If a server sent a response to an unbind request and the client simply closed the connection, Directory Server 8.2 logged "Netscape Portable Runtime error -5961 (TCP connection reset by peer.)".

An incorrect SELinux context caused AVC errors in /var/log/audit/audit.log.

The DS could not restart after a new object class was created which used the entryUSN attribute.

A number of memory leaks and performance errors were fixed.

The ns-slapd process segfaulted if suffix referrals were enabled.

A high volume of TCP traffic could cause the slapd process to quit responding to clients.

Attempting to delete a VLV index caused the server to hang.

Connections to the DS by an RSA authentication server using simple paged results by default would timeout.

Running a simple paged search against a subtree with a host-based ACI would hang the server.

If the target attribute list for an ACI had syntax errors and more than five attributes, the server crashed.

It was not possible to set account lockout policies after upgrading from RHDS 8.1.

Adding an entry with an RDN containing a % caused the server to crash.

Only FIPS-supported ciphers can be used if the server is running in FIPS mode.

It is possible to disable SSLv3 and only allow TLS.

If the changelog was encrypted and the certificate became corrupt, the server crashed.

If the passwordisglobalpolicy attribute was enabled on a chained server, a secure connection to the master failed.

If a chained database was replicated, the server could segfault.

Editing a replication agreement to use SASL/GSS-API failed with GSS-API errors.

In replication, a msgid may not be sent to the right thread, which caused "Bad parameter to an LDAP routine" errors. This causes failures to propagate up and halt replication.

Password changes were replicated among masters replication, but not to consumers.

If an entry was modified on RHDS and the corresponding entry was deleted on the Windows side, the sync operation attempts to use the wrong entry.

Some changes were not properly synced over to RHDS from Windows.

RHDS entries were not synced over to Windows if the user's CN had a comma.

Intensive update loads on master servers could break the cache on the consumer, causing it to crash.

Syncing a multi-valued attribute could delete all the other instances of that attribute when a new value was added.

If a synced user subtree on Windows was deleted and then a user password was changed on the RHDS, the DS would crash.

The nsslapd-idlistscanlimit configuration attribute can be set dynamically, instead of requiring a restart.

Separate resource limits can be set for paged searches, independent of resource limits for regular searches.

The sudo schema has been updated.

A new configuration attribute sets a different list of replicated attributes for a total update versus an incremental update.

A new configuration option allows the server to be started with an expired certificate.

New TLS/SSL error messages have been added to the replication error log level.

Password changes did not replicate because the method used to pass the changes to consumer servers was rejected on the consumer. This issue has been corrected, and password changes now replicate as expected.

Values could be lost when group memberships were synchronized between 389 Directory Server and Active Directory with the Windows Sync feature. The synchronization and modify operations have been altered to prevent this issue, allowing group updates to synchronize with Active Directory.

The ldclt command-line testing tool crashed during LDAP ADD operations because an LDAP attribute was not set correctly, preventing the creation of entries that did not already exist. This update allows the LDAP ADD to proceed correctly.

The server crashed if a long running task was started using the cn=tasks,cn=config interface and then the server was shut down before the task completed. This update prevents the server from crashing, but does not gracefully terminate the task, which can leave the server database in an inconsistent state. For example, the fixup-memberof.pl script invokes a tasks to fix up the memberOf attribute in group member entries. If the server is shut down before the task can complete, some entries may not have the correct memberOf values. Users should ensure that tasks are complete before shutting down the server to avoid inconsistency.

When using the Entry USN feature, deleting an entry caused a memory leak via the entryusn attribute. This update fixes the memory leak.