6. Bugs Fixed in 9.0

Along with new features, Directory Server 9.0 contains many bug fixes for all functional areas, features, and components in the directory service and associated tools, as well as the documentation. The complete list of bugs fixed in Directory Server 9.0 are listed in the tracking bug for this release, Bugzilla 434915. Many of the most important bugs are listed in Table 2, “List of Bugs Fixed in 9.0”.

Table 2. List of Bugs Fixed in 9.0

Bug Number Description
151705 The Admin Server Console is hard-coded to set all TLS ciphers to enabled. Disabling the TLS ciphers through the Console is not saved, and the ciphers are re-enabled when the Admin Server is restarted.
472131
564448
Directory Server stores entry IDs in an ID list in a duplicate btree. If the ID list is very long, the internal database uses internal pages to sort the entries. When verifying database data, Berkeley DB's verify function returns out-of-order key errors because the database verification does not differentiate between the duplicate btree ID list and the main tree entry pages. The database, then, incorrectly tries to compare the main database page to itself rather than the duplicate ID btree. This affects Directory Server client tools such as verify-db.pl and dbverify.
This issue has been fixed in BerkeleyDB 4.8.26. However, the fix will not be available for Red Hat Enterprise Linux 4 and is not yet available for Red Hat Enterprise Linux 5. It will be addressed for Red Hat Enterprise Linux 5 systems in later errata.
494944 If a gidNumber attribute was deleted from a replicated entry and more than one supplier was configured with the DNA Plug-in, then both masters would assign a new gidNumber value.
505722 An Active Directory group with a mail attribute could not be synced over to Directory Server.
522055 If an entry was moved outside the scope of the Linked Attributes Plug-in, the linked attributes were still updated.
596521 Import operations encounter fatal failures on some environments when trying to create an index for more than 200 attributes.
616850 An ldapmodify command failed to reject a replace operation for an unknown attribute.
618897 The Directory Server Console could not manage certificates if there were several instances configured on a machine with different system user IDs, even if they used the same group account.
623118 A simple paged search went into an infinite loop if the search base had a subsuffix.
668619 A high volume of TCP traffic could cause the slapd process to quit responding to clients.
694336 When synchronizing groups, Directory Server added the userAccountControl attribute to the group. However, that attribute is only allowed for users in Active Directory, which caused the sync operation to fail with an object class violation error.
694571 Editing a replication agreement to use SASL/GSS-API could fail with GSS-API errors in the error log.
695779 Adding a uniquemember attribute to a group that is synced with Active Directory would delete all the old members from the group in Active Directory, which would then backfill and delete all members from the group in Directory Server.
697694 In multi-master replication with a hub, the update operation is async, done in separate threads. The msgid corresponding to a request may not be sent to the right thread, which caused "Bad parameter to an LDAP routine" errors. This causes hard failures to eventually propagate up and halt replication with fatal errors.
706179 If an administrator created a new object class and selected the entryusn attribute as on of its allowed attributes, the Directory Server could not restart.
711679 Attempting to delete a VLV on a consumer could cause the server and the Directory Server Console to hang.
711906 The ns-slapd process segfaulted if suffix referrals were enabled.
714310 If a chained database was replicated, the server could segfault during the import operation of replication setup.
716980 If an entry was modified on RHDS and the corresponding entry was deleted on the Windows side, the sync operation attempts to pull an old version of the entry from a private file, resulting in sync using the wrong entry.
718303 Intensive update loads on master servers could break the cache on the consumer server, causing it to crash.
720059 Adding an entry with an RDN containing a percent sign (%) can caused the server to crash.
725953 Directory Server user entries with a comma in the CN failed to sync over to Active Directory.
729817 If a synced user subtree on Windows was deleted and then a user password was changed on the RHDS, the DS would crash.
735217 Doing a simple paged results search against a subtree that used IP- or DNS-based ACIs hung the server.
740959 Importing a CA certificate through the Directory Server Console imported the certificate into the Admin Server certificate database, not the Directory Server certificate database.