Linux 2.6 and later

Microsoft Windows Server 2008, 2008 R2, 2012, and 2012 R2

Oracle Solaris 10, 11

Improvements to the LDIF import feature have resulted in the following changes:

Improvements that allow OpenDJ directory server to use pluggable backends have resulted in incompatible updates to some backup archives:

Rather than using a backup archive with the backup command, use a file system backup if you must revert an upgrade to 3. After successful upgrade, do not restore backup archives generated with older versions of the backup command.

LDAP SDK 3 makeldif.template files are not backwards-compatible with the OpenDJ directory server make-ldif command.

When specifying a branch in LDAP SDK makeldif templates, you must now also specify the object classes for the branch. Server make-ldif templates require branch specifications that do not specify the object classes for the branch.

The GUI tools do not delete their temporary log files.

The following global ACI settings have changed:

When you upgrade from earlier versions of OpenDJ directory server, the previous global-aci settings are not updated. To apply the changes manually, change the relevant global-aci settings by using the dsconfig command. For an example of how to change a global-aci property, see Example 6.2, "ACI: Disable Anonymous Access" in the Administration Guide.

Support for Java 6 has been removed.

The dsframework command has been removed.

The local-db backend database type has been removed, and replaced with pluggable backend database types.

Some commands have changed as a result. The dbtest utility has been removed, and replaced by the backendstat command.

The dsconfig subcommands pertaining to local-db backends have been removed, and replaced with subcommands for pluggable backends.

The OpenDJ directory server upgrade command migrates directory data to pluggable backends, updating the directory configuration in the process.

The OpenDJ LDAP SDK version used in this release is not compatible with the 2.x SDK.

OPENDJ-2339: RDNs with single space values cause problems

OPENDJ-2274: OpenDJ: World-readable permissions are set on the config.ldif.startok and archived-config files.

OPENDJ-2196: OpenDJ does not return the isMemberOf attribute via REST

OPENDJ-2159: PDB Storage is read-only when using the verify-index tool on Windows

OPENDJ-2152: ldapsearch ignores ldapsearch.useSSL=true in a tools.properties

OPENDJ-2046: HTTP Connection Handler doesn't return anything and spins on connection closure

OPENDJ-2027: Command-line tools requiring arguments should display usage if none are given

OPENDJ-1969: IdleTimeLimitThread fails with null ConnectionHandlers or null ClientConnections

OPENDJ-1968: NPE in GoverningStructureRuleVirtualAttributeProvider if entry has no structural object classes

OPENDJ-1882: currentConnections from cn=monitor is not decremented when JMX connections close

OPENDJ-1829: JMX connector listens on a random port number

OPENDJ-1764: admin-backend.ldif can end up empty

OPENDJ-1610: Original password is not put in password history when password is reset without specifying the new password

OPENDJ-1586: Nested groups fail to return indirect members with DBs larger than 10 entries

OPENDJ-1443: OpenDJ returns an "invalid credential:expired" when password has expired even if the provided password is wrong

OPENDJ-1431: Trimming of draftcndb gets stuck, changelog keeps growing in size

OPENDJ-1427: Control panel reports duplicate ds-sync-hist values for pwdHistory

OPENDJ-1366: Arguments logged in wrong order for ERROR_REPLAYING_OPERATION

OPENDJ-1359: Control panel requires incremental backups specify the parent

OPENDJ-1354: replication threads BLOCKED in pendingChanges queue

OPENDJ-1322: Control-Panel.bat can not start and stop the OpenDJ server when running as a windows service

OPENDJ-1294: ldappasswordmodify -D <DN> -w - fails without prompting password from stdin

OPENDJ-1283: Replayed Modify operations are rejected if the backend writability mode is internal-only

OPENDJ-1275: Connections stop getting closed due to idle time outs

OPENDJ-1269: JMX connection counter not being decremented when connections are closed.

OPENDJ-1239: dsreplication logs warnings for each replication server under cn=monitor

OPENDJ-1228: Concatenated schema may contain more than valid schema, possibly leading to further issues

OPENDJ-1226: Upgrade should only consider .ldif files under config/schema

OPENDJ-1204: Access Log timestamp doesn't have milliseconds for Connect and Disconnect entries

OPENDJ-1196: updateSchemaFile "succeeds" if it can't find schema in the templates

OPENDJ-1190: Under rare circumstances, the DS replication recovery thread (RSUpdater) can spin

OPENDJ-1183: Cannot reset userPassword through REST interface due to lack of privileges

OPENDJ-1172: Deadlock between replication threads during shutdown.

OPENDJ-1160: Write operations to non-groups force groups to be reloaded

OPENDJ-1148: VLV rebuildTask needs improvement

OPENDJ-1146: Memory leak in OpenDJ 2.6.0

OPENDJ-1142: OpenDJ setup does not work in Java8 EA - A security class cannot be found in this JVM

OPENDJ-1138: searchrate throws java.lang.IndexOutOfBoundsException

OPENDJ-1131: Rest2LDAP fails to start with GlassFish3.1

OPENDJ-1115: Internal errors from ModifyOperation - change number was not found in pending list

OPENDJ-1094: ECL virtual lastChangeNumber attribute can decrement

OPENDJ-1090: ECL changenumbers get reset after a purge and server restart

OPENDJ-1056: Secure listener should not be created if proper keying material is not available

OPENDJ-1048: OpenDJ QuickSetup creates the "licenseAccepted" file in the wrong place

OPENDJ-1043: Worker Thread was interrupted while waiting for new work while shutting down

OPENDJ-1016: Control panel does not follow static group recommendation from documentation

OPENDJ-948: Unauthorized disclosure of directory contents

OPENDJ-737: OpenDJ Administration Connector KeyStore Pin File must be defined and non empty

OPENDJ-452: Manual add of new schema objectclass in 99-user.ldif are not replicated

OPENDJ-49: Replication replay does not take into consideration the server/backend's writability mode.

OpenDJ directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.

When you configure account lockout as part of password policy, OpenDJ locks an account after the specified number of consecutive authentication failures. Account lockout is not transactional across a replication topology, however. Global account lockout occurs as soon as the authentication failure times have been replicated.

When creating additional database backends, adjust the database cache settings to avoid allocating all memory available to the JVM to database cache. Over-allocating memory to database cache leads to out of memory errors.

By default, a new database backend has db-cache-percent set to 50. When creating a new database backend, you can raise or lower this value by using the --set db-cache-percent:value option, where value is the percentage of JVM memory to allocate to the new backend.

PDB backend databases limit key size to two KB. In practice, this means, for example, that DN size is limited to roughly two KB.

Attempts to create an entry with a DN (or other key) larger than the limit cause a KeyTooLongException in the underlying backend.

OpenDJ replication is designed to permit an unlimited number of replication servers in your topology. Project testing has focused on topologies of up to eight replication servers.

Antivirus and intrusion detection systems that do a deep inspection of database files are not compatible with OpenDJ directory server. Disable antivirus and intrusion detection systems, or at least prevent them from operating on OpenDJ directory server files.

OpenDJ plugin extensions must follow these guidelines:

This can affect how your extension works after upgrade. In particular, opendj-accountchange-handler-1.0.0 does not work with OpenDJ after upgrade (OPENDJ-991). See that issue for notes on how make that version of the extension work with OpenDJ after upgrade.

OPENDJ-2631: OOME error while importing 100M entries (online-import) causes the server to crash

OPENDJ-2624: start-ds in split mode on Windows randomly times out

OPENDJ-2609: NoSuchElementException on ldapsearch --sortorder when using corresponding vlv index

OPENDJ-2605: Debian packages should be idempotent

OPENDJ-2573: Steady high modification load can cause PDB database to grow indefinitely

OPENDJ-2515: CommonAudit throughput regression

OPENDJ-2506: Create-backend on Windows: problem with db-cache-percent management

OPENDJ-2496: Replication on Windows: Failure when stopping a server

OPENDJ-2446: dsreplication purge-historical uses an inappropriate amount of server memory if many entries match search criteria

OPENDJ-2415: OpenDJ : ldapmodify fails to add like values with differing case, when caseExactIA5Match is used

OPENDJ-2408: Setup fails on windows if the opendj instance path contains spaces

OPENDJ-2222: OpenDJ: Server should not allow creation of a new backend with a sub-suffix when the entry exists in the parent suffix and backend

OPENDJ-2190: Replicas cannot always keep up with sustained high write throughput

OPENDJ-2074: excessive emails on out of space condition

OPENDJ-2048: Setup.bat fails to launch GUI mode, whereas setup.bat --verbose succeeds

OPENDJ-2007: tools.properties in instance config folder no longer used

OPENDJ-1998: yum remove depends on running server

OPENDJ-1906: Improve static group refresh performance

OPENDJ-1880: KeyTooLongException when creating entries whose dn is longer that 2Kb

OPENDJ-1783: Unfair write lock policy may cause unpredictable response times

OPENDJ-1776: Pure RSes cannot detect disk low/full

OPENDJ-1667: dsconfig batch file processing removes double and single-quotes from attribute values

OPENDJ-1633: Unable to run tools in offline mode when tools.properties is set up

OPENDJ-1583: Update procedure of opendj rpm does not consider ownership of processes and files

OPENDJ-1555: Unresponsive persistent searches on cn=changelog can block the whole server

OPENDJ-1363: JMXMBean does not handle local connections correctly

OPENDJ-1309: First dsreplication enable could warn before replicating schema

OPENDJ-1290: Nested backends handles hasSubordinates attribute incorrectly

OPENDJ-1279: HTTP Connection Handler sometimes returns Internal Server Error when under stress

OPENDJ-1213: LDIFReader should reject LDIF that contains trailing space

OPENDJ-1192: Modify request replay failures

OPENDJ-1169: Exception/error lost when logging ERR_LOOP_REPLAYING_OPERATION

OPENDJ-1158: rebuild-index leaves backend offline if a backup is running

OPENDJ-1151: OpenDJ unable to initialize the SSL context an doesn't start

OPENDJ-1087: OpenDJ Console: Validation checks missing

OPENDJ-1071: Tasks sometimes fail with error message "There are no tasks defined with ID ..."

OPENDJ-1052: Exception is logged during dsreplication enable when cn=admin user doesn't exist

OPENDJ-1007: InstallHelper: endless loop, and other issues

OPENDJ-990: dsreplication ignores parameter --propertiesFilePath

OPENDJ-954: Restarted DS fails to detect if it is out of sync

OPENDJ-934: Changes to RS window-size property require a server restart

OPENDJ-862: Strange ds-privilege-name behavior

OPENDJ-810: Non-atomic password state updates

OPENDJ-640: Text Query Against indexed telephoneNumber Attribute Very Slow

OPENDJ-573: mustChangePassword function makes-up password change state

OPENDJ-561: Add operation doesn't get password policy from ds-pwp-password-policy-dn;collective

OPENDJ-560: Add operation doesn't use subentry-based password policy

OPENDJ-557: Identical changes recorded in duplicate changelog records

OPENDJ-527: rebuild-index --rebuildAll corrupts the indexes for certain data sets

OPENDJ-518: Cannot log in to the administrative control panel with FIPS-140 enabled in certain cases

OPENDJ-505: dsreplication enable fails when hostname contains an underscore

OPENDJ-454: Naming conflict of 2 adds with same DN leaves DIT inconsistent

OPENDJ-431: Server-side sort control only works on result sets of less than 100000 entries

OPENDJ-412: Blocked persistent searches may block all worker threads

OPENDJ-390: ConcurrentModificationException during backup all

OPENDJ-270: dsreplication disable takes a long time