Knowledge Partner
Knowledge Partner
1713 views

Breaking News: eDirectory 9.0 released!

I didn't see any announcement yet, but today I found that eDirectory 9 release and available for download!
https://dl.netiq.com/protected/Summary.jsp?buildid=JUBg-4ALPls~

New Features
The eDirectory 9.0 includes new features, enhancements, and support for latest platforms across eDirectory components.

  • Suite B Support

This release introduces support for configuring eDirectory to use the cryptographic algorithms that Suite B mandates. Suite B is a set of cryptographic algorithms standardized by the National Security Agency (NSA) to allow commercial products to protect traffic that is classified at secret or top secret levels. The Suite B algorithms ensure the security of classified and unclassified information passed through public networks.

Note: Suite B standard is subject to change. Be aware that NSA (National Security Agency) may change their recommendations in future. Suite B support in eDirectory 9.0 is based on our interpretation of NSA recommendations.


  • Enhanced Background Authentication

This release introduces a standards-based background authentication mechanism, called Enhanced Background Authentication for single sign on within eDirectory. This mechanism enables you to overcome the limitations of proprietary Background Authentication material. Using EBA, eDirectory issues users an X.509 certificate as the BA material and the BA protocol uses TLS version 1.2 for mutual authentication. EBA will be disabled by default.


  • Federal Information Processing Standard 140-2 Certification

eDirectory 9.0 leverages the Federal Information Processing Standards (FIPS) 140-2 compliant features to meet the security requirements of U.S. Federal agencies and customers with highly secure environments.


  • Proxied Authorization Control

eDirectory now provides you the flexibility for controlling proxy authorization through the LDAP protocol as mentioned in the RFC 4370. Proxied authorization control allows a client to request that an operation be processed under a provided authorization identity instead of under the current authorization identity associated with the connection. The Proxied Authorization Control provides a mechanism for specifying an authorization identity on a per-operation basis, benefiting clients that need to perform operations efficiently on behalf of multiple users.


  • Monitoring

This release introduces a LDAP search method to retrieve the real time statistics for eDirectory subsystems and background processes such as Threadpool, Connection Table, Dclient, DS Agent, and LDAP Server. By using this common interface, an eDirectory administrator can monitor the status of eDirectory modules and operations. eDirectory supports this feature on LDAP protocol and only an LDAP client can place requests for monitoring data.


  • Container Readiness

eDirectory 9.0 no longer allows automatic containerization of attribute however, it provides you the flexibility for controlling the containerization of attributes to separate attribute containers. If you searched for an attribute during the movement of that attribute to the attribute containers, LDAP search displayed 6029 error for that attribute. Also, the automatic containerization of attributes could delay the movement of attributes depending on the size of the database. An administrator now can schedule the attribute containerization as required.


  • Enhanced Nested Groups

The enhanced Nested Groups feature allows a dynamic group or a nested group to be a member of another dynamic group to be nested to many levels. It is also possible to assign the ACL rights to the member objects of the nested groups.


  • eDirectory Enhancements

Performance Enhancement in Nested Groups
This release improves the performance of searching large number of nested groups that do not have any nested group members associated with them.


  • Replication Performance Enhancements

To communicate among various servers, eDirectory uses Netware Core Protocol (NCP) as the communication protocol. In previous releases, the maximum packet size that NCP allowed was 64 KB, which limited the maximum throughput when data was transferred over NCP. This release improves the ability of NCP to handle packet size up to 1 MB, which enables eDirectory to synchronize up to 1 MB data in a single packet. eDirectory starts synchronizing with 64 KB packet size and increases the packet size based on the remaining data to be synchronized. This significantly improves the replication performance.


  • Change Cache Rebuild

This release maximizes CPU utilization that significantly reduces the rebuild time of the change cache.

  • Immediate Data Synchronization Process

In previous releases of eDirectory, eDirectory accumulated data changes for five minutes or longer before the Skulker process was scheduled. With eDirectory 9.0, Skulker has been enhanced to schedule immediately after the data transaction completes successfully.

  • Optimized Janitor Thread for Inherited ACL Calculation

In this release, the Janitor thread is enhanced to process the ACLs sequentially from the partitions. This enables the Janitor thread to immediately release the DIB lock. When the DIB is optimally locked, it remains available for other operations. For more information about inherited ACLs, see eDirectory Rights in the NetIQ eDirectory Administration Guide.

For a complete list of the new features and enhancements in 9.0 and previous releases, see eDirectory 9.0 What's New Guide.
https://www.netiq.com/documentation/edirectory-9/edirectory90_releasenotes/data/edirectory90_releasenotes.html
Labels (1)
0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Breaking News: eDirectory 9.0 released!

Yup, it's been out for a month or so. The beta was really fun, and the
new features are pretty nice and I can see this benefiting a lot of
organizations.

Note that EBA is a HUGE change, and while not required for use, it's
something everybody should think about before implementing in an existing
environment, and probably almost a long before implementing it in a new
environment.

The monitoring is neat; lots of potential for pulling info out of replicas
quickly/easily from anywhere. Nagios, anybody?

TLS 1.2 support: definitely great.

Container stuff for indexes: love it. Those of us doing IDM work are all
celebrating.

Replication performance enhancements are also great. No more needless
limits on non-stream data types around 63Kb.

The immediate sync process is crazy fast. I was never able to make a
change on one replica and NOT see the change on another replica. It was
always there before I could hit F5 in iMonitor, which is great, especially
under load.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Breaking News: eDirectory 9.0 released!

Thank you, Aaron!
It is looks like that I was so busy, that almost miss major event (release)! 😉
0 Likes
tschloesser Super Contributor.
Super Contributor.

Re: Breaking News: eDirectory 9.0 released!


HI,

does eDirectory 9 implement 64bit timestamp syntax which will allow to
set for example login expiration time and other attributes to a date
past 2037?

BTW: Are there any news according the support of IDM? Or will we have to
wait for IDM 4.6 or 5 to be used with eDir )

Regards,

Thorsten


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55411

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Breaking News: eDirectory 9.0 released!

On 02/24/2016 01:59 AM, tschloesser wrote:
>
> does eDirectory 9 implement 64bit timestamp syntax which will allow to
> set for example login expiration time and other attributes to a date
> past 2037?


No.

> BTW: Are there any news according the support of IDM? Or will we have to
> wait for IDM 4.6 or 5 to be used with eDir )


Wait, yes, and that is the official news; I believe the readme calls this
out explicitly.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
tschloesser Super Contributor.
Super Contributor.

Re: Breaking News: eDirectory 9.0 released!


Hi AB,

thanks for the answer:

Do you know of any plan to handle the following attributes with a date
past 2037?



Last Login Time
Login Expiration Time
Login Intruder Reset Time
Login Time
Low Convergence Reset Time
NDSCat:Actual End Time
NDSCat:Actual Start Time
NDSCat:Start Time
NLS:Summary Update Time
Password Expiration Time

All those attributes are using the 32bit time syntax! Since 2037 is not
too far away I hope there is a way to use those attributes with 64bit
values!

Thanks!


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55411

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Breaking News: eDirectory 9.0 released!

It keeps coming up, but since it would be such a huge change to eDirectory
it has not been included yet Your best bet is to contact a sales rep and
express interest since it is clearly something needing to be fixed sooner
than later. Keep in mind that, once fixed, the system will likely need a
big conversion from one format to another, or else code to handle the
older/newer servers will need to be figured in, and older servers may not
synchronize the values as expected, etc. It's a bit of a mess, but that's
software for you.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
tschloesser Super Contributor.
Super Contributor.

Re: Breaking News: eDirectory 9.0 released!


The strange thing is that according internal sources @NetIQ we were told
that this change (change time from 32 to 64bit) would be one of the
"features" of the next major version of eDirectory! Since it would be
such a huge change I guess we have to wait for eDir 10 as the next major
release to see this change - This is really bad!!!

Since even M$ changed their time syntax to 64bit quite a while ago I was
hoping NetIQ would do it now as well.

Lesson learned: In IDM we can not use attributes with time syntax for
life circle processes!


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55411

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.