--- title: Removed description: Lists functionality removed in PingDS releases, including commands, APIs, and configuration options no longer available. component: pingds version: release-notes page_id: pingds::removed canonical_url: https://docs.pingidentity.com/pingds/release-notes/removed.html revdate: 2026-04-20T12:00:00Z keywords: ["Compatibility", "LDAP", "Upgrade"] section_ids: removed-81: DS 8.1 removed-80: DS 8.0 removed-75: DS 7.5 removed-74: DS 7.4 removed-73: DS 7.3 removed-72: DS 7.2 removed-71: DS 7.1 removed-70: DS 7.0 ds_6_5: DS 6.5 --- # Removed The functionality listed here has been removed. ## DS 8.1 * Support for Java 21 has been removed. * Support for the following HTTP authorization mechanisms has been removed: * HTTP OAuth2 CTS * HTTP OAuth2 File * HTTP OAuth2 OpenAM * HTTP OAuth2 Token Introspection (RFC7662) ## DS 8.0 * Support for Java versions before 21 has been removed. * The DS REST to LDAP endpoints, configuration, and gateway have been removed. The DSML gateway has also been removed. For HTTP access to directory data, use [HDAP](https://docs.pingidentity.com/pingds/8/rest-guide/preface.html) instead. * The JMX connection handler has been removed. * The `rehash-policy: always` setting for Bcrypt and PBKDF2-based password policies has been removed. The `rehash-policy` can now be set to `never` (default), `only-decrease`, or `only-increase`. * Support has been removed for CSV, Elasticsearch, JDBC, JMS, Splunk, and Syslog access logs. As a result, the following log publishers have been removed: * `CsvFileAccessLogPublisher` * `CsvFileHttpAccessLogPublisher` Elasticsearch and Splunk have native or third-party tools to collect, transform, and route logs. Learn more in [Third-party software](requirements.html#commons-third-party). * Support has been removed for the `/admin` and `/metrics/api` endpoints. * With the updates to change number indexing, the `dsrepl reset-change-number` command has been removed. The following metrics have also been removed: LDAP: * `ds-mon-indexing-state` * `ds-mon-purge-waiting-for-change-number-indexing` * `ds-mon-replicas-preventing-indexing` * `ds-mon-time-since-last-indexing` Prometheus: * `ds_change_number_indexing_state` * `ds_change_number_time_since_last_indexing_seconds` * `ds_replication_changelog_purge_waiting_for_change_number_indexing` - The `dsconfig` global configuration variable `use-virtual-threads-if-available` has been removed. * The following JE Backend configuration properties have been removed: * `db-checkpointer-wakeup-interval` * `db-evictor-core-threads` * `db-evictor-keep-alive` * `db-evictor-max-threads` * `db-num-cleaner-threads` * `db-num-lock-tables` * `db-run-cleaner` ## DS 7.5 * Support for Java 11 has been removed. When upgrading to this version, follow the instructions in [Before you upgrade](https://docs.pingidentity.com/pingds/7.5/upgrade-guide/before-you-upgrade.html). * The `dsrepl start-disaster-recovery` and `dsrepl end-disaster-recovery` commands have been removed. For instructions on what to use instead, refer to the [disaster recovery](https://docs.pingidentity.com/pingds/7.5/use-cases/disaster-recovery.html) documentation instead. * Support for SNMP monitoring has been removed. * The deprecated `/admin` and `/api` (REST to LDAP) endpoints have been removed from the configuration for new servers. If you must create them temporarily for compatibility, refer to [When adding new servers](https://docs.pingidentity.com/pingds/7.5/upgrade-guide/add-new-servers.html). ## DS 7.4 * The file-based debug log publisher has been removed. An error log publisher now writes debug-level messages. For details, refer to [Debug-level logging](https://docs.pingidentity.com/pingds/7.4/maintenance-guide/troubleshooting.html#troubleshoot-enable-debug-logging). * The Argon2 password storage configuration property `argon2-migration-memory` has been removed. If necessary, set `argon2-memory-pool-size` instead. ## DS 7.3 * The following deprecated command-line options have been removed: `--bindPasswordFile`\ `--deploymentKeyPasswordFile`\ `--keyStorePasswordFile`\ `--monitorUserPasswordFile`\ `--rootUserPasswordFile`\ `--trustStorePasswordFile` Use the `--*:file` alternatives suggested in [Deprecated since DS 7.1](deprecation.html#deprecated-71) instead. With the `setup` command, use the `--keyStorePasswordFilePath` and `--trustStorePasswordFilePath` options to retain the paths to the files in the configuration instead of copying the cleartext passwords. * The `Degraded` replica status and `degraded-status-threshold` configuration property have been removed. When the replication delay is more than five seconds, the `dsrepl status` command reports the replica is `SLOW`. * The advanced LDAP connection handler property `send-rejection-notice` has been removed. The LDAP connection handler no longer sends an extended response message with a notice of disconnection when rejecting a new client connection. ## DS 7.2 * The `lookthrough-limit` setting has been removed. Use `time-limit` instead. ## DS 7.1 * You can no longer add new DS servers to a deployment with OpenDJ 2.6 or earlier servers. Instead, upgrade older servers before adding new servers. * DS server configuration support for extending group implementations, including group implementation configuration objects, their properties, and the related `dsconfig` subcommands. In previous releases, an administrator could disable and enable group implementations, and could change the Java class of a group implementation as part of the server configuration. The default group implementations continue to work as documented in *Groups*. ## DS 7.0 * Support for Java 8 has been removed. Support for 32-bit JVMs has also been removed. When upgrading to this version, follow the instructions in *Before you upgrade*. * The `backup` and `restore` commands have been removed. Use the `dsbackup` command instead. * The `dsreplication` command has been removed. You now configure replication as part of the setup process using the `setup --replicationPort` and `setup --bootstrapReplicationServer` options. For details and examples, refer to *Installation*. For most operations, use the `dsrepl` command. Since replication configuration is part of the setup process, the `dsrepl` command does not include a command for configuring replication. Learn about the new command in *Replication*, and *Changelog for notifications*. To temporarily suspend and resume replication, use the `dsconfig` command. For details, refer to *Disable replication*. * The `ads-truststore` and `ads-truststore.pin` files have been removed. For new deployments, DS servers protect secret keys with a shared master key. The setup process derives the shared master key from the deployment ID and password. * The JVM profiler plugin has been removed. * The following monitoring metrics have been removed: * LDAP metrics: * `ds-mon-approx-oldest-change-not-synchronized` * `ds-mon-approximate-delay` * `ds-mon-missing-changes` * Prometheus metrics: * `ds_replication_changelog_connected_replicas_approx_oldest_change_not_synchronized_seconds` * `ds_replication_changelog_connected_replicas_approximate_delay_seconds` * `ds_replication_changelog_connected_replicas_missing_changes` * The following monitoring metrics depending on the JVM implementation are not stable interfaces. They have been removed from the documentation: * Garbage collection statistics Affected metrics have names like `ds-mon-jvm-garbage-collector-*` under `cn=monitor`, and `ds_jvm_garbage_collector_*` in Prometheus output. * Memory pool use Affected metrics have names like `ds-mon-jvm-memory-pools-*` under `cn=monitor`, and `ds_jvm_memory_pools_*` in Prometheus output. * The `No-Op` alias for the LDAP no-op control (OID: 1.3.6.1.4.1.4203.1.10.2) has been removed. Use the `NoOp` alias or the OID instead. ## DS 6.5 * The `manage-account get-password-history` subcommand has been removed due to security concerns.