Critical Fixes

This release of PingDirectory Server addresses critical issues from earlier versions. Update all affected servers appropriately.

No critical issues have been identified

Resolved Issues

The following issues have been resolved with this release of PingDirectory Server:

Ticket ID Description

Fixed an issue where the manage-profile replace-profile subcommand was unable to create new local DB backends through dsconfig. Also fixed an issue where replace-profile could not export and re-import data from a server with multiple backends.


Fixed an issue that could prevent some tools from running properly with an encrypted file.


Fixed an issue where some state associated with a JMX connection was not freed after the connection was closed. This led to a slow memory leak in servers that were monitored by an application that created a new JMX connection each polling interval.


Before starting replication calculates the total backlog for each replica by adding up the outstanding changes for each remote replica. With this change obsolete replicas will no longer be included in the calculation.


Improved the logic used to determine an appropriate replication database cache size. The previous fixed size of 5MB was found to be too small in some cases, and the replication database could grow larger than expected. In deployments in which the JVM has access to at least 500MB of memory, the replication database cache will now be permitted to use up to 1% of that memory. The former 5MB cache size will still be used in deployments with access to less than 500MB of memory.


Fixed an issue that stopped new extensions from being installed.


Fixed an issue with the way the server reports memory usage after completing an explicitly requested garbage collection.


Trimming of replication changes database no longer gets stuck when the sequence number of the first change is greater than the sequence number of the last change, which can happen when "dsreplication initialize" is used to initialize a target with changes that are older than the changes the target previously had.


Updated the server to make the general monitor entry available to JMX clients.


Updated the manage-profile replace-profile subcommand to check for encryption-related arguments in setup-arguments.txt when determining if an export and re-import of user data is necessary.


Updated the cn=Cluster subtree to prevent clustered configuration changes when servers in the cluster have mixed versions. To make clustered configuration changes, either update all servers in the cluster to the same version, or temporarily create separate clusters by server version by changing the cluster-name property on the server instance configuration objects.


To avoid inconsistencies, changing clustered configuration will now require all servers in the cluster to be on the same product version. Servers will not pull any clustered configuration from the master of the cluster if they are on a different product version.


Obsolete changes are now removed from the replication database of the target system when the target system is initialized.


Fixed an issue with manage-profile replace-profile where certain configuration changes for recurring task chains were not being applied.


Fixed an issue that prevented password changes for topology administrators unless their password policy was configured to allow pre-encoded passwords.


Fixed an issue where schema changes to a user-defined object class with one or more subordinate classes were not written to the schema file until additional schema changes were made.


Fixed an issue with in which the server may not generate an account status notification for the account-updated notification type for modify operations unless the operation also qualifies for other types of account status notifications.


Fixed an issue in which the Directory REST API could fail to decode certain credentials when using basic authentication.


Upgrade to jetty 9.4.30


Added a remove-attribute-type-from-schema tool that can be used to safely remove an attribute type definition from the server schema. It will ensure that the attribute type is not in use, and it will clean up metadata references to that attribute type that could have previously required re-importing the data before the attribute type could actually be removed from the schema.

The remove attribute type processing can also be requested programmatically through an administrative task.


Fixed an issue where paged subtree searches posted to the Directory Rest API failed with error message: "Unable to decode the cookie in the simple paged results control value", whenever the search returned entries with DN length approaching or exceeding 127 characters.