Skip to navigation

Enhancement Advisory 389-ds-base bug fix and enhancement update

Advisory: RHEA-2011:1711-2
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2011-12-06
Last updated on: 2011-12-06
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated 389-ds-base packages that fix several bugs and add various enhancements
are now available for Red Hat Enterprise Linux
6.

The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

This update fixes the following bugs:

* If a server sent a response to an unbind request and the client simply
closed the connection, Directory Server 8.2 logged "Netscape Portable
Runtime error -5961 (TCP connection reset by peer.)". (BZ#720458)

* An incorrect SELinux context caused AVC errors in
/var/log/audit/audit.log. (BZ#752155)

* A number of memory leaks and performance errors were fixed. (BZ#697663,
BZ#700665, BZ#711533, BZ#711241, BZ#726136, BZ#700215).

* The DS could not restart after a new object class was created which used
the entryUSN attribute. (BZ#711266)

* The ns-slapd process segfaulted if suffix referrals were enabled.
(BZ#712167)

* A high volume of TCP traffic could cause the slapd process to quit
responding to clients. (BZ#711513)

* Attempting to delete a VLV index caused the server to hang. (BZ#714298)

* Connections to the DS by an RSA authentication server using simple paged
results by default would timeout. (BZ#720051)

* Running a simple paged search against a subtree with a host-based ACI
would hang the server. (BZ#735217)

* If the target attribute list for an ACI had syntax errors and more than
five attributes, the server crashed. (BZ#733443)

* It was not possible to set account lockout policies after upgrading from
RHDS 8.1. (BZ#734267)

* Adding an entry with an RDN containing a % caused the server to crash.
(BZ#720452)

* Only FIPS-supported ciphers can be used if the server is running in FIPS
mode. (BZ#709868)

* It is possible to disable SSLv3 and only allow TLS. (BZ#711265)

* If the changelog was encrypted and the certificate became corrupt, the
server crashed. (BZ#713317, BZ#713318)

* If the passwordisglobalpolicy attribute was enabled on a chained server,
a secure connection to the master failed. (BZ#733434)

* If a chained database was replicated, the server could segfault.
(BZ#714310)

* Editing a replication agreement to use SASL/GSS-API failed with GSS-API
errors. (BZ#694571)

* In replication, a msgid may not be sent to the right thread, which
caused "Bad parameter to an LDAP routine" errors. This causes failures to
propagate up and halt replication. (BZ#742611)

* Password changes were replicated among masters replication, but not to
consumers. (BZ#701057)

* If an entry was modified on RHDS and the corresponding entry was deleted
on the Windows side, the sync operation attempts to use the wrong entry.
(BZ#717066)

* Some changes were not properly synced over to RHDS from Windows.
(BZ#734831)

* RHDS entries were not synced over to Windows if the user's CN had a
comma. (BZ#726273)

* Intensive update loads on master servers could break the cache on the
consumer, causing it to crash. (BZ#718351)

* Syncing a multi-valued attribute could delete all the other instances of
that attribute when a new value was added. (BZ#699458)

* If a synced user subtree on Windows was deleted and then a user password
was changed on the RHDS, the DS would crash. (BZ#729817)

This update provides the following enhancements:

* The nsslapd-idlistscanlimit configuration attribute can be set
dynamically, instead of requiring a restart. (BZ#742382)

* Separate resource limits can be set for paged searches, independent of
resource limits for regular searches. (BZ#742661)

* The sudo schema has been updated. (BZ#720459)

* A new configuration attribute sets a different list of replicated
attributes for a total update versus an incremental update. (BZ#739959)

* A new configuration option allows the server to be started with an
expired certificate. (BZ#733440)

* New TLS/SSL error messages have been added to the replication error log
level. (BZ#720461)

Users are advised to upgrade to these updated 389-ds-base packages, which
resolve these issues and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
389-ds-base-1.2.9.14-1.el6.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: eae219f4ab8de157203a7e9b8b56f516
SHA-256: 555e60e5263d2425e59b91ab11416ca9afae22a757be7b20babb81871a6d4c63
 
IA-32:
389-ds-base-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61029208a1c1a6615c427669123ee202
SHA-256: 5fa208b895e983a7e0ea0d8536285ca409ba5186fff1b0804270f06b8f4d26f7
389-ds-base-debuginfo-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0d9be4c6f6f4209a5dc340b11bcc4d73
SHA-256: b96b25e2b2318323dd2d15f308ffd9094ad60bc272cc547bb93f33eda39c3fa6
389-ds-base-devel-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: aa985f81f62284f9cec169101126c7aa
SHA-256: 79bcebded4e9fb2b8d1f753f6482f0f153a0ddbf21e591a243bddfcbf35fe7d6
389-ds-base-libs-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: bb72d0d1b93e2814ee2c31cd810adcb1
SHA-256: f826515f5f1bbb1d67c26120dddfea7565c0c9b09fca240811b61fb04adb2326
 
x86_64:
389-ds-base-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0b8fe1ec38a22fe939bdbc3b866dac70
SHA-256: d314487c07c94e25e0998d13b0497bfa9a61ddcc653f0c76285ed985190049ac
389-ds-base-debuginfo-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0d9be4c6f6f4209a5dc340b11bcc4d73
SHA-256: b96b25e2b2318323dd2d15f308ffd9094ad60bc272cc547bb93f33eda39c3fa6
389-ds-base-debuginfo-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0fb04cd138532805ca89c710ac97192b
SHA-256: f9586466cd7fc6aff8db59b2a06e24ac414622c7fb9a320043f860b5ccc78924
389-ds-base-devel-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: aa985f81f62284f9cec169101126c7aa
SHA-256: 79bcebded4e9fb2b8d1f753f6482f0f153a0ddbf21e591a243bddfcbf35fe7d6
389-ds-base-devel-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ec0129598226cda1ca0d191dc9a28fc7
SHA-256: ddb4c659da40701e01425067c56d00b672f5b9efec424e13b36693a3137cfb9b
389-ds-base-libs-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: bb72d0d1b93e2814ee2c31cd810adcb1
SHA-256: f826515f5f1bbb1d67c26120dddfea7565c0c9b09fca240811b61fb04adb2326
389-ds-base-libs-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 7f1b23b4a0f8c423c563ed69846dc3ee
SHA-256: bfbf2192f4430974ec77589be3edf9fa36c99a6ccd83ac1f8bbb38c63a2dc5a9
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
389-ds-base-1.2.9.14-1.el6.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: eae219f4ab8de157203a7e9b8b56f516
SHA-256: 555e60e5263d2425e59b91ab11416ca9afae22a757be7b20babb81871a6d4c63
 
x86_64:
389-ds-base-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0b8fe1ec38a22fe939bdbc3b866dac70
SHA-256: d314487c07c94e25e0998d13b0497bfa9a61ddcc653f0c76285ed985190049ac
389-ds-base-debuginfo-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0d9be4c6f6f4209a5dc340b11bcc4d73
SHA-256: b96b25e2b2318323dd2d15f308ffd9094ad60bc272cc547bb93f33eda39c3fa6
389-ds-base-debuginfo-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0fb04cd138532805ca89c710ac97192b
SHA-256: f9586466cd7fc6aff8db59b2a06e24ac414622c7fb9a320043f860b5ccc78924
389-ds-base-devel-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: aa985f81f62284f9cec169101126c7aa
SHA-256: 79bcebded4e9fb2b8d1f753f6482f0f153a0ddbf21e591a243bddfcbf35fe7d6
389-ds-base-devel-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ec0129598226cda1ca0d191dc9a28fc7
SHA-256: ddb4c659da40701e01425067c56d00b672f5b9efec424e13b36693a3137cfb9b
389-ds-base-libs-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: bb72d0d1b93e2814ee2c31cd810adcb1
SHA-256: f826515f5f1bbb1d67c26120dddfea7565c0c9b09fca240811b61fb04adb2326
389-ds-base-libs-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 7f1b23b4a0f8c423c563ed69846dc3ee
SHA-256: bfbf2192f4430974ec77589be3edf9fa36c99a6ccd83ac1f8bbb38c63a2dc5a9
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
389-ds-base-1.2.9.14-1.el6.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: eae219f4ab8de157203a7e9b8b56f516
SHA-256: 555e60e5263d2425e59b91ab11416ca9afae22a757be7b20babb81871a6d4c63
 
IA-32:
389-ds-base-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61029208a1c1a6615c427669123ee202
SHA-256: 5fa208b895e983a7e0ea0d8536285ca409ba5186fff1b0804270f06b8f4d26f7
389-ds-base-debuginfo-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0d9be4c6f6f4209a5dc340b11bcc4d73
SHA-256: b96b25e2b2318323dd2d15f308ffd9094ad60bc272cc547bb93f33eda39c3fa6
389-ds-base-devel-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: aa985f81f62284f9cec169101126c7aa
SHA-256: 79bcebded4e9fb2b8d1f753f6482f0f153a0ddbf21e591a243bddfcbf35fe7d6
389-ds-base-libs-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: bb72d0d1b93e2814ee2c31cd810adcb1
SHA-256: f826515f5f1bbb1d67c26120dddfea7565c0c9b09fca240811b61fb04adb2326
 
x86_64:
389-ds-base-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0b8fe1ec38a22fe939bdbc3b866dac70
SHA-256: d314487c07c94e25e0998d13b0497bfa9a61ddcc653f0c76285ed985190049ac
389-ds-base-debuginfo-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0d9be4c6f6f4209a5dc340b11bcc4d73
SHA-256: b96b25e2b2318323dd2d15f308ffd9094ad60bc272cc547bb93f33eda39c3fa6
389-ds-base-debuginfo-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0fb04cd138532805ca89c710ac97192b
SHA-256: f9586466cd7fc6aff8db59b2a06e24ac414622c7fb9a320043f860b5ccc78924
389-ds-base-devel-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: aa985f81f62284f9cec169101126c7aa
SHA-256: 79bcebded4e9fb2b8d1f753f6482f0f153a0ddbf21e591a243bddfcbf35fe7d6
389-ds-base-devel-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ec0129598226cda1ca0d191dc9a28fc7
SHA-256: ddb4c659da40701e01425067c56d00b672f5b9efec424e13b36693a3137cfb9b
389-ds-base-libs-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: bb72d0d1b93e2814ee2c31cd810adcb1
SHA-256: f826515f5f1bbb1d67c26120dddfea7565c0c9b09fca240811b61fb04adb2326
389-ds-base-libs-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 7f1b23b4a0f8c423c563ed69846dc3ee
SHA-256: bfbf2192f4430974ec77589be3edf9fa36c99a6ccd83ac1f8bbb38c63a2dc5a9
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
389-ds-base-1.2.9.14-1.el6.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: eae219f4ab8de157203a7e9b8b56f516
SHA-256: 555e60e5263d2425e59b91ab11416ca9afae22a757be7b20babb81871a6d4c63
 
IA-32:
389-ds-base-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61029208a1c1a6615c427669123ee202
SHA-256: 5fa208b895e983a7e0ea0d8536285ca409ba5186fff1b0804270f06b8f4d26f7
389-ds-base-debuginfo-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0d9be4c6f6f4209a5dc340b11bcc4d73
SHA-256: b96b25e2b2318323dd2d15f308ffd9094ad60bc272cc547bb93f33eda39c3fa6
389-ds-base-devel-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: aa985f81f62284f9cec169101126c7aa
SHA-256: 79bcebded4e9fb2b8d1f753f6482f0f153a0ddbf21e591a243bddfcbf35fe7d6
389-ds-base-libs-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: bb72d0d1b93e2814ee2c31cd810adcb1
SHA-256: f826515f5f1bbb1d67c26120dddfea7565c0c9b09fca240811b61fb04adb2326
 
x86_64:
389-ds-base-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0b8fe1ec38a22fe939bdbc3b866dac70
SHA-256: d314487c07c94e25e0998d13b0497bfa9a61ddcc653f0c76285ed985190049ac
389-ds-base-debuginfo-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0d9be4c6f6f4209a5dc340b11bcc4d73
SHA-256: b96b25e2b2318323dd2d15f308ffd9094ad60bc272cc547bb93f33eda39c3fa6
389-ds-base-debuginfo-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 0fb04cd138532805ca89c710ac97192b
SHA-256: f9586466cd7fc6aff8db59b2a06e24ac414622c7fb9a320043f860b5ccc78924
389-ds-base-devel-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: aa985f81f62284f9cec169101126c7aa
SHA-256: 79bcebded4e9fb2b8d1f753f6482f0f153a0ddbf21e591a243bddfcbf35fe7d6
389-ds-base-devel-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ec0129598226cda1ca0d191dc9a28fc7
SHA-256: ddb4c659da40701e01425067c56d00b672f5b9efec424e13b36693a3137cfb9b
389-ds-base-libs-1.2.9.14-1.el6.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: bb72d0d1b93e2814ee2c31cd810adcb1
SHA-256: f826515f5f1bbb1d67c26120dddfea7565c0c9b09fca240811b61fb04adb2326
389-ds-base-libs-1.2.9.14-1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 7f1b23b4a0f8c423c563ed69846dc3ee
SHA-256: bfbf2192f4430974ec77589be3edf9fa36c99a6ccd83ac1f8bbb38c63a2dc5a9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

694571 - Replica Installation logs scary GSSAPI errors
697663 - memory leak: entryusn value is leaked when an entry is deleted
699458 - windows sync can lose old multi-valued attribute values when a new value is added
700215 - ldclt core dumps
700665 - Linked attributes callbacks access free'd pointers after close
701057 - userpasswd not replicating
705172 - 389-ds should only be supported and supplied in channels for i386 and x86_64 Server distributions - RHEL 6.1 0day Advisory
711241 - memory leak found by reliab12
711265 - [RFE] Cannot disable SSLv3 and use TLS only
711266 - DS can not restart after create a new objectClass has entryusn attribute
711513 - slapd stops responding
711516 - Support upgrade from Red Hat Directory Server
711533 - Memory leak: when extra referrals configured
712167 - ns-slapd segfaults using suffix referrals
713317 - Cert renewal for attrcrypt and encchangelog
713318 - Cert renewal for attrcrypt and encchangelog
714298 - unresponsive LDAP service when deleting vlv on replica
714310 - Segmentation fault (core dumped) while doing Import in a Replication Setup.
717064 - rhds82 - incr update state stop_fatal_error "requires administrator action", with extop_result: 9
717066 - winsync uses old AD entry if new one not found
718351 - Intensive updates on masters could break the consumer's cache
720051 - RSA Authentication Server timeouts when using simple paged results on RHDS 8.2.
720452 - RDN with % can cause crashes or missing entries
720458 - Directory Server 8.2 logs "Netscape Portable Runtime error -5961 (TCP connection reset by peer.)" to error log whereas Directory Server 8.1 did not.
720459 - Sudo Schema is old and needs updating
720461 - Need TLS/SSL error messages in repl status and errors log
725912 - Instance upgrade fails when upgrading 389-ds-base package
726136 - Directory server hangs during unit tests
726273 - Winsync: DS entries fail to sync to AD, if the User's CN entry contains a comma
729816 - upgrade DB to upgrade from entrydn to entryrdn format is not working.
729817 - delete user subtree container in AD + modify password in DS == DS crash
733440 - [RFE] add option to allow server to start with an expired certificate
733442 - Ignore an error 32 in this case since we're adding a new AutoMember definition
733443 - large targetattr list with syntax errors cause server to crash or hang
734267 - upgradednformat failed to add RDN value - subtree and user account lockout policies implemented?
734831 - WinSync: Certain entries in DS are not updated properly when using WinSync API
735217 - simple paged search + ip/dns based ACI hangs server
736137 - renaming a managed entry does not update mepmanagedby
739959 - [RFE] Allow separate fractional attrs to be defined for incremental and total protocols
742382 - [RFE] allow nsslapd-idlistscanlimit to be set dynamically and per-user



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/