ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyenh-rf.htm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights                   -->
<!-- Use, duplication or disclosure restricted by            -->
<!-- GSA ADP Schedule Contract with IBM Corp.                -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - What's new for V5R4</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link --> 
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>

<img src="delta.gif" alt="Start of change" />
<a name="rzahyenh-rf"></a>
<h1 id="rzahyenh-rf">What's new for V5R4</h1>
<p>Directory Server for iSeries has the following enhancements and new functions
for V5R4:</p>
<p><span class="bold">Replication</span></p>
<ul>
<li><span class="bold">Gateway replication:</span> Replication can take place
across replicating networks using gateway servers. Gateway servers can more
effectively collect and distribute information while reducing network traffic.
See "Gateway replication" in the <a href="rzahyrepoverview.htm#rzahyrepoverview">Replication overview</a>.</li>
<li><span class="bold">cn=IBMpolicies:</span> A new container object for entries
to be shared among replicating servers. In contrast to cn=localhost, a container
for entries that are not replicated, cn=IBMpolicies contains configuration-like
information that might need to be replicated. See <a href="rzahysuffix.htm#rzahysuffix">Suffix (naming context)</a>.</li></ul>
<p><span class="bold">Security</span></p>
<ul>
<li><span class="bold">DIGEST-MD5 authentication:</span> DIGEST-MD5 is a simple
authentication security layer (SASL) authentication mechanism. When a client
uses Digest-MD5, the password is not transmitted in clear text and the protocol
prevents replay attacks. See <a href="rzahyauthentication.htm#rzahyauthentication">Authentication</a>.</li>
<li><span class="bold">Transport layer security (TLS):</span> A StartTLS extended
operation has been added to allow a client to upgrade a nonsecure connection
to one secured by TLS. In addition, an AES 256-bit TLS ciphersuite is supported
by the server. See <a href="rzahyssl-rf.htm#rzahyssl-rf">Secure Sockets Layer (SSL) and Transport Layer Security (TLS) with
the Directory Server</a></li></ul>
<p><span class="bold">Search</span></p>
<ul>
<li><span class="bold">Subtree search on null base:</span> All suffixes defined
in the configuration file can be searched with just one search request. This
eliminates the need for multiple searches (each with a different suffix as
the search base) to search the entire directory. See <a href="rzahysearchentry.htm#rzahysearchentry">Search the directory entries</a>.</li>
<li><span class="bold">Search limit groups:</span> This function allows an administrator
to assign different search limits to specific groups in addition to the general
limits imposed on all users. It provides flexibility for administrators to
determine who has what search limits on a particular server. See <a href="rzahysearchpar.htm#rzahysearchpar">Search parameters</a>.</li>
<li><span class="bold">Alias dereferencing processing enhancements:</span> Performance
of searches that use dereferencing options is significantly improved when
the directory contains no aliases. In addition, configuration options now
exist to override dereferencing options that are specified in client search
requests. See <a href="rzahysearchpar.htm#rzahysearchpar">Search parameters</a>.</li>
<li><span class="bold">Attribute cache:</span> The attribute cache function is
a performance enhancement for doing search filter resolution in memory rather
than performing the initial resolution in the database and storing it in the
filter cache. The attribute cache, unlike the filter cache, is not purged
every time an LDAP add, modify, or delete operation is performed. When configured,
the server automatically adjusts attribute caches at the configured time intervals
and caches those attributes that would be most useful within the maximum amount
of memory configured for attribute caching. See <a href="rzahyattcache.htm#rzahyattcache">Attribute cache</a>.</li></ul>
<p><span class="bold">Attributes</span></p>
<ul>
<li><span class="bold">Unique attributes:</span> The unique attributes function
ensures that specified attributes will always have unique values within a
directory. For example, an administrator might want to specify that an attribute
that stores social security numbers be unique because it is not possible for
two people to have the same number. See <a href="rzahyuniqueatt.htm#rzahyuniqueatt">Unique attributes</a>.</li>
<li><span class="bold">Preservation of operational attributes:</span> The operational
attributes <span>creatorsName</span>, <span>createTimestamp</span>, <span>modifiersName</span>, and <span>modifyTimestamp</span> are now replicated to consumer servers
and are now imported and exported in LDIF files. See <a href="rzahyoperational.htm#rzahyoperational">Operational attributes</a>.</li>
<li><span class="bold">Language tags:</span> Language tags are mechanisms that
enable the directory to associate natural language codes with values held
in a directory and enables clients to query the directory for values that
meet certain natural language requirements. See <a href="rzahylangtags.htm#rzahylangtags">Language tags</a>.</li></ul>
<p><span class="bold">Groups</span></p>
<ul>
<li><span class="bold">Group of administrative users:</span> Multiple user distinguished
names (DNs) can have almost all of the same administrative access as the LDAP
server administrator. This function allows several users to perform administrative
tasks without having to share a user ID and password. See <a href="rzahyadminaccess.htm#rzahyadminaccess">Administrative access</a>.</li>
<li><span class="bold">Proxy authorization:</span> Proxy authorization provides
a way for an LDAP client to bind as one user but access the target directory
as another user. This allows client applications more flexibility because
they can perform operations on behalf of multiple users without having to
rebind for each user. See <a href="rzahyproxyauth.htm#rzahyproxyauth">Proxy authorization</a>.</li></ul>
<p><span class="bold">Other</span></p>
<ul>
<li><span class="bold">Monitor enhancements:</span> The Web administration tool
is now used to view server and connection information. The following enhancements
have been made to monitor support:
<ul>
<li>Serviceability and Denial of Service
<ul>
<li>New information has been added to the monitor output to include counts
of completed operations by type (BIND, MODIFY, COMPARE, SEARCH, and so forth),
depth of the work queue, number of available worker threads, counts of messages
added to the server log, audit log, CLI errors, counts of both the number
of secure sockets layer (SSL) and TLS connections, idle connection information,
and emergency thread statistics.</li>
<li>A new search base of "cn=workers,cn=monitor" is provided to return information
about the worker threads.</li></ul></li>
<li>Attribute cache
<ul>
<li>Information about the cache and attributes in the cache (configured size,
total size, hit rate) will be recorded.</li>
<li>A new search base of "cn=changelog,cn=monitor" will be used to return
attribute cache information for the change log.</li></ul></li></ul></li>
<li><span class="bold">Support for client applications to authenticate as the
current user:</span> The LDAP client and command line utilities are enhanced
to support authenticating to the local directory server as the current user.
This is particularly useful for performing administrative tasks when signed
on as an i5/OS user that has administrative authority to the directory.</li>
<li><span class="bold">Access controls on system and restricted attributes:</span> You can now control access to system and restricted attributes related
to access control and other server-managed attributes of LDAP entries.</li>
<li><span class="bold">Copy users in a validation list to an LDAP directory:</span> The directory server can be populated with directory objects based on
the users defined in an HTTP-style validation list. In addition, the directory
server can authenticate users based on credentials copied from HTTP validation
lists. New application programming interfaces (APIs) facilitate this process.
See <a href="rzahyvldltoldap.htm#rzahyvldltoldap">Copy users from an HTTP server validation list to the Directory Server</a>.</li>
<li><span class="bold">Denial of service and unbind of bound DN:</span> New enhancements
enable the server to identify, recover, and survive many forms of denial of
service attacks. These enhancements include giving the administrator more
control and automatic adjustments by the server. See <a href="rzahydos.htm#rzahydos">Denial of service</a>.</li>
<li><span class="bold">More Web administration functionality:</span> More tasks
can be accomplished using the Web administration tool. Most of the new functionality
is found under the new <span class="bold">Server administration</span> category.</li></ul><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>