From 389 Directory Server

Announcing Fedora Directory Server 1.0

We are proud to announce the release of Fedora Directory Server 1.0.

This release marks a significant milestone for the open source community, who now have access to the code for the console and administration engine as well as the previously open sourced LDAP engine. This release uses the Apache httpd engine as its administration server, and includes mod_nss - a rewrite of mod_ssl which uses the Mozilla NSS crypto engine. The 1.0 release, in addition to its many other features such as LDAPv3, Multi-Master Replication, and Windows Synchronization, includes support for MD5, SHA-256, SHA-384, and SHA-512 password hashing, as well as many bug fixes. Fedora Directory Server 1.0 furthers the evolution and democratization of open source software in making this powerful, enterprise proven technology available to all. It is a boon for developers who are now able to port the full package - LDAP engine, console, and admin engine - to many different platforms.

If you have used the previous version of Fedora Directory Server, we invite you to try our new version. If you are using another LDAP server, we invite you to try ours and let us know how it compares - we're always looking for ways to improve. Our community is already active and growing, and you are welcome and encouraged to join. There are many ways: joining the mailing lists, reporting bugs, editing documentation, writing scripts/patches/plug-ins, and many more.

Try it out! - http://directory.fedoraproject.org/wiki/Download
Our home page - http://directory.fedoraproject.org/
Join our community! - http://directory.fedoraproject.org/wiki/Ways_to_contribute
mod_nss - http://directory.fedoraproject.org/wiki/Mod_nss
Drop us a line! - fedora-directory-users@redhat.com and http://directory.fedoraproject.org/wiki/Mailing_Lists

NOTICE

Fedora DS 1.0 contains a flaw which may allow a hacker access to sensitive information. See here for more information. After installing the binaries and running setup, you must patch the system with the patch as follows: First download the patch and verify the md5sum:

> md5sum adminserver10to101.patch
1a18195b3bf057139e04852f6f3c0be9  adminserver10to101.patch

Next, apply the patch

cd /opt/fedora-ds
patch -p0 < /path/to/adminserver10to101.patch

Finally, restart the admin server to apply the patch

./restart-admin

Fedora Directory Server 1.0 FAQ

See the general FAQ for other questions.

How is FDS 1.0 different from the previous version?

• New Admin Engine uses Apache + Mod_nss
• Directory Server has support for the following password hashing algorithms: MD5, SHA-256, SHA-384, SHA-512
• All source code is open source, not just the core DS engine

Why 1.0 instead of 7.N or 8.0?

The team felt that having this be the first completely open source release warranted a "starting over". In terms of functionality, it's similar to a 7.2.

Is x86_64 supported?

No, but we're working on it.

How do I upgrade from a previous release?

Unfortunately, rpm -U (rpm upgrade install) is not supported. You must perform a migration from the old version. Steps:

1. Backup your data, using the console or the db2bak command line (or Export to LDIF)
2. Make a copy of your server configuration - the slapd-instance/config/dse.ldif file
3. Backup your key/cert/module information - the /opt/fedora-ds/alias .db files (you can ignore the .so file)
4. Uninstall the previous version (e.g. rpm -e fedora-ds)
5. Install the new version (e.g. rpm -ivh fedora-ds-1.0-2.platform.i386.opt.rpm)
6. Add back your configuration to the new instance e.g. do a diff between your saved dse.ldif and the new one
7. Add back your saved key/cert/module .db files to /opt/fedora-ds/alias
8. Restore your saved data (or import from LDIF)