OpenDS 0.9.0-build003 is now available

I have just uploaded OpenDS 0.9.0-build003, built from revision 2052 of our source tree, to our weekly builds folder. The direct link to download the core server is The direct link to download the DSML gateway is

I have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL, or visit for more information.

Detailed information about this build is available at Some of the changes that have been incorporated since OpenDS 0.9.0-build002 include:
  • Revision 1997 (Issue #1749) -- Update the way that privileges are evaluated by the server. Previously, they were always evaluated based on the authentication identity. Now, all privileges except proxied-auth are evaluated based on the authorization identity.

  • Revision 2000 (Issue #1760) -- Fix a problem in the access control implementation that could prevent the use of operational attributes in the userattr bind rule.

  • Revision 2001 -- Rename the default error log file name from "error" to "errors" in order to be more consistent with other products.

  • Revision 2002 (Issue #1758) -- Update the server to provide a lockdown mode. This is a mode in which the server will only allow client connections over loopback interfaces, and will reject all requests from non-root users. A task has been added that can allow an administrator to manually enable or disable this mode, and an internal API is available to expose it to other server components.

  • Revision 2004 (issue #609) -- Update the replication mechanism to provide modify conflict resolution for single-valued attributes. This uses a different mechanism than for multi-valued attributes and can allow the server to maintain less historical information for the attribute.

  • Revision 2009 (Issue #1761) -- Fix a problem that could prevent the QuickSetup installer from running properly (especially on Windows systems) if JAVA_HOME is not set.

  • Revision 2010 -- Fix a problem in the error logger that prevented an override severity of "all" from being handled properly.

  • Revision 2011 (Issue #1753) -- Fix a problem on Windows systems where manually running the setup utility where arguments could be incorrectly interpreted.

  • Revision 2017 (Issue #1601) -- Update the QuickSetup and Status Panel tools to improve the way that they handle focus changes between components so that it is easier to interact with these tools using only the keyboard.

  • Revision 2021 (Issue #1616) -- Update the QuickSetup tool so that it will always provide a button that can be used to launch the status panel even if the installation fails.

  • Revision 2024 (Issue #1634) -- Update the GUI tools so that when a text field gets input focus, its text is automatically selected.

  • Revision 2025 (Issue #1764) -- Fix a problem in the replication initialization where it can enter an infinite loop if there is no replication server available.

  • Revision 2026 (Issue #1117) -- Provide an entry cache implementation that is backed by a Berkeley DB JE instance. The backing database can be placed on a tmpfs or other kind of memory-based filesystem to allow for a space-efficient caching mechanism.

  • Revision 2042 (Issue #1750) -- Update the access control handler so that if it encounters any access control rules that cannot be parsed when the server is starting up, they will be logged and the server will be placed in lockdown mode. This will help avoid problems in which an incorrectly-specified access control rule wouldn't be enforced as an administrator intended and inadvertently grant too much access to users.

  • Revision 2045 (Issue #1729) -- Make changes to the server to allow for better integration with the Penrose virtual directory product.

  • Revision 2046 (Issue #1633) -- Ensure that the JMX connection handler is disabled by default. Given that there is currently no way to configure it in the QuickSetup utility, it is better to have it disabled than running, potentially without the administrator knowing about it.

  • Revision 2048 -- Update the global ACI definitions so that they allow read access to the entryUUID operational attribute.

  • Revision 2049 (Issues 660, 1675, 1770) -- Provide a new mechanism for encoding entries. This provides a mechanism for excluding the DN from the encoded entry (which can be helpful for the filesystem entry cache), and also for compressing the object class sets and attribute descriptions to conserve space and improve encode/decode performance.

  • Revision 2050 (Issue #1775) -- Add a virtual attribute provider that can be used to assign entryUUID values for entries in private backends. The entryUUID values for these entries will be based on an MD5 digest of the normalized DN, but this should not present an instability problem because these entries aren't allowed to be renamed.

  • Revision 2051 (Issues #1765, 1776) -- Eliminate the search-unindexed privilege, since the unindexed-search privilege was added to do the same thing. Also, eliminate the index-rebuild privilege and fold all of its functionality into the ldif-import privilege, since having it as a separate privilege didn't add much value and created unnecessary administrative overhead.

  • Revision 2052 -- Update the entry cache initialization process so that a default entry cache is always instantiated before the backends are brought online. This helps avoid problems in backends that attempt to interact with the cache before the full entry cache initialization is complete.


Post a Comment:
Comments are closed for this entry.



Top Tags
« July 2016