PingDS release notes

Fixes in 7.2.x

This page lists the cumulative fixes in DS 7.2.x releases since 5.5.0:

DS 7.2.5

  • OPENDJ-10139: Replication status "TOO_LATE" does not mark DS as unhealthy

  • OPENDJ-10131: ds-mon-receive-delay metric is not working

  • OPENDJ-10032: Inconsistent password storage scheme rehash policies can create multiple userPassword values

  • OPENDJ-5041: Set resource limits according to proxyAs user instead of the bindDN

DS 7.2.4

  • OPENDJ-9999: DS uses encrypt/decrypt for key wrapping instead of wrap/unwrap

  • OPENDJ-8796: Virtual attribute providers ignore critical controls, such as VLV, paging, and sorting

DS 7.2.3

  • OPENDJ-9828: Deadlock in big index

  • OPENDJ-9587: ChangeNumberIndexer unable to advance even after proper shutdown of the replica

  • OPENDJ-9472: Upgrade does not correctly handle previously patched upgrades

  • OPENDJ-9419: Disaster recovery must delete all domain states from the changelog

  • OPENDJ-9200: Backup process logs incorrect number of jdb files

  • OPENDJ-9158: AM User/CTS affinity failover doesn’t happen when DS’s disk volume is detached

  • OPENDJ-8975: Modified file permissions for 99-user.ldif revert to 600 when DS is restarted

  • OPENDJ-7941: Client connections to proxy time out after 10 seconds regardless of activity

DS 7.2.2

  • OPENDJ-9358: ACI: (userdn = "ldap:///anyone" and not userdn = "ldap:///all") captures authenticated users and should not

  • OPENDJ-9347: GSSAPISASLMechanismHandler incorrectly formats the login conf file

  • OPENDJ-9315: Virtual static group does not contain all members of a target dynamic group

  • OPENDJ-9295: Search involving BigIndex throws NoSuchElementException

  • OPENDJ-9272: Change number indexing state is logged too often

  • OPENDJ-9245: DS backup to an S3 bucket on a new region fails

  • OPENDJ-9228: DS intermittently fails to stop due to TaskScheduler.writeLockEntry()

  • OPENDJ-9042: All worker threads blocked waiting for abandon operations to complete

DS 7.2.1

  • OPENDJ-9204: RS ignores DS state and forwards changes that DS has already seen

  • OPENDJ-9183: Replicated request controls serialized in LDIF using V1 encoding

  • OPENDJ-9182: NPE in changelogstat on encountering a modify DN request

  • OPENDJ-9102: Log rotation stops once the File Count Retention Policy count is met

  • OPENDJ-9042: All worker threads blocked waiting for abandon operations to complete

  • OPENDJ-9041: Undeliverable unexpected exception while performing an abandon operation during server shutdown

  • OPENDJ-9033: DS refuses to start and throws a NullPointerException when a subordinate-base-dn is used.

  • OPENDJ-9032: The dsrepl --script-friendly was never implemented and shouldn’t appear in the tool

  • OPENDJ-9020: Replicas should persist their ReplicaOfflineMsg unless they’re being recovered from the replication server

  • OPENDJ-9007: LoadBalancer availability check fails if the current bind user state is "bad"

  • OPENDJ-9002: Changelogstat outputs verbose CSNs for offline messages, but not other messages

  • OPENDJ-8992: Replica rejoining the topology after its changelog is purged is not tested for correct server state

  • OPENDJ-8917: ReplicationBroker.java swallowed important debugging info

  • OPENDJ-8831: Log when and why the ChangeNumberIndexer cannot move forward

  • OPENDJ-8815: dsrepl status does not take into account a status of Bad generation id

  • OPENDJ-8808: Potential deadlock between overlapping rename operations

  • OPENDJ-8779: Improve replica and changelog logging

  • OPENDJ-8378: dsrepl status shows deleted replication domains

  • OPENDJ-7688: Spurious DS disconnections because of missing heartbeat

  • OPENDJ-7640: Supportextract doesn’t collect all security store when several keystores have the same basename

  • OPENDJ-7516: External cn=changelog is not updated while replication initialization is in progress

DS 7.2.0

  • OPENDJ-8874: Full replica purge should write CSN information right away

  • OPENDJ-8829: Error messages incorrectly mentions cn=System,cn=monitor

  • OPENDJ-8805: dsconfig exits when setting the "bootstrap-replication-server" property with a <null> value in the "Replication Service Discovery Mechanism".

  • OPENDJ-8792: SDK: Log SSL exceptions as errors instead of warnings

  • OPENDJ-8778: Setup option --trustStorePassword:file behaves differently than --trustStorePasswordFile

  • OPENDJ-8727: HTTP embedded listener throws IllegalStateException: Output channel is not set

  • OPENDJ-8698: DS should write config archive files in a crash consistent way

  • OPENDJ-8610: RS-RS session thread stuck in Session.send could prevent DS from shutdown

  • OPENDJ-8548: Optimize scoping of indexed searches

  • OPENDJ-8532: Error running export-ldif offline: "DatabaseConfig.setReadOnly() must be set to false when creating a Database"

  • OPENDJ-8500: IllegalMonitorStateException after subtree read lock timeout when adding an entry

  • OPENDJ-8473: Upgrade does not migrate ds-cfg-je-property values

  • OPENDJ-8383: dsrepl status fails when certificates accepted interactively

  • OPENDJ-8280: DS will not start when using a non US Locale after changing config

  • OPENDJ-8254: dsbackup restore/list slow to complete with cloud storage

  • OPENDJ-8243: Indexes could cause ldapsearch to return multiple copies of the same entry

  • OPENDJ-8227: Deadlock between Changelog DB purger and Thread for RS session

  • OPENDJ-8226: Support Extract tool ignores non-default changelogDb location when collecting domains.state file

  • OPENDJ-8205: Log message lists an object’s string representation instead of a file name

  • OPENDJ-8137: LDIF backend silently rejects entries that fail schema validation

  • OPENDJ-8115: -Djavax.net.ssl.trustStore=<value> in OPENDJ_JAVA_ARGS throws NullPointerException

  • OPENDJ-8090: am-identity-store:7.1 setup profile is not functional

  • OPENDJ-8079: targattrsfilters expression does not work with 2 filters but permits 1 or more than 2 filters

  • OPENDJ-8062: Possible inconsistent state after backup restore

  • OPENDJ-8046: Changelog files are not closed after searching cn=changelog

  • OPENDJ-8028: Prometheus monitoring doesn’t work with Telegraf

  • OPENDJ-8024: Prevent configuration of VLV indexes with scope base-object

  • OPENDJ-8008: OutOfMemoryException in subtree delete

  • OPENDJ-7991: makeldif: "invalid number of arguments" using DateTime tag with colons

  • OPENDJ-7971: dsbackup fails when JDB file cleaned

  • OPENDJ-7970: Ensure that DS is crash resilient for all runtime file changes

  • OPENDJ-7889: Configuring group-id against DS-only instance requires restart for the change to be reported by monitoring

  • OPENDJ-7818: Package based upgrade does not support instances running as non-root

  • OPENDJ-7816: dsbackup fails when destination is a symbolic link to a real directory

  • OPENDJ-7755: DS 7.0 replication with older version, CryptoManager failed to import the symmetric key entry

  • OPENDJ-7744: dsrepl initialize in a topology with DS7 and DS 5.5 fails if DS7 serverId starts with 0

  • OPENDJ-7596: dsbackup has global connection options that do not work with some subcommands

  • OPENDJ-4935: Replication instability and divergence when using high latency disks

DS 7.1.0

  • OPENDJ-7928: JSON normalization cannot handle nested arrays

  • OPENDJ-7905: Schema replication error after upgrade

  • OPENDJ-7867: NPE if dsbackup bucket name contains underscores

  • OPENDJ-7851: Supportextract tool: clobbers the server.out filehandle when kill -3 is used.

  • OPENDJ-7847: StaticGroup’s objectclass sanity checks are unhelpful

  • OPENDJ-7810: JMX connections are always considered insecure

  • OPENDJ-7761: DS sporadically hangs while reconnecting to an RS

  • OPENDJ-7758: DS 7.0 dsrepl add-local-server-to-pre-7-0-topology: NPE if master-key is in different keystore

  • OPENDJ-7747: ldapmodify display full stack exception on LDIF errors if connection is already established

  • OPENDJ-7737: ConfigurationFramework#initialize0 changes the class loader without clearing the map of registered jar files

  • OPENDJ-7699: Supportextract throws NoSuchElementException when the server.pid file is empty

  • OPENDJ-7689: dsrepl add-local-server-to-pre-7-0-topology does not tolerate separate keystore and truststore

  • OPENDJ-7687: Global Access Control Policy regarding cn=schema is too restrictive

  • OPENDJ-7674: Migrating encrypted changelog files during upgrade fails

  • OPENDJ-7655: Replaying multiple MODIFYDN operations is very slow

  • OPENDJ-7612: replication divergence on CTS in the cloud

  • OPENDJ-7599: Cannot add a pre-encoded password to an entry without an existing password

  • OPENDJ-7554: Windows: Secrets not retrieved from :file command-line arguments

  • OPENDJ-7523: Example plugin and example pwdscheme pom.xml are missing correct revision

  • OPENDJ-7513: Missing subSchemaSubEntry attribute from rootDSE access controls

  • OPENDJ-7481: JSON logs do not contain proxy auth DN

  • OPENDJ-7474: Docker sample README.md provides wrong instructions for running the container

  • OPENDJ-7450: The startswith (sw) operator on indexed JSON attribute is slow

DS 7.0.0

  • OPENDJ-7319: Addrate can run out of memory when --deleteMode off and --noPurge are set

  • OPENDJ-7286: Changelog searches can start with incorrect cursors

  • OPENDJ-7176: Filters with malformed attribute descriptions cannot be parsed

  • OPENDJ-7115: DS does not start when deployed with ISTIO sidecar container in the GCP K8s cloud

  • OPENDJ-7016: status command outputs malformed JSON in script friendly mode

  • OPENDJ-6994: strict-format-country-string does not affect the server

  • OPENDJ-6787: Changelog searches are extremely slow if any cursors are exhausted

  • OPENDJ-6778: Proxy server mishandles abandon requests

  • OPENDJ-6733: SMTP handler sends incorrect email when account status is modified by manually updating ds-pwp-account-disabled attribute

  • OPENDJ-6711: Replication status reports The provided value "5277383431" could not be parsed as an integer.

  • OPENDJ-6557: IDM Password Sync plugin induces 100% CPU in Apache Http Components when used with JDK 11

  • OPENDJ-6540: The Supportextract hangs when loggers are configured to use /dev/stdout

  • OPENDJ-6527: Server does not return password policy responses with only warnings

  • OPENDJ-6521: setup checks admin port despite options --skipPortCheck --doNotStart

  • OPENDJ-6512: Problems when work queue fills

  • OPENDJ-6499: Query on rest2ldap over ssl gets stuck after few curl requests using TLSv1.3 on JDK11

  • OPENDJ-6377: Replication replay: issues with ReplaySynchronizer

  • OPENDJ-6349: "RuntimeException: Should never happen" in HttpClientConnection

  • OPENDJ-6240: DS not honoring per user resource limits when processing RESTful operation requests

  • OPENDJ-6235: Stale ds-sync-hist attribute values reappear in the entry after replication is unconfigured

  • OPENDJ-6222: SMTP messages are sometimes not encoded with the correct charset

  • OPENDJ-6221: Logging for CONNECT operations are not saved in Nanosecond format

  • OPENDJ-6196: HTTP connection handler continues to listen to 0.0.0.0 after setting listen-address

  • OPENDJ-6188: Backend returns an incorrect error type when disk space hits low threshold

  • OPENDJ-6173: cn=monitor memory pool stats do not get updated properly over time

  • OPENDJ-6116: Unspecified Communications Error when multiple rest2ldap endpoints share configuration elements

  • OPENDJ-5675: JDK11: supportextract tool cannot find jstack command

  • OPENDJ-5664: JDK 11: illegal reflective access warning during import-ldif

  • OPENDJ-5661: supportextract tool help and version options are different from other tools

  • OPENDJ-5660: JDK 11: illegal reflective access warning on setup (with profile)

  • OPENDJ-5611: Change number indexing can lag behind replication under extreme load

  • OPENDJ-5590: Proxy: server discovery fails silently when proxy base-dn differs from backend’s base-dn

  • OPENDJ-5584: Server does not validate sum of memory used by JE backend caches in all cases

  • OPENDJ-4764: REST2LDAP gateway sasl-plain authorization doesn’t handle dn: correctly

  • OPENDJ-4714: SSL handshake now sends 16KB list of CA issuer DNs

  • OPENDJ-3121: Setup fails to create the lib/extensions directory in the instance.loc path, if a instance.loc file is used.

  • OPENDJ-2605: Debian packages should be idempotent

  • OPENDJ-1169: Exception/error lost when logging ERR_LOOP_REPLAYING_OPERATION

  • OPENDJ-640: Text Query Against indexed telephoneNumber Attribute Very Slow

DS 6.5.0

  • OPENDJ-5606: Upgrade to DS 6.0 fails if multiple filesystems are involved

  • OPENDJ-5594: StackOverflowError with groupOfURLs when isMemberOf is requested

  • OPENDJ-5582: LdapClientSocket connection leaked when handshake fails

  • OPENDJ-5558: SDK: LdapUrl is not IPv6 clean

  • OPENDJ-5553: Rest2Ldap cannot connect to TLSv1.2 servers

  • OPENDJ-5496: DS fails to reconnect to an RS, disconnecting in handshake phase, after system restart

  • OPENDJ-5481: ERR_OPERATION_NOT_FOUND_IN_PENDING message used twice in different contexts

  • OPENDJ-5406: Duplicate entry DNs if entry is deleted and then added during export-ldif or dsreplication initialize

  • OPENDJ-5293: Proxy: Replication Service Discovery Mechanism logs WARNING

  • OPENDJ-5272: "idle-time-limit" global configuration property has no effect

  • OPENDJ-5210: Possible memory-leak if request received while bind in progress

  • OPENDJ-5140: PersistentSearch heap usage grows

  • OPENDJ-5137: Reading compressed or encrypted entries fails to close the InflaterInputStream

  • OPENDJ-5115: ldappasswordmodify fails, NPE in PasswordPolicyState updatePasswordHistory

  • OPENDJ-4967: Rest2ldap UndeliverableException occurs when a referenced entity cannot be fetched

  • OPENDJ-4947: SASL DIGEST-MD5: bind request failed with protocol error

  • OPENDJ-4881: Updates via Rest2ldap fail if record does not contain the necessary object class

  • OPENDJ-4852: Backup with --backupAll misses a few backends

  • OPENDJ-4625: Changelog range searches miss entries

  • OPENDJ-4589: dsconfig --offline is not case-insensitive

  • OPENDJ-4325: Changelog searches requesting changelogCookie are very slow

  • OPENDJ-4229: status command with keystore options throws NullPointerException

  • OPENDJ-3480: Updating schema backend properties while it is enabled leaves schema backend in broken state

  • OPENDJ-3343: Invalid Conflict resolution on Add sequence when Parent & Child are added on different replica

  • OPENDJ-3341: REST to LDAP gateway: HTTP response for API description is empty

  • OPENDJ-3153: REST to LDAP gateway: changing password fails when using proxied authorization

  • OPENDJ-2356: verify-index displays an inappropriate error message when run in online mode

DS 6.0.0

  • OPENDJ-4983: IllegalStateException in change number indexer

  • OPENDJ-4943: NullPointerException in BackupManager.java when backup --hash is used offline

  • OPENDJ-4845: Crypto manager uses TLSv1, fails if admin connector ssl-protocol is TLSv1.2

  • OPENDJ-4823: Adding a third replica breaks key ordering of the changelogDb

  • OPENDJ-4729: WorkerThread is blocked in BlockingBackpressureOperator after disconnection

  • OPENDJ-4725: Cannot reset change-log change number

  • OPENDJ-4598: Replication Server cursoring through obsolete replica ID’s causing high CPU spin

  • OPENDJ-4587: Replication: Medium consistency point frozen when a DS+RS is unconfigured or a DS+RS is stopped

  • OPENDJ-4559: All worker threads blocked on ReentrantReadWriteLock in GroupManager

  • OPENDJ-4557: isMemberOf search result excludes entries' operational attributes

  • OPENDJ-4555: Server not responding

  • OPENDJ-4533: NullPointerException in TTL reaper

  • OPENDJ-4497: ttl-enabling an index requires a restart

  • OPENDJ-4485: MODRDN with a blank newrdn: value is not rejected.

  • OPENDJ-4464: Collective attributes do not consider if an attribute is single or multi-valued.

  • OPENDJ-4296: Rebuilding index on two backends at the same time causes NPE

  • OPENDJ-4210: Cannot import/export LDIF in offline mode after configuring Password Synchronization Plugin

  • OPENDJ-4125: Extremely poor performance under connect/disconnect load and eventual port exhaustion

  • OPENDJ-3896: Change number indexer exits due to uncaught IllegalStateException

  • OPENDJ-3878: Example plugin POM has wrong parent and is missing repositories

  • OPENDJ-3504: LDAP bytesRead/Written and SNMP counters (dsApplIfInBytes and dsApplIfOutBytes) are not incremented

  • OPENDJ-3437: Cannot delete access log publisher when it is disabled

  • OPENDJ-1881: OPENDJ JMX monitoring report statistics as type String instead of Number

  • OPENDJ-1158: rebuild-index leaves backend offline if a backup is running

  • OPENDJ-934: Changes to RS window-size property require a server restart

  • OPENDJ-431: Server-side sort control only works on result sets of less than 100000 entries

DS 5.5.0

  • OPENDJ-4341: setup with production mode with java 9

  • OPENDJ-4316: HTTP Connector leaks Session objects

  • OPENDJ-4275: Changelog searches cursor through inappropriate replica DBs

  • OPENDJ-4234: Poor changelog search performance using changenumber ranges

  • OPENDJ-4228: status command with keystore options throws ArrayIndexOutOfBoundsException

  • OPENDJ-4178: Performance drop with complex subtree searches between 2.x and 3.5.1/4.0.0

  • OPENDJ-4125: Extremely poor performance under connect/disconnect load and eventual port exhaustion

  • OPENDJ-4115: build and publish missing changes gets confused with non-local changes

  • OPENDJ-4011: Setup requires TLS to be enabled when using --productionMode

  • OPENDJ-4007: Referential Integrity plugin checks all modifications when run as preModifyOperation

  • OPENDJ-4006: forgerock-je included in releases does not work with Azul Zulu

  • OPENDJ-3966: The Bcrypt storage scheme displays the wrong syntax Range and default for the bcrypt-cost

  • OPENDJ-3963: JMXClientConnections are leaked

  • OPENDJ-3931: Replication fails to propagate all changes added after a backup/restore to a newly created instance

  • OPENDJ-3904: Delivery includes QuickSetup.app and Uninstall.app files for commands that were removed

  • OPENDJ-3886: Modifying Json File-Based Access Logger configuration can cause a corrupt log record

  • OPENDJ-3868: Proxied persistent searches are not cancelled/abandoned when the client abandons them or disconnects

  • OPENDJ-3825: Spring daylight savings change can break recurring tasks

  • OPENDJ-3645: SASL DIGEST-MD5: "digest-uri" parameter is not taken into account

  • OPENDJ-3643: On Windows "java.properties" does not support values containing "=" character

  • OPENDJ-3507: After upgrading a 2.6.2 server to 3.5.1 server is spinning at 93% CPU

  • OPENDJ-3471: ldifsearch command fails to consume @objectclass notation in attribute list

  • OPENDJ-3380: Creating a backend with null base DN can render the instance unusable

  • OPENDJ-2850: SDK SASL integrity/confidentiality violates protocol

  • OPENDJ-2842: Load balancing algorithms are not optimum after failure of a connection factory

  • OPENDJ-2190: Replicas cannot always keep up with sustained high write throughput

  • OPENDJ-1135: DS sometimes fails to connect to RS after server restart

  • OPENDJ-609: Replicas out of sync after add/delete operations in sustained stress testing