The 389 team is pleased to announce that the 389 Directory Server version 1.2.3 is available for testing. The packages are available from the testing repositories, not the official release repositories yet. We are seeking feedback. The two new packages available for testing are:
* 389-ds-base-1.2.3 * 389-admin-1.1.9
Instructions for installing these from the testing repositories: yum install --enablerepo=updates-testing 389-ds # Fedora new install yum upgrade --enablerepo=updates-testing 389-ds-base 389-admin 389-console # Fedora upgrade or EL5 yum install --enablerepo=dirsrv-testing --enablerepo=idmcommon-testing 389-ds # new install yum upgrade --enablerepo=dirsrv-testing --enablerepo=idmcommon-testing 389-ds-base 389-admin 389-console # upgrade
See http://directory.fedoraproject.org/wiki/Download for more information about setting up yum access.
Release Notes: http://directory.fedoraproject.org/wiki/Release_Notes Install Guide: http://directory.fedoraproject.org/wiki/Install_Guide Download: http://directory.fedoraproject.org/wiki/Download
=== Notes === NOTE: If using the FC6 (EL5) packages, _you must update your yum repo files_ - the URLs have changed. See http://directory.fedoraproject.org/wiki/Download for more information.
NOTE: Fedora versions below 10 are no longer supported. If you are running Fedora 9 or earlier, you should upgrade.
NOTE: This release is branded as '''389'''. All of the RPMs have been marked as obsoleting their Fedora DS counterparts. When upgrading via yum, you must use yum '''upgrade''' (not update) so that the obsoletes will be processed.
NOTE: If you are using the console, after installing the updates, you must run '''setup-ds-admin.pl -u''' to refresh your console and admin server configuration with the new version information. 1.2.3 fixes some bugs related to update - it will remove old Fedora servers from the console, and will preserve TLS/SSL configuration. See the buglist below.
NOTE: '''389-console''' is the command to run the console. This replaces fedora-idm-console.
=== New features === * Ability to set resource limits (sizelimit, timelimit, look through limit) specifically for anonymous connections ** This is useful when you want to have different limits for regular users and anonymous users ** Set the attribute '''nsslapd-anonlimitsdn''' in cn=config to the DN of the entry that you want to use as the "template" entry. This is a dummy entry that you have to create. Then you set whatever resource limits you want to apply to anonymous to that dummy entry, and those limits will apply to anonymous users.
* Access based on the security strength of the connection ** There is a new ACI keyword - '''minssf''' - this allows you to set access control based on how secure the connection is ** There is a global server setting in cn=config - '''nsslapd-minssf''' - that allows you to reject operations based on how secure the connection is
* Ability to shut off anonymous access ** This adds a new config switch in cn=config - '''nsslapd-allow-anonymous-access''' - that allows one to restrict all anonymous access. When this is enabled, the connection dispatch code will only allow BIND operations through for an unauthenticated user. The BIND code will only allow the operation through if it's not an anonymous or unauthenticated BIND.
=== Bugs Fixed === This release contains several bug fixes. The complete list of bugs fixed is found at the link below. Note that bugs marked as MODIFIED have been fixed but are still in testing. * Tracking bug for 1.2.3 release - [https://bugzilla.redhat.com/showdependencytree.cgi?id=519216&hide_resolv... https://bugzilla.redhat.com/showdependencytree.cgi?id=519216&hide_resolv...]
389-announce@lists.fedoraproject.org