CA Directory 12.6
Latest Cumulative Release Download

Last Updated: May 30, 2017

Please note that the 12.6 documentation is found online at: https://docops.ca.com/ca-directory/12-6/en.

CA Directory 12.6 does not support 32-bit platforms.

Build # 14053 12.6 SP2
 

Directory Server
(DXgrid)

Web Components
(DXmanager)

Directory Management UI
(New)

DXagent

Windows 64-bit Click Here Click Here Click Here Click Here
Linux 64-bit Click Here Click Here Click Here Click Here
Solaris x86 64-bit Click Here Click Here N/A N/A
Solaris Sparc 64-bit Click Here Click Here N/A N/A
AIX 64-bit Click Here N/A N/A N/A
HP-UX Itanium 64-bit Click Here N/A N/A N/A

 

  Directory Server
(DXgrid)
Directory Management API
(DXagent)
Directory Samples
Linux 64-bit DEB Click Here Click Here Click Here
Linux 64-bit RPM Click Here Click Here Click Here

Fixes in CA Directory 12.6 SP2

Support Ticket # Engineering Ticket # Affected Component Problem Summary
  DE293205 DXserver A potential DXserver memory leak has been addressed when LDAP clients abort connections while in the process of performing a large number of asynchronous requests.
  DE291770 DXserver Improved DXserver memory utilization when sending a lot of small requests/responses and the connection is blocked.
  DE291765 Management UI Fixed Management UI installer that regenerated DSA certificates in upgrade mode. It now generates certificates for Management UI embedded DSA only.
  DE278370 DXserver Fixed Unix Directory uninstaller that asked for user input in silent mode.
  DE286134 Management UI Added missing management UI specific settings to the response file generated on Windows.
  DE285848 Management UI Fixed Directory Windows installer response file generation where invalid DXmanager related entries were created
  DE276940 Management UI Fixed Management UI Windows installer failure in repair mode.
  DE277331 Management UI Fixed Management UI Linux installer incorrectly providing ability to install older version on top of a newer version.
  DE276894 DXagent Fixed install problem on Linux where temporary dxagent.py.tmp file remaind efter installation.
  DE286863 DXserver Fixed an uninstall problem on Unix where dsa user was deleted but dxserver folder remained and was owned by undefined user.
  DE286882 DXserver Added installation option to choose a method that allow the DXserver on Unix to listen on ports <= 1024. On Linux and Solaris a safer approach can be chosen rather than make dxserver binary root and set 'setuid' flag.

On Linux a safer approach is to assign 'cap_net_bind_service' capability to the binary. On Solaris a safer approach is to use a new rights profile.
  DE277472 & DE281464 Management UI Fixed Management UI not giving user ability to edit embedded DSA if any dxagents were unreachable.
  US313125 Management UI Excluding embedded DSA(s) whose prefix ends with “o=management-ui” when importing DSA(s) for a host.
  DE290952 DXagent Fixed an issue in DXagent that occurs when some special characters are included in string type settings. Enabled relative path conversion for SSL path based settings.
  DE283561 & DE256361 DXagent Fixed inconsistent escaping of horizontal partitioning configuration in DXagent. Relaxed partition count checking in DXtools & DXagent to allow partitions to be created in Management UI.
00714415 DE288357 Management UI Fixed Management UI Windows installer failure when the selected target is on a volume that does not have short filename (8dot3) enabled. Typically this problem is observed when installing on other than drive C:.
  DE262933 DXserver Fixed an internal issue in DXemptydb utility where it would crash when invoked with no arguments.

Fixes in CA Directory 12.6 SP1

Support Ticket # Engineering Ticket # Affected Component Problem Summary
  DE286863 DXserver Fixed dxserver folder cleanup on Unix during uninstall, where the uninstaller deleted dsa user but left dxserver folder owned by undefined user.
  DE286882 DXserver Adding new LEGACY_SETUID resonse file variable to allow using legacy SETUID flag approach for DSA to listen to ports in range 1-1024.
00665085 DE273676 DXserver Fixed DXserver crash on Windows platform. Root cause of the problem was incorrect usage of a 32-bit variable to store a 64-bit value. This caused DXserver to reference an invalid memory address when the 64-bit value was greater than 2147483647.
00660525 DE272674 & DE277704 DXserver Defect DE206334 has been backed out under the above change. While this produces consistent modifyTimestamps for renames, it had the side effect of impacting data integrity. When an entry is updated on one DSA and renamed on another while the link between them was down. During conflict resolution the more recent rename now wins over the update ensure the entries (apart from modifyTimestamp) are identical.

Fixes in CA Directory 12.6

Support Ticket # Engineering Ticket # Affected Component Problem Summary
  DE277481 DXagent A DXagent setup issue has been resolved where certificate creation would fail for long hostnames.
  US287317 DXserver To assist with migration from Oracle Directory Server Enterprise Edition (ODSEE), CA Directory has received several enhancements.

Please consult the “Migrating from Oracle Directory Server Enterprise Edition to CA Directory” Guide in the product documentation for further details.

dxloaddb
Now supports a continuous mode of operation. The option -e that ignores issues that prevent entries from loading and continuous processing the LDIF. This works in both normal and dry run modes.

dxmigrate
A new tool is now shipped in the CA Directory packages to assist with migration of ODSEE password policy configuration and exported data. Please consult the documentation for further details.

Phased migration - To allow for a phased migration from ODSEE, CA Directory now supports two-way replication.

  CA Directory -> ODSEE (DXlink replication)
* When replicating over DXlink, multi-write will always replicate using the configured LDAP DSA Name and LDAP DSA password user.
* Replication now supports Multwrite Ignore Attrs to specify a list of attributes that should not be included when replicating add and modify requests.

  ODSEE -> CA Directory
CA Directory now supports pull replication from ODSEE using the retro changelog feature. This can be configured via the following command or via the Settings tab in the Management UI:

  set pull-replication = %7B
source = "dxlink"
location = <cn changelog>
interval   = 10
window-size = 20
retries     = 30
ignore-attrs = aci, pwdFailureTime, pwdAccountLockedTime, pwdHistory, passwordHistory, modifiersName, modifyTimestamp
%7D;

  Where
source: is the DSA name from the DXlink reference or unmanaged DSA (UI)
location: is where the retro changelog entries are stored
interval: Number of seconds between when replication is performed
window-size: The window of updates retrieved per replication request
retries: The number attempts where no entries were retrieved before logging an alert
ignore-attrs: Attributes from ODSEE to ignore from add and modify requests
  F33742 Management UI The Management UI have been internationalized. Localized resources have been added for Japanese and French.
  DE276228 DXserver The ldif2dxc tool has been enhanced when presented with non-standard's compliant schema. When a structural object class definition is missing a super class, it is not longer treated as abstract. The object class will be kept as structural and a super class of "top" included in the definition.
  DE275936 DXagent An issue has been resolved in DXagent where when uploading a DSA DB file on Windows, the Local Service user was not assigned appropriate file permissions.
  TA528192 DXserver New "-e" option is added to dxloaddb tool, which allows dxloaddb to ignore errors in LDIF file and continues processing. This does not include errors in object relations, where an object cannot be found for a relative DN. These errors are fatal and cannot be ignored.
  DE272171 Management UI In Linux Management UI installer default option is changed to N for 'Do you want to use your own certificates to secure Management UI web server communications?' question. Also added certificate and private key validation:  check if provided file can be accessed, check if provided files actually contains a certificate and a private key, check if provided certificate matches the private key.
  DE274620 DXserver An issue has been resolved where CAPKI package remains installed after CA Directory is uninstalled on Windows.
  DE272662 Management UI An issue with express install of CA Directory Management UI on Linux has been resoved where the installer asks for mangement UI details instead of using defauls values, and does not install dxagent.
  DE256362 Management UI An issue with CA Directory installer on Linux has been resolved where, if CA Directory is installed on top of the Management UI, the DXUIHOME environment variable becomes unset, which prevents the Management UI to work properly.
  US285006 Management UI Data functionality removed from DSA update modal and placed in new 'Upload' modal.
  US285028 Management UI Management UI now supports a default password policy. Password policies are also displayed in a more intuitive tab form.
  DE275583 DXserver An issue has been resolved where configuration redefintion alarms were erroneously logged for password policy settings that may be set multiple times for different policies.
  US257139 DXserver and Management UI CA Directory is now certified on Windows 2016
  US257138 DXserver and Management UI CA Directory is now certified on RHEL 7.3
  US257137 DXserver and Management UI CA Directory is now certified on CentOS 7.3
  DE265364 Management UI A Management UI issue has been resolved during DSA creation, where DB file uploading would result in an error.
  US261705 DXserver For synchronous multi-write replication, when updates are sent and enter the pending state the DSA now stores a timeout on each queued item. This timeout is cleared when an acknowlegement is received.
When queueing a new item the DSA will now check if the first item in the queue has timed out, if so an alarm is logged.
  DE274939 DXserver To improve compatibility with the Management UI/DXagent, the dxnewdsa tool no longer accepts multi-byte DSA names. DSA names are now restricted to the following range of characters [a-zA-Z0-9-_.].
00660525 DE272674 DXserver A MW-DISP conflict resolution issue has been resolved where:
* dsa1 and dsa2 lose contact
* entryA is renamed to entryB on dsa1
* entryA is updated on dsa2 (with old name)

When contact is re-established
* MW-DISP recovery from dsa1 -> dsa2 will continually fail
* The entry will no longer by synchronized between dsa1 and dsa2 as the update
will be applied using the old name

The DSA will now resolve this conflict by allowing the rename to be applied during MW-DISP recovery from dsa1 -> dsa2 and the DSA will attempt to apply the update from dsa1 to the renamed entry.
  DE271462 DXserver Fixed an issue that prevents weak hash algorithm usage in FIPS mode warning to be logged if the SSL configuration precedes password-storage setting in configuration file.
  US209892 DXserver When a search request exceeds max-op-time or exceeds non-zero value of time-log-search-threshold with time logging enabled. The search filter is examined for attributes that are not indexed. A warning is logged for each non-indexed attribute.
E.g. WARN : Attribute used in filter: mail is not indexed
These warnings assist in the diagnosis of abnormally slow requests and assist in the tuning of indexes.
  US261211 DXserver Stats log now includes two new items CPU Seconds and CPU kTicks. CPU Seconds is the number of seconds within the last minute that the DSA scheduler iterated at least once. CPU kTicks is the number of times the DSA scheduler iterated in the last minute, each unit is 1000 ticks.
A new setting has been introduced "cpu-starvation-threshold" this defaults to 5, to disable set to -1. If the CPU starvation threshold is exceeded an alarm is logged indicating that CPU starvation has been detected.
For example if the DSA has the default threshold of 5 seconds and CPU Seconds falls below 55 seconds in the last minute an alarm is logged. Or if the stats log entry is overdue by more than 5 seconds e.g it was logged at 20170118.150411 instead of 20170118.150400 it is overdue by 11 seconds and has exceeded the threshold.
CPU starvation alarms may correlate with abnormally slow requests in a customers environment and provide an indication of root cause such as a VMware vMotion event.
  US271932 & US271933 DXserver Upgraded to CAPKI 5.2.0. An alarm message will now be logged if password-storage is set to a non FIPS compliant algorithm when the DSA
is configured to run in FIPS mode.
00609880 DE265302 DXserver Dxloaddb utility aborts when it encounters malformed GeneralizedTime attribute values. This avoids creating a DB file that contains corrupted values.

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing