Fixed an issue with replace modifications
Fixed an issue that could prevent replace modifications for attribute types
with subordinate types (for example, postalAddress
) from
being properly applied.
Fixed an issue that affects password policies stored outside the server configuration
Fixed a regression that was introduced in the 9.3.0.0 release while making
changes to allow additional values for the
allow-pre-encoded-passwords
property in the password
policy configuration. The issue only affects password policies stored
outside of the server configuration in local DB backends, and only those
policies that include the
ds-cfg-allow-pre-encoded-passwords
attribute.
As part of the change to allow additional values for the
allow-pre-encoded-passwords
configuration property, we
changed the syntax for the underlying attribute type from Boolean to
directory string. When storing values for Boolean attributes in entries that
reside in local DB backends, the server may compact the value to reduce the
amount of space to store the data on disk and in memory. When the syntax for
the attribute type was changed, the server no longer recognized that the
value was compacted, which prevented it from properly interpreting that
value.
This fix allows the server to recognize and properly interpret compacted
values for the ds-cfg-allow-pre-encoded-passwords
attribute
when parsing a password policy definition contained in a local DB backend.
Note that when the password policy entry is retrieved, the attribute may
still appear to have a corrupt value, as the value that is actually stored
in the entry would still represent the compacted token rather than the
logically equivalent Boolean value. Replacing the value of the
ds-cfg-allow-pre-encoded-passwords
attribute in
affected entries with the appropriate value is the best way to address
that.
Made improvements to the Configuration API
The Configuration API no longer treats patch operations with empty arrays as invalid. Instead, it now resets configuration attributes for replace operations with an empty array and ignores add operations with an empty array.
Fixed an issue with the remove-defunct-server command
Fixed an issue with running remove-defunct-server against servers configured with an AES256 password storage scheme where encryption settings were not initialized before initializing password policy components.
Fixed an issue with processing search operations
Fixed an issue that could allow the server to continue processing a search operation for longer than the allowed time limit. Previously, the server would not check the time limit in the course of index processing to identify potential matching entries, and in certain cases where the server had to iterate across a very large number of index keys (for example, when evaluating a range or substring filter component that could match a very large number of entries), the allowed time limit could be exceeded in that portion of the processing.
Fixed an issue that caused a null pointer exception to be thrown
Fixed an issue where a null pointer exception would be thrown when adding a sync server to a topology of two or more existing sync servers using manage-topology add-server.
Improved Active Directory Sync sources
For Active Directory Sync sources, when setting the startpoint to the
end-of-changelog
, extraneous data is no longer sent
from the Active Directory server to the Sync server. With this change,
setting the startpoint to end-of-changelog
should be
faster, particularly for slow networks.
Fixed an issue when enabling or disabling a user in PingOne
Resolved an issue with synchronizing the enabled
attribute
of a user in a PingOne destination. This issue only occurred when attempting
to enable or disable a user in PingOne from the source server.
enabled
status of a user in PingOne, use the dsconfig tool to
create a constructed attribute mapping of the following form. This will
ensure that enabled
will always have a well-defined value,
even if the source attribute is not present on an entry in the source
server.dsconfig create-attribute-mapping --type constructed --map-name mapName --mapping-name enabled --set conditional-value-pattern:'(sourceAttribute=*) : {sourceAttribute}' --set conditional-value-pattern:'(!(sourceAttribute=*)) : true'