Change Download Preference


{{errorInSavingPref}}
Current Preference
{{dwnldPreference}}
Change Preference to:

CA Directory 12.0.18
Latest Cumulative Release Download

Last Updated: July 17, 2017

Please note that the 12.0.18 documentation is found online at: https://docops.ca.com/ca-directory/12-0-18/en.

CA Directory 12.0.18 does not support 32-bit platforms.

Build # 12105 12.0.18 CR6
  Directory Server
(DXgrid)
Directory Management
(DXmanager)
Windows 64-bit Click Here Click Here
Linux 64-bit Click Here Click Here
Solaris x86 64-bit Click Here Click Here
Solaris Sparc 64-bit Click Here Click Here
AIX 64-bit Click Here N/A
HP-UX Itanium 64-bit Click Here N/A

 

  Directory Server
(DXgrid)
Directory Management API
(DXagent)
Directory Samples
Linux 64-bit DEB Click Here Click Here Click Here
Linux 64-bit RPM Click Here Click Here Click Here

 

Fixes in CA Directory 12.0.18 CR6

Support Ticket # Engineering Ticket # Affected Component Problem Summary
00768195 DE300383 DXserver On unix 'dsa' user is now allowed to upgrade CA Directory, which was installed by a 'root' user. On AIX a user is no longer required to be a member of 'bin' group in order to install/upgrade CA Directory.
00771362 DE300157 DXserver Fixed an issue in DXserver where when in FIPS mode the Protocol configuration was ignored and always used TLS 1.0.
00753364 DE295295 DXserver Fixed an assertion failure in dxadmind that led to a crash. This can only occur in a specific scenario where sending of persistent search response encounters a short write and at the same time the socket is being closed. The fix involves a partial merge of openldap fix for ITS#4667.
00743318 DE292979 DXserver The force-encrypt-auth setting is now ignored for local DXconsole connections. Bind authentications in cleartext are always allowed if clients are connected to the local DXconsole port (console-port).

 

Fixes in CA Directory 12.0.18 CR5

Support Ticket # Engineering Ticket # Affected Component Problem Summary
00665085 DE273676 DXserver Fixed DXserver crash on Windows platform. Root cause of the problem was incorrect usage of a 32-bit variable to store a 64-bit value. This caused DXserver to reference an invalid memory address when the 64-bit value was greater than 2147483647.
00660525 DE272674 & DE277704 DXserver A MW-DISP rename conflict resolution issue has been resolved where:
* dsa1 and dsa2 lose contact
* entryA is renamed to entryB on dsa1
* entryA is updated on dsa2 (with old name)

When contact is re-established
* MW-DISP recovery from dsa1 -> dsa2 will continually fail
* The entry will no longer by synchronized between dsa1 and dsa2 as the update will be applied using the old name

The DSA will now resolve this conflict by allowing the rename to be applied during MW-DISP recovery from dsa1 -> dsa2 and the DSA will attempt to apply the update from dsa1 to the renamed entry.
00606859 DE255000 DXserver An issue has been addressed where modifyTimeStamp was not replicated in a multiwrite setup when password policies are enabled and a user is changing their own password.

 

Fixes in CA Directory 12.0.18 CR4

Support Ticket # Engineering Ticket # Affected Component Problem Summary
- DE202644 DXserver An issue has been addressed where the DSA can be left in an unresponsive state when a client disconnects that has a large number of pending requests.
00471191 DE202354 DXserver An issue has been resolved where a client performing dynamic group (member=<DN>) searches disconnects while the search is in progress. This has the potential to cause the DSA to crash.

As part of this fix, the following assertion failure has been downgraded to a warning as this is triggered by the above disconnect:
** FATAL ERROR **: Assertion failed (/release/HEAD.new/dxgrid/src/dsa/user/roles.c???)

The following assertion failure has also been fixed:
** FATAL ERROR **: Assertion failed (/release/HEAD.new/dxgrid/src/dsa/user/uDynamicGroup.c129?)

ServiceCloud No: 00471975 Rally No: DE202799
Corrected unique attribute checking by not returning an error when the unique attribute is being replaced with the same value.
00419557 DE171636 DXserver For the following configuration, it is difficult to stop all the DSAs servicing a specific multi-write group (region) when under a reasonable modify load:
* vanilla multi-write replication (MW-DISP not enabled)
* multi-write groups specified in the knowledge
* set wait-for-multiwrite = true;

To assist with maintenance activities that require all the DSAs from a specific group to be stopped, the command "set isolate-multi-write-group = true;" has been introduced.

An example procedure for stopping all the DSAs in a group is:
* connect to DXconsole for each DSA that will be shut down and perform "set isolate-multi-write-group = true;", or temporarily enabled "set isolate-multi-write-group = true;" in the configuration and re-init the DSAs of a particular group individually
* once set, all connections to other groups and non-peer DSAs will be aborted, allowing replication within a group to complete while taking on no further updates from other groups/relays/routers
* when replication has completed the DSAs in the group may be stopped
* once stopped, if using the configuration based approach, the 'isolate-multi-write-group' command can be removed or set to false and DSAs can be started

 

Fixes in CA Directory 12.0.18 CR3

Support Ticket # Engineering Ticket # Affected Component Problem Summary
- DE186749 DXserver DSAs in multi write groups are allowed to have one hub for each group for each prefix. Previously, the check only ensured there is one hub for each group.
00454002 DE198421 DXserver Fixed a memory leak issue that was introduced by another bug fix in SP17. A leak of 4kb occurred for each bind request. This only affected DSAs with password policy enabled.
00440843 DE199294 DXserver Fixed a DB flush performance issue that was occuring on the first flush after DSA restart. The symptoms may include a "Forced sync" warning message and the DSA was not able to service requests for an extended period of time.

 

Fixes in CA Directory 12.0.18 CR2

Support Ticket # Engineering Ticket # Affected Component Problem Summary
00411105 DE165704 DXserver The DSA no longer crashes when an encrypted connection is terminated before the DSA has been able to identify the SSL/TLS protocol version.
00361898 DE165174 DXserver The new command "set max-persistent-searches = <num>;" can be used to configure the maximum number of concurrent persistent searches. This was previously capped of 10, which is default if max-persistent-searches is not set.

Note: Having a large number of active persistent searches may have a performance impact on directory updates.
  DE155915 DXserver Newly created Windows DSA services are now configured as "Automatic (Delayed Start)" instead of "Automatic".

 

Fixes in CA Directory 12.0.18 CR1

Support Ticket # Engineering Ticket # Affected Component Problem Summary
00263264 DE138821 DXserver A multi-write replication issue has been resolved when replicating over an SSL encrypted link. If the link between DSAs hangs up while a master is sending to a slave, the multi-write queue for the slave can enter an invalid state causing the master to stop replicating. When this occurs, the warning "No MW response from DSA '%7BSlave DSA Name%7D' in last 60 seconds" is displayed every minute until the master of restarted.
00334990 DE153975 DXserver A dynamic group issue has been resolved that has the potential to cause the following alarm message to be continually displayed.
r:/head.new/dxgrid/src/dsa/rstack/support/xmpool.c(326): Assertion failed
Note: Having a large number of active persistent searches may have a performance impact on directory updates.
00332527 DE154865 DXserver A CA Directory issue has been resolved where a search request returning a dynamic group will now populate the member attribute when a return attribute list is specified.
00328650 DE144532 DXserver To improve integration with WebSphere Application Server, dynamic group membership searches have been expanded to support LDAP filters of the following form:
   (|(&(A)(B)(C)(...)(member=%7BDN%7D))(&(D)(E)(F)(...)(uniqueMember=%7BDN%7D)))
Note: %7BDN%7D must be the same in both sections of the filter.
00314752 DE143115 DXserver An issue has been addressed where the same DSA is used to process a view request with a search phase that includes dynamic group searches. This would periodically return unwillingToPerform instead of the expected search result.

 

Fixes in CA Directory 12.0.18

Support Ticket # Engineering Ticket # Affected Component Problem Summary
  DE140306 DXserver Fixed erroneous syntax error reported when executing "get log;" in console.
  DE140304 DXserver Fixed incorrect parsing of rollover-trace-log = false and rollover-alarm-log = false that always parsed as true.
  US32023 DXserver, DXagent Debian installation packages are added to the CA Directory distribution. Three packages are included:
cadirectory_12.0 .<Service pack number>-<Build number>_amd64.deb containing directory binaries and configuration
cadirectory-samples_12.0.<Service pack number>-<Build number>_amd64.deb containing directory samples
cadirectory-dxagent_12.0.<Service pack number>-<Build number>_amd64.deb containing dxagent module
  US32029 DXserver, DXagent RPM installation packages are added to the CA Directory distribution. Three packages are included:
cadirectory-12.0.<Service pack number>-<Build number>.x86_64.rpm containing directory binaries and configuration
cadirectory-samples-12.0.<Service pack number>-<Build number>.x86_64.rpm containing directory samples
cadirectory-dxagent-12.0.<Service pack number>-<Build number>.x86_64.rpm containing dxagent module
  US32008 DXserver Support roll-over of log files when the file number of lines exceeds the threshold configured.
The following commands have been added to turn on/off this feature for different types of logs:
set alarm-log-max-lines=$NUMBER;
set summary-log-max-lines=$NUMBER;
set trace-log-max-lines=$NUMBER;
set stats-log-max-lines=$NUMBER;
set query-log-max-lines=$NUMBER;
set update-log-max-lines=$NUMBER;
set alert-log-max-lines=$NUMBER;
set connect-log-max-lines=$NUMBER;
set warn-log-max-lines=$NUMBER;
set diag-log-max-lines=$NUMBER;
set time-log-max-lines=$NUMBER;
$NUMBER needs to be either at least 1000 or 0 which means the feature is off. 
When the feature is on and the configured threshold is reached, 1) for all types of logs except Trace and Alarm, new logs with _YYYYMMDD_HHMMSS format extension will be opened for future writing. e.g. router_summary_20150914_120413.log 2)for the Trace and Alarm log, the current Trace or Alarm log will be renamed to whatever the current log name with the _YYYYMMDD_HHMMSS format extension (e.g. router_alarm_20150914_110348.log), and a new log with the same name (e.g. router.alarm.log) will be opened for future writing.
A new DXconsole command called "roll-logs;" has been added. It causes all logs configured with max-lines to rollover immediately. This will assist in creating a fresh set of logs when reproducing issues. Similarly a new dxserver commandline command has been added to do the same thing, e.g. "dxserver logroll democorp".
To assist with debugging the "get log;" DXconsole command displays a line count for each file currently open. Please refer to the document for an example.
  DE15508 DXserver 'forcestart' command line option has been added to dxserver application. The option allows to start a DSA that may not be started and reports inconsistent state.
  DE15391 DXserver Addressed an issue where 'dxserver start %7Bdsa name%7D' command reports inconsistent state when called twice in a row and when the command 'set disable-transaction-log = true;' is set.
00302492 DE136861 DXserver dxsyntax application is extended to include a check that reports an error when DSAs in a horizontal partition have different partitioning attributes. Also removed the check that forces horizontal partitions to have the same number of replicas.
00249232 DE20671 DXserver Addressed an issue with CA Directory installer where CAPKI libraries become corrupted when installing on Linux 64-bit
  DE140310 DXserver The dxsoak tools has been extended to support filters that contain distinguished name values to allow for stress testing of group and dynamic group searches, for example,
dn: ou=groups,o=CA
changetype: search
scope: subtree
filter: (member=uid=12345,ou=users,o=CA)
  DE140309 DXserver When the schema is sourced by the DSA and an attribute fails to be defined, a better diagnostic message is now produced including the name of the offending attribute.
  DE140307 DXserver The "get oper;" DXconsole command now displays the current value for paging-threshold.
00303587 DE139188 DXserver Fixed a crash in dxadmind. This particular crash leaves the following entry in the dxadmin.log:
20160123.161422.528 OPERATION: dxadmind Server Starting - Configuration version=8, status=Encrypted
dxadmind: /net/potaroo/release/HEAD.new/src/dxadmin/dxadmind2/../../openldap/openldap/servers/slapd/connection.c:822: connection_destroy: Assertion 'c->c_writewaiter == 0' failed
  US118314 DXserver Addressed an issue where the DSA would only attempt to use TLS1.0 protocol and also improve logging of protocol version in trace and query logs.
Two new SSL 'protocol' settings have been introduced to limit the negotiated protocol to TLS1.1 (tlsv11) and TLS1.2 (tlsv12). These can be set within the "set ssl = %7B" statement.
00144381 DE130126 DXserver An issue has been resolved where a router/relay DSA with roles enabled, may halt when concurrently chaining requests received from the same LDAP client.
  DE140275 DXserver A code defect was fixed which allowed Password Modify Operation to succeed when DSA was configured to use dxlink ldap
  US118300 DXagent An enhancement was implemented in DXagent to support for mime-type application/x-gzip. This is for returning the online backup file (.zdb)