DS release notes

Deprecated

The functionality listed here is deprecated, and likely to be removed in a future release.

Since DS 7.3

This release does not deprecate any functionality.

Since DS 7.2

  • The ds-pwp-last-login-time attribute, which has directory string syntax, is deprecated.

    Use the new ds-last-login-time attribute instead. For an example, refer to Active accounts.

  • Support for CSV, Elasticsearch, JDBC, JMS, Splunk, and Syslog access logs is deprecated.

  • Support for REST to LDAP API documentation in Swagger 2.0 format is deprecated.

  • The DSML gateway is deprecated.

    For deployments that require HTTP access to directory data, consider REST to LDAP as an alternative.

Since DS 7.1.3

  • The following Prometheus counter metrics are deprecated:

    • ds_connection_handlers_ldap_abandoned_requests{ldap_handler}

    • ds_replication_replica_replayed_internal_updates{domain_name,server_id}

    • ds_replication_replica_replayed_updates_conflicts_resolved

    • ds_replication_replica_replayed_updates_conflicts_unresolved

    • ds_replication_replica_sent_updates

    • ds_replication_replica_updates_already_in_progress{domain_name,server_id}

    They are expected to be replaced with metrics whose names end in _total in a future release.

Since DS 7.1

  • The previous format for password file options is deprecated. The options remain supported until removal, but are now hidden in online help. This affects the following options:

    Deprecated form Use this form

    --bindPasswordFile

    --bindPassword:file

    --deploymentKeyPasswordFile

    --deploymentIdPassword:file

    --keyStorePasswordFile

    --keyStorePassword:file

    --keyStorePasswordFilePath(1)

    --monitorUserPasswordFile

    --monitorUserPassword:file

    --rootUserPasswordFile

    --rootUserPassword:file

    --trustStorePasswordFile

    --trustStorePassword:file

    --trustStorePasswordFilePath(1)

    (1) The --keyStorePasswordFilePath and --trustStorePasswordFilePath options apply only to the setup. They retain the path to the file in the configuration. The other options copy the cleartext password at setup time.

  • The dsrepl add-local-server-to-pre-7-0-topology command --masterKeyPairCertAlias and --rootCaCertAlias options are deprecated. The command now finds the certificates by introspecting the configuration.

    The options are now hidden in online help.

Since DS 7.0

  • Support for SNMP.

    DS software provides better options for monitoring servers, including support for Prometheus, Graphite, LDAP, and JMX. For details, refer to Monitoring.

    DS server software also includes a sample monitoring dashboard for Prometheus and Grafana, which is described in opendj/samples/grafana/README.md.

  • The pwdValidatorPolicy object class.

    For subentry password policies, use the object classes derived from ds-pwp-validator instead.

  • Reversible password storage schemes, and the cn=admin data base DN and adminData backend used to support them. This includes the following password storage schemes:

    • 3DES

    • AES

    • Blowfish

    • RC4

  • The ds-rlim-lookthrough-limit setting is deprecated.

Since DS 6.5

  • Regarding replication monitoring metrics, including those deprecated since 6.0:

    In mixed topologies, a directory server version 6 or earlier connected to a replication server version 6.5 or later cannot consume messages about other servers going offline. The monitoring framework reflects this as a delay on the directory server that could not consume the message.

    The delay is calculated correctly again once all servers in the topology are upgraded to at least version 6.5, or when the offline server comes back online and has seen a change to directory data.

    Monitor replication delay instead of using the deprecated metrics. For details, refer to Replication delay (LDAP) or Replication delay (Prometheus).

Since DS 6.0

  • The HTTP monitoring endpoint, /admin/monitor.

    Use /metrics/api or /metrics/prometheus instead.

  • The output of the status command. Its content is expected to change significantly in a future release.

  • The metrics for M.C. (missing changes) and A.O.M.C. (age of oldest missing change) shown by the dsreplication status command.

  • The following replication monitoring metrics:

    • LDAP metrics:

      • ds-mon-approx-oldest-change-not-synchronized

      • ds-mon-approximate-delay

      • ds-mon-missing-changes

    • Prometheus metrics:

      • ds_replication_changelog_connected_replicas_approx_oldest_change_not_synchronized_seconds

      • ds_replication_changelog_connected_replicas_approximate_delay_seconds

      • ds_replication_changelog_connected_replicas_missing_changes

Since DS 5.5

  • The PDB database backend type.

  • The dsreplication subcommands enable and disable.

    The subcommands have been replaced with configure and unconfigure, which more accurately reflect the permanence of the configuration changes made by these subcommands.

    The configure subcommand updates the server configuration to replicate data under the specified base DN.

    The unconfigure subcommand removes the replication configuration settings for the specified base DN, and removes references to the current server on other replicas.

    The dsreplication disable --disableAll subcommand option is now dsreplication unconfigure --unconfigureAll.

    The dsreplication disable --disableReplicationServer subcommand option is now dsreplication unconfigure --unconfigureReplicationServer.

  • The control-panel command.

  • The configuration expression implementation is expected to change in a future release.

Copyright © 2010-2023 ForgeRock, all rights reserved.