Chapter 7. Updated Packages

download PDF

7.1. 389-ds-base

Updated 389-ds-base packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the LDAP server and command-line utilities for server administration.

Bug Fixes

When a suffix-mapping tree entry was created without the corresponding back-end database, the server failed to start. This bug has been fixed.
If a value of a password policy attribute was deleted, it caused a null reference and an unexpected termination of the server. These crashes no longer occur.
BZ#1080185, BZ#1138745
This update fixes a memory leak caused by a previous patch for BZ#1080185.
If a Virtual List View search fails with the timelimit or adminlimit parameters exceeded, the allocated memory of the IDL no longer leaks.
If a search for "passwordAdminDN" in a "cn=config" entry returns a non-existing value, a memory leak no longer occurs.
Rebuilding the Class of Service (CoS) cache no longer causes a memory leak.
A bug in the nested CoS, when the closest above password policy was sometimes not selected as expected, has been fixed.
When a SASL bind operation fails and Account Lockout is enabled, the Root DSE entry no longer gets incorrectly updated with passwordRetryCount.
Password restrictions and syntax checks for Directory Manager and password administrators are now properly applied so that these roles are not affected by them.
BZ#1175868, BZ#1166313
Performance degradation with searches in large groups has been fixed by introducing normalized DN cache.
Due to a known vulnerability in SSLv3, this protocol is now disabled by default.
This update adds the flow control so that unbalanced process speed between a supplier and a consumer does not cause replication to become unresponsive.
A bug to replicate an "add: userPassword" operation has been fixed.
BZ#1145374, BZ#1183820
A bug in the Windows Sync plug-in code caused AD-only member values to be accidentally removed. Now, local and remote entries are handled properly, preventing data loss.
Performing a schema reload sometimes caused a running search to fail to return results. Now, the old schema is not removed until the reload is complete. The search results are no longer corrupted.
The Berkeley DB library terminated unexpectedly when the Directory Server simultaneously opened an index file and performed a search on the "cn=monitor" subtree. The two operations are now mutually exclusive, which prevents the crash.
BZ#1223068, BZ#1228402
When simple paged results requests were sent to the Directory Server asynchronously and then abandoned immediately, the search results could leak. Also, the implementation of simple paged results was not thread-safe. This update fixes the leak and modifies the code to be thread-safe.


A new memberOf plug-in configuration attribute memberOfSkipNested has been added. This attribute allows you to skip the nested group check, which improves performance of delete operations.
The Directory Server now supports TLS versions supported by the NSS library.
The utility has been updated to include information about the SSL/TLS versions in the access log.
Users of 389-ds-base are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the 389 server service will be restarted automatically.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.