History of Issues Resolved in eDirectory 8.8.x

NLDAP:
- Core when regestered for search event and attribute not attribute value is returned (Bug 497452)
- After upgrading to 885, LDAP cores ndsd in Linux (stricmp) - abends on NetWare (ndsevtMonitorEventsHandler) (Bug 513041)
- 64 Bit core when event monitoring is enabled and DSExpert subscibes to skulk events (Bug 512589)
- Ndsd hangs if there is an invalid base DN (Bug 503350)
- NDSD cores due to symbol conflict (Bug 515056)
- NetWare: server cores in the ndsevteventshandler when a high rate of events are generated (Bug 520174)

DSREPAIR:
- " -sw " switch added to verify references on all objects with a particular attribute (Bug 490647)
- Ndo backup files are now created more frequently (Bug 485116)
- " -sx " switch now timestamps and marks attribute non-present (Bug 500430)
- " -sd " switch now available on Linux (Bug 500431)

NCPENGINE:
- OES SLP: The bindery.novell service for cluster resources are not getting refreshed prior to the lifespan timeout (Bug 505217)
- OES: High utilization due to deadlock (Bug 497701)

OES MIGRATION:
- When a project is stopped and later continued trustee modifications made to the source are not applied to the target (Bug 503785)
- Transfer ID not possible when target server is located under OU's with extended character names (Bug 485072)
- Migedir needs to check for supported eDirectory versions (Bug 428669)
- Migedir failed to execute a dib backup if the source has NCP over UDP disabled (Bug 489211)

LDIF2DIB:
- Ldif2dib not updating parent/sibling records correctly resulting in corruption (Bug 526779)

ICE:
- Ice incorrectly interprets a result code of ' 0 ' as an error and sends error code ' 80 ' (Bug 508096)

PLUGINS:
- ICE not correctly parsing the DS_PUBLIC_READ flag for an attribute when extending schema (Bug 481334)

NDSPATH:
- Conditional check added so interactive message is not generated if placed in /root/.bashrc or profile files (Bug 507130)

BUILDS:- Modules and utilities' versions were not correctly incremented (Bug 503781)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP5 (20219.15)
 
DS\NDSD:
- Potential crash and replies ignored to ncpengine due to bad parameter passed on 64 bit eDirectory (Bug 493124)
- Re-evaluation of entitlements returns invalid information and is inconsistent (Bug 419539)
- Write out the current transaction id in eDirectory and repair log (Bug 476432/470937)
- Ndsd cores in unload code path when utilities such as ndsrepair are unloaded " RemoveFromWorkQueue " (Bug 293386)
- LDAP persistent search should not report events for objects a server does not hold (Bug 211999)
- Option to open ndsd with corrupted/lost RFL files (Bug 386748)
- Nested Groups are not disabled when nestedConfig is set to 1 (Bug 433529)
- Error: Ignoring request to overwrite future value from entry, time not synchronized (-659) (Bug 456076)
- Intruder lockout behavior change to match eDir 8.7.3: when lockout time is set to 0 account stays locked (Bug 449224)
- Ndsd now cleans up old FRS files upon starting (Bug 426219)
- On 64 bit eDirectory with a preallocated cache of 7GB LDAP is not listening on its ports after a restart (Bug 395134)
- Security Vulnerability: Malformed bind LDAP packet causes eDir crash (Bug 492692)
- Shutting down eDirectory via the ndsd script leads to a hang and high utilization (Bug 465309)
- Security Vulnerability: LDAP causes ndsd to core when using multiple wild-cards '.' in RDN (Bug 458504)
- eDirectory is not obeying the value in n4u.nds.advertise-life-time when calculating when to perform SLP re-registration (Bug 458171)
- Server hang\unresponsiveness due to a deadlock condition for EventTableMutex (Bug 473956)
- DS\NDSD abends after appling 8.8 SP4.  Functions: DSuniicmp CheckServerDBLanguage (Bug 448299)

DSREPAIR:
- Dsrepair on Windows now also uses SLP when repairing network addresses (Bug 327446)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- Repair now fixes invalid destination ID's (moveDestID) causing -618 errors in the obituary report (Bug 468225)
- Segmentation fault due to # before comment in nds.conf (Bug 459873)

NCPENGINE:
- Windows Server logins failing and server -625 errors in trace due to connection number no longer associated to client (Bug 366087) (TID 7000041)

NDSCONFIG:
- Ndsmanage and ndsconfig should not just use the server hostname as the ncp server name and should check to ensure they are unique for multi-instances (Bug 385792)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- eDirectory upgrade replacing existing LDAP certificates (Bug 470459)
- Now detects whether it is being run under OES and returns user to the command prompt (Bug 460252)
(NOTE: The " -x " parameter can override the behavior.  This can be dangerous as OES services can be broken after using ndsconfig or ndsmanage when adding or removin) eDirectory from an OES server!)

NDSSTAT:
- Segmentation fault due to # before comment in nds.conf (Bug 459873)
- " Ndsstat -s " is not filtering out cluster objects resulting in long delays and high utilization (Bug 488167)

NDSMANAGE:
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- Now detects whether it is being run under OES and returns user to the command prompt (Bug 460252)
(NOTE: The " -x " parameter can override the behaviour.  This can be dangerous as OES services can be broken after using ndsconfig or ndsmanage when adding or removin) eDirectory from an OES server!)

IMONITOR:
- Localization fixes (Bug 346614/450485)
- When making agent changes in iMonitor login update was being disabled (Bug 417104)
- Security vulnerability in iMonitor: Accept-Language Buffer Overflow (Bug 484007/446342)
- iMonitor not displaying gifs and icons correctly (Bug 464204/457373)
- iMonitor displays incorrect data when clicking on an error in the error index (Bug 458195)
- iMonitor health screen reports that the "Local Replica issued future time" is not healthy when in the proper range (Bug 475686)
- OES2 sp1 64bit box cores in iMonitor with event tracing turned on in dstrace (Bug 482586)

INSTALL:
- Permission changes on eDirectory directory for Windows platform (Bug 330498)
- Channel updates for eDirectory are now cumulative (Bug 448493)
- Installation on Windows fails with a PKI error if binaries and dib file directory are on different drives (Bug 366960)
- eDirectory installation fails on RHEL 5.3 with error, Unable to install (Bug 476368)
- Ndsconfig reporting there is a missing library due to library path missing (Bug 462461)
- Incorrect 64 bit library paths in novell-NDSbase.conf (Bug 459280)
- Install now checks for supported platforms (Bug 428664)
- Error: " NMAS login method could not be created -663 " during installation because dib was locked (Bug 409211)
- All instances are now brought down after the health check when upgrading (Bug 409123)
- OES Upgrade fails after first entering an incorrect password even if correct one is entered - ifolder errors (Bug 327332/386901)

NDSCONSOLE:
- Clearing a connection in NDSConsole terminates the utility (Bug 441854)

SNMP:
- Ndssnmpsa fails to start with error, Unable to load library: libnetsnmp.so.5 (Bug 481041/481353)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)

IMANAGER PLUGINS:
- Localization fixes (Bug 395575)

NDSAUTOTRACE:
- Ndsautotrace ported from eDirectory 8.7.3 to 8.8 SP5 (Bug 4576940)

LDIF2DIB:
- Ldif2dib errors wirth error "Directory Full (-153)" or " no alloc space error " when uploading users with ldif2dib (Bug 335112/154628/485496/161234)
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)

DSBK\eMBox:
- Added the " -e " NICI backup\restore functionality back to the utilities (Bug 176623\426046)
- eMBox causing dhost to crash on Windows if dhost is restarted multiple times (Bug 408240)

NDSPATH:
- NDSPath script not exporting the path for non-root installations when run under certain directories (Bug 162441)

ICE:
- Invalid RPATH causes eDir utilities to search for host blr-kaveri delaying response times (Bug 333648)
- Ndsd cores when uploading via LDAP users with base64 encoded passwords (Bug 416690)
- Error: " too many templates items " returned when exporting via ICE an object with more than 128 characters in dn (Bug 468841)

OTHER:
- Ndsd coring with Platform Agent loaded (Bug 455711)
- Dhost iConsole is displaying the text " trial version " when reporting eDirectory version (Bug 427186)
- Novell-getcore script updated (Bug 464551)
- Jclnt missing in OES and other platforms causing problems in IDM (Bug 449042)
- Httpstk server's cipher usage now configurable (Bug 34764)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP4 FTF1 (20217.07)

DS\NDSD:
- Inconsistent returns from LDAP due to FLAIM reuse of frs file (Bug 455750)
- IDM 3.6 Role based entitlements returning inconsistent results (Bug 419539)
- Intruder lockout reset interval of 0 now locks account indefinately via LDAP access (Bug 449224)
- Custom location has errors writing to log due to an incorrect location for log file (Bug 343753)
- Error: time not synchronized (-659) during a timestamp collision seen in an IDM environment (Bug 456076)
- NDSD cores when using ICE with a LDIF file using LBURP (Bug 434728)
- Added trace messages to improve the ability to track the external reference server creating the unknown object (Bug 459276)
- NDSD cores when binding via LDAP as a user with multiple '.' in the RDN.  When RDNs exceed the maximum length error: ERR_ILLEGAL_DS_NAME will be displayed (Bug 458504)
- Shutting down eDirectory via the ndsd script leads to a hang and high utilization (Bug 465309)
- NDSD cores in FLAIM while executing DSAIteratorsearch due to null pointer (Bug 393474)
NTLS:
- Enabling priority synchronization leads to memory fragmentation (Bug 431489)
LDAP:
- LDAP cores NDSD due to reuse of TLS socket (Bug 431783)
- When a LDAP search connection terminates the search the search request stops as well (Bug 431502)
- NLDAP abends after upgrading to eDir 88 when using a Bluecoat monitoring appliance (Bug 344893/427322)
- NDSD cores while performing a LDAP trace in which a query is greater than 1024 characters (Bug 399188)
- NDSD cores when using ICE to import users with base64 encoded passwords (Bug 416690)
IMONITOR:
- Localization fixes for iMonitor (Bug 450485)
- When changing database cache settings in iMonitor it also re-enables login update settings (Bug 417104)
- Security Vulnerability: Accept-Language Buffer Overflow (Bug 446342)

_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP4 (20217.06)
NOTE: this version was released for only NetWare 6.5 SP8 and OES 2 SP1.

NDS:
- Network Address concurrency fix:  the port is no longer added to the network address value for a user object (Bug 403301)
- NDSD cored in ID-swap during migration due to empty line in ndsconfig get for server interfaces return (Bug 417311)
- Error: -672 adding members to a RBS role during RBS configuration (Bug 412890)
- Browsing a container holding 7000 objects with ConsoleOne would cause the server to go into high utilization  (Bug 403278)
- Ndsd start-up script incorrectly determining the log directory when a custom location is used (Bug 343753)
- LDAP concurrency is now tracked the same for NetWare and Linux (Bug 301437)
- FLAIM fix for DSfW ndsrepair -R hanging (Bug 288843)

DSREPAIR:
- Dsrepair gives error NCP Server object: it does not have a Public Key on cluster objects (Bug 427317)
- Errors when checking volume objects when cluster objects are present (Bug 264544)

LDAP:
- Memory leak in LDAP server (Bug 434862)
- NDSD cores and memory buildup due to auditing LDAP events (Bug 394957)
- Memory buildup due to incorrect iterator being destroyed (Bug 296389)
- LDAP add performance significantly improved (Bug 243774)

IMONITOR:
- NDSD cores when directly accessing an entry in iMonitor (Bug 444943)
- iMonitor now only allows Medium and High ciphers (Bug 412286)

MIGRATION:
- ID Transfer migration fails with non-replica source (Bug 439921)
- eDirectory migration to OES using command line tools: Migndscheck error integer expression expected (Bug 391935)
- eDirectory migration to OES using command line tools: Migndscheck error unary expression expected (Bug 391934)
- eDirectory migration to OES using command line tools: Error: -626. Remove dependency for dib (Bug 391935)
- eDirectory migration to OES using command line tools: Log files going into wrong directory (Bug 391935)

INSTALL:
- Install with IDM 3.5.1 fails.  nds-install.log shows: cannot create /opt/novell/eDirectory/lib/libjclnt.so: File exists
 (Bug 421299)
- Install now appends to the previous install log (Bug 390950)
- Channel now correctly shuts down ndsd during update (Bug 154431)
 
IMANAGER PLUGINS:
- Creating a new LDAP group gives it an incorrect ldapconfigversion, version 9 instead of 10 (Bug 417578)
- ICE plug-in gives a System Error when including attributes to export (Bug 412045)
- LDAP plug-in reverts back to Dreference Alias back to true on refresh (Bug 411873)
- LDAP LDAPXS extension info is now added to a new LDAP server on creation (Bug 408602)
- Translation fixes (Bug 305175) (Bug 303696) (Bug 158982)
- Error message not correctly being displayed when created a SNMP group (Bug 137351)

NDSBACKUP:
- Object now gets auxClassCompatibility flags added on restore (Bug 416052)
- Entry MTS is now timestamped and object class re-added on restore (bug 307559)
 
DSTRACE:
- Ndstrace no longer goes into high when loading it via script with -l option (Bug 408004)
- Ndstrace --version now returns the correct version (Bug 329707)
NDSSTAT:
- Ndstat --version now returns the correct version (Bug 329707)
NDSSCH:
- now prompts again on incorrect password entry before failing on schema extension during IDM install (Bug 392326)
 
NDSLOGIN:
- OES specific:  ndslogin does not immediately return an error if user's fqn is incorrect (Bug 371653)
DCLIENT\JCLIENT:
- NetWare: Error: -222 when setting a password rather than the specific JCLIENT reason code for why password does not meet policy (Bug 354721) (See also Bug 217901)
- Custom schema attributes' OID's cannot be changed other than with ndsconfig (Bug 354720)(Bug 300977)(Bug 285829)(Bug 145729) (TID 3220775)
- Attributes cannot be removed from Auxiliary classes (Bug 145727) (TID 3220775)
ICE:
- ICE now logs path of ldif file and command used to its log file (Bug 164690)
TSANDS:
- Was attempting to cache entire dib before backup (Bug 142381)
 
_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP3 FTF3 (20216.89)
NDS:
- Inconsistent returns from LDAP due to FLAIM reuse of frs file (Bug 455750)
- IDM 3.6 Role based entitlements returning inconsistent results (Bug 419539)
- Intruder lockout reset interval of 0 now locks account indefinitely via LDAP access (Bug 449224)
- Custom location has errors writing to log due to an incorrect location for log file (Bug 343753)
- Error: time not synchronized (-659) during a time-stamp collision seen in an IDM environment (Bug 456076)
- NDSD cores when using ICE with a LDIF file using LBURP (Bug 434728)
- Added trace messages to improve the ability to track the external reference server creating the unknown object (Bug 459276)
- NDSD cores when binding via LDAP as a user with multiple '.' in the RDN.  When RDNs exceed the maximum length error: ERR_ILLEGAL_DS_NAME will be displayed (Bug 458504)
- Memory corruption issue (Bug 413580)
- Shutting down eDirectory via the ndsd script leads to a hang and high utilization (Bug 465309)
- NDSD cores in FLAIM while executing DSAIteratorsearch due to null pointer (Bug 393474)

DSREPAIR:
- Error "-618" inconsistent database due to buildup of transaction id's (Bug 437795)

NTLS:
- Enabling priority synchronization leads to memory fragmentation (Bug 431489)

LDAP:
- LDAP cores NDSD due to reuse of TLS socket (Bug 431783)
- When a LDAP search connection terminates the search the search request stops as well (Bug 431502)
- NLDAP abends after upgrading to eDir 88 when using a Bluecoat monitoring appliance (Bug 344893/427322)
- NDSD cores while performing a LDAP trace in which a query is greater than 1024 characters (Bug 399188)
- NDSD cores when using ICE to import users with base64 encoded passwords (Bug 416690)
IMONITOR:
- Localization fixes for iMonitor (Bug 450485)
- When changing database cache settings in iMonitor it also re-enables login update settings (Bug 417104)
OTHER:
- eDir install using rpm fails due to 64 bit module dependencies on 32 bit NICI (Bug 467858\470594\470984\470596)
_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP3 FTF2 (20216.87)
NDS
- Browsing a container holding 7000 objects with ConsoleOne would cause the server to go into high utilization  (Bug 403278)
- ConsoleOne not showing all objects and an additional sorting fix  (Bug 410976)
- Mutex fix to resolve unresponsiveness  (Bug 414846)
- Installation hangs at LUM configuration - mutex deadlock fix in FLAIM (Bug 417236)
- Server core trying to free an uninitialized value  (Bug 417619)
- Security Vulnerability - Resolved issue where a NCP heap overflow vulnerability existed.  (ZDI-CAN-335) (Bug 396819)
- Nested groups not disabled when setting their nestedConfig value to 1  (Bug 433529)
- NetWare abends when setting the NDS Bindery Mask in Monitor - missing msg file  (Bug 411021)
(NOTE: The Description field still shows <<< BAD MESSAGE >>> when setting via the set command)
- Core when running ndstrace and the ndstrace.cfg file is corrupt (Bug 403864)
- Core when running " ndsindex -W "- updated CLDAP SDK (Bug 349954)
- Core when auditing monitored events  (Bug 411425)
 
DSLOADER
- Invalid time value output in dstrace (Bug 415269)
 
LDAP
- UNIX - Server with login disabled causes intruder count to increase resulting in LDAP client lockout  (Bug 288797)
- LDAP server failing with duplicate context -625 errors  (Bug 420389)
- LDAP not rpc compliant for anonymous search request (Bug 412766)
 
DSREPAIR
- WIN32 - Dhost crashes on Windows when running repair (Bug 374744)
 
DHOST
- NTLS dumps on Windows (Bug 413022)
 
DSTRACE
- Invalid error codes in dstrace  (Bug 426349)
 
SAL
-UNIX - IDM engine stops when IDM driver is restarted (Bug 406016)
 
NDSBACKUP
 - Ndsbackup not adding the auxClassCompatibility flag and not time-stamping entries  (Bug 307559)
 
INSTALL - After upgrading eDirectory the message, " Background Object Upgrade " [FERR_OLD_VIEW] would never complete  (Bug 411721)
_________________________________________________________________________________________________________________
 
Issues resolved in eDirectory 8.8 SP3 Instrumentation Fix  (Also considered 8.8 SP3 FTF1)
(This only contains a cross platform Audit eDir Agent 8.08.03)

All Platforms:
- Resolves an issue where eDirectory login and logout events were not being properly tracked within Sentinel. (Bug 380814)
_________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP3 (20216.83)
Shipped with Security Bundle 2.0.7
NDS
- Heap overflow vulnerability fix (Bug 396819 396817)
- eDirectory connections buildup (Bug 379559)
- Could not import user with a DN of 250 UTF-8 characters [Japan] (Bug 378635)
- Dstrace now shows a LDAP message that details what LDAP to eDir schema mapping is used when modifying schema (Bug 377121)
- Moving objects can result in stale\inconsistent acl values (Bug 272056\347450)
- Groupmembership query return in LDAP very slow due to nestedgroups code addition (Bug 346181)
- Using nested groups, groupmembership values returned when given name is queried (Bug 336377)
- ICE fails to extend schema if no OID is specified (Bug 376047)
- Linux - Ndsmanage returned "Invalid Selection" when running after su'ing to root.  (Bug 378424/337829)
- Solaris - ndsd cores when setting the NDSD_USE_STDIO parameter to get around the file descriptor limit. (Bug 406009)
- Linux\Unix - made a change to concurrency so that the behavior matches that of NetWare (Bug#406041\369952)  (TID 7001188)
- Windows - security vulnerability due to remote exploitation of memory corruption (Bug 373852)
- Double free core when adding schema via LDAP with no syntax specified (Bug 368323)
- User with supervisor rights to the NCP server object can now monitor events (Bug 359077)
- 10% better performance in reading references during backup (Bug 356413)
- OES install and configure dialog fails when there are multiple instances (Bug 347328)
- Ndsd memory leak when running with IDM 3.5.1 (296747)
- Starting ndsd with rcndsd start -ndb then issuing a rcndsd stop results in a core (Bug 296276)
- ICE with lburp adding container at wrong level in tree (Bug 293273)
-  Limber now clears invalid members from a group (Bug 220868)
- Ndsd install failing with 55555 (Invalid Treename) when tree name was stored in small caps (Bug 215603)
- Cannot read GUID attribute on tree root when LDAP server does not hold a copy of root (Bug 138763)

DSREPAIR\NDSREPAIR
- Cluster objects showing as servers when performing a time synch report (Bug 385838)
- Error -168 returned when running a repair with the rebuild database option (Bug 378136)
- Local database repair and single object repair no longer check references by default (Bug 334627)
- Request schema from tree when local server does not hold root results in a -601 error (Bug 307180)
- Win32 - dhost would crash when running repair and logging out of session while task ran (Bug 297160)
- Running repair with create temp database option set and ndsd starting with the -ndb option hangs (Bug 296276)

LDAP
- Bind performance improvement (Bug 288370)
- Buffer overflow security vulnerability (Bug 373853)
- When replacing the value of an attribute error: -722 (Operational Schema Mismatch) is returned (Bug 335277)
- Querying a single attribute value when multiple values exist all are returned (Bug 365347)
- Persistent search by LUM cores server (Bug 371685\360025)
- Resolved crash on Windows due to memory corruption (Bug 359982)
- Using a wildcard on value searched results in duplicate returns (Bug 357766)

NCPENGINE
- Windows crash in ncpengine (Bug 396576)
- Ncpengine core in GetCLSDataStruct (Bug 372984)

iMonitor
- Reference check is no longer enabled by default [-AG] (Bug 381773)
- Error -5993 returned when symlink is used for the trace file location (Bug 378851)
- Now displays both the ID and DN of the entries in the Ancestor ID list (Bug 339673)
- iMonior displayed a non-present group membership after member is removed from a nested group (Bug 335227)
- Requests serviced from cache is now calculated correctly (Bug 326955)

NDSTRACE
- Ndstrace showed no output with the +pkii flag (Bug 389904)
- Selective partition synch now works as with 873 (Bug 389675)
- "*J" now kicks off the janitor process and "*f" kicks off the flatcleaner
- Ndstrace -c connection count displayed increased from 160 to 1500 (Bug 373480)

ICE
- ICE incorrectly returns that schema is already extended when in fact schema was changed (Bug 376043)
- ICE now inserts a CR followed by a LF on non-Unix platforms (Bug 329515)
- ICE now line wraps at column 76 instead of 77 (Bug 329512)

SNMP
- DSSNMPSA losses connection sending traps - fails with Error: -732 (Bug 403358)
NDSCONFIG - Linux\Unix - ndsconfig can now set n4u.server.mask-port-number back to 1 (Bug 397443)

HTTPSTK
- Cross site scripting vulnerability (Bug 387429)
- Vulnerability fix - Language header heap overflow (Bug 379882)
- Vulnerability fix - content length header heap overflow (Bug 379880)

IMANAGER EDIRECTORY PLUGINS
- Error unable to connect message when importing with ICE (Bug 410171)
- Random mapping deleted when deleting a LDAP attribute mapping (337768)
- ICE export does not allow ordering of attributes when specifying a type of delimited text (Bug 370129)
- When setting to use high ciphers the ldapbindrestrictions is now set to 48 (48= none and cioher_high) (Bug 359754)
- LDAP Options incorrectly expanding sub-entries when clicking on plus sign (Bug 353045)
- ICE plugin failed to import or export data from disk with error code of 236 (Bug 347332)

DIBCLONE
- Dibclone no longer copies the IDM DirXML-ServerKey attribute on the pseudoserver object (364333)

SNMP
- NetWare - sys:\tmp\dssnmpsa_log.tmp consuming all disk space (Bug 363490)

SCRIPTS
- NDSD script - If a core file exists an alert is displayed on startup (Bug 338794)
- NDS-UNINSTALL - printing multiple users for all instances (Bug 291524)
- Ndsconfig upgrade proceeding when wrong password is entered (Bug 171477)

Enhancements:
- ACL Caching (363907)
- LDAP Event Monitoring
- 64 bit SLES version
 
___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 FTF3 (20216.63)
NOTE:  This update was only for OES SP2 and contained only security vulnerability fixes which are listed below.
Security vulnerability: content-Length header heap overflow. (Bug 379880) (CVE-2008-4478) (TID 7000087)

Security vulnerability: dhost accept language header heap overflow.  (Bug 379882) (CVE-2008-4479) (TID 7000086)
Security vulnerability: eDirectory core protocol opcode 0x0F heap overflow. (Bug 396817) (CVE-2008-4478) (TID 7001184)
Security vulnerability: eDirectory core protocol opcode 0x24 heap overflow. (Bug 396819) (CVE-2008-4480) (TID 7001183)
Security vulnerability: remote exploitation of eDirectory NCP memory corruption.  (Bug 373852) (IDEF2996) (TID 7001185)
Security vulnerability: httpstk allows cross site scripting.  (Bug 387429) (CVE-2008-0925) (TID 3460217)
oes2-novell-NDSserv-5626-0
oes2-security-components-5649-0
___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 FTF2 (20216.62)
Linux:
- Ndsd shutdown can take 30 seconds or more. (Bug#333244 TID#7000304)
- LDAP server stores the port number in the Network Address attribute which is breaking the "limit concurrent connection" feature. (Bug#364902)
- Ndsd core due to memory corruption with long RDN. (Bug#360025)
- Crash on createField$FlmRecord. (Bug 358919)
- LDAP query returns duplicate objects after object rename. (Bug#340156 TID#3766486)
- Security Vulnerability: LDAP buffer overflow. (Bugzilla#373853 TID#3843876)
- Running ndsrepair -R -l yes results in a message, A database rebuild required. (Bug#334627
- Error -55555 (sb -630) returned on RedHat server when using ndsconfig -p and treename was stored with lowercase.
- Error -625 bad connection due to server destroying a connection without verifying the owner. (Bug#357872 TID#7000041)
Linux/Solaris:
- Drepair -n0 does not remove all network addresses. (Bug#207182)

NetWare:
- Memory leak in NLDAP.NLM when doing searches with alias dereferencing turned on.(Bug#350873 TID#7000303)
- Running dsrepair -rc locks up server due to a lock on a stream file. (Bug#354448 TID#3135150)

Windows:
- Dhost crashes when logging off while repair window is open. (Bug#297160 TID#3594113)
- DHOST crashes when binding with unicode password. (Bug#359982 TID#3653724)
- Provide a configuration option to allow admins to keep the port # on network addresses. (Bug#369952)

Solaris:
- Remove the fix priority scheduling for Solaris. (Bug#385601)

Xplat:
- Objects can become unknown after partition and delete operations. (Bug#354165)
- Cross Site Scripting vulnerability in iMonitor. (Bug#353004 TID#3460217)
- LDAPS allows ssl2 when ldap bind restriction is set to HIGH. (Bug#364036
- LDAP Server now passes objectclass to create event. (Bug#301553)
- Added a permanent configuration parameter to prevent LDAP from expiring user accounts after changing the minimum password length. (Bug#357815 TID#3565677)
- Enable users who have rights on the NCP server object to monitor events. (Bug#359077)
- LDAP does not return any results if the search filter contains a * and this results in making the filter longer than than a sized attribute. (Bug#301811 TID#3648007)
- Added dynamic member query url extension so that dynamic group searches work against filtered replicas. (Bug#306741)
- Inconsistent flaim block size reported by iMonitor when under load. (Bug#329091)
- Security Vulnerability: Oversized DN Stack Overflow. (Bug#306096/378635)
- Ndsrepair would fail when running repair with the rebuild entire database option. Error: -168. (Bug#378136)
- Security vulnerability: Integer overflow stack corruption. (Bug#368832 TID#3694858)
- Clients using contextless login were unable to login during peak login time. (Bug#357473 TID#3779031)
- 785 error when running repair. (Bug#291853)
- Ndsd cores when accessing iMonitor due to incorrect url parsing. (Bug#356840 TID#3313071)
- Added 873 memory overflow check code.
- NLDAP memory leak with duplicate referrals and a rootDSE search is run. (Bug#265992)
- Memory leak in NLDAP and limber. (Bug#367596)
- Security vulnerability - LDAP buffer overflow. (Bug373853)
___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 FTF1 (20216.59)
(OES channel version 20216.60)
Linux:
- Scheduling a repair with iMonitor cores ndsd. (Bug#329802 TID#3682721)
- Ndsd can core under extremely high load. (Bug#328394)
- Ndsd cored due to schema cache thread reuse. (Bug#290318)
- Ndsd cores during eDirectory configuration when coming into the tree as a secondary. (Bug#329207)
- eMbox coring ndsd when running on a multi-processor server. (Bug#327990 TID#3679555)
- LDAP not listening on secure port on secondary if master is down. (Bug#337432)
- DSI: If slp not configured, install fails with 55555, should be -630. (Bug#215603)

Linux\Solaris:
- Multiple object moves could create database inconsistency "-618" - invalid EIDs issue in ACLs. (Bug#272056/347450)
- During OES install, ndsd may core during shutdown. (Bug#326830)

Netware:
- Abend when looking up a bindery object during find next object. (Bug#344056 TID#3107600)

Xplat:
iMonitor returning non-present attributes, deleted groupmembership on nested group. (Bug#335227)
- A few more intruder attempts than the configured limit are allowed before the account is locked. (Bug#309580)
- Merge repair performance improvement (from 881FTF)
- Repair not returning obits during external reference check. (Bug#338569)
- SNMP trap 117 not getting generated on intruder detection. (Bug#332801 TID#3349842)
- Results for Group Membership attribute query are returned as part of Given name. LDAP returning deleted (non-present) values. (Bug#336377/339029)
- Running ndsrepair -T continuously can cause dib corruption. Block checksum errors: -618. (Bug#339721)
- Ice client returning a op schema mismatch -722 error due to 64 bit syntax change. (Bug#335277 TID#3551743)
- Nested groups return nested members even though static value read is set. (Bug#344871)
- LDAP group membership search slow due to nested group change. (Bug#346181 TID#3873373)

AIX:
- Ndsstat -r is unable to list RW replica information (Error: -670) and the product version. (Bug#329228)

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP2 (20114.29)
Shipped with Security Bundle 2.0.5

DS/NDSD
- Background process interval can now be permanently (873 functionality) unix/linux/netware (251239)
- Change DEFAULT LDAP mappings on CRL attributes so they are more understandable (199595)
- Use SAL instead of perl for disk space check with ndscheck prior to upgrade - NW\Win32 (195923)
- -632 error when installing a new server with 'add' option (166169)
- DIBClone fails with -128/-6014 FLAIM error in stage 3 Unix\Linux (162934)
- Jclient causes core iterating member attribute - Linux\Unix (209965)
- LDAP bulk modify operations fail with error -634 (no referrals) (tcmalloc) (196784)
- FLAIM: ndsrepair reporting reference inconsistency when references exist in FLAIM as non-present (243226)
- Install should not run healthcheck if the server is not running - Linux\Unix(179251)
- Flaim now wraps dib in a password during migration wizard due to different NICI keys (error -6061)(211082)
- Mutex issue: Server hangs during PKI load iterating the HTTP CRL distribution points after being changed to LDAP - NetWare (201331)
- SMI: -646 is returned when deleting a volume object if its host-server attribute value points to itself - All Platforms (231473)
- DIB upgrade to 8.8 Sp1 failing due to existing attribute in FLAIM with no match in NDS (Error: -785 and -618) (203231)
- Abend issue due to corrupted RFL when binding on user object with many network addresses (Error: -785) - NetWare (271667)
- Abend due to free detected a corrupt trailing redzone. Abend due to page fault. (249867)
- -ndb switch added to all non-NetWare platforms (281116)
- Corrupt buffer returning "error: NWDSGetAttrVal fffffecd" when reading references (ERR_BUFFER_EMPTY) in 881 FTF2 (263326)
- Fixed reporting of failed events for rename and remove entry
- Locking change during modify schema - Linux\Unix (194426)
- Abend after -602 error in check references via NWDSReadReferences - All Platforms (187986)
- NDSSDK: no longer return the loopback address for preferred server from /etc/hosts to apps (201847)
- Dclient: LDAP returns the alias object outside of scope specified (222775)
- SMI: Shutdown freezes due to mutex being double locked - Linux\Unix (165259)
- SMI: No longer delete non-reference DN_SYNTAX indexes after upgrade (273084)
- FLAIM: user created member index reports system or operational (267278)
- Ndsstat -r now reports the version of eDir installed on servers that contain a replica of partitions shared with the server on which it is run (175929)
- Dynamic Groups staticmember is now returned after extending schema with dgstatic.sch (191522)
- SMI: Ldapsearch no longer returns non-present values (187140)
- NDSD coring\hanging after applying SSP204 due to missing nici link. (262355)
- FLAIM: Introduced the new ndsd -rdb switch to open a database in conditional mode.  There must be a way to force open a 8.8.x database for disaster recovery (237886)
(NOTE: For more information please refer to TID: 7000006)
- NDSSDK: Segmentation fault during upgrade when there is no @ sign in n4u.server.interfaces (203955)
- SLPSA not re registering with DA prior to lifetime expiration (216834)
- SAL: Greater search scalability due to schema cache and event system changed from RW to mutex - Linux\Unix (145082)
- Greater LDAP bind performance when setting NDSD_TRY_NMASLOGIN_FIRST=true (169576)
- Localization fixes (165781\168246)
- Libumem now the default memory allocator on Solaris (167072)
- eDirectory dump core trying to inspect an IDM driver - Win32 (292895)
- Deletion of a dirxml driver or RBS container does not synch to other servers (201775)
- Dhost dumping core in ntls.dll while freeing ssl connections when encrypted replication is enabled (232136)

DSREPAIR
- Change to dsrepair\ndsrepair to use reference index instead of reference attributes for reference checks (146168)
- Ndsrepair -R -l yes -u yes no option does not show log and prompt to save changes - Linux (286174)
- Error: -150 unable to build reference table when running " dsrepair -ans " - NetWare (173049)
- Now update the attribute of the pseudoserver when performing a destroy selected replica (195052)
- Ndsrepair --version reporting usage not working on Solaris 10 (180168)
- Ndsrepair always reports the log file size is 0 bytes (175630)
- Disk space warning message added when running ndsrepair with -R/-U (174794)
- Localization fixes (155743)

LDAP
- Delete value events not including DN when using LDAP monitor events (196883)
- Support added for paged searches (RFC 2696) (281899)
- When DN is requested no attributes are retrieved - speed same as 1.1 search (189221)
- RFC2307 schema files now formatted correctly (187768)
- Error -641 restoring an object via C# LDAP based restore when it is a large size (191507)
- Memory leak when performing sasl binds with digest-md5 method (280662)
- LDAPSCHEMA.EXE removing UID and userPassWord attributes from the user class (217733)
- Default behavior changed when configuring multiple LDAP port\interfaces - support for ldap urls (208288)
- Nldap -c returns LDAP server down if interface name is used in configuration (218704)

NDSSTAT
- Ndsstat -r does not report the master replica in the ring (278123)

NDSD SCRIPT
- eDirectory is not starting automatically , when guest OS reboot or starts under XEN(197100)
- Ndsd aborts a restart if previous pid exists (172107)
- NDSD script now gives debug output when the env variable DEBUG is set (213212)

ICE
- ICE delimeter handler does not handle multi-valued attributes (196211)

HTTPSTK
- URL vulnerabilities in iMon - Win32\Linux (172109)
- iMonitor does not display any error message on giving wrong login credentials - Linux\Unix\Win32 (164429)
- DOS issue via "Connection:" in HTTP headers (290819)
- No longer allow null password for SAdmin (176629)

IMONITOR
- Ndsimon calls namebase calls without a lock (179275)
- Increase the maximum trace file size to 100MB and maximum number of trace files to 2500 (284607)
- DOS issue via "Connection:" in HTTP headers (290819)
- Localization fixes (156032)

SNMP
- Ndssnmpsa is not starting in HP-UX (210178)
- LSB compliance moved ndssnmpsa.log to correct directory (176260)
- Ndssnmpsa subagent stops after a random amount of time (195018)
- Change default value of Trap 101 to 5 seconds so that snmp handlers are not overwhelmed by duplicate traps (149385)
- Ndssnmpsa subagent cores with a segmentation fault due to symbols collision (204086)

DSBK
- Changed to report both last and current rfl's in hex (201090)

DSBACKER
- GMT not local time placed in log file (174258)

DSBROWSE
- Attributes of class definitions is now returned in schema tree browse - Win32 (158740)
- Dsbrowse crashes on browsing large containers - Win32 (233502)

DSHOSTCON
- Added to installation package (239738)

LDIF2DIB
- "Unable to open Error Log file" returned when dib is in a custom location (175625)
- Mutex now used to synch dib handle between reader and writer (151774)
- Now reports the elapsed time and adds/sec at the end of the bulkload (157848)
- Ldif2dib screen gets garbled on a long running bulkload (158949/174842)

INSTALL
- Various red carpet build issues resulting in errors during upgrade
- Localization fixes (174242/160047/162814)
- Upgrade breaking IDM and ZEN due to library move (174942)
- Improvements in silent install on NetWare (186973)
- Username and password stored in clear text and left on file system after silent install\upgrade ((176635)
- Client no longer required for silent install of eDirectory - Win32 (197794)
- May now specify an IP address for TREENAME using the silent install (198750)
- Upgrade would hang when RW and master were switched on multi instance server holding both due to healthcheck bypass (171544)
- Windows installation fails with "timed out waiting for dshost.exe to complete its task" on large dib - Win32 (168850)
- Install process shuts down during installation of second server into the tree - Win32 (169623)
- Windows installer failing without SLP - new Master Server parameter included in response.ni - Win32 (291191)
- Dhost still running after uninstalling eDirectory - Win32 (176262)

Other:
NWCONFIG (ships with NetWare 6.5 SP7):
- Silent upgrade failing using traditional volumes where disk space is minimal (183787)
- Ndspath invalid option error - Linux\Unix (232928/193950)
- Mvdib removed from base package (180159)
- ICE: Wizard returns error "failed 1018" when attempting to compare schema files - Win32 (179554)
___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP1 FTF2 (20114.29)
Cross Platform
- Deleting a IDM driverset only deletes on one server resulting in an inconsistent database. (201775/215179)
- LDAP returns alias object during search which does not match search criteria. (222775)
Linux\Unix
- LDAP referrals not being populated correctly when listening on a different ip address than that resolved via hostname. (181124)
- Httpstk buffer overflow security vulnerability. (200535)
- Unable to set logical interface name via ndsconfig set command. (206656)
- Ndsconfig set fails on a multihomed server. (206656)
- Core in ldap when running IDM ldap driver set. (173812)
- eDirectory 881 not re-registering with SLP DA. (216834)
- Segmentation fault when upgrading to 881 due to no port specified in conf file - interfaces - ie., n4u.server.interfaces=eth3. (203955)

NetWare
- NetWare locks up when changing the CRL distribution point from HTTP to LDAP. (201331\204016)
- Upgrade to NetWare 6.5 sp6 hangs while attempting to unload PKI
- Nwconfig -dsremove is deleting the server's volume objects when authentication is bypassed. (170014)
NetWare\Win32
- Error ''ERR: NWDSGetObjectName() fffffecd'' and invalid attribute value counts returned from LDAP. (187986\189500)
- CreateBackLink results in a double free abend. (222733) TID 3516466

NetWare\Linux\Unix
- NCPEngine DoS vulnerability. (195510)

Other
Resolved invalid free vulnerability in evtFilteredMonitorEventsRequest. (195523)
Hard-coded attribute IDs were not being correctly mapped from/to FLAIM tag numbers.

___________________________________________________________________________________________________________________Issues resolved in eDirectory 8.8 SP1 FTF1 (20114.28)
DS
- Server: resolved abend issue and errors\inconsistencies when returning
reference and acl values. (187986 and 189500)
- FLAIM: Tests that create many custom attributes, classes and user objects
would return 618 errors. (177366)
- FLAIM: After upgrade to 881 eDir reports errors -785 and -618. (203231)

DHOST:
(NetWare Only)
- Issue where updating NetWare 6.5 to Support Pack 6 would fail if server was
already running 8.8.1.

NLDAP
- We now properly update the LDAP referrals when the ldapinterface attribute is
manually configured. (181124)
- SSL v.2 removed from LDAP cypher support. (182127)
- Fix for monitor event extended request
- Heap Overflow Vulnerability (195511)

HTTPSTK
(Win32 Only)
- Httpstk security vulnerability buffer overflow (200535)

___________________________________________________________________________________________________________________
Issues resolved in eDirectory 8.8 SP1 (20114.24)
Shipped with Security Bundle 2.0.1
 
138697 Novell SSL Service startup error -5984 on Windows (when the Novell client is not installed)
141013 nds manager on SLES 9 lists the instance and exits without giving options (when root access is obtained by su)
143930 eDirectory 8.8 upgrade using YaST doesn't work according to Novell document. (with dib upgrade failed message)
144992 Edir 8.8 Shouldn't come back with ldap,, iMonitor, embox warnings for local box if I'm not running those services locally (see dscheck.log)
145221 eDir8.8 master server coring repeatedly in a large tree (12+ servers) (due to ncpengine defect)
146175 (Enhancement:)Unattended 88 Netware Install is supported
147136 eDir 8.8 doesn't setup the SYS share required by ZENworks
159800 Silent Install fails during configuration (on Windows 2003)
138737 Multiple Instance Support AIX- The LDAP Clear Text and SSL ports are not coming up i.e not listening for 2nd instances onwards
138696 eDirectory 8.8 NONROOT Installation won't work on Solaris 9 (latest fixes) (when install directory is on a mounted filesystem)
165480 After upgrading from 8738 to 88SP1 ndscheck is dumping core in windows (when locale is Japanese)
138728 Objects sync fails when ER is enabled in an upgraded setup.
145590 Admin configuration of tree may not finish properly, No way of getting it configured afterwords from nds-install script.
149595 ndsd doesn't run by default after eDirectory 8.8 upgrade using YaST.
154224 ndsconfig upgrade should stop ndsd if it is running
176278 if 8737 is configured on non-default port upgrade is failing.
172105 Cross-site scripting vulenrability in HTTPStk
141073 libsal_psr is not being loaded by ndsd on Solaris 10
138678 Core on SOL9: TranslateParsedDN()
138717 HTTP and LDAP should move to latest ntls
138721 SRSCycle3: Memory Buildup while running secured LDAP searches on Multiple Instance Setup.
138722 SRSCycle3: Cert Mutual Bind from 300 clients Dumped core on Linux.
138897 SRS : Average transactions/sec is very low for Solarisin comparison to Linux
139033 Upload is taking long time if the object is having reference attribute.
139077 SRSCycle3: LDAP bind with 5000 clients dumped core.
139171 SRSCycle3: ndsd got hung & Simple password binds are failing with 2000 connections within 5 mins.
140482 After upgrading from 873 IR7 to 88 , 8010 and 8008 ports are not listening in primary
144448 rcndsd doesn't work after eDirectory 8.8 is upgraded on OES Linux SP2 server.
138723 SRSCycle3: Cert Mutual Bind from 300 clients are hanging eDirectory on Solaris.
169030 no need to check if the channel is secure if EA is not enabled.
138690 No way to update the cached data without triggering DRL
138698 Remove the 64K limit on the amount of data that can be cached on Xrefs
136705 iManager is building up connections to eDirectory that are never freed.
138683 After upgrading to eDir 8.8 on OES- SP1-NW6.5, iManager can't login to any other trees.
138684 DSLoader.nlm memory leak.
138679 iChain/eDir 8.8: 403 Forbidden errors using Dynamic Groups for access control
138687 SRS RT1 : Getting insufficient access rights issue when DG members try to perform search
139107 lmbr gives -603 error if the server is having only sub-ref replica of the EA policy partition.
138673 If we have a replica to replica OR replica to all configuration for ER, r ...
132334 Events with EP_JOURNAL and EP_INLINE broken
83100 Adding an alias pointing to its parent fails - vsldap test
138156 Expiring a user's password prevents others from reading that user's attributes
138701 nldap is listening on all interfaces when instances are installed/configured to only use one
139120 /etc/init.d/nldap reports ldap is not'listening' when eDirectory running on non-standard port
157869 NLDAP returns success for adding mandatory attributes to an object class though the attrs are not added as mandatory
159531 Ldap based restore failed on AIX.
170158 Ldap utilities is not working without -p option (i.e we need to mention host details)
151294 Bluelance - no LDAP event EVT_CHANGE_SECURITY_EQUALS from eDir on Linux
151303 Bluelance - no LDAP event EVT_CHGPASS from eDir on Linux
151345 Bluelance - no LDAP event EVT_LOGOUT, EVT_LOGIN from eDir on Linux
151321 Bluelance - no LDAP events for partition/replica operations from eDir on Linux
141186 eDirectory should allow for cache settings of higher than 2 GB
154605 ldif2dib errors out if cache values higher than 1.8 GB is used on Solaris
138694 2 backlinks must be performed in order to get all Security Attrs Cached.
140469 ndsindex is dumping core.
147595 DIB Cloned server's 'Version' attr value is incorrect.
138695 Invoking dsbk dumps core on AIX
138707 NDSRepair causes NDSD daemon to shutdown when repairing specialized test tree
138727 DSRepair on windows not showing the time sync status correctly
138980 When specify instance by IP address, ndsrepair go down with segmentation fault
139063 dsrepair does not remove NMAS cached attributes. Refer DEFECT000414143 for more details
147246 ndsrepair -N fails with -630 in server having 88 in custom location instance
153018 During object checks we should display the no. of objects to be repaired, as well as no. of objects repaired at any given point of time.
138681 Backup from the eMBox client hangs
159356 8.81 build 20060317. eMBox repair will not run. Message reports that it cannot gain access to directory services
167938 eMBox operations leak memory and semaphore handles
176297 User password is displayed in clear text in logger window
138682 Unable to find ice.exe in Windows build of eDirectory 8.8
138732 ice is getting killed after setting LBURP OPERATION TIME OUT period to the max. (9999999)
160150 Security Vulnerability - Buffer Overflow Vulnerability in ndsimon.dlm
138700 core dump in SLES 9 while doing iMonitor operations
138664 Container admin able to do the partial de-configuration with insufficient rights in HP-UX
138670 Installation fails through ls_edir when organization contains a dot in its name
138720 FCS1: http/https parameters shows different values after upgrade.
138738 ndsconfig rm failed to remove the nds.conf file
___________________________________________________________________________________________________________________
Original FCS version of eDirectory 8.8 FCS (20112.92)
Shipped with Security Bundle 2.0

Have you tried resolving this issue using Novell Support Advisor? Visit http://support.novell.com/advisor/ to learn more.

+ Advanced eDirectory Troubleshooting