This section lists bugs fixed in Directory Server 6.1 and 6.0 releases.
Following list contains only the selected bugs fixed in this release. For the complete list of the bugs fixed in this release, see the README.patchnumber file in your patch directory.
Substring filters can be slow if they are changed into range index.
Adding a CoS Template entry that contains a single entry of " causes the system to crash.
The mutex_lock crashes while searching for replication agreements.
slapd_nss_decrypt() leaks memory on every call.
Server crashes if encrypted attribute exists with no value.
Incorrectly formatted DSML requests crashes the server on Solaris x86.
Deadlock in connection handling between multiple internal operations and incoming replication operation.
In Directory Server, users are able to perform MODRDN() anonymously, which enables the unauthorized users to change data in entries under specific conditions.
The ldapsearch command displays information about the existence of the attributes in an entry, which might enable unauthorized user to modify attributes in the entry.
Errors in replication agreement when doing total update or restarting a consumer.
Directory Server does not allow you to enable password quality checking alone without at least one other password policy feature.
Change in mutex locking for Directory Server can lead to slower search performance.
Directory Server skips merge of indexes if there are multiple import passes.
Setting a small value for the trimming of changelog may cause the server to crash.
Issue with ;binary attributes and compliance with RFC 1274.
Console process grows when adding users.
Console cannot display an access log greater than 60 MB when a filter is used.
Log size settings over 2 GB do not work.
Directory Server crashes when a client sends a certificate without an issuer DN.
Adding an entry crashes Directory Server.
Directory Server dumps core due to an incorrect search performed by a plug-in.
Deadlock in access control plug-in.
Unable to configure pass-through authentication with URLs containing the same suffix.
DN checking operation is not properly carried out by Directory Server.
Regression related to ignoring referrals.
ldapsearch -A fails against a chained database.
During shutdown, referential integrity plug-in can crash Directory Server.
VLV indexes are broken.
Binding with certificate authentication and a simple bind can cause Directory Server to hang.
Replicated updates can stop replication.
Crash while deleting a browsing index.
Subtree plug-in logs superfluous postoperation warnings.
Referential Integrity plug-in does not allocate enough space for internal search.
Password expiration does not completely prevent users from binding.
Strange reverse DNS request issued at startup.
All attribute subtypes get deleted from index.
Directory Server dumps core in acl_access_allowed().
Wildcard searches work poorly with single character attribute values.
Some wildcard searches trigger problems.
ldif2db -n userRoot -i test.ldif causes a bus error.
ACIs and ACLs do not take extra white space into account.
Memory leak with persistent searches.
Directory Server dumps core when checking the history of a clear text password.
Persistent search returns tombstone purging events.
Start TLS is not thread safe.
bak2db fails with nested directory databases.
Buffer Overflow in re_comp().
Significant memory leak.
Directory Server core dumps in preop_modify() when the attribute uniqueness plug-in is active.
Directory Server crashes on receipt of an invalid PDU.
Substring index becomes corrupt if one of similar multiple values is deleted.
Installation fails on HP-UX.
Replication commands should have a timeout parameter.
Crash when trimming the retro changelog.
Duplicate uid attribute values arise when encryption is performed.
db2ldif -r removes the guardian file.
The audit log can fail to rotate as configured.
Access log rotation does not occur upon restart.
Some tombstone entries are not being purged.
Could not set referrals for replica errors.
Unable to release IDs on the consumer after the link is down for more than 5 minutes.
VLV search based on empty container returns err=1.
Memory leak in search on suffix containing referral subsuffix.
Adding entry with "*" chars in DN field incur full scan of tombstones.
repldisc does not properly work with multiple instances on the same host.
A modify or delete of more than five values deletes all values.
Crash when removing a RUV when using multiple Solaris 9 x86 masters.
DENY macro ACI applies to entries that should not be affected.
Log settings for minimum free disk space do not work as expected.
Directory Server stops responding when LDAP search with too many attributes is sent.
Search operation with "-" char in filter leads to failure.
Link loss longer than five minutes causes consumer not to sync after network recovery.
ADD not replicated, DEL cannot be replayed when using multi-master replication over SSL.
Expiration time unit does not take the right default value.
Schema deletions not propagated correctly.
Consumers hang when schema is pushed over replication.
Transaction logs are not always deleted.
Special DN with ; and , crashes Directory Server.
Internal search causes Console to display warning.
Directory Server crashes when changelog trimming is enabled.
Master and consumer expand superior object class differently.
Slow import with complex DIT.
Directory Server crashes at startup in ACI code.
Crash occurs when reading the replication agreement.
Chaining downcasts DNs.
ACL does not work as expected if nested group is specified as groupdn.
Directory Server exits after 4 GB realloc().
Directory Server crashes during a specific search when adding a subsuffix.
Crash at startup when nsslapd-binary-mode is set.
Unexpected password is expiring on consumer in %d seconds message reported.
Inconsistency in replicated data between master and consumer.
Multiple password changes can lead to clear-text password.
Directory Server connection is unexpectedly down.
Crash when checking access control during modify operation.
Crash on consumer during schema replication if legacy replication is enabled.
Updates to the retro changelog lost on master.
Excess warning messages about replay of operation already seen.
Race condition occurs when closing connections.
Online index task request and simultaneous access control search leads to hang.
Index corruption with very large number of matches.
Memory leak in individual password policies.
Crash in replication when difference between system clock is greater than 24 hours.
Data inconsistency after restarting masters under load.
Crash when shutting down server as changelog is being trimmed.
Huge memory leak topology using old protocol with mixed versions.
Crash with DSML PDU larger than 2 KB.
Need a tool to check database integrity.
fildif cannot handle files larger than 2GB.
Replication halts and restarts with send update now.
Clean RUV task does not remove RUV with read-only replica ID.
Deadlock between replica and connection locks.
Schema replication can miss changes.
Substring searches very slow.
mmldif delta files do not contain LDIF update statements.
Crash while processing modification with retro changelog plug-in turned on.
Memory leak when DN normalization fails.
db2ldif.pl -r can cause hang.
Adding and deleting an attribute in a single modify operation is not replicated correctly.
Crash if resource limit for number of file descriptors is dynamically increased.
Performance problems when doing searches with the en-US collation rule.
Exit when allocating 4 GB to handle access control for a group member.
Checkpoint forced even when no updates are performed.
CoS does not take effect for entries in nested organization.
Error during the creation of subsuffix or clone under a search workload.
Deadlock in database while evaluating the ACLs during a modify operation.
Replication may be slow to restart after a network outage.
A consumer does not detect there is pending operation and when closing an idle replication connection.
Modification lost when using ldapmodify.
Performance issue when deleting non existent attribute.
Deleting multivalued attributes results in high etime.
Adding and deleting the same entry on replica can lead to replication issues.
Performance degradation when purging tombstones in multi master environment.
Deletion operation is not flagged as dependent on a previous modification.
Retro Changelog plug-in fails to record changes if regular replication is disabled.
Duplicate unique IDs can be generated.
Allow administrators to reset passwords.
Cannot stop or use master after total update fails when using multi master replication over SSL.
Add the return code for errors that could not be logged in the changelog.
Hub not replicating due to bad hub replica ID, 65535, in hub RUV.
Lack of disk space causes looping in db2bak internal task.
ACI returns incorrect results when fix is applied.
Bad server side sort performance when data contains many identical values.
passwordRetryCount does not get incremented when passwordResetFailureCount is set to 0.
Performance degradation in substring searches.
Memory leak with virtual attributes.
Searches for subtype attributes does not work correctly with nsslapd-search-tune enabled.
Restart of a fractional consumer breaks replication with configuration error.
Crash within SASL bind check.
Hang when replication agreement is initialized from another master.
Infrequent updates on standby replica can cause replication to stop for prolonged periods.
Crash when referential integrity log file is truncated.
Hang when an error occurs during error log rotation.
No further adds possible after first empty replace operation on single-valued, replicated attribute.
Crash in replicated operation.
Log rotation does not work correctly after restart.
Generated CSN is not systematically higher than previous CSN.
Some CoS attributes not generated for entries under nested organizations.
Classic CoS under nested organization does not work as configured.
Bad default value for nsslapd-maxbersize.
Tools needed to monitor completeness, status, and availability of servers in large, multi master deployments.
Schema checking on hubs should be enabled by default.
Invalid values are accepted for minimum password length in individual password policies.
LDIF containing encrypted attribute values corrupts indexes during import.
ldif2db has been seen to hang.
Deadlock between tombstone purging thread and access control plug-in.
On Windows systems, DSML request fails when instance path contains a space.
Crash when adding VLV index with incorrect vlvFilter.
Remote denial of service attack possible with large memory allocation.
Partial replication can break when several suppliers are configured for changelog trimming.
Merge during ldif2db skips keys due to incorrect continuation block prefix.
Memory leak when index contains a continuation block.
The mmldif command should support huge files.
Individual password policy specifies plain text, but password in new entry is replicated in encrypted form.
CoS attribute not found on entries after online initialization.
Memory leak in ACI group member evaluation.
When nsslapd-db-transaction-batch-val is set, transaction flush fails to enforce the limit.
Import can corrupt state of entries having userPassword attributes.
Incorrect page size computation creates indexes with many overflow pages after a reindexing operation.
Substring performance requires improvement.
Entries can be skipped while importing an LDIF file generated with db2ldif.pl -r.
ioblocktimeout not always enforced when writing result over secure connection.
Potential crash when renaming corrupted child entry.
Memory leak when handling password histories.
Zero allocation error when retro changelog and TMR plug-in is enabled.
Memory leak during LDAP write operations upon failure to update a matching rule index.
Operational attribute entrydn added before the entry is cached.
VLV searches leak memory.
Restore fails following binary copy when CN attribute does not match case.
Memory leak in decryption code.
Retro changelog plug-in should be executed for selected backends.
Performance issues when searching for tombstone entries.
No feedback from import during delay processing large entries.
Allow more database configuration attributes to be set over LDAP.
Provide a changelog purge vector over LDAP.
Allow a grace login period after passwords expire.
Allow complete replication configuration and management on the command line.
Enable support for libwrap.
Set default changelog maximum age to seven days.
Provide frozen mode to allow file system snapshot backups.
Make it possible to import additional entries without initialization.
Incorrect error message when exporting a subtree with db2ldif -s.
Modify performance degrades until all entries are modified.
Backend instances called default do not work.
Allow account validation through an LDAP bind without the user password.
Adding entries with object class nsTombstone can cause replication to fail.
Support required for SASL/GSS encryption.
Make the SNMP agent work with the native operating system agents.
Stopping Directory Server is sometimes slow during poll for results in a replication session.
Need a way or a tool to monitor progress during recovery after a crash.
More control needed over cache sizes.
Changelog database and other databases do not shrink even after data is removed.
Role fails to work on consumer after online initialization.
Allow disabling of anonymous binds.
Need an attribute that shows the groups to which an entry belongs.
Crash on startup with message trying to allocate 0 or a negative number of bytes.
Add port number in access log when a client connection is created.
Need a non-intrusive way to count the number of active persistent searches.
Document plug-in execution order.
Avoid traversing nscpentrydn index when purging tombstones.
Log an error when using connection based access control and the client list is not specified.
Remove the time bomb.
Display connection number under cn=monitor in same format as access log.
Support a plug-in for password syntax checking.
changeNumber is not indexed by default.
Maximum connection backlog queue incorrectly hard coded as 128.
Crash while enabling replication.
The following bugs were found during the beta program, and subsequently fixed.
A disorderly shutdown was detected when memory allocation failed.
Output from the idsync command is misleading.
Error when using an option to create a replication agreement on the command line.
Memory allocation issue leads to no more space message.
Setting the directory administrator password on the command line is confusing.
Password reset and password lockout interact incorrectly.
Result code is misleading for a bind where the password must be reset.
Log rotation subcommand name is not clear.
Command line tools should use the --D bind-dn option to specify the administrator.
Command line usage should always list global options.
Output after starting replication on the command line is misleading.
Allow binary copy from a master replica to a dedicated consumer.
Make subcommands for replication configuration easier to understand.
Some subcommands names are misleading.
Password lockout not working properly after a number of failed attempts.
Fix syntax validation property online help.
Make unit sizes consistent when setting configuration property values.
Error in option when listing indexes from the command line.
Import through dsconf fails.
Issues arise when configuring replication using the command line.
Directory Service Control Center page to configure server groups leads to JSP not found error.
Adding approximate and substring indexes causes equality indexes to stop working.
The dsee_deploy command should work with install directory names only one character in length.
The uid attribute is not displayed correctly in the Entry Overview tab of DSCC for POSIX users.
Changing nsslapd-infolog-area does not change errors log contents.
Allow DSCC to create a server instance running as nobody.
Allow changes to client control settings in the Directory Server Configuration tab of DSCC.
Installation should not remove existing Java version.
Allow DSCC to delete replication agreements.
Clarify how to change the password with ldapmodify when pwdSafeModify is on.
Allow DSCC to register existing server instances.
Allow DSCC to edit a server location.
The path for the tool to register DSCC with Sun Java Web Console is not valid in the online help.
With a presence index configured, searches still appear unindexed in the access log.
Allow DSCC to work properly when creating servers on Solaris zones.
Fix errors after configuring a suffix through DSCC.
After a delete operation, the DSCC window does not close.
Deleting an index type leads to an Error null message.
Fix server instance registration issue that occurs when a DSCC session times out.