UnboundID Synchronization Server Release Notes

UnboundID Logo
  Return to Documentation Index

Synchronization Server 3.1.0.4

Following are notes for the most recent release of the UnboundID Synchronization Server which is version 3.1.0.4. Notes for the following versions of the Synchronization Server are also available in this document:

Resolved Issues

The following issues have been resolved with this release of the Synchronization Server:

No information is available

Synchronization Server 3.1.0.2

Resolved Issues

These issues were resolved with version 3.1.0.2 of the Synchronization Server:

  • Fix an issue in the Synchronization Server where JDBC Sync Source and Destination extensions would not correctly initialize their ArgumentParser when running within the resync command. Issue:DS-4169

  • Change the default behavior of the Synchronization Server to not lock entries across all Sync Pipes when processing changes.

    The Sync Server has a specialized mutex that ensures that changes to the same entry are processed serially. The primary reason for this mutex is to ensure that the server can safely process changes in parallel to achieve high throughput. However, we also use this mutex to ensure that two Sync Pipes don't process the same entry at the same time for deployments that synchronize changes bi-directionally. A consequence of this locking is that if one Sync Pipe is failing (because the destination is unavailable) then it retains the lock on an entry, and when other Sync Pipes try to process changes to that entry they will block that change and all changes that follow it while they wait on the lock.

    This change turns off using a shared mutex by default, but adds a new advanced configuration option on the Sync Pipe, shared-mutex-name, that specifies the name of a mutex that is shared by other Sync Pipes. This gives greater control over the locking so that two Sync Pipes that share end points can ensure that two changes to the same logical user are not processed concurrently, while not impacting other Sync Pipes.

    See the shared-mutex-name property for more information.

    This property is subject to change in a future release. Issue:DS-4202 SF#:1527

Synchronization Server 3.1.0.1

Resolved Issues

These issues were resolved with version 3.1.0.1 of the Synchronization Server:

  • Fix an edge case in the Sync Pipe where it could fail to shutdown cleanly if it got stuck in the change detection loop indefinitely due to illegal or incorrect data being returned from the source. Issue:3537

  • Fix an issue where the Synchronization Server memory usage could spike when a Directory Server goes down behind a Proxy. Issue:3628

Synchronization Server 3.1.0.0

New Features

These features were added for version 3.1.0.0 of the Synchronization Server:

  • Update the Synchronization Server to support arbitrary Sync Destination end points via a Server SDK extension. Sync Destination implementations can be written in Java or Groovy.

  • Add a new "notification" mode to the Synchronization Server. When a Sync Pipe is configured in this mode, it skips fetching the full entry from the source and instead immediately notifies the destination with the contents of the change. The details of the change are completely derived from the source changelog entry. This enables a destination to go through the same sequence of changes as the source.

  • The Synchronization Server can now be monitored over SNMP.

Known Issues and Workarounds

These were known issues at the time of the release of version 3.1.0.0 of the Synchronization Server:

  • When adding a sync server to an existing topology using setup, if the masterConnectPort is specified using a different value than the one previously used, then a duplicate entry will be introduced to the sync topology with the same priority as the existing master server entry. This will cause the master server to enter standby status. Issue:3435

  • When adding a sync server to an existing topology, setup may interactively prompt to prepare the sync server's external servers, even if setup was invoked with the --no-prompt option. Issue:3436

  • When using create-sync-pipe-config to create a sync pipe using an existing UnboundID sync source, the tool prompts for sync source changelog backend property values but does not actually prepare the external server. Issue:3478

  • The create-sync-pipe-config tool does not modify the changelog backend of existing UnboundID sync sources, so it cannot be used to set up multiple sync pipes requiring different settings on the sync source's changelog backend. Issue:3480

Resolved Issues

These issues were resolved with version 3.1.0.0 of the Synchronization Server:

  • Add new global configuration attribute that allows specifying a SMTP timeout to use for all configured SMTP servers. Issue:2283

  • Exposed the SyncOperation class where appropriate in the JDBC Sync Source and Destination interfaces for the Server SDK. This is consistent with the other types of sync plugins that have access to the SyncOperation. Issue:2934

  • Limit collect-support-data to only run against the local server it is ran from. All supported versions of the products have collect-support-data available, and should use that version to do any needed data collection. Issue:2827

  • Enhance timeout for SMTP External Servers to be used for socket I/O and connection based timeouts. Previously the timeout value applied only to socket I/O. Issue:2939

  • Added support for Java-based JDBC Sync Source and Destination extensions. Previously these were only available in Groovy. Issue:3003

  • The update and revert-update tools now respect that -Q/--quiet option which when specified, suppresses console output of messages that are not warnings or errors. In addition, the tools will not solicit input if the -n/--no-prompt option is specified. Issue:3056 SF#:00001432

  • The dsconfig tool has been fixed to that it does not exit in an error when the root DSE entry is not available. Issue:3122

  • Add a new type of access logger which can be used to obtain very detailed information about requests and responses and the contexts in which the associated operations have been processed. This is primarily intended for troubleshooting purposes rather than general use, and the content is meant to be human-readable rather than machine-parsable. Further, because the output can be quite verbose, it is recommended that it only be enabled when attempting to diagnose a problem, and that it be used in conjunction with the filtered logging framework so that only potential messages of interest will be captured. Issue:3064

  • Update tools, such as searchrate, that use --ratePerSecond to not use 100% of one CPU when running at a low rate. The cutoff for this rate depends on the minimum amount of time that a process can sleep, which is operating system dependent.

  • Fix an issue where status output failed to complete due to stale JDBC connection. Issue:3170

  • Updated the create-sync-pipe-config tool to support setting up a Sync Pipe in notification mode. It now also supports using pre-existing Sync Sources discovered from the existing configuration. Issue:3024

  • Changed the --sourceDNsFile argument for the Resync command to be --sourceInputFile. It now supports DNs for resync from LDAP as well as a user-defined format for resync from a database. Issue:2734

  • Update collect-support-data to collect more system level information (especially on Linux) and validate that any value specified with the --pid option does not match the servers PID, since information about the server process is always collected. Issues:2920,2930,3152,3171,3206

  • Hide the subtree-view option in the Client Connection Policy configuration in DS and Sync. There is currently no way to create manual subtree views for these products, but this option may be add back for future features as needed. Issue:3125

  • Add a --missingOnly option to ldap-diff to allow the tool to only report on entries that exist on only one of the servers; entries that exist on both servers but are out-of-sync are ignored. Issue:2918

  • Update tools which can be used to schedule tasks to add a new "--task" argument that makes it explicit that the tool is intended to run as a task rather than in offline mode. At present, this argument is optional, but we intend to make it required in the future, and if a tool is invoked as a task without this new "--task" argument, then a warning message will be displayed recommending that it be used in the future.

    In addition, if the "--task" argument is provided but the tool was not given an appropriate set of other arguments to allow it to connect and/or authenticate to the server, then an error message will be displayed and the tool will exit with an error. This behavior will also be exhibited for other arguments that are only applicable for tools running as tasks, including the "--start", "--dependency", "--failedDependencyAction", "--completionNotify", and "--errorNotify" arguments. Issue:3224

  • Added support for SNMP monitoring to the Synchronization Server via the SNMP Subagent Plugin. A Sync Pipe MIB has been supplied. Issue:3229

  • Update the manage-tasks tool so that it can detect cases in which the authenticated user doesn't have permission to access information about tasks in the server and will provide a more useful error message. It would previously always report that there were no tasks in the server, which may not be true and is not very helpful. Issue:2957

  • Update tools which create scheduled tasks to display a message indicating that killing the tool will not interrupt the task. For tasks that can be interrupted, the tool will also display a manage-tasks command line that can be used to cancel that task. Issue:2954

  • Fix an issue where, for an UnboundID Sync Source, the Sync Server could lose some changes during fail over to another sync server if the persistent state had not yet been saved for the first time. This is unlikely to affect a production environment. Issue:3400

  • Fix a bug in the web-console new Attribute Type and new Objectclass dialogs which is some cases could cause a schema element saved erroneously into a file called 'New File...'. Issue:3410

  • Modify the web-console so that extraneous carriage returns are removed from files containing exported schema elements. Issue:3411

  • Update command-line tools providing support for SASL authentication to add additional properties that may be used in conjunction with the GSSAPI mechanism. This includes the ability to control whether a ticket cache should be allowed and/or required, the ability to specify an alternate location for the ticket cache file, the ability to request that the Kerberos ticket-granting ticket be renewed, and the ability to supply a custom JAAS configuration file rather than using one automatically generated by the tool. Issue:3437

  • Update a number of LDAP command-line tools to provide a new --help-sasl option that can be used to obtain information about the SASL mechanisms that are available for use and the supported options for those mechanisms. In addition, the command-line tool reference has been updated to provide a new page on supported SASL mechanisms and options. Issue:3452

Synchronization Server 3.0.3.0

Resolved Issues

These issues were resolved with version 3.0.3.0 of the Synchronization Server:

  • Fix an issue in the Synchronization Server where "the next batch of changes" could not be retrieved. This occurred when synchronizing through a proxy server after a backend directory server had been restarted. Issue:3205 SF#:1472

  • Add an option to collect-support-data for collecting data from expensive processes. These expensive operations will not be executed by default. Issue:3176

  • Fix an issue where debug messages logged by a command line tool (when using --enableDebug) might not be flushed to disk before the command exited. Issue:3218

  • Add a configurable sync backlog threshold to the Sync Server so that alerts will be generated when a sync pipe becomes severely backlogged with unprocessed changes. Another alert will be generated when the backlog goes back below the configured threshold. Add alerting when the Sync Server detects that changes have been missed because they were purged from the source changelog before the sync pipe had a chance to process them. Issue:3199

  • Add a configuration option to allow the Synchronization Server to synchronize delete and moddn operations even if they are out-of-date with the source server. Issues:3181,3230 SF#:1460,1461

  • Add a configuration option (allow-destination-renames) to the Sync Class to control whether a rename of an entry (e.g. moddn in LDAP) should be allowed at the destination in the process of synchronizing a modify operation. Issue:3225 SF#:1475

  • Fix an issue where the sync server could attempt to process source changes it had already seen when an UnboundID or Sun DS sync source failed over from one source server to another. This would happen when the only changes being made on the source servers were ones that did not need to be synchronized (for example if bi-directional sync was configured and the changes in question had been made by the sync server). Issue:3100

  • Fix a bug that could cause resync from an UnboundID sync source to fail with a null pointer exception. Issue:3275

  • Fix an issue where in rare circumstances if all endpoint servers were unavailable, the Synchronization Server might not reconnect to them when they become available. Issue:3278

Synchronization Server 3.0.2.0

Resolved Issues

These issues were resolved with version 3.0.2.0 of the Synchronization Server:

  • Modify the update tool to fix an issue where in some cases the tool would fail to migrate an older configuration, displaying errors related to duplicate LDIF change records. Issues:2942,2962,2967

  • Add support for Java-based JDBC Sync Source and Destination extensions. Previously these were only available in Groovy. Issue:3003

  • Fix an issue in the Synchronization Server where the attribute-synchronization-mode 'all-attributes' would handle deleted attributes incorrectly. Issue:3026

  • Fix a regression with the stop-sync-server command where the port argument was ignored. Issue:2925

  • The create-sync-pipe-config tool now correctly handles connecting to the SSL port of an LDAP server when specified as part of an endpoint. Issue:2952

  • Fix an issue where the status command would warn that the port argument was ignored even though the argument was not provided. Issue:3052 SF#:1447

  • Expose destination-create-only-attr as a Sync Class property to allow certain attributes (such as objectclass) to only be set when an entry is created and not when it is modified. Issue:2947

  • The command-line tools now use the full terminal width for output on Windows platforms. Issue:1019

  • Fix a regression where the Synchronization Server could not synchronize with Sun DSEE 5.2p4 instances because this version of DSEE did not allow the filter "(&)" to match any entry contrary to the LDAP specification. Issue:3069 SF#:00001449

  • The setup tool has been modified to correct an issue in which the presence of the --rootUserDN option, when specified with any of the "Set Up From Peer/Master Server Options", would cause setup to exit with an error. Issue:3084

  • Increase the recommended default for LDAP changelog retention to be 2 days instead of 2 hours to match real world deployment expectations. Issue:3105

  • Fix an issue where the Groovy "assert" statement was not handled correctly in Server SDK extensions used to synchronize with a database. Issue:3137

  • Increase the default value for duplicate error messages (allow 2000 in 5 minutes) and alerts (allow 100 in 1 hour) before they are suppressed. Avoid duplicate suppression for certain types of alerts, such as configuration changes. Ensure that the severity of a duplicate alert summary message matches the severity of the duplicate messages being suppressed.

  • Address an issue where Server SDK extensions running within a command line tool could cause the process to run out of memory if they logged a high volume of error log messages. Issue:3173

Synchronization Server 3.0.1.0

Resolved Issues

These issues were resolved with version 3.0.1.0 of the Synchronization Server:

  • Change collect-support-data tool to prompt for missing LDAP connection arguments if needed. Issue:2461

  • Fix an issue where the Synchronization Server could occasionally report a severe initialization error on startup leaving the Sync Pipes disabled. Issue:2835

  • The script file for stopping the server on non-Windows operating systems have been modified so that when it is invoked with no arguments, the server is killed using the operating system's kill command, ensuring that the server will have stopped when the script returns. Issue:2821

  • The remove-defunct-server tool has been enhanced to allow the user to choose to continue processing of topology servers even if one of the servers is down. In non-interactive mode this is accomplished using the --continueOnError option. Issue:2856

  • Update the server so that some of the specialized access loggers (e.g., failed operations and expensive operations) do not include messages about intermediate responses. Issue:2822

  • Address an issue with collect-support-data when run on Windows where certain commands that were executed would timeout without reading the full output of the command.

  • Add a new external server type for configuring SMTP servers. This can be used to provide secure connections and authentication to outgoing mail servers. Issue:1150

  • The SNMP Master Agent Plugin is no longer exposed as configurable because it is not a supported component. It is only used for test purposes.

  • Fix a bug in the web console that prevented the creation of configuration objects with a slash character in the name. Issue:2836

  • Add the ability to log debug statements from server components that are running within the context of a command line tool. This also enables logging from third-party extensions developed with the Server SDK to be captured when run from the context of a command line tool. Issue:2834

  • Expose the SyncOperation class where appropriate in the JDBC Sync Source and Destination interfaces for the Server SDK. This is consistent with the other types of sync plugins that have access to the SyncOperation. Issue:2934

  • The dsframework tool has been modified so that whenever a server is registered or updated with port values whose corresponding protocol enablement properties (ldapEnabled, ldapsEnabled) are not present, the tool will automatically set the value of the enablement property to "true". Issue:783

Synchronization Server 3.0.0.0

New Features

These features were added for version 3.0.0.0 of the Synchronization Server:

  • Database Synchronization - Support for high-scale, highly-available data synchronization from one endpoint consisting of one of our supported Directory Servers with the other endpoint consisting of a relational database management system (RDBMS). UnboundID officially supports synchronization with Oracle Database 10g and 11g as well as Microsoft SQL Server 2005 and 2008. The architecture, however, does not make any assumptions about the type of database or schema being managed; any database with a Type 4 JDBC driver can be used.

  • Server SDK - Server-side SDK for extending the functionality of the core server.

  • Synchronization Through Proxy - Support for Synchronizing to or from an load-balanced or entry-balanced proxy server deployment.

  • Virtualization Support - Achieved "VMware Ready Status" for all of our server products, which we now support deploying in VMware environments.

Known Issues and Workarounds

These were known issues at the time of the release of version 3.0.0.0 of the Synchronization Server:

Resolved Issues

These issues were resolved with version 3.0.0.0 of the Synchronization Server:

  • Update the Synchronization Server installer so that all servers within a topology will use the same IntraSync-User password. Issue:1970

  • Add a background retry mechanism to the Synchronization Server so that failed operations can be optionally retried after a specified delay. Issue:2040

  • Add the ability to specify separate destination correlation rules for deleted entries, so that deletes can use a more relaxed set of rules if need be. This can be useful in scenarios where applications delete and then re-add the same entries (with different attributes), for example. Issue:2072

  • Expose version information for many of the libraries used by the server in both "status --fullVersion" and in the "cn=Version,cn=monitor" entry. It will always include the LDAP SDK version number, and if available may also include any or all of the Berkeley DB JE, JZlib, SNMP4J, SNMP4J Agent, and SNMP4J AgentX library versions strings.

  • Add a configuration option that may be used to indicate whether the server should shut down in the event that a severe error (e.g., out of memory) is raised within the JVM that indicates it may not be able to continue running properly. Issue:2265

  • The dsjavaproperties tool now supports options for generating, regenerating, and updating the config/java.properties file. Issue:2280

  • Fix a potential memory leak in the Synchronization Server which could occur during Sync Source failover if there were a large number of pending changes in the queue at the time of failover. Issue:2169

  • Fix a bug in the timestamp-naming mechanism used in log file rotation which could cause log files that were manually renamed to still get rotated and eventually deleted if their names were still parsable as the original file name. Issue:1285

  • Added a safeguard to the LDAP Sync Source so that it will not wait forever for responses to asynchronous changelog searches (particularly with DSEE).

  • Update the stop script so that the "restart" option will correctly restart the server after a successful shutdown Issue:2329 SF#:1362

  • Update dsconfig to work correctly in environments with a server-group set. This issue only affected dsconfig when run in a partially interactive mode where some of the configuration arguments were provided on the command line. The user is now prompted whether the configuration change should be applied to the current server or all servers in the group. Issue:2373 SF#:1370

  • Reduce the maximum timeout value from 10 minutes to 5 minutes for Synchronization Server changelog searches against DSEE, and add some extra checks for connection health. The configured response timeout on the Sync Source is still preferred, but if none is set, then this value will be used as a ceiling. Issue:2383

  • Address an issue where the Unique Attribute Plugin incorrectly detected conflicts when under heavy. Issue:1873

  • Web Console displays a communication error alert when editing configurations objects if the server has been disconnected. Issue:2270 SF#:1239

  • Fix a bug in which the server and tool JVM configurations in java.properties would lack -Xms and/or -Xmx options if the amount of memory specified as the maximum heap size was not available when setup was run. Issue:890

  • Fix a bug in which setup fails if the 'locks' directory is missing, setup erroneously indicated that the server was running.

  • Fix a bug that prevented the display in dsconfig and the web console of configuration objects whose name contained a slash character. Issue:2244 SF#:1373

  • Modify the update tool to disallow the update tool from being used from a package in which setup has been run. Issue:2464

  • Provide a custom title renderer that escapes configuration object names in the web console. This avoids a theoretical security concern with configuration object names that contain embedded JavaScript. Issue:2454

  • Fix a bug in the ldapmodify command-line tool that caused it to incorrectly treat a 'referral' result as success. Referrals are still not supported by this tool, but it will now treat them as a special kind of error and will provide a more useful message. Issue:1062

  • Update the resync tool to fail immediately if no destination servers are available. Issue:1181

  • Generate a warning message at startup if the server is unable to determine the IP address or hostname of the local system, or if the local system's hostname resolves to a different IP address. These conditions may indicate a problem with the system configuration that could cause certain server components to break or function abnormally. Issue:2318

  • Change the way that the serverUUID value is generated so that it is based on a combination of the system's primary IP address and the canonical server root path. This can be used to help detect cases in which a new server instance is created by copying the files associated with an existing server instance, which would have previously created two instances with the same serverUUID value. In the event that the stored serverUUID does not match the generated value, a log message will be generated to warn administrators of the change, and the newly-generated UUID will continue to be used. Issue:2470

  • Remove forced min utilization configuration setting for replication and LDAP change logs. These settings had led to excessive database growth in some circumstance. Issue:2294 SF#:1352

  • Improve the output of the ldapsearch tool to mention that a password has expired when the bind occurs. Issue:1981 SF#:1227

  • Modify the updater so that the --ignoreWarnings option can be used to continue with update when there are warnings related to version compatibility issues. This allows an update to be run in a non-interactive environment, such as a script. Issue:2495

  • The admin alerts list no longer includes alert types that are clearly not applicable to the product. Issue:1738

  • Update generated command line arguments (such as for dsconfig) to be quoted in a mechanism specific to the operating system where they are generated and to eliminate all escaping with \, which had caused problems when replaying certain commands. This is done with as much portability across systems as possible. Issue:2455

  • Update the Synchronization Server to connect immediately to the destination server of a Sync Pipe rather than waiting for a change to come through. This enables the server to show in its status that the destination server is connected. Issues:2005,2389,2547

  • Update the Synchronization Server to send an admin alert when a Sync Pipe fails to start up (because of a configuration error or scripting error) and continue starting other pipes. A new alert type has been added for this condition, called sync-pipe-initialization-error. In the case of such an error, a Sync Pipe may be restarted with the server online via the realtime-sync tool. Issue:2547

  • Update the realtime-sync tool to read arguments from the config/tools.properties file if present. Issue:2513

  • Improved status command output to better inform the user of how the local server status was determined, based on the arguments provided. Issue:2487

  • Update cli documentation to include new commands for updating and reverting a server installation. Issue:2573 SF#:1390

  • Tools using a scope argument are now correctly documented in the CLI documentation. Issue:2594

  • Added a new configuration property to the Sync Class which allows you to control as part of a sync operation whether all attributes should be brought into sync on the destination or only those that were affected by the originally modified attributes at the source. The property is called 'attribute-synchronization-mode'.

  • Several enhancements to the Periodic Stats Logger: all columns in the output can now be turned on/off, many more built-in metrics are available to be logged, and additional custom metrics driven off of cn=monitor entries can be added by creating Custom Logged Status objects. Issue:2039

  • Add extension points for the Synchronization Server. This includes Sync Pipe Plugins, LDAP Sync Source Plugins, and LDAP Sync Destination Plugin. Issue:2410

  • The server now issues an alert when it has begun the startup process. Issue:2642

  • The server now issues an alert when a JVM pause (possibly due to garbage collection) has been detected. Issue:2637

  • The web console now allows the specification of multiple LDAP servers to be used for authentication and discovery of topology servers. Issue:2466

  • The web console now supports specification of a server from its login page. Issue:2190

  • Add an option to display the status for just a specific Sync Pipe in the status command output. This makes the output a lot easier to read if there are multiple Sync Pipes configured. Issue:2606

  • Update the ldappasswordmodify tool to supply the bind password as the user's current password when making a self-change. This is convenient when making a root user password change so that the current password does not have to be specified twice in the command line arguments. Issue:2525

  • Provide better descriptions in the MIB for SNMP trap variable bindings. Issue:2508

  • The file-based loggers now optionally support millisecond level precision. Issue:2603

  • Added a "invoke-gc-day-of-week" property to the Periodic GC Plugin so that it can be configured to run only on certain days of the week. Issue:2660

  • Improve output when JVM errors occur in scripts used to set up environment for command line tools. Issue:2172

  • Update the default JVM arguments to improve garbage collection tuning.

  • Update dsjavaproperties to validate that all java-home properties specified in config/java.properties reference valid Java installations. Issue:2719

  • Fix an issue where the alerts backend could write an incomplete LDIF backing file if an error were to occur during the write. Also, if an error in the LDIF file is discovered when the server is started, the alerts backend will now read as much as it can from the file and preserve a copy of the bad file. Issue:2700

  • Add support for logging intermediate response messages that are returned to the client. Intermediate response logging will be enabled by default, but may be disabled if desired. Issue:2428

  • Address an issue with the web console where it would not allow read-only configuration properties to be set when an object was initially created. Issue:2730

Synchronization Server 2.2.0.0

Resolved Issues

These issues were resolved with version 2.2.0.0 of the Synchronization Server:

  • Modify the command-line argument parsers to generate a warning message if an argument value is the same as the short or long form for another argument. This can help prevent users from forgetting to supply a value for an argument which requires one. Issue:944

  • Update MakeLDIF to add a "" tag that can be used to include a randomly-selected date from any time within the last ten years. It is also possible to use "" to specify the desired time range, where min and max should be given in the generalized time format. Issue:1083

  • Add a new configuration property for alert handlers that makes it possible to filter the types of alerts that should be processed based on the alert severity. By default, all types of alerts will be processed.

  • Modify the prepare-external-server tool so that it will look for trust store and password files in the default locations when using SSL or StartTLS and the locations of those files are not explicitly provided.

  • Provide a new alert handler that can be used to execute a specified command whenever an alert is generated within the server. The details of the alert notification will be provided as arguments when executing that command. The arguments will be provided in the following order: the name of the alert type, the OID for the alert type, the alert severity, the fully-qualified name of the Java class that generated the alert, the unique identifier assigned to that alert, and the text of the alert message. The alert handler will ensure that only one instance of the command may be invoked at a time to avoid problems from commands that aren't safe to run concurrently. If multiple alerts are generated concurrently, then they will be queued and the command will be executed sequentially for each of them. Issue:1146

  • Update the ldapsearch and ldapmodify tools so that in the event that an error response is received from the server, the diagnostic message from that error response will be displayed to the user rather than the generic error message that had previously been used.

  • Add a new error log alert handler, which makes it possible to control which types of alerts should be logged (based on either the alert severity or specific alert type). Further, the severity of the log message will reflect the severity of the alert notification.

  • Update the collect-support-data tool to archive information about the upgrade history of the server installation.

  • Modify the enter-lockdown-mode and leave-lockdown-mode tools to allow them to connect to any local address rather than requiring the request to be sent over the loopback address. Issue:1144

  • Update the LDAP connection handler to disable TLS renegotiation by default, which can eliminate a vulnerability in which a man-in-the-middle could potentially inject arbitrary cleartext between TLS negotiation and initial data from the client.

  • Avoid setting the "-XX:ParallelCMSThreads" JVM argument on systems containing a single CPU. This option has been observed to cause the JVM to fail to run properly, particularly in virtualized environments. Issue:1300

  • Update the system information monitor entry to include information about the system account being used to run the server and a list of all system properties defined in the JVM.

  • Add a new global configuration option which makes it possible to specify the maximum length of time that the server shutdown process may take before it attempts to interrupt threads which have not yet completed their processing. In most cases, server threads will react to a shutdown in a timely manner and no interrupt is needed.

  • Fix a bug in the parallel-update tool that could cause operations to be retried even when the --neverRetry argument was provided. Also, when the tool is configured to retry operations, the reject file will now include the result code and diagnostic message received from the last failure after no more progress can be made, rather than providing a generic message.

  • Fix a bug in the collect-support-data tool that could cause it to make incorrect use of a password file when capturing the output of the status command. Issue:1593

  • Update the SNMP alert handler so that the traps it creates have a more sensible value for the uptime field. Previously, the uptime value was always zero, but it will now reflect the length of time that the Directory Server has been online.

  • Improve the process for stopping threads when the server is shutting down, and provide additional debugging information that may be useful if any threads are slow to stop running. Issue:900

  • Update the ldap-diff tool to take advantage of the stream directory values extended operation when it is available. This can dramatically improve the performance of the tool when attempting to identify the set of all entries in the server. Issue:794

  • Update the ldap-diff tool to provide support for reading the DNs of all the entries in one or both directories from files instead of obtaining them over LDAP. In directories which do not support the stream directory values extended operation, this may provide a significantly faster way to obtain this information if it is already available in some form.

  • Fix a bug in the ldap-diff tool that could cause it to report incorrect percent complete values when comparing data sets of more than 20 million entries.

  • Fix a bug in the upgrade tool that could cause the same warning message multiple times if the version obtained from the server was different from what was expected (e.g., because a server jar file had previously been replaced without using the upgrade tool). Issue:1640

  • Update the parallel-update tool to add the ability to use the permissive modify request control, which may be used to request that the server ignore attempts to add attribute values which are already present or remove attribute values which are not present.

  • Update the ldap-diff tool to make it more likely that its output can be replayed without any alteration. The order of operations has been updated so that all deletes are listed first, followed by all modifies, and finally all adds. In addition, all delete operations are ordered such that subordinate entries will always be removed before their ancestors.

  • Update the scripts used to stop the server to prevent them from falling through to try to stop the server over LDAP if the attempt to kill the process fails or times out, since the attempt to stop the server over LDAP would fail without at least the appropriate authentication credentials, and could potentially be dangerous in some contexts.

  • Update the system information monitor entry to include information about all environment variables defined in the server process. In addition, it will now attempt to determine and report the process ID of the JVM in which the server is running.

  • Update the logic for sending an e-mail message from the server so that it will always attempt to determine the fully-qualified name of the system to include in the HELO/EHLO request. In the event that the fully-qualified name cannot be determined, then the IP address of the server will be used rather than using an unqualified name. Issue:1337

  • Update the server to make it possible to configure the length of time that name-to-IP address mappings may be cached within the server. This may be useful in environments in which the addresses associated with a particular hostname may change frequently. Issue:941

  • Update the upgrade and revert-upgrade tools to ignore directories that contain backup files. Issue:1143

  • Update the Directory Server to change the implementation of the show-all-attributes configuration option in the schema and root DSE backends to be more robust, particularly for clients requests explicitly requesting a specific set of attributes. Issue:1590

  • Updated the logic used to identify previous log files that had been rotated so that only files with names that might have been created by the rotation process will be candidates for removal by the retention policy. Issue:1285

  • Update the Directory Server to add a search shutdown plugin which can be used to perform a specified internal search when the server is shutting down and have the results of that search written to a specified file. This may be useful, for example, to automatically dump the contents of the monitor backend on shutdown. Issue:1334

  • Update the server so that when creating a duplicate of an existing configuration object, some key properties may be excluded from the clone so that they must be explicitly configured by the administrator rather than automatically using the same value as the object being duplicated. This can help prevent problems in which a duplicated value was inadvertently used. Issue:1675

  • Update the setup process so that the server will be configured without an LDAP connection handler if the "--no-prompt" argument is provided without an "--ldapPort" argument. This option is only available for use when using the non-interactive setup mechanism. Issue:1759

  • Change the behavior of the dsconfig tool when creating a new configuration object so that the user will first be prompted about whether to create a completely new configuration object or clone an existing object. This simplifies the interface and makes it less likely that an administrator will incorrectly attempt to clone an existing object rather than creating a new one. Issue:1747

  • Update a number of access log retention policies to make them more robust and to fix bugs that could prevent old log files from being removed when the appropriate conditions were met. Over long periods of time, this could potentially cause available disk space to run low and necessitate the manual removal of files to avoid running out of space. Issues:1867,1867

  • Modify the upgrade process so that schema definitions are always migrated before the configuration. In some rare cases, attempting to migrate the configuration before the schema could lead to failures in the upgrade process. Issue:1812

  • Update the server to prevent multiple loggers from being configured with the same target log file. Issue:1676

  • Significantly revise the upgrade tool in an attempt to make it more robust and minimize the amount of work required for performing an upgrade. Issues:1927,1931,2031,2037

  • Add support for a new search-and-mod-rate command line tool which operates in a manner similar to the searchrate tool but that will also modify any entries returned from the search.

  • Rename the upgrade tool to be "update", and rename the revert-upgrade tool to be "revert-update".

  • Update the Directory Server to make the lockdown-mode privilege usable by non-root users. Issue:1109

  • Update the server so that it includes a patch version number in addition to the existing major, minor, and point version numbers. This can help better distinguish versions with the same major, minor, and point version numbers which differ only based on patches applied.

  • Update the Directory Server to abort the startup process with an error message if the admin data backend includes a malformed entry. Previously, malformed entries in the admin data backend would be silently ignored. Issue:2049

  • Update the collect-support-data tool to change the way that the jstack tool is invoked to dramatically reduce the impact that it has on the running process. Issue:2038

  • Update the export-ldif and verify-index tools so that they can be used against a server whose database files are contained on a read-only filesystem, including a ZFS snapshot. Issue:71

  • Update the alert backend to be able to handle entries with unrecognized alert types. This is unlikely to occur in normal conditions, but could cause a problem in deployments in which the server was upgraded and subsequently reverted, and an alert was generated in the upgraded server that uses an alert type not defined in the older version. Issue:2126

  • Change the way that the worker thread percent busy values are calculated in the work queue monitor entry to make them more accurate. Also, add new recent-average-queue-size and current-worker-thread-percent-busy monitor attributes. Issue:1982

  • Modify the update process to require that the system user performing the update is the same as the system user used to run the server. This will help prevent files from being created or altered during the update process with permissions that would prevent the server from being able to access them when the server is started as the appropriate user. Issue:2158

  • Modify the update tool to ensure that the documentation is updated for the new release if appropriate. Issue:2178

  • Update the dsconfig tool and the Web administration console so that they inform the administrator of any administrative action (e.g., disabling and re-enabling the specified component, or restarting the server) that may be required as a result of a configuration change to be made. Issues:211,2132

  • Update the subject attribute to user attribute certificate mapper to provide support for VeriSign certificates whose subject contained an emailAddress attribute with an unusual encoding. Issue:2177