Chapter 7. Updated Packages
Updated 389-ds-base packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the LDAP server and command-line utilities for server administration.
- When a suffix-mapping tree entry was created without the corresponding back-end database, the server failed to start. This bug has been fixed.
- If a value of a password policy attribute was deleted, it caused a null reference and an unexpected termination of the server. These crashes no longer occur.
- BZ#1080185, BZ#1138745
- This update fixes a memory leak caused by a previous patch for BZ#1080185.
- If a Virtual List View search fails with the timelimit or adminlimit parameters exceeded, the allocated memory of the IDL no longer leaks.
- If a search for "passwordAdminDN" in a "cn=config" entry returns a non-existing value, a memory leak no longer occurs.
- Rebuilding the Class of Service (CoS) cache no longer causes a memory leak.
- A bug in the nested CoS, when the closest above password policy was sometimes not selected as expected, has been fixed.
- When a SASL bind operation fails and Account Lockout is enabled, the Root DSE entry no longer gets incorrectly updated with passwordRetryCount.
- Password restrictions and syntax checks for Directory Manager and password administrators are now properly applied so that these roles are not affected by them.
- BZ#1175868, BZ#1166313
- Performance degradation with searches in large groups has been fixed by introducing normalized DN cache.
- Due to a known vulnerability in SSLv3, this protocol is now disabled by default.
- This update adds the flow control so that unbalanced process speed between a supplier and a consumer does not cause replication to become unresponsive.
- A bug to replicate an "add: userPassword" operation has been fixed.
- BZ#1145374, BZ#1183820
- A bug in the Windows Sync plug-in code caused AD-only member values to be accidentally removed. Now, local and remote entries are handled properly, preventing data loss.
- Performing a schema reload sometimes caused a running search to fail to return results. Now, the old schema is not removed until the reload is complete. The search results are no longer corrupted.
- The Berkeley DB library terminated unexpectedly when the Directory Server simultaneously opened an index file and performed a search on the "cn=monitor" subtree. The two operations are now mutually exclusive, which prevents the crash.
- BZ#1223068, BZ#1228402
- When simple paged results requests were sent to the Directory Server asynchronously and then abandoned immediately, the search results could leak. Also, the implementation of simple paged results was not thread-safe. This update fixes the leak and modifies the code to be thread-safe.
- A new memberOf plug-in configuration attribute memberOfSkipNested has been added. This attribute allows you to skip the nested group check, which improves performance of delete operations.
- The Directory Server now supports TLS versions supported by the NSS library.
- The logconv.pl utility has been updated to include information about the SSL/TLS versions in the access log.
Users of 389-ds-base are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the 389 server service will be restarted automatically.