Bug#356840 TID#3313071)
- Added 873 memory overflow check code.
- NLDAP memory leak with duplicate referrals and a rootDSE search is run. (Bug#265992)
- Memory leak in NLDAP and limber. (Bug#367596)
- Security vulnerability - LDAP buffer overflow. (Bug373853)

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 FTF1 (20216.59)
(OES channel version 20216.60)
Linux:
- Scheduling a repair with iMonitor cores ndsd. (Bug#329802 TID#3682721)
- Ndsd can core under extremely high load. (Bug#328394)
- Ndsd cored due to schema cache thread reuse. (Bug#290318)
- Ndsd cores during eDirectory configuration when coming into the tree as a secondary. (Bug#329207)
- eMbox coring ndsd when running on a multi-processor server. (Bug#327990 TID#3679555)
- LDAP not listening on secure port on secondary if master is down. (Bug#337432)
- DSI: If slp not configured, install fails with 55555, should be -630. (Bug#215603)
Linux\Solaris:
- Multiple object moves could create database inconsistency "-618" - invalid EIDs issue in ACLs. (Bug#272056/347450)
- During OES install, ndsd may core during shutdown. (Bug#326830)

Netware:
- Abend when looking up a bindery object during find next object. (Bug#344056 TID#3107600)

Xplat:
iMonitor returning non-present attributes, deleted groupmembership on nested group. (Bug#335227)
- A few more intruder attempts than the configured limit are allowed before the account is locked. (Bug#309580)
- Merge repair performance improvement (from 881FTF)
- Repair not returning obits during external reference check. (Bug#338569)
- SNMP trap 117 not getting generated on intruder detection. (Bug#332801 TID#3349842)
- Results for Group Membership attribute query are returned as part of Given name. LDAP returning deleted (non-present) values. (Bug#336377/339029)
- Running ndsrepair -T continuously can cause dib corruption. Block checksum errors: -618. (Bug#339721)
- Ice client returning a op schema mismatch -722 error due to 64 bit syntax change. (Bug#335277 TID#3551743)
- Nested groups return nested members even though static value read is set. (Bug#344871)
- LDAP group membership search slow due to nested group change. (Bug#346181 TID#3873373)

AIX:
- Ndsstat -r is unable to list RW replica information (Error: -670) and the product version. (Bug#329228)

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 (20114.29)
Shipped with Security Bundle 2.0.5
DS/NDSD
- Background process interval can now be permanently (873 functionality) unix/linux/netware (251239)
- Change DEFAULT LDAP mappings on CRL attributes so they are more understandable (199595)
- Use SAL instead of perl for disk space check with ndscheck prior to upgrade - NW\Win32 (195923)
- -632 error when installing a new server with 'add' option (166169)
- DIBClone fails with -128/-6014 FLAIM error in stage 3 Unix\Linux (162934)
- Jclient causes core iterating member attribute - Linux\Unix (209965)
- LDAP bulk modify operations fail with error -634 (no referrals) (tcmalloc) (196784)
- FLAIM: ndsrepair reporting reference inconsistency when references exist in FLAIM as non-present (243226)
- Install should not run healthcheck if the server is not running - Linux\Unix(179251)
- Flaim now wraps dib in a password during migration wizard due to different NICI keys (error -6061)(211082)
- Mutex issue: Server hangs during PKI load iterating the HTTP CRL distribution points after being changed to LDAP - NetWare (201331)
- SMI: -646 is returned when deleting a volume object if its host-server attribute value points to itself - All Platforms (231473)
- DIB upgrade to 8.8 Sp1 failing due to existing attribute in FLAIM with no match in NDS (Error: -785 and -618) (203231)
- Abend issue due to corrupted RFL when binding on user object with many network addresses (Error: -785) - NetWare (271667)
- Abend due to free detected a corrupt trailing redzone. Abend due to page fault. (249867)
- -ndb switch added to all non-NetWare platforms (281116)
- Corrupt buffer returning "error: NWDSGetAttrVal fffffecd" when reading references (ERR_BUFFER_EMPTY) in 881 FTF2 (263326)
- Fixed reporting of failed events for rename and remove entry
- Locking change during modify schema - Linux\Unix (194426)
- Abend after -602 error in check references via NWDSReadReferences - All Platforms (187986)
- NDSSDK: no longer return the loopback address for preferred server from /etc/hosts to apps (201847)
- Dclient: LDAP returns the alias object outside of scope specified (222775)
- SMI: Shutdown freezes due to mutex being double locked - Linux\Unix (165259)
- SMI: No longer delete non-reference DN_SYNTAX indexes after upgrade (273084)
- FLAIM: user created member index reports system or operational (267278)
- Ndsstat -r now reports the version of eDir installed on servers that contain a replica of partitions shared with the server on which it is run (175929)
- Dynamic Groups staticmember is now returned after extending schema with dgstatic.sch (191522)
- SMI: Ldapsearch no longer returns non-present values (187140)
- NDSD coring\hanging after applying SSP204 due to missing nici link. (262355)
- FLAIM: Introduced the new ndsd -rdb switch to open a database in conditional mode.  There must be a way to force open a 8.8.x database for disaster recovery (237886)
(NOTE: For more information please refer to TID: 7000006)
- NDSSDK: Segmentation fault during upgrade when there is no @ sign in n4u.server.interfaces (203955)
- SLPSA not re registering with DA prior to lifetime expiration (216834)
- SAL: Greater search scalability due to schema cache and event system changed from RW to mutex - Linux\Unix (145082)
- Greater LDAP bind performance when setting NDSD_TRY_NMASLOGIN_FIRST=true (169576)
- Localization fixes (165781\168246)
- Libumem now the default memory allocator on Solaris (167072)
- eDirectory dump core trying to inspect an IDM driver - Win32 (292895)
- Deletion of a dirxml driver or RBS container does not synch to other servers (201775)
- Dhost dumping core in ntls.dll while freeing ssl connections when encrypted replication is enabled (232136)

DSREPAIR
- Change to dsrepair\ndsrepair to use reference index instead of reference attributes for reference checks (146168)
- Ndsrepair -R -l yes -u yes no option does not show log and prompt to save changes - Linux (286174)
- Error: -150 unable to build reference table when running " dsrepair -ans " - NetWare (173049)
- Now update the attribute of the pseudoserver when performing a destroy selected replica (195052)
- Ndsrepair --version reporting usage not working on Solaris 10 (180168)
- Ndsrepair always reports the log file size is 0 bytes (175630)
- Disk space warning message added when running ndsrepair with -R/-U (174794)
- Localization fixes (155743)

LDAP
- Delete value events not including DN when using LDAP monitor events (196883)
- Support added for paged searches (RFC 2696) (281899)
- When DN is requested no attributes are retrieved - speed same as 1.1 search (189221)
- RFC2307 schema files now formatted correctly (187768)
- Error -641 restoring an object via C# LDAP based restore when it is a large size (191507)
- Memory leak when performing sasl binds with digest-md5 method (280662)
- LDAPSCHEMA.EXE removing UID and userPassWord attributes from the user class (217733)
- Default behavior changed when configuring multiple LDAP port\interfaces - support for ldap urls (208288)
- Nldap -c returns LDAP server down if interface name is used in configuration (218704)

NDSSTAT
- Ndsstat -r does not report the master replica in the ring (278123)

NDSD SCRIPT
- eDirectory is not starting automatically , when guest OS reboot or starts under XEN(197100)
- Ndsd aborts a restart if previous pid exists (172107)
- NDSD script now gives debug output when the env variable DEBUG is set (213212)

ICE
- ICE delimeter handler does not handle multi-valued attributes (196211)

HTTPSTK
- URL vulnerabilities in iMon - Win32\Linux (172109)
- iMonitor does not display any error message on giving wrong login credentials - Linux\Unix\Win32 (164429)
- DOS issue via "Connection:" in HTTP headers (290819)
- No longer allow null password for SAdmin (176629)

IMONITOR
- Ndsimon calls namebase calls without a lock (179275)
- Increase the maximum trace file size to 100MB and maximum number of trace files to 2500 (284607)
- DOS issue via "Connection:" in HTTP headers (290819)
-
Security vulnerability: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure

- Localization fixes (156032)

SNMP
- Ndssnmpsa is not starting in HP-UX (210178)
- LSB compliance moved ndssnmpsa.log to correct directory (176260)
- Ndssnmpsa subagent stops after a random amount of time (195018)
- Change default value of Trap 101 to 5 seconds so that snmp handlers are not overwhelmed by duplicate traps (149385)
- Ndssnmpsa subagent cores with a segmentation fault due to symbols collision (204086)

DSBK
- Changed to report both last and current rfl's in hex (201090)

DSBACKER
- GMT not local time placed in log file (174258)

DSBROWSE
- Attributes of class definitions is now returned in schema tree browse - Win32 (158740)
- Dsbrowse crashes on browsing large containers - Win32 (233502)

DSHOSTCON
- Added to installation package (239738)

LDIF2DIB
- "Unable to open Error Log file" returned when dib is in a custom location (175625)
- Mutex now used to synch dib handle between reader and writer (151774)
- Now reports the elapsed time and adds/sec at the end of the bulkload (157848)
- Ldif2dib screen gets garbled on a long running bulkload (158949/174842)

INSTALL
- Various red carpet build issues resulting in errors during upgrade
- Localization fixes (174242/160047/162814)
- Upgrade breaking IDM and ZEN due to library move (174942)
- Improvements in silent install on NetWare (186973)
- Username and password stored in clear text and left on file system after silent install\upgrade ((176635)
- Client no longer required for silent install of eDirectory - Win32 (197794)
- May now specify an IP address for TREENAME using the silent install (198750)
- Upgrade would hang when RW and master were switched on multi instance server holding both due to healthcheck bypass (171544)
- Windows installation fails with "timed out waiting for dshost.exe to complete its task" on large dib - Win32 (168850)
- Install process shuts down during installation of second server into the tree - Win32 (169623)
- Windows installer failing without SLP - new Master Server parameter included in response.ni - Win32 (291191)
- Dhost still running after uninstalling eDirectory - Win32 (176262)

Other:
NWCONFIG (ships with NetWare 6.5 SP7):
- Silent upgrade failing using traditional volumes where disk space is minimal (183787)
- Ndspath invalid option error - Linux\Unix (232928/193950)
- Mvdib removed from base package (180159)
- ICE: Wizard returns error "failed 1018" when attempting to compare schema files - Win32 (179554)

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP1 FTF2 (20114.29)
Cross Platform
- Deleting a IDM driverset only deletes on one server resulting in an inconsistent database. (201775/215179)
- LDAP returns alias object during search which does not match search criteria. (222775)
Linux\Unix
- LDAP referrals not being populated correctly when listening on a different ip address than that resolved via hostname. (181124)
- Httpstk buffer overflow security vulnerability. (200535)
- Unable to set logical interface name via ndsconfig set command. (206656)
- Ndsconfig set fails on a multihomed server. (206656)
- Core in ldap when running IDM ldap driver set. (173812)
- eDirectory 881 not re-registering with SLP DA. (216834)
- Segmentation fault when upgrading to 881 due to no port specified in conf file - interfaces - ie., n4u.server.interfaces=eth3. (203955)
NetWare
- NetWare locks up when changing the CRL distribution point from HTTP to LDAP. (201331\204016)
- Upgrade to NetWare 6.5 sp6 hangs while attempting to unload PKI
- Nwconfig -dsremove is deleting the server's volume objects when authentication is bypassed. (170014)
NetWare\Win32
- Error ''ERR: NWDSGetObjectName() fffffecd'' and invalid attribute value counts returned from LDAP. (187986\189500)
- CreateBackLink results in a double free abend. (222733) TID 3516466

NetWare\Linux\Unix
- NCPEngine DoS vulnerability. (195510)

Other
Resolved invalid free vulnerability in evtFilteredMonitorEventsRequest. (195523)
Hard-coded attribute IDs were not being correctly mapped from/to FLAIM tag numbers.

___________________________________________________________________________________________________________________Issues resolved in eDirectory 8.8 SP1 FTF1 (20114.28)
DS
- Server: resolved abend issue and errors\inconsistencies when returning
reference and acl values. (187986 and 189500)
- FLAIM: Tests that create many custom attributes, classes and user objects
would return 618 errors. (177366)
- FLAIM: After upgrade to 881 eDir reports errors -785 and -618. (203231)

DHOST:
(NetWare Only)
- Issue where updating NetWare 6.5 to Support Pack 6 would fail if server was
already running 8.8.1.

NLDAP
- We now properly update the LDAP referrals when the ldapinterface attribute is
manually configured. (181124)
- SSL v.2 removed from LDAP cypher support. (182127)
- Fix for monitor event extended request
- Heap Overflow Vulnerability (195511)

HTTPSTK
(Win32 Only)
- Httpstk security vulnerability buffer overflow (200535)

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP1 (20114.24)
Shipped with Security Bundle 2.0.1

138697 Novell SSL Service startup error -5984 on Windows (when the Novell client is not installed)
141013 nds manager on SLES 9 lists the instance and exits without giving options (when root access is obtained by su)
143930 eDirectory 8.8 upgrade using YaST doesn't work according to Novell document. (with dib upgrade failed message)
144992 Edir 8.8 Shouldn't come back with ldap,, iMonitor, embox warnings for local box if I'm not running those services locally (see dscheck.log)
145221 eDir8.8 master server coring repeatedly in a large tree (12+ servers) (due to ncpengine defect)
146175 (Enhancement:)Unattended 88 Netware Install is supported
147136 eDir 8.8 doesn't setup the SYS share required by ZENworks
159800 Silent Install fails during configuration (on Windows 2003)
138737 Multiple Instance Support AIX- The LDAP Clear Text and SSL ports are not coming up i.e not listening for 2nd instances onwards
138696 eDirectory 8.8 NONROOT Installation won't work on Solaris 9 (latest fixes) (when install directory is on a mounted filesystem)
165480 After upgrading from 8738 to 88SP1 ndscheck is dumping core in windows (when locale is Japanese)
138728 Objects sync fails when ER is enabled in an upgraded setup.
145590 Admin configuration of tree may not finish properly, No way of getting it configured afterwords from nds-install script.
149595 ndsd doesn't run by default after eDirectory 8.8 upgrade using YaST.
154224 ndsconfig upgrade should stop ndsd if it is running
176278 if 8737 is configured on non-default port upgrade is failing.
172105 Cross-site scripting vulenrability in HTTPStk
141073 libsal_psr is not being loaded by ndsd on Solaris 10
138678 Core on SOL9: TranslateParsedDN()
138717 HTTP and LDAP should move to latest ntls
138721 SRSCycle3: Memory Buildup while running secured LDAP searches on Multiple Instance Setup.
138722 SRSCycle3: Cert Mutual Bind from 300 clients Dumped core on Linux.
138897 SRS : Average transactions/sec is very low for Solarisin comparison to Linux
139033 Upload is taking long time if the object is having reference attribute.
139077 SRSCycle3: LDAP bind with 5000 clients dumped core.
139171 SRSCycle3: ndsd got hung & Simple password binds are failing with 2000 connections within 5 mins.
140482 After upgrading from 873 IR7 to 88 , 8010 and 8008 ports are not listening in primary
144448 rcndsd doesn't work after eDirectory 8.8 is upgraded on OES Linux SP2 server.
138723 SRSCycle3: Cert Mutual Bind from 300 clients are hanging eDirectory on Solaris.
169030 no need to check if the channel is secure if EA is not enabled.
138690 No way to update the cached data without triggering DRL
138698 Remove the 64K limit on the amount of data that can be cached on Xrefs
136705 iManager is building up connections to eDirectory that are never freed.
138683 After upgrading to eDir 8.8 on OES- SP1-NW6.5, iManager can't login to any other trees.
138684 DSLoader.nlm memory leak.
138679 iChain/eDir 8.8: 403 Forbidden errors using Dynamic Groups for access control
138687 SRS RT1 : Getting insufficient access rights issue when DG members try to perform search
139107 lmbr gives -603 error if the server is having only sub-ref replica of the EA policy partition.
138673 If we have a replica to replica OR replica to all configuration for ER, r ...
132334 Events with EP_JOURNAL and EP_INLINE broken
83100 Adding an alias pointing to its parent fails - vsldap test
138156 Expiring a user's password prevents others from reading that user's attributes
138701 nldap is listening on all interfaces when instances are installed/configured to only use one
139120 /etc/init.d/nldap reports ldap is not'listening' when eDirectory running on non-standard port
157869 NLDAP returns success for adding mandatory attributes to an object class though the attrs are not added as mandatory
159531 Ldap based restore failed on AIX.
170158 Ldap utilities is not working without -p option (i.e we need to mention host details)
151294 Bluelance - no LDAP event EVT_CHANGE_SECURITY_EQUALS from eDir on Linux
151303 Bluelance - no LDAP event EVT_CHGPASS from eDir on Linux
151345 Bluelance - no LDAP event EVT_LOGOUT, EVT_LOGIN from eDir on Linux
151321 Bluelance - no LDAP events for partition/replica operations from eDir on Linux
141186 eDirectory should allow for cache settings of higher than 2 GB
154605 ldif2dib errors out if cache values higher than 1.8 GB is used on Solaris
138694 2 backlinks must be performed in order to get all Security Attrs Cached.
140469 ndsindex is dumping core.
147595 DIB Cloned server's 'Version' attr value is incorrect.
138695 Invoking dsbk dumps core on AIX
138707 NDSRepair causes NDSD daemon to shutdown when repairing specialized test tree
138727 DSRepair on windows not showing the time sync status correctly
138980 When specify instance by IP address, ndsrepair go down with segmentation fault
139063 dsrepair does not remove NMAS cached attributes. Refer DEFECT000414143 for more details
147246 ndsrepair -N fails with -630 in server having 88 in custom location instance
153018 During object checks we should display the no. of objects to be repaired, as well as no. of objects repaired at any given point of time.
138681 Backup from the eMBox client hangs
159356 8.81 build 20060317. eMBox repair will not run. Message reports that it cannot gain access to directory services
167938 eMBox operations leak memory and semaphore handles
176297 User password is displayed in clear text in logger window
138682 Unable to find ice.exe in Windows build of eDirectory 8.8
138732 ice is getting killed after setting LBURP OPERATION TIME OUT period to the max. (9999999)
160150 Security Vulnerability - Buffer Overflow Vulnerability in ndsimon.dlm
138700 core dump in SLES 9 while doing iMonitor operations
138664 Container admin able to do the partial de-configuration with insufficient rights in HP-UX
138670 Installation fails through ls_edir when organization contains a dot in its name
138720 FCS1: http/https parameters shows different values after upgrade.
138738 ndsconfig rm failed to remove the nds.conf file

___________________________________________________________________________________________________________________

Original FCS version of eDirectory 8.8 FCS (20112.92)

 

Change Log

050113 - Hines - updated for 8873.
05 May 2011 Paula Gephart - Added 8.8.5.6 bugs
30 Sept 2009  Cheryl King - Added NSA Logo
2009 Jul 20: Jason Record - Added NSA Status

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3426981
  • Creation Date:17-OCT-07
  • Modified Date:10-JUL-14
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback