7.1. 389-ds-base

Updated 389-ds-base packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the LDAP server and command-line utilities for server administration.

Bug Fixes

BZ#1193243
When a suffix-mapping tree entry was created without the corresponding back-end database, the server failed to start. This bug has been fixed.
BZ#1145072
If a value of a password policy attribute was deleted, it caused a null reference and an unexpected termination of the server. These crashes no longer occur.
BZ#1080185, BZ#1138745
This update fixes a memory leak caused by a previous patch for BZ#1080185.
BZ#1048987
If a Virtual List View search fails with the timelimit or adminlimit parameters exceeded, the allocated memory of the IDL no longer leaks.
BZ#1162704
If a search for "passwordAdminDN" in a "cn=config" entry returns a non-existing value, a memory leak no longer occurs.
BZ#1169975
Rebuilding the Class of Service (CoS) cache no longer causes a memory leak.
BZ#1115960
A bug in the nested CoS, when the closest above password policy was sometimes not selected as expected, has been fixed.
BZ#1169974
When a SASL bind operation fails and Account Lockout is enabled, the Root DSE entry no longer gets incorrectly updated with passwordRetryCount.
BZ#1145379
Password restrictions and syntax checks for Directory Manager and password administrators are now properly applied so that these roles are not affected by them.
BZ#1175868, BZ#1166313
Performance degradation with searches in large groups has been fixed by introducing normalized DN cache.
BZ#1153739
Due to a known vulnerability in SSLv3, this protocol is now disabled by default.
BZ#1207024
This update adds the flow control so that unbalanced process speed between a supplier and a consumer does not cause replication to become unresponsive.
BZ#1171308
A bug to replicate an "add: userPassword" operation has been fixed.
BZ#1145374, BZ#1183820
A bug in the Windows Sync plug-in code caused AD-only member values to be accidentally removed. Now, local and remote entries are handled properly, preventing data loss.
BZ#1144092
Performing a schema reload sometimes caused a running search to fail to return results. Now, the old schema is not removed until the reload is complete. The search results are no longer corrupted.
BZ#1203338
The Berkeley DB library terminated unexpectedly when the Directory Server simultaneously opened an index file and performed a search on the "cn=monitor" subtree. The two operations are now mutually exclusive, which prevents the crash.
BZ#1223068, BZ#1228402
When simple paged results requests were sent to the Directory Server asynchronously and then abandoned immediately, the search results could leak. Also, the implementation of simple paged results was not thread-safe. This update fixes the leak and modifies the code to be thread-safe.

Enhancements

BZ#1167976
A new memberOf plug-in configuration attribute memberOfSkipNested has been added. This attribute allows you to skip the nested group check, which improves performance of delete operations.
BZ#1118285
The Directory Server now supports TLS versions supported by the NSS library.
BZ#1193241
The logconv.pl utility has been updated to include information about the SSL/TLS versions in the access log.
Users of 389-ds-base are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the 389 server service will be restarted automatically.