eFix 3.2.2-SWD-002 README for SecureWay Directory 3.2.2 Windows-based Server Installations Contents 1) eFix 3.2.2-SWD-002 1a) General description 1b) Problems fixed 1b.i) New fixes in 3.2.2-SWD-002 1b.ii) Fixes in 3.2.2-SWD-001 1b.iii) Platforms 1b.iv) Dependencies 1b.v) Files replaced or added by this eFix 1b.vi) eFix contents 1b.vii) Applying the eFix 1b.viii) Confirming the eFix has been applied successfully 1b.ix) Additional usage notes 1) eFix 3.2.2-SWD-002 Date: March 31, 2002 eFix: 3.2.2-SWD-002 Component: SecureWay(R) Directory 3.2.2 (128-bit Encryption Server Installations) 1a) General description The eFix contains fixes for several problems encountered in SecureWay Directory 3.2.2. The APAR number for each problem is listed in the "Problems fixed" section. Refer to the specific APAR for more detail about each problem. For information on changes and fixes that occurred after the product documentation had been translated, see the SecureWay Directory Version 3.2.2 README Addendum. This file is in English only. This file can also be found on the IBM(R) SecureWay Directory Library Web page using a link from http://www.software.ibm.com/network/directory/library. You can get to the latest information here: http://www-4.ibm.com/software/network/directory/library/v322/addendum322.htm1b) Problems fixed 1b.i) New fixes in 3.2.2-SWD-002 APAR IR47735 (CMVC 71113) Support using { as first character in LDAP user passwords. APAR IR47802 (CMVC 70356) Doing an ldapsearch on the Root DSE or Monitor class using * or attributes to be returned is not working with 3.2.2. This fix will allow the search "ldapsearch -sbase objectclass=* *" to return all attributes in the root DSE. APAR IR48028 (CMVC 70625) Adding an attribute and modifying ACLs to an objectclass causes the ACL's to not work correctly unless slapd is rebooted. APAR IR48052 (CMVC 71113) When you modify the attribute userpassword for an existing user with a hashed value the server cores. APAR IR48137 (CMVC 71629) Using 3.2.2 efix1, you may see Memory Leak during unbind Operation (in some cases~100 bytes per unbind). APAR IR48168 (CMVC 71121) When upgrading to 3.2.2 and running changelog with peer masters, replication will not be started until replica objects are added to both peer masters. APAR IR48126 (CMVC 71523) Fixes the problem where the LDAP server will intermittently core when interacting with the iPlanet proxy Client and Directory Access Router (iDAR). APAR IR48300 (CMVC 71282) Memory Leak in acl cache. APAR IR48302 (CMVC 70876) Several errors were corrected dealing with messaged displayed when using the ldapcfg script. These could have caused the wrong error message, or no error message to be displayed. 1b.ii) Fixes in 3.2.2-SWD-001 APAR IR47193 (CMVC 68302) An entry is added to the changelog when slapd restarts. This entry must not be added. It also is not passed from peer to peer. APAR IR47323 (CMVC 68444) Slapi_Search_Internal API takes a long time to return data compared with the command line ldapsearch using the same search parameters. APAR IR47324 (CMVC 68572) Removing an attribute breaks access to aclEntrys and exportability using db2ldif. APAR IR47602 (CMVC 69302) Replication failure when performing a modify replace with no value. The request is incorrectly written into the change table. APAR IR47623 (CMVC 68531) Attempting a modify replace on an attribute with syntax integer or timestamp with the same value and is part of the RDN fails. This operation has worked in previous releases. APAR IR47624 (CMVC 68542) Performing an ldapdelete operation incurs a deadlock in the DB2(R) backend, and the LDAP server hangs. APAR IR47625 (CMVC 68545) In a high performing environment such as BluePages, the LDAP server can appear to hang for several minutes at a time. APAR IR47627 (CMVC 68733) The LDAP server encounters function sequence errors when delete operations are performed. APAR IR47629 (CMVC 68805) The LDAP server experiences a memory leak in the client controls portion of the server's operation structure. APAR IR47630 (CMVC 68935) When creating a custom database for the server's backend use, and it is configured for UTF-8 storage, the code page info is not put in slapd32.conf. APAR IR47631 (CMVC 69012) The LDAP server incurs a segmentation fault when writing an audit record with unknown-auth. APAR IR47633 (CMVC 69032) The LDAP server preoperation plugin preoperation value array is not null terminated as required by specifications. APAR IR47635 (CMVC 69277) SASL bind reports success with SSL connections even if using a keyring database label that does not reference an actual certificate. APAR IR47692 (CMVC 70361) For the ldapssl.h include file, SSL return codes must reflect same information present in the GSKIT 5 product. Equivalent items based on the GSKIT 3 product must be removed. APAR IR47874 (CMVC 70380) Bulkload utility fails if shell does not append inherited value to PATH environment variable. APAR IR47886 (CMVC 70068, 70493) Search operations fail, and dbsync process show excessive resource utilitization due to default ldap_desc.deid index. APAR IR47928 (CMVC 69750, 69774) Memory leaks occur in the server process. APAR IR47930 (CMVC 70538) LDAP clients operating on Solaris can hang performing an add operation. APAR IR48029 (CMVC 70142, 70236) Modify ldif processing to allow for sending and receipt value identified to have zero length. 1b.iii) Platforms Windows NT(R) Workstation/Server Version 4.0 with service pack 4 or later. Windows(R) 2000 Professional, Server, or Advanced Server. Windows XP is not supported with 3.2.2 efix2 or earlier at this time. See the README addendum or contact customer support for latest information. 1b.iv) Dependencies SecureWay Directory 3.2.2 or 3.2.2 efix1 must be installed. DB2 Universal Database(TM) version 7.2 FixPack 5 or higher. 1b.v) Files replaced or added by this eFix With %INSTALL_DIR% representing the root of the LDAP installation, the files replaced are: %INSTALL_DIR%/bin/bulkload.exe %INSTALL_DIR%/bin/db2ldif.exe %INSTALL_DIR%/bin/dmt.exe %INSTALL_DIR%/bin/dmtnt.dll %INSTALL_DIR%/bin/ldacfg.dll %INSTALL_DIR%/bin/ldamsg.exe %INSTALL_DIR%/bin/ldap.dll %INSTALL_DIR%/bin/ldapadd.exe %INSTALL_DIR%/bin/ldapdelete.exe %INSTALL_DIR%/bin/ldapmodify.exe %INSTALL_DIR%/bin/ldapmodrdn.exe %INSTALL_DIR%/bin/ldapsearch.exe %INSTALL_DIR%/bin/ldap_plugin_ibm_gsskrb.dll %INSTALL_DIR%/bin/ldif.exe %INSTALL_DIR%/bin/ldif2db.exe %INSTALL_DIR%/bin/libadmin.dll %INSTALL_DIR%/bin/libback-rdbm.dll %INSTALL_DIR%/bin/libcl.dll %INSTALL_DIR%/bin/libldapaudit.dll %INSTALL_DIR%/bin/libslapi.dll %INSTALL_DIR%/bin/libutils.dll %INSTALL_DIR%/bin/ltou.exe %INSTALL_DIR%/bin/miglen.exe %INSTALL_DIR%/bin/runstats.exe %INSTALL_DIR%/bin/slapd.exe %INSTALL_DIR%/bin/task_dbback.exe %INSTALL_DIR%/bin/utol.exe %INSTALL_DIR%/bin/libutlsa.dll %INSTALL_DIR%config/LDAPCfg.jar %INSTALL_DIR%include/ldapssl.h %INSTALL_DIR%/lib/ldap.lib %INSTALL_DIR%/lib/ldapstatic.lib %INSTALL_DIR%/lib/libldif.lib %INSTALL_DIR%/lib/libslapi.lib %INSTALL_DIR%/web/cgi-bin/ %INSTALL_DIR%/web/cgi-bin/ldacgi.exe %INSTALL_DIR%/web/cgi-bin/ldacgi3.exe %INSTALL_DIR%/web/readme/ %INSTALL_DIR%/web/readme/buildno.txt The default for INSTALL_DIR is C:\Program Files\IBM\LDAP. 1b.vi) eFix contents The archive for this eFix is named 3.2.2-SWD-002-WIN.zip. The archive for this eFix includes: - This README file - The file bin/bulkload.exe - The file bin/db2ldif.exe - The file bin/dmt.exe - The file bin/dmtnt.dll - The file bin/ldacfg.dll - The file bin/ldamsg.exe - The file bin/ldap.dll - The file bin/ldapadd.exe - The file bin/ldapdelete.exe - The file bin/ldapmodify.exe - The file bin/ldapmodrdn.exe - The file bin/ldapsearch.exe - The file bin/ldap_plugin_ibm_gsskrb.dll - The file bin/ldif.exe - The file bin/ldif2db.exe - The file bin/libadmin.dll - The file bin/libback-rdbm.dll - The file bin/libcl.dll - The file bin/libldapaudit.dll - The file bin/libslapi.dll - The file bin/libutils.dll - The file bin/ltou.exe - The file bin/miglen.exe - The file bin/runstats.exe - The file bin/slapd.exe - The file bin/task_dbback.exe - The file bin/utol.exe - The file bin/libutlsa.dll - The file config/LDAPCfg.jar - The file include/ldapssl.h - The file lib/ldap.lib - The file lib/ldapstatic.lib - The file lib/libldif.lib - The file lib/libslapi.lib - The file web/cgi-bin/ - The file web/cgi-bin/ldacgi.exe - The file web/cgi-bin/ldacgi3.exe - The file web/readme/ - The file web/readme/buildno.txt 1b.vii) Applying the eFix Your replication environment must be cleaned or resynched, or both. See section 5.2 of the IBM(R) SecureWay(R) Directory Version 3.2.2 Server Readme at: http://www-4.ibm.com/software/network/directory/library/v322/server.htm1. Extract the eFix contents into a scratch directory. Use an unzip utility for extraction. 2. For each of the master and slave server installations targeted to receive the eFix, make sure the servers are stopped prior to applying the eFix. 3. Replace the installed version of each file with the version included in the eFix. Move the currently installed file to a location outside of the LDAP installation filesystem or rename the currently installed file. Copy the extracted files to the correct locations in the install folder. The install version locations for each file are: %INSTALL_DIR%/bin/bulkload.exe %INSTALL_DIR%/bin/db2ldif.exe %INSTALL_DIR%/bin/dmt.exe %INSTALL_DIR%/bin/dmtnt.dll %INSTALL_DIR%/bin/ldacfg.dll %INSTALL_DIR%/bin/ldamsg.exe %INSTALL_DIR%/bin/ldap.dll %INSTALL_DIR%/bin/ldapadd.exe %INSTALL_DIR%/bin/ldapdelete.exe %INSTALL_DIR%/bin/ldapmodify.exe %INSTALL_DIR%/bin/ldapmodrdn.exe %INSTALL_DIR%/bin/ldapsearch.exe %INSTALL_DIR%/bin/ldap_plugin_ibm_gsskrb.dll %INSTALL_DIR%/bin/ldif.exe %INSTALL_DIR%/bin/ldif2db.exe %INSTALL_DIR%/bin/libadmin.dll %INSTALL_DIR%/bin/libback-rdbm.dll %INSTALL_DIR%/bin/libcl.dll %INSTALL_DIR%/bin/libldapaudit.dll %INSTALL_DIR%/bin/libslapi.dll %INSTALL_DIR%/bin/libutils.dll %INSTALL_DIR%/bin/ltou.exe %INSTALL_DIR%/bin/miglen.exe %INSTALL_DIR%/bin/runstats.exe %INSTALL_DIR%/bin/slapd.exe %INSTALL_DIR%/bin/task_dbback.exe %INSTALL_DIR%/bin/utol.exe %INSTALL_DIR%/bin/libutlsa.dll %INSTALL_DIR%config/LDAPCfg.jar %INSTALL_DIR%include/ldapssl.h %INSTALL_DIR%lib/ldap.lib %INSTALL_DIR%lib/ldapstatic.lib %INSTALL_DIR%lib/libldif.lib %INSTALL_DIR%lib/libslapi.lib %INSTALL_DIR%web/cgi-bin/ %INSTALL_DIR%web/cgi-bin/ldacgi.exe %INSTALL_DIR%web/cgi-bin/ldacgi3.exe %INSTALL_DIR%web/readme/ %INSTALL_DIR%web/readme/buildno.txt Again, the default for INSTALL_DIR is C:\Program Files\IBM\LDAP. 4. At this point each of the replica and master servers can be started. 1b.viii) Confirming the eFix has been applied successfully The eFix has been applied successfully if all files included in the eFix have replaced the pre-eFix files of the same names. If after applying the eFix, any facility making use of the SDK has degraded function as compared to its pre-fix operation, please notify SecureWay Directory support personnel. Below is some relevant information on the replacement files: - Filesize for bin/bulkload.exe is 304128 - Filesize for bin/db2ldif.exe is 196608 - Filesize for bin/dmt.exe is 15872 - Filesize for bin/dmtnt.dll is 13312 - Filesize for bin/ldacfg.dll is 42496 - Filesize for bin/ldamsg.exe is 122880 - Filesize for bin/ldap.dll is 410624 - Filesize for bin/ldapadd.exe is 39424 - Filesize for bin/ldapdelete.exe is 22016 - Filesize for bin/ldapmodify.exe is 39424 - Filesize for bin/ldapmodrdn.exe is 23040 - Filesize for bin/ldapsearch.exe is 36352 - Filesize for bin/ldap_plugin_ibm_gsskrb.dll is 22016 - Filesize for bin/ldif.exe is 20992 - Filesize for bin/ldif2db.exe is 198656 - Filesize for bin/libadmin.dll is 195584 - Filesize for bin/libback-rdbm.dll is 761344 - Filesize for bin/libcl.dll is 27136 - Filesize for bin/libldapaudit.dll is 36864 - Filesize for bin/libslapi.dll is 78336 - Filesize for bin/libutils.dll is 975360 - Filesize for bin/ltou.exe is 13824 - Filesize for bin/miglen.exe is 214528 - Filesize for bin/runstats.exe is 185856 - Filesize for bin/slapd.exe is 453632 - Filesize for bin/task_dbback.exe is 26112 - Filesize for bin/utol.exe is 13824 - Filesize for bin/libutlsa.dll is 40448 - Filesize for config/LDAPCfg.jar is 524817 - Filesize for include/ldapssl.h is 15991 - Filesize for lib/ldap.lib is 221100 - Filesize for lib/ldapstatic.lib is 2270892 - Filesize for lib/libldif.lib is 67668 - Filesize for lib/libslapi.lib is 59884 - Filesize for web/cgi-bin/ldacgi.exe is 3065856 - Filesize for web/cgi-bin/ldacgi3.exe is 1444864 - sum -r bin/bulkload.exe results are: 55771 xxxx - sum -r bin/db2ldif.exe results are: 42693 xxxx - sum -r bin/dmt.exe results are: 47567 xxxx - sum -r bin/dmtnt.dll results are: 48961 xxxx - sum -r bin/ldacfg.dll results are: 48907 xxxx - sum -r bin/ldamsg.exe results are: 44309 xxxx - sum -r bin/ldap.dll results are: 46989 xxxx - sum -r bin/ldapadd.exe results are: 12554 xxxx - sum -r bin/ldapdelete.exe results are: 37213 xxxx - sum -r bin/ldapmodify.exe results are: 12554 xxxx - sum -r bin/ldapmodrdn.exe results are: 01619 xxxx - sum -r bin/ldapsearch.exe results are: 26746 xxxx - sum -r bin/ldap_plugin_ibm_gsskrb.dll results are: 53204 xxxx - sum -r bin/ldif.exe results are: 19111 xxxx - sum -r bin/ldif2db.exe results are: 43351 xxxx - sum -r bin/libadmin.dll results are: 05750 xxxx - sum -r bin/libback-rdbm.dll results are: 25256 xxxx - sum -r bin/libcl.dll results are: 10755 xxxx - sum -r bin/libldapaudit.dll results are: 15191 xxxx - sum -r bin/libslapi.dll results are: 40376 xxxx - sum -r bin/libutils.dll results are: 30514 xxxx - sum -r bin/ltou.exe results are: 50551 xxxx - sum -r bin/miglen.exe results are: 14390 xxxx - sum -r bin/runstats.exe results are: 01621 xxxx - sum -r bin/slapd.exe results are: 29919 xxxx - sum -r bin/task_dbback.exe results are: 34105 xxxx - sum -r bin/utol.exe results are: 11317 xxxx - sum -r bin/libutlsa.dll results are: 17044 xxxx - sum -r config/LDAPCfg.jar results are: 56258 xxxx - sum -r include/ldapssl.h results are: 58420 xxxx - sum -r lib/ldap.lib results are: 10435 xxxx - sum -r lib/ldapstatic.lib results are: 10281 xxxx - sum -r lib/libldif.lib results are: 47177 xxxx - sum -r lib/libslapi.lib results are: 45194 xxxx - sum -r web/cgi-bin/ldacgi.exe results are: 03485 xxxx - sum -r web/cgi-bin/ldacgi3.exe results are: 15602 xxxx Each xxxx represents a number which is the number of blocks used by the file. It is left out since this number is filesystem format dependent. The contents of the web/readme/buildno.txt file are: SecureWay Directory Release: aus322ldap Build: 020425a (SWD 322 e-fix2) 1b.ix) Additional usage notes Remove LDAP_DESC_DEID index for improved performance In the 3.2.2 and 3.2.2 efix1 releases, if you loaded your data into a new database using bulkload or db2ldif commands, an index (LDAP_DESC_DEID) is created. Dropping the LDAP_DESC_DEID index in many cases improves performance, especially search operations performance. Starting in the 3.2.2 eFix2, this index is not created by default and it is recommended that it be removed to improve performance. To drop the LDAP_DESC_DEID index, do the following: 1. Stop slapd. 2. db2 connect to ldapb2. 3. Run the following command: db2 DROP INDEX LDAPDB2.LDAP_DESC_DEID 4. Stop and restart DB2.