{{search ? 'Close':'Search'}}

CA Directory 12.6
Latest Cumulative Release Download

Last Updated: February 21, 2017

Please note that the 12.6 documentation is found online at: https://docops.ca.com/ca-directory/12-6/en.

CA Directory 12.6 does not support 32-bit platforms.

Build # 14043 12.6 GA
 

Directory Server
(DXgrid)

Web Components
(DXmanager)

Directory Management UI
(New)

DXagent

Windows 64-bit

Click Here

Click Here

Click Here

Click Here

Linux 64-bit

Click Here

Click Here

Click Here

Click Here

Solaris x86 64-bit

Click Here

Click Here

N/A

N/A

Solaris Sparc 64-bit

Click Here

Click Here

N/A

N/A

AIX 64-bit

Click Here

N/A

N/A

N/A

HP-UX Itanium 64-bit

Click Here

N/A

N/A

N/A

 

  Directory Server
(DXgrid)
Directory Management API
(DXagent)
Directory Samples
Linux 64-bit DEB Click Here Click Here Click Here
Linux 64-bit RPM Click Here Click Here Click Here

Fixes in CA Directory 12.6

Support Ticket # Engineering Ticket # Affected Component Problem Summary
  DE277481 DXagent A DXagent setup issue has been resolved where certificate creation would fail for long hostnames.
  US287317 DXserver To assist with migration from Oracle Directory Server Enterprise Edition (ODSEE), CA Directory has received several enhancements.

 

Please consult the “Migrating from Oracle Directory Server Enterprise Edition to CA Directory” Guide in the product documentation for further details.

dxloaddb
Now supports a continuous mode of operation. The option -e that ignores issues that prevent entries from loading and continuous processing the LDIF. This works in both normal and dry run modes.

dxmigrate
A new tool is now shipped in the CA Directory packages to assist with migration of ODSEE password policy configuration and exported data. Please consult the documentation for further details.

Phased migration - To allow for a phased migration from ODSEE, CA Directory now supports two-way replication.

  CA Directory -> ODSEE (DXlink replication)
* When replicating over DXlink, multi-write will always replicate using the configured LDAP DSA Name and LDAP DSA password user.
* Replication now supports Multwrite Ignore Attrs to specify a list of attributes that should not be included when replicating add and modify requests.

  ODSEE -> CA Directory
CA Directory now supports pull replication from ODSEE using the retro changelog feature. This can be configured via the following command or via the Settings tab in the Management UI:

  set pull-replication = %7B
source = "dxlink"
location = <cn changelog>
interval   = 10
window-size = 20
retries     = 30
ignore-attrs = aci, pwdFailureTime, pwdAccountLockedTime, pwdHistory, passwordHistory, modifiersName, modifyTimestamp
%7D;

  Where
source: is the DSA name from the DXlink reference or unmanaged DSA (UI)
location: is where the retro changelog entries are stored
interval: Number of seconds between when replication is performed
window-size: The window of updates retrieved per replication request
retries: The number attempts where no entries were retrieved before logging an alert
ignore-attrs: Attributes from ODSEE to ignore from add and modify requests

  F33742 Management UI The Management UI have been internationalized. Localized resources have been added for Japanese and French.
  DE276228 DXserver The ldif2dxc tool has been enhanced when presented with non-standard's compliant schema. When a structural object class definition is missing a super class, it is not longer treated as abstract. The object class will be kept as structural and a super class of "top" included in the definition.
  DE275936 DXagent An issue has been resolved in DXagent where when uploading a DSA DB file on Windows, the Local Service user was not assigned appropriate file permissions.
  TA528192 DXserver New "-e" option is added to dxloaddb tool, which allows dxloaddb to ignore errors in LDIF file and continues processing. This does not include errors in object relations, where an object cannot be found for a relative DN. These errors are fatal and cannot be ignored.
  DE272171 Management UI In Linux Management UI installer default option is changed to N for 'Do you want to use your own certificates to secure Management UI web server communications?' question. Also added certificate and private key validation:  check if provided file can be accessed, check if provided files actually contains a certificate and a private key, check if provided certificate matches the private key.
  DE274620 DXserver An issue has been resolved where CAPKI package remains installed after CA Directory is uninstalled on Windows.
  DE272662 Management UI An issue with express install of CA Directory Management UI on Linux has been resoved where the installer asks for mangement UI details instead of using defauls values, and does not install dxagent.
  DE256362 Management UI An issue with CA Directory installer on Linux has been resolved where, if CA Directory is installed on top of the Management UI, the DXUIHOME environment variable becomes unset, which prevents the Management UI to work properly.
  US285006 Management UI Data functionality removed from DSA update modal and placed in new 'Upload' modal.
  US285028 Management UI Management UI now supports a default password policy. Password policies are also displayed in a more intuitive tab form.
  DE275583 DXserver An issue has been resolved where configuration redefintion alarms were erroneously logged for password policy settings that may be set multiple times for different policies.
  US257139 DXserver and Management UI CA Directory is now certified on Windows 2016
  US257138 DXserver and Management UI CA Directory is now certified on RHEL 7.3
  US257137 DXserver and Management UI CA Directory is now certified on CentOS 7.3
  DE265364 Management UI A Management UI issue has been resolved during DSA creation, where DB file uploading would result in an error.
  US261705 DXserver For synchronous multi-write replication, when updates are sent and enter the pending state the DSA now stores a timeout on each queued item. This timeout is cleared when an acknowlegement is received.
When queueing a new item the DSA will now check if the first item in the queue has timed out, if so an alarm is logged.
  DE274939 DXserver To improve compatibility with the Management UI/DXagent, the dxnewdsa tool no longer accepts multi-byte DSA names. DSA names are now restricted to the following range of characters [a-zA-Z0-9-_.].
00660525 DE272674 DXserver A MW-DISP conflict resolution issue has been resolved where:
* dsa1 and dsa2 lose contact
* entryA is renamed to entryB on dsa1
* entryA is updated on dsa2 (with old name)

 

When contact is re-established
* MW-DISP recovery from dsa1 -> dsa2 will continually fail
* The entry will no longer by synchronized between dsa1 and dsa2 as the update
will be applied using the old name

The DSA will now resolve this conflict by allowing the rename to be applied during MW-DISP recovery from dsa1 -> dsa2 and the DSA will attempt to apply the update from dsa1 to the renamed entry.

  DE271462 DXserver Fixed an issue that prevents weak hash algorithm usage in FIPS mode warning to be logged if the SSL configuration precedes password-storage setting in configuration file.
  US209892 DXserver When a search request exceeds max-op-time or exceeds non-zero value of time-log-search-threshold with time logging enabled. The search filter is examined for attributes that are not indexed. A warning is logged for each non-indexed attribute.
E.g. WARN : Attribute used in filter: mail is not indexed
These warnings assist in the diagnosis of abnormally slow requests and assist in the tuning of indexes.
  US261211 DXserver Stats log now includes two new items CPU Seconds and CPU kTicks. CPU Seconds is the number of seconds within the last minute that the DSA scheduler iterated at least once. CPU kTicks is the number of times the DSA scheduler iterated in the last minute, each unit is 1000 ticks.
A new setting has been introduced "cpu-starvation-threshold" this defaults to 5, to disable set to -1. If the CPU starvation threshold is exceeded an alarm is logged indicating that CPU starvation has been detected.
For example if the DSA has the default threshold of 5 seconds and CPU Seconds falls below 55 seconds in the last minute an alarm is logged. Or if the stats log entry is overdue by more than 5 seconds e.g it was logged at 20170118.150411 instead of 20170118.150400 it is overdue by 11 seconds and has exceeded the threshold.
CPU starvation alarms may correlate with abnormally slow requests in a customers environment and provide an indication of root cause such as a VMware vMotion event.
  US271932 & US271933 DXserver Upgraded to CAPKI 5.2.0. An alarm message will now be logged if password-storage is set to a non FIPS compliant algorithm when the DSA
is configured to run in FIPS mode.
00609880 DE265302 DXserver Dxloaddb utility aborts when it encounters malformed GeneralizedTime attribute values. This avoids creating a DB file that contains corrupted values.

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing