This section lists the bugs fixed in Directory Server 7.0 and Directory Server 11g Release 1 (11.1.1).
Table 4–1 Bugs Fixed in Directory Server 11g Release 1 (11.1.1)
Bug ID |
Description |
||
---|---|---|---|
4987124 |
UIDs for entries are not required to be unique. |
||
5087249 |
Network connections remain established regardless of the settings of the tcp_keepalive_interval and tcp_ip_abort_interval attributes. |
||
6181237 |
The message WARNING<1028> — Replay of an already seen operation occurs frequently in the error log. |
||
6192090 |
The insync command cannot parse a host specification provided to it if the host specification contains an at sign (@). |
||
6250000 |
Non-unique values of nsuniqueid can be added to a replication topology and cause replication to fail. |
||
6283810 |
Using the ldapmodify command to delete an attribute can cause replication to fail. |
||
6292310 |
Modifying an entry's RDN at the same time as modifying an attribute value of the entry's parent puts the directory server in deadlock. |
||
6295323 |
A memory leak occurs in searches that return virtual attributes. |
||
6299664 |
Performing a modify operation using replace with a value of 0 for the first time on an attribute results in a NULL value. |
||
6340125 |
If a change log is created and read simultaneously, the directory server can fail. |
||
6341382 |
Read errors can occur when SASL security is enabled. |
||
6356373 |
The indirect Class of Service feature does not support multiple templates as documented. |
||
6374916 |
The start-tls operation sometimes causes a server crash. |
||
6382134 |
The ldapcompare command can fail if a Class of Service is configured. |
||
6386671 |
ou=groups can contain duplicate data. |
||
6479754 |
Replication can fail after SSL is configured as documented. |
||
6490419 |
The ldapsearch command can return inconsistent results. |
||
6497556 |
On Windows installations, the dsadm info command can display the incorrect owner of ns-slapd. |
||
6498501 |
On HP-UX installations, the dsadm stop and restart commands can behave inconsistently when the monitoring plug-in is enabled. |
||
6499077 |
The warning message for an unregistered suffix contains extra characters. |
||
6500908 |
Certificates with names that contain localized characters cannot be listed or deleted correctly. |
||
6504891 |
The dsadm autostart command can return incorrect error messages. |
||
6506019 |
On HP-UX installations, the directory server can fail when the GNU debugger (GDB) releases the ns-slapd process. |
||
6536777 |
On UNIX installations, the JVM of the Application Server must be started with -Djava.awt.headless=true to enable replication topology rendering. |
||
6542953 |
Multiple ZIP installations do not manage all CACAO ports correctly. |
||
6548467 |
The DSCC cannot be accessed through its URL when a previous connection is still open. |
||
6550543 |
DSCC can return errors when run with Java 1.6. |
||
6551672 |
The Application Server returns an Unable to create SASL client conn for auth mechanism message and cannot communicate with CACAO. |
||
6557499 |
Registering and deploying JESMF creates defunct processes. |
||
6561787 |
DSCC parses dsinstancemain.confirmreadonly incorrectly. |
||
6562921 |
Data passed to Windows service management must maintain the correct character case. |
||
6572853 |
The Class of Service statistics monitor reports results incorrectly. |
||
6579286 |
On Windows installations, the dsrepair command fails because of a missing directory in the PATH environment variable. |
||
6579820 |
On Windows installations, the plcheck command fails. |
||
6582585 |
DSCC cannot access the log files when the instance path contains multi-byte characters. |
||
6586725 |
A memory leak occurs in multi-master replication over SSL. |
||
6593775 |
DSCC does not display all suffixes. |
||
6594285 |
DSCC fails to support RBAC. |
||
6617936 |
When the repldisc command encounters an error connecting to a replica over SSL, its credentials are not properly handled. |
||
6620846 |
The repldisc command in interactive mode should not request the host name and port number. |
||
6620851 |
The repldisc command in interactive mode should not request replicas that cannot be connected. |
||
6634048 |
External use of the reversible password plug-in can cause replication to fail. |
||
6640285 |
No trimming occurs when dsconf is used to set the nsslapd-changelogmaxage for the retro change log. |
||
6640806 |
Re-indexing requires too much time to complete. |
||
6641259 |
The DSCC displays a message that describes the Replication Settings tab incorrectly. |
||
6642364 |
Some password policy updates appear in replicated audit logs but not in the local audit log. |
||
6644137 |
The DSCC displays a message that describes the Promote/Demote Suffix function incorrectly. |
||
6644368 |
The repldisc command fails to compare host names correctly. |
||
6645742 |
Replication stops between servers of different versions after a failed login of a known user with an incorrect password. |
||
6646794 |
The DSCC ACI wizard produces invalid ACIs when multiple targetattr values are selected. |
||
6650039 |
A replication master can fail when replication stops normally. |
||
6651645 |
Passwords cannot be changed through proxied authorization when pwdReset is set to true. |
||
6659728 |
Performance can be degraded when the access log is enabled. |
||
6662669 |
The dsconf set-log-prop command does not change permissions on log files in a timely manner. |
||
6663324 |
Time-based log rotation stops when the machine time is set back. |
||
6663553 |
Extra spaces in an ACI string can cause incorrect ACI evaluations. |
||
6670977 |
The DSCC fails to display a long ACI. |
||
6675384 |
Complex Class-of Service deployments can cause the directory server to fail. |
||
6680142 |
Several text files require correction. |
||
6680718 |
Rotation can become deadlocked. |
||
6683182 |
A user password can become expired even if passwordMaxAge is set to a high value. |
||
6683870 |
The DSCC can corrupt entries with binary attributes during modification. |
||
6684993 |
Under certain circumstances, the password policy attribute pwdMinLength is not enforced. |
||
6686131 |
The DSCC displays some links incorrectly. |
||
6686199 |
The directory server can fail if the uniqueness-among-attribute-set plug-in is configured. |
||
6686632 |
The directory server fails if a pre-op plug-in performs an access control check on an entry before deleting it. |
||
6687304 |
Changes to client authentication made with the DSCC do not become effective until the directory server is restarted. |
||
6688454 |
Pass-through authentication can prevent the directory server from stopping correctly. |
||
6688891 |
The audit log contains old passwords. |
||
6689290 |
DSCC can display incorrect message text when starting and stopping the directory server. |
||
6689454 |
Errors can occur if a database is restored and the backup has a very large change log. |
||
6690684 |
A server instance bound to a specific IP address can fail to become registered. |
||
6700232 |
The directory server can become deadlocked when accessing the change log. |
||
6704259 |
Replication operations require too much time. |
||
6704261 |
A multiple-pass LDIF import operation can produce an incorrect index. |
||
6704754 |
The Logging property rotation-time cannot be set to undefined even though it is listed as an allowed value |
||
6705319 |
DSCC does not disable a referral completely. |
||
6706009 |
The DSCC does not handle subtype attributes correctly when editing entries. |
||
6707089 |
The directory server can fail when evaluating an ACI. |
||
6707164 |
A binary restore of the database recreates the replication change log. |
||
6708194 |
The DSCC cannot set the time-base log rotation and deletion policy to Do Not Automatically Rotate/Delete. |
||
6708615 |
The directory server fails when stopping the server when indexing is active. |
||
6711123 |
Backup and export files can become invalid if infrequently updated masters receive updates. |
||
6712614 |
The starttls command runs slowly. |
||
6715303 |
The directory server fails when fetching values of a virtual attribute. |
||
6715911 |
The directory server can fail when creating a new suffix in the Top entry if the name of the suffix contains a back slash (\). |
||
6716661 |
The repl-schedule property should be multivalued. |
||
6717507 |
Enabling replication can incorrectly update VLV indexes |
||
6718308 |
The DSCC does not log all messages when restoring the database. |
||
6721412 |
Certain substring filters do not work when searching localized attributes. |
||
6723208 |
The DSCC corrupts mailSieveRuleSource when it updates a user. |
||
6726890 |
The change log is not always trimmed correctly. |
||
6731941 |
The number of simultaneous pass-through authentications cannot be limited. |
||
6735966 |
On Windows installations, the directory server can fail under load when encryption is disabled. |
||
6736172 |
The directory server can add the cACertificate and crossCertificatePair properties twice. |
||
6737227 |
The directory server can fail under load during DN normalization. |
||
6737235 |
The targetscope keyword is sometimes handled incorrectly for anonymous ACIs. |
||
6739300 |
The retro change log can grow very large when managing large static groups. |
||
6740791 |
A memory leak can occur in the directory server when binding users whose password policy is assigned in a Class of Service. |
||
6742347 |
In Windows installations, the directory server does not stop during shutdown when registered as a service. |
||
6746125 |
The ldapsearch command can return incorrect results for a search of certificateRevocationList with non-existent subtypes. |
||
6746574 |
When set to on, nsslapd-return-exact-case does not work correctly for certificateRevocationList. |
||
6748713 |
The directory server can close a connection before idletimeout has elapsed. |
||
6750238 |
In Windows installations, the first attempt of the directory server to restart after the system is rebooted can fail with System Event ID 7022. |
||
6750240 |
des-plugin.so is not signed. |
||
6751358 |
Prioritized replication does not work as designed. |
||
6751952 |
Replication stops and restarts when a send update now operation occurs. |
||
6752586 |
Identity Synchronization for Windows plug-in does not start. |
||
6752738 |
An exported LDIF can include an entry's Replica Update Vector. |
||
6753742 |
Upgrading a multi-master replication topology can fail. |
||
6755852 |
The directory server cannot be installed on some Japanese Windows systems. |
||
6756240 |
The directory server can fail because of polling issues. |
||
6759200 |
directory server can fail because of binding with SASL. |
||
6759886 |
DEL operations are replicated in a multi-master topology, modifiersname is logged incorrectly in the audit log of the consumer. |
||
6763091 |
The password policy assigned to a user entry through a role is not effective until the directory server is restarted. |
||
6764616 |
Replication can fail if the suffix name contains a space. |
||
6768405 |
The dsconf command does not correctly handle a hyphen (-). |
||
6771728 |
Replication can fail if a MOD CSN (Change Sequence Number) is smaller than the previous ADD CSN. |
||
6772760 |
The directory server can fail if it is stopped immediately after it is started. |
||
6772870 |
A consumer can become unsynchronized when ds-polling-thread-count is greater than 1. |
||
6772918 |
The dsconf info command does not always detect the directory server's version number. |
||
6773132 |
The dsconf export command does not log an error when it fails because the target file system is full. |
||
6774167 |
Unable to replace an SHA-encoded userpassword attribute value. Although this issue is fixed in this release, the fix is not complete until all Directory Server instances in your topology have been upgraded to version 11g R1 (11.1.1). Until all Directory Server instances have been upgraded, you must delete the userpassword attribute and then add it again before you attempt to add a new value or values. (You cannot simply delete an existing value if you do not know the unencrypted value of the attribute.) To delete the userpassword attribute and all password values, use the following command:
When you have deleted the userpassword attribute, you can add it again with the password values that you wanted to keep.
|
||
6777643 |
The insync operation can fail. |
||
6779940 |
The dsconf matching-rule property for indexes should be multi-valued. |
||
6779962 |
The dsadm export command cannot index collation plug-in matching rules. |
||
6783425 |
The searchrate command can fail when processing a complex filter. |
||
6784701 |
Substring searches are unindexed if an equality index is not present. |
||
6785664 |
Running the server as a Windows service is not completely compliant with Microsoft requirements. |
||
6789448 |
An error can occur when the pwd-accept-hashed-pwd-enabled property is set. |
||
6790060 |
ACI evaluation during unindexed searches can require too much time. |
||
6791372 |
The directory server can fail when the authrate command is running. |
||
6793557 |
The directory server can fail when the DSML plug-in receives a corrupted DSML message. |
||
6796266 |
The directory server can fail when it is stopped if the memberof plug-in is not completely preloaded. |
||
6797187 |
The dsadm add-selfsign-cert command adds self-inconsistent certificates to the database. |
||
6798026 |
On Windows installations, the directory server can crash during search operations. |
||
6802840 |
On Solaris systems, log rotation stops after running dsconf with the rotate-log-now option. |
||
6806271 |
In multi-master replication topologies, the directory server can fail to detect duplicate values for attributes with more than eight values. |
||
6809149 |
Recovery from a database failure can cause the heap to be corrupted. |
||
6821219 |
ACI evaluation incorrectly uses cached results. |
||
6821682 |
The dsconf command does not handle the dsml-min-parser-count and dsml-max-parser-count properties correctly. |
||
6827661 |
On some Windows installations, the dsadm stop command does not stop the directory server. |
||
6834291 |
The sequence of plug-in operation should be reordered. |
||
6834783 |
With VLV indexes configured, VLV errors are seen shortly after an import operation. |
||
6835539 |
The DSCC can encounter an error when creating or modifying a specialized password policy. |
||
6835550 |
In multi-master replication topologies, replication can fail after importing a replica. |
||
6836463 |
The retro change log reports a large number of error 32 errors after a server restart. |
||
6837200 |
The change log trimming thread can cause the directory server to fail at startup. |
||
6837808 |
ACI evaluation during a modify operation can corrupt the heap. |
||
6838287 |
On Windows systems, dsadm and DSCC logs are an hour behind during daylight savings time. |
||
6844176 |
Memory leaks can occur when using CoS. |
||
6846588 |
On Windows systems, the server stops responding to SSL requests under certain NSS/NSPR version conditions. |
||
6846693 |
The directory server can crash after importing new entries. |
||
6846934 |
ACIs with the ip keyword are not always evaluated correctly. |
||
6848272 |
Macro ACIs do not handle DNs that include brackets. |
||
6849485 |
The server crashes during a DSML search if the bind password needs to be changed. |
||
6849658 |
The Uniqueness plug in does not handle subtypes during add operations. |
||
6849928 |
Importing can fail to create a replica correctly. |
||
6850042 |
The ZIP distribution of the directory server should use non-default port numbers. |
||
6850537 |
Search requests should return binary attributes in accordance with RFC 4522. |
||
6851491 |
The directory server can crash during Class of Service operations. |
||
6852119 |
A memory leak can occur when importing an LDIF with replication meta-data. |
||
6852500 |
When a uniquemember is deleted from a group, the deleted group member is not displayed in the retro change log entry. |
||
6853884 |
The dsmig migrate-config command logs a configuration warning for the Strong Password Check plug-in. |
||
6853981 |
The first pwdFailureTime value is deleted when the pwdLockoutDuration has passed. |
||
6856557 |
The passwordexpirationtime attribute should be ignored by the password policy when the server is in DS6–mode. |
||
6859942 |
A strong password policy handles extended ASCII incorrectly. |
||
6861340 |
Inconsistent search results are produced when searching multi-valued attributes with a range filter, if an equality index exists. |
||
6867669 |
Running a dsmlmodify operation causes the server to crash. |
||
6867812 |
ACIs that include wild cards do not work correctly in certain cases. |
||
6873828 |
Stopping a server instance using a dsadm command from a different installation does not work. |
||
6878311 |
The UID Uniqueness plug in cannot handle more than one + symbol in a dn or uid. |
||
6881605 |
A deadlock situation can occur on server shutdown when SMF is used. |
||
6887642 |
Proxy authorization does not recognize grace logins for password changes. |
||
6892914 |
A memory leak occurs in the CoS plug in. |
||
6894059 |
Under certain conditions, fractional replication only evaluates updates from a subset of replicas. |
||
6896757 |
The minimum-search-filter-substring-length of a resource limit policy does not work on complex search filters. |
||
6900781 |
Performing a restore by using dsadm should place the database in referral mode. |
||
6900955 |
Consecutive password changes cause the passwordexpirationtime attribute to be removed from the second master in a two-way multimaster topology. |
||
6902119 |
A memory leak occurs in the mapping tree code. |
||
6902127 |
A memory leak occurs in the id2entry code. |
||
6904986 |
dsccsetup —V returns unexpected null in output. |
||
6902477 |
No recovery is performed when the server is restarted after a crash. |
||
6905595 |
Frozen mode does not return referrals as expected. |
||
6906234 |
The audit log does not contain the entire change when binary attributes are modified. |
||
6908622 |
The insync command dumps core if uppercase characters are used in the hostname, with the option -S. |
||
6908942 |
In a replicated topology with DSEE 6.x servers, the server sometimes crashes when replaying certain operation to the DSEE 6.x servers. |
||
6912294 |
The RUV cannot be updated for the first change on a master. |
||
6915746 |
When sending specifically crafted LDAP messages, the server can crash. |
||
6918089 |
Running a dsadm reindex on the vlv attribute can cause the server to crash. |
||
6920416 |
When modifying entries under cn=config, a comma is appended after the etime. |
||
6920520 |
Bind DNs in cn=config can cause a deadlock in the server. |
||
6920573 |
Running a reindex can leave the entryDN and parentID indexes in an inconsistent state. |
||
6921014 |
Memory leaks can occur in the retro change log. |
||
6921222 |
The state information for the change of an rdn attribute is missing in certain cases. |
||
6923243 |
Running a vlv reindex operation does not work as expected. |
||
6927120 |
Reindexing a VLV index hangs. |
||
6927881 |
Running the directory server as a Windows service can disable other services. |
||
6939218 |
The server crashes if asynchronous searches are performed after a GSSAPI SASL bind. |
||
6940840 |
On Windows systems, the server crashes when running multiple root DSE searches. |
||
6944409 |
In the zh_CN locale, an exception is generated when attempting to view the error, access, or audit logs. |
||
6949107 |
Setting the ds-gather-filter-stats property to on can crash the server. |
||
6949854 |
The command dsadm —A 1d does not return the most recent logs. |
||
6950645 |
When deploying DSCC on a machine with no default locale, several log messages stating couldn't set locale correctly are generated. |
||
6960494 |
The server occasionally crashes when filter statistics are enabled and a filter with more than three different filter elements is used. |