Directory Server Roadmap

The following describes what we would like to get done in various releases of Directory Server. This is a living document and RFE’s could be added, removed, or shifted to and from different releases.

Red Hat Directory Server 11

RHDS 11 refers to the 389-ds-base-1.4.x series in RHEL 8/CentOS 8. For example the 389-ds-base-1.3.x releases were used in Red Hat Directory Server 10 on RHEL 7. So eventually RHDS 12 (RHEL 9) will be the 1.5.x series.

What is new in 389-ds-base-1.4.1 (RHDS 11)

Enhanced Password Policy

We added the following new syntax checks:

New CLI tools

Instead of having to use ldapmodify to configure the server, or use the old perl/shell scripts, we now have a new python CLI tool set.


Install an instance of directory server. You can use a INF file for “silent” installations, or there is a interactive mode which promotes you for the minimum required settings.


This tool is used to perform operations on the server whether it’s running or not.


This tool handles all the online configuration of the server. Many of the major configurations are now simplified into single steps


This is the identity/database content tool. This is used to manage a variety of database users and groups

New Web UI (Cockpit plugin)

We have a new web UI Cockpit plugin. Now you can manage the server in Cockpit via a new plugin for the Directory Server. Setting up things like Replication, databases, and monitoring have been greatly improved since the old Java console.

UPDATE - There is now a LDAP browser/editor in the UI.

What is coming in (RHDS 11.x)

What is the future

Performance improvements!

This is always our goal, and we are making progress in this area by replacing the backend database and connection framework. We want to improve the entry cache performance as well. Replication performance improvement are on our radar, but this will probably take a while as replication is a delicate feature.

REST Interface

Adding a REST interface to the database is a long term goal.

Security Audit Log & Tooling

A log that tracks authentication/authorization events: failed binds, account lock, insufficent access, etc. Allows Admins to check for brute force attacks and password spraying. See the design doc here, and CLI enhancement to generate reports.

Last modified on 13 May 2022