The current list of fixes and issues reflects OpenDJ in progress as of July 17, 2012. OpenDJ issues are tracked at https://bugster.forgerock.org/jira/browse/OPENDJ.

The following issues were fixed since release . OPENDJ-525: Remove compiler warnings when building using JDK7 OPENDJ-524: CME in LDAPClientConnection when writing many large responses concurrently to the same connection OPENDJ-506: NoSuchElementException thrown during replication in java.util.TreeMap.key(TreeMap.java:1221) OPENDJ-500: Upgrade trunk (2.5.0) to JE 5.0.48 OPENDJ-494: dsreplication initialize reports negative percentage of completion OPENDJ-489: dsconfig is throwing a blank line to stderr on success OPENDJ-477: Adding an entry with binary options fails during reading ldif file OPENDJ-475: Incorrect behaviour/result code regarding non-critical controls OPENDJ-465: WhoAmI Extended operation code duplicates supported controls OPENDJ-459: User's privileges not working with SASL EXTERNAL auth OPENDJ-456: OpenDJ schema replication fails for 3rd server of topology OPENDJ-447: OpenDJ Quicksetup: Problems when hostname cannot be resolved OPENDJ-439: export-ldif on jeb produces duplicate entries OPENDJ-436: Inconsistency between hostname specified in setup and DIGEST-MD5 fqdn of server. OPENDJ-401: Replication fails with Java 7. OPENDJ-396: Remove support for ServiceTag. OPENDJ-378: Remove activation.jar as it's bundled with Java 6 OPENDJ-377: Kerberos authentication with AD KDC fails with LoginException(Client not found in Kerberos database (6)) OPENDJ-363: Make it more obvious in the setup tool that the fully-qualified hostname is critical for all secured connections OPENDJ-361: AttributeBuilderTest unit test fails on OpenJDK OPENDJ-330: Environment variables to override java.properties prefixed by OPENDS_ OPENDJ-327: NPE in access log on clicking "Do not Accept" certificate in Control Panel OPENDJ-322: Binary encoding option causing problems in replace operations OPENDJ-306: Misleading access log error message when client resets the connection. OPENDJ-304: The result code 53 (unwillingToPerform) should only be used for service errors OPENDJ-293: InternalClientConnection memory leak when performing password modify/state extended operations or SASL binds OPENDJ-292: LDAP PTA NPE when base-dn or bind-dn not exist on secondary server OPENDJ-290: LDAP PTA valid auth attempt rejected if AD reset connection OPENDJ-288: Use INVALID_CREDENTIALS result code when disconnecting users because their entry has been deleted OPENDJ-285: Unable to modify users entry after LDAP PTA Policy applied OPENDJ-280: Add support for the LDAP sub-entry control as defined in draft-ietf-ldup-subentry OPENDJ-278: ldapSubentry entries should have an implicit scope of { base="" } when no subtree specification is specified OPENDJ-266: Extra white space in some of the schema files shipped with OpenDJ 2.4 OPENDJ-256: Fix regular unit test failures on 2.4 branch and trunk OPENDJ-252: ControlPanel fails with a Null Pointer Exception with Oracle JDK7. OPENDJ-247: Rename max-entries property in JE backend to something more clearly related to index analysis OPENDJ-241: Unexpected authorization failure when using the assertion control with internal root connections OPENDJ-236: Support dn: and u: authid notation in SambaPasswordPlugin OPENDJ-224: Replication fails when replication server is configured for a network interface which is not an alias of localhost/127.0.0.1 OPENDJ-223: Modify operation isn't replayed on replica exactly as on original server. OPENDJ-219: Replication server and draft changelog DB code may attempt to reference closed DB OPENDJ-212: Need better error message when trying to configure SNMP OPENDJ-211: missing ";" in cookie exchange control causes StringIndexOutOfBoundsException OPENDJ-202: All bind request APIs should take byte or char arrays for passwords OPENDJ-190: Look for tools.properties, etc. in ~/.opendj rather than ~/.opends OPENDJ-181: DirectoryException provided value has an invalid length for a UUID OPENDJ-130: External change log, used in compliance with Internet-draft, shows a divergence between replicas under load. OPENDJ-126: Bad syntax for lastChangeNumber, firstChangeNumber, and lastExternalChangelogCookie OPENDJ-121: Replication failure on startup due to generation ID of -1 OPENDJ-117: Replicated server slow to shutdown and ugly exceptions OPENDJ-106: QuickStart Welcome Panel calls for Java 5, although OpenDJ now requires Java 6 OPENDJ-105: Replication protocol error. Bad message type. org.opends.server.replication.protocol.StopMsg received, ReplServerStartMsg required OPENDJ-103: Replication in 2.4 head and trunk are no longer compatible with 2.4.0 and 2.4.1 OPENDJ-101: NPE when processing UniqueAttributePlugin/AuthenticatedUsers ChangeListener post-sync for moddn operations with conflicts OPENDJ-98: Searches on cn=monitor take a long time OPENDJ-97: Very many minor problems with the error logging for replication OPENDJ-96: Replication server monitor data computation takes too long / blocks rest of server when another RS is cannot be reached OPENDJ-95: Socket leak and constant disconnect/reconnect when a directory server can no longer reach its connected replication server OPENDJ-94: NullPointerException when shutting down worker threads OPENDJ-51: ECL: virtual attributes are calculated twice per retrieval and gratuitously allocate memory OPENDJ-50: ECL base object search operations on cn=changelog take a long time if the change log is big OPENDJ-48: Draft ECL: lastChangeNumber still not calculated correctly OPENDJ-46: Extensible filters which use dnAttributes are not processed correctly when there is an existing index for the named attribute

Release has the following limitations, none of which are new since . OpenDJ directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2. When you configure account lockout as part of password policy, OpenDJ locks an account after the specified number of consecutive authentication failures. Account lockout is not transactional across a replication topology, however. OpenDJ is not fully integrated with Microsoft Windows, yet OpenDJ directory server can be run as a service, and thus displayed in the Windows Services Control Panel. OpenDJ replication is designed to permit an unlimited number of replication servers in your topology. Project testing has, however, focused only on topologies of up to eight replication servers. On Niagara systems such as T2000, hardware SSL crypto acceleration runs more slowly than software crypto acceleration. To work around this issue take the following actions. Add more request handlers to LDAP (for TLS) and LDAPS (for SSL) connection handlers. Disable hardware acceleration for server's JVM by removing the SunPKCS11 security provider from jre/lib/security/java.security.

The following known issues remained open at the time release became available. OPENDJ-534: dsconfig is returning output to stderr rather than stdout OPENDJ-532: When replication is enabled cn=changelog appears in namingcontexts output OPENDJ-527: rebuild-index --rebuildAll corrupts the indexes for certain data sets OPENDJ-505: dsreplication enable fails when hostname contains an underscore OPENDJ-502: DSML gateway not correctly forwarding modifications to userCertificate;binary attributes OPENDJ-501: dsconfig advanced properties for the attribute syntaxes inconsistent OPENDJ-457: Sleeping replication threads prevent server from shutting down OPENDJ-454: Naming conflict of 2 adds with same DN leaves DIT inconsistent OPENDJ-453: Manually deleting an objectclass from 99-user.ldif does not get replicated. OPENDJ-452: Manual add of new schema objectclass in 99-user.ldif are not replicated OPENDJ-449: modifiersName and modifyTimestamp not included in 99-user.ldif for replica OPENDJ-443: dsconfig should return wider range of error codes OPENDJ-431: Server side sort control only works on result sets of less than 100000 entries OPENDJ-405: Upgrade fails in many cases when configuration modified in the server to upgrade. OPENDJ-399: DirectoryException thrown processing of virtual static groups during backend initialization OPENDJ-340: dsreplication disable takes --bindDN, but --adminPassword instead of --bindPassword OPENDJ-329: Starting OpenDJ when port is in use results in exceptions OPENDJ-320: log-file-permissions ignores group permissions OPENDJ-270: dsreplication disable takes a long time OPENDJ-253: Search for draft changeNumber on disabled suffix requires full resync OPENDJ-180: SSL handshake failed after restarting replication server OPENDJ-169: Modifying an existing object class definition requires server restart OPENDJ-118: RS load balancing does not occur after an RS becomes available after an outage OPENDJ-110: Searches on dc=replicationchanges return incomplete results for certain types of LDAP modifications. OPENDJ-104: Remove Thread.sleep() synchronization design anti-pattern in replication code. OPENDJ-88: Online backup of cn=config does not work OPENDJ-49: Replication replay does not take into consideration the server/backend's writability mode. Furthermore when deploying for production, make sure that you follow the installation instructions on allowing OpenDJ to use at least 64K (65536) file descriptors, and tuning the JVM appropriately. For the latest status, query the OpenDJ bug database online at https://bugster.forgerock.org/jira/browse/OPENDJ.