This chapter covers the status of key issues and limitations for OpenDJ ${docTargetVersion} and OpenDJ SDK ${sdkDocTargetVersion}. For details and information on other issues, see the OpenDJ issue tracker.

This release contains fixes that resolve security issues within OpenDJ. Older versions of OpenDJ contain these security issues. It is recommended that you upgrade to this release to resolve these security issues. ForgeRock customers can contact support for details. OpenDJ 2.6.0 and later maintenance releases include important improvements to replication. Replication remains fully compatible with earlier versions. However, some operations that work fine with the current OpenDJ release, such as replicating large groups and replicating high volumes of adds and deletes, can cause issues for earlier versions. Make sure you upgrade all servers to this version before allowing clients to take advantage of write operations that could cause trouble for older servers. The following important bugs were fixed in this release. OPENDJ-1322: Control-Panel.bat can not start and stop the OpenDJ server when running as a windows service OPENDJ-1283: Replayed Modify operations are rejected if the backend writability mode is internal-only OPENDJ-1275: Connections stop getting closed due to idle time outs OPENDJ-1270: Avoid unnecessary DNS lookups when performing bind requests OPENDJ-1269: JMX connection counter not being decremented when connections are closed. OPENDJ-1266: State index is not updated when an index is deleted OPENDJ-1249: ConnectionFactory timeout setting is applied for Active Directory persistent search requests OPENDJ-1247: Client side timeouts do not cancel bind or startTLS requests properly OPENDJ-1228: Concatenated schema may contain more than valid schema, possibly leading to further issues OPENDJ-1226: Upgrade should only consider .ldif files under config/schema OPENDJ-1204: Access Log timestamp doesn't have milliseconds for Connect and Disconnect entries OPENDJ-1200: SDK should use octet string matching by default for unrecognized attribute types OPENDJ-1196: updateSchemaFile "succeeds" if it can't find schema in the templates OPENDJ-1190: Under rare circumstances the DS replication recovery thread (RSUpdater) can spin OPENDJ-1183: Can not reset userPassword through REST interface due to lack of privileges OPENDJ-1168: Warning message displayed when heartbeat check fails with a bind connection pool OPENDJ-1160: Write operations to non-groups force groups to be reloaded OPENDJ-1115: Internal errors from ModifyOperation - change number was not found in pending list OPENDJ-1090: ECL changenumbers get reset after a purge and server restart OPENDJ-1048: OpenDJ QuickSetup creates the "licenseAccepted" file in the wrong place OPENDJ-877: ldifsearch.bat is not working OPENDJ-661: TimeoutChecker throws NullPointerException on application shutdown

Release has the following limitations, none of which are new since . OpenDJ directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2. When you configure account lockout as part of password policy, OpenDJ locks an account after the specified number of consecutive authentication failures. Account lockout is not transactional across a replication topology, however. Global account lockout occurs as soon as the authentication failure times have been replicated. OpenDJ is not fully integrated with Microsoft Windows, yet OpenDJ directory server can be run as a service, and thus displayed in the Windows Services Control Panel. OpenDJ replication is designed to permit an unlimited number of replication servers in your topology. Project testing has, however, focused only on topologies of up to eight replication servers. OpenDJ plugin extensions must follow the guidelines set forth in the README file delivered in opendj/example-plugin.zip. When developing your extension, aim to remain loosely coupled with any particular version of OpenDJ. Libraries used must be installed in opendj/lib/extensions/ (or bundle them in your .jar). Keep your configuration separate from the server configuration. Also, unless you are reusing standard schema definitions, keep your schema definitions separate as well. This can affect how your extension works after upgrade. In particular opendj-accountchange-handler-1.0.0 does not work with OpenDJ 2.6.0 after upgrade (OPENDJ-991). See that issue for notes on how make that version of the extension work with OpenDJ 2.6.0.

When deploying for production, make sure that you follow the installation instructions on allowing OpenDJ to use at least 64K (65536) file descriptors, and on tuning the JVM appropriately. The following important issues remained open at the time this release became available. OPENDJ-1309: First dsreplication enable could warn before replicating schema OPENDJ-1294: ldappasswordmodify -D <DN> -w - fails without prompting password from stdin OPENDJ-1290: Nested backends handles hasSubordinates attribute incorrectly OPENDJ-1213: LDIFReader should reject LDIF that contains trailing space OPENDJ-1169: Exception/error lost when logging ERR_LOOP_REPLAYING_OPERATION OPENDJ-1158: rebuild-index leaves backend offline if a backup is running OPENDJ-1151: OpenDJ unable to initialize the SSL context an doesn't start OPENDJ-1146: Memory leak on opendj 2.6.0 OPENDJ-1138: searchrate throws java.lang.IndexOutOfBoundsException OPENDJ-1131: Rest2LDAP fails to start with GlassFish3.1 OPENDJ-1094: ECL virtual lastChangeNumber attribute can decrement OPENDJ-1087: OpenDJ Console: Validation checks missing OPENDJ-1056: secure listener should not be created if proper keying material is not available for some reason OPENDJ-1051: Upgrade: add task to update lastChangeNumber/firstChangeNumber attributes definition when upgrading from 2.4.x OPENDJ-1043: Worker Thread was interrupted while waiting for new work while shutting down OPENDJ-1016: Control panel does not follow static group recommendation from documentation OPENDJ-1009: CryptoManagerTestCase:testStreamEncryptDecryptSuccess fails OPENDJ-1007: InstallHelper: endless loop, etc. OPENDJ-948: unauthorized disclosure of directory contents OPENDJ-934: Changes to RS window-size property require a server restart OPENDJ-862: Strange ds-privilege-name behavior OPENDJ-810: Non-atomic password state updates OPENDJ-640: Text Query Against indexed telephoneNumber Attribute Very Slow OPENDJ-573: mustChangePassword function makes-up password change state OPENDJ-557: Identical changes recorded in duplicate changelog records OPENDJ-527: rebuild-index --rebuildAll corrupts the indexes for certain data sets OPENDJ-518: Cannot log into the administrative control panel with FIPS-140 enabled in certain cases OPENDJ-514: OpenDJ SDK SASL integrity/confidentiality violates protocol OPENDJ-505: dsreplication enable fails when hostname contains an underscore OPENDJ-431: Server side sort control only works on result sets of less than 100000 entries OPENDJ-412: Blocked persistent searches may block all worker threads OPENDJ-365: Potential deadlock in JE backend while performing a mix of update operations OPENDJ-270: dsreplication disable takes a long time OPENDJ-49: Replication replay does not take into consideration the server/backend's writability mode.