Change Download Preference

Current Preference
Change Preference to:

CA Directory 12.0.15
Latest Cumulative Release Download

Last Updated: September 23, 2015

Please note that the 12.0.15 documentation is found online at:

Build # 10207 12.0.15 CR1
  Directory Server
Directory Management
Windows 64-bit Click Here Click Here
Windows 32-bit Click Here
Linux 64-bit Click Here Click Here
Linux 32-bit Click Here
Solaris x86 64-bit Click Here Click Here
Solaris x86 32-bit Click Here
Solaris Sparc 64-bit Click Here Click Here
Solaris Sparc 32-bit Click Here
AIX 64-bit Click Here N/A
AIX 32-bit Click Here N/A
HP-UX Itanium 64-bit Click Here N/A
HP-UX PA-RISC 32-bit Click Here N/A

Fixes in CA Directory 12.0.15 CR1

Support Ticket # Engineering Ticket # Affected Component Problem Summary
00146389 161856 DXserver A CA Directory password policy issue has been resolved, where a binding LDAP client disconnecting before receiving a bind response may cause the DSA to halt.
00127786 160413 DXserver Binds performed under the "concurrent-bind-user" no longer leak memory.
00099275 156817 DXserver The new command "set ignore-null-value-attrs = true;" will enable the DSA to ignore null attribute values received via add or modify requests, if null values are not supported by the underlying syntax (as per RFC-4517). This is to provide compatibility with applications built on Sun/Oracle directory servers that rely on this feature.
00083524 155760 DXserver The format of the Netscape Password Policy expiring/expired LDAP controls now conforms to The new command "set password-netscape-legacy-mode = true;" will re-instate the previous format if applications have been built assuming this incorrect format.
CA Internal 161189 DXtools Added a mechanism to suppress parser warning messages in dxdumpdb utility. This will provide cleaner LDIF files.

Fixes in CA Directory 12.0.15

Support Ticket # Engineering Ticket # Affected Component Problem Summary
CA Internal 154873 DXserver Updated default dxpassword hashing method to SSHA512.
00044109 153795 DXserver Addressed a "dxserver init" issue where the DSA would falsely detect knowledge changes and abort these associations when no knowledge change had been made.
CA Internal 151779 DXserver The CA Directory version number has now been aligned with other CA products.
00061242 151509 DXserver Addressed issue where the cleaning up of MW-DISP tombstone entries was failing due to an assertion failure in caRemove.c.
CA Internal 150834 DXserver Implemented a new "onlinebackup" option to the dxserver command to trigger an online dump of the DSA data. This achieves the same end result as issuing the "dump dxgrid-db" command through the DSA console.
00057529 150596 DXserver The DSA now supports entries modified during a leap second (23:59:60).
00049300 149836 DXserver The DSA no longer hangs on Windows when the number of concurrent connections exceeds 4096. Any subsequent connections will be refused and a warning logged.
CA Internal 71556 DXserver Dxagent is included in CA Directory installation package. This component provides a RESTful service for managing DSA's. Dxagent is supported on Linux only.
Please see the user guide for more information.
CA Internal 148531 DXserver Upgraded embedded CAPKI to version 4.3.8. This version of CAPKI addresses various bugs/vulnerabilities including the SSL/TLS FREAK attack.
CA Internal 146313 DXserver SCIM REST server is included in the CA Directory Management CD. This component provides a RESTful service that implements the SCIM (System for Cross-domain Identity Management) protocol 1.1. SCIM server is not installed by the installer and installation must be done manually. Please see the user guide for more information.
CA Internal 145249 DXserver Fixed a defect that affects server-side sorting. This defect causes incorrect sort order in the search results when a same attribute is used in the search filter and also as the server-side sort attribute.
CA Internal 141407 DXserver The DSA now supports a new command (set external-monitoring ...) to enable external HTTP monitoring of configured events.
See the documentation for more information.
CA Internal 117706 DXserver DSA logging has been enhanced to capture the stack backtrace in the event of a crash. This information is written to the alarm log file. The backtrace is a list of addresses pointing to the crash.
CA Internal 117703 DXserver A new password storage mechanism known as PBKDF2 (Password-Based Key Derivation Function) is now supported. This feature introduces three new settings to control the number of rounds, the salt length and the digest length:
set pbkdf2-iterations = 64000;
set salt-length = 128;
set pbkdf2-digest-length = 128;

The salt and digest values are specified in bits.
Please see for more information.