Chapter 7. Updated Packages

Bug Fixes

BZ#1193243

When a suffix-mapping tree entry was created without the corresponding back-end database, the server failed to start. This bug has been fixed.

BZ#1145072

If a value of a password policy attribute was deleted, it caused a null reference and an unexpected termination of the server. These crashes no longer occur.

BZ#1080185, BZ#1138745

This update fixes a memory leak caused by a previous patch for BZ#1080185.

BZ#1048987

If a Virtual List View search fails with the timelimit or adminlimit parameters exceeded, the allocated memory of the IDL no longer leaks.

BZ#1162704

If a search for "passwordAdminDN" in a "cn=config" entry returns a non-existing value, a memory leak no longer occurs.

BZ#1169975

Rebuilding the Class of Service (CoS) cache no longer causes a memory leak.

BZ#1115960

A bug in the nested CoS, when the closest above password policy was sometimes not selected as expected, has been fixed.

BZ#1169974

When a SASL bind operation fails and Account Lockout is enabled, the Root DSE entry no longer gets incorrectly updated with passwordRetryCount.

BZ#1145379

Password restrictions and syntax checks for Directory Manager and password administrators are now properly applied so that these roles are not affected by them.

BZ#1175868, BZ#1166313

Performance degradation with searches in large groups has been fixed by introducing normalized DN cache.

BZ#1153739

Due to a known vulnerability in SSLv3, this protocol is now disabled by default.

BZ#1207024

This update adds the flow control so that unbalanced process speed between a supplier and a consumer does not cause replication to become unresponsive.

BZ#1171308

A bug to replicate an "add: userPassword" operation has been fixed.

BZ#1145374, BZ#1183820

A bug in the Windows Sync plug-in code caused AD-only member values to be accidentally removed. Now, local and remote entries are handled properly, preventing data loss.

BZ#1144092

Performing a schema reload sometimes caused a running search to fail to return results. Now, the old schema is not removed until the reload is complete. The search results are no longer corrupted.

BZ#1203338

The Berkeley DB library terminated unexpectedly when the Directory Server simultaneously opened an index file and performed a search on the "cn=monitor" subtree. The two operations are now mutually exclusive, which prevents the crash.

BZ#1223068, BZ#1228402

When simple paged results requests were sent to the Directory Server asynchronously and then abandoned immediately, the search results could leak. Also, the implementation of simple paged results was not thread-safe. This update fixes the leak and modifies the code to be thread-safe.

Enhancements

BZ#1167976

A new memberOf plug-in configuration attribute memberOfSkipNested has been added. This attribute allows you to skip the nested group check, which improves performance of delete operations.

BZ#1118285

The Directory Server now supports TLS versions supported by the NSS library.

BZ#1193241

The logconv.pl utility has been updated to include information about the SSL/TLS versions in the access log.