Critical Fixes
This release of PingDirectoryProxy Server addresses critical issues from earlier versions. Update all affected servers appropriately.
-
Fixed an issue where secret keys under
cn=Topology,cn=config
could be lost when removing a server from the topology. When a server is removed via thedsreplication disable
orremove-defunct-server
tools, its secret keys will now be distributed among the remaining members of the topology. The keys from the rest of the topology will also be copied to the server being removed.The cipher secret keys in the topology that are affected by this change are used by reversible password storage schemes (except for AES256, which uses the encryption settings database). If you are using a reversible password storage scheme other than AES256, prior to this fix, you could lose access to keys that had been used for reversible password encryption when removing servers from the topology.
Note:Since this change only applies to the most recent version of
dsreplication disable
orremove-defunct-server
, if you are removing a server from a multi-version topology, you should run that tool from the most recent version. In the pastdsreplication disable
orremove-defunct-server
could only be run from an older version, but now in the case of removing a server from the topology, they should be run from the most recent version in the topology. If you run the tool from an older server, it will not include this fix, and you may lose access to secret keys from servers that are removed from the topology.- Fixed in: 8.3.0.1
- Introduced in: 7.0.0.0
- Support identifiers: DS-44591
Resolved Issues
The following issues have been resolved with this release of the DirectoryProxy Server.
Ticket ID | Description |
---|---|
DS-44591 |
Fixed an issue where secret keys under The cipher secret keys in the topology that are affected by this change are used by reversible password storage schemes (except for AES256, which uses the encryption settings database). If you are using a reversible password storage scheme other than AES256, prior to this fix, you could lose access to keys that had been used for reversible password encryption when removing servers from the topology. Note:
Since this change only applies to the most recent version of
|