Child pages
  • OpenDJ 2.4.6 Release Notes
Skip to end of metadata
Go to start of metadata

OpenDJ is an LDAPv3 compliant directory service, developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes OpenDJ the simplest, fastest directory to deploy and manage.

You can download OpenDJ software from the OpenDJ download page. OpenDJ is free to download, evaluate, and use. You can even check out and modify the source code to build your own version if you prefer.

These release notes are written for everyone working with the OpenDJ 2.4.6 release. Read these notes before you install or upgrade OpenDJ software. These notes cover hardware and software prerequisites for installing and upgrading OpenDJ software. These notes list key features added and changed in this release. They also cover compatibility with previous releases and alert you to potential changes coming up that could affect your scripts and applications. These notes list both issues fixed since the previous release and known issues open at the time of release. Finally, they offer tips on solving problems and getting support.

See the OpenDJ Installation Guide for more after you read these release notes. The installation guide covers installation and upgrade for OpenDJ directory server and OpenDJ DSML gateway. If you are planning to upgrade from OpenDJ 2.4.0 or OpenDS 2.2, make sure you run the script as described in the "Before you upgrade" section of the OpenDJ Installation Guide.

What's New In OpenDJ 2.4.6

Compared to the OpenDJ 2.4.5, OpenDJ 2.4.6 fixes a limited number of issues.

OpenDJ 2.4.6 also includes the following enhancement:

  • OPENDJ-197: Optimize memory usage of the static group cache

OpenDJ Compatibility

This section covers both major changes to existing functionality, and also deprecated and removed functionality.

Changes to existing functionality

When upgrading from 2.4.4 or earlier, the fix for OPENDJ-410 requires that you rebuild the ds-sync-hist index after upgrade, but before restarting OpenDJ.

Deprecated functionality

No functionality is deprecated in OpenDJ 2.4.6.

No functionality is planned to be deprecated at this time.

Removed functionality

No functionality has been removed in OpenDJ 2.4.6.

No functionality is planned to be removed at this time.

OpenDJ Fixes, Limitations, and Known Issues

OpenDJ issues are tracked at This section covers the status of key issues at release 2.4.6.

Fixes since last release

The following issues were fixed since release 2.4.5.

  • OPENDJ-528: rebuild-index doesn't rebuild properly DN2ID after an upgrade from OpenDS 2.2.
  • OPENDJ-522: Add capability to force the upgrade to complete if errors occur in non-interactive mode
  • OPENDJ-520: Worker threads are too greedy when caching memory used for encoding/decoding entries and protocol messages
  • OPENDJ-499: Upgrade 2.4.x branch to JE 4.1.20
  • OPENDJ-487: Normal acis under cn=config are not loaded at startup


Release 2.4.6 has the following limitations.

  • Due to issues found in testing on Windows systems, upgrading OpenDJ directory servers on Windows is not recommended. Instead install a new OpenDJ directory server as a replica of your existing server, applying the same configuration to the new server as you did to the old server. When the new server is up to date, ensure applications access the new server, and then you can stop and remove the old server.
  • OpenDJ directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.
  • When you configure account lockout as part of password policy, OpenDJ locks an account after the specified number of consecutive authentication failures. Account lockout is not transactional across a replication topology, however. Global account lockout occurs as soon as the authentication failure times have been replicated.
  • OpenDJ is not fully integrated with Microsoft Windows, yet OpenDJ directory server can be run as a service, and thus displayed in the Windows Services Control Panel.
  • OpenDJ replication is designed to permit an unlimited number of replication servers in your topology. Project testing has, however, focused only on topologies of up to eight replication servers.

Known issues

The following bugs remained open at the time release 2.4.6 became available. Many of these bugs are fixed in OpenDJ 2.5.0.

When deploying for production, make sure that you follow the installation instructions on allowing OpenDJ to use at least 64K (65536) file descriptors, tuning the JVM appropriately, and increasing database cache size from the default of 10%.

For the latest status, query the OpenDJ bug database online at

  • OPENDJ-552: OpenDJ QuickSetup Finished panel text uses different font sizes
  • OPENDJ-524: CME in LDAPClientConnection when writing many large responses concurrently to the same connection
  • OPENDJ-519: Exception raised when bind fails and debug logging is enabled
  • OPENDJ-518: Cannot log into the administrative control panel with FIPS-140 enabled in certain cases
  • OPENDJ-507: Index may go untrusted without a message in the errors log.
  • OPENDJ-506: NoSuchElementException thrown during replication in java.util.TreeMap.key(
  • OPENDJ-504: Performing Query on telephoneNumber attribute thats not a number returns all entries
  • OPENDJ-494: dsreplication initialize reports negative percentage of completion
  • OPENDJ-493: Error message when parsing Integer attribute with invalid value is incorrect.
  • OPENDJ-488: Cancel request succeeds with result code 118 (CANCELED) when it should receive result code 0 (SUCCESS)
  • OPENDJ-476: Manage Account fails with NPE if target DN does not exist
  • OPENDJ-475: Incorrect behaviour/result code regarding non-critical controls
  • OPENDJ-472: offline import LDIF reject entries, doesn't report the correct count of them, and store them in both rejected and skipped files.
  • OPENDJ-471: FIFOEntryCache may leave stalled data when low in memory.
  • OPENDJ-470: AttributeBuilder's SmallSet doesn't implement the Contains method of a Set
  • OPENDJ-468: Error upgrading from OpenDS 2.0.0 to OpenDJ 2.4.5
  • OPENDJ-463: Unable to remove userPassword;deleted attributes
  • OPENDJ-462: Spinning threads in JE backend importer
  • OPENDJ-459: User's privileges not working with SASL EXTERNAL auth
  • OPENDJ-454: Naming conflict of 2 adds with same DN leaves DIT inconsistent
  • OPENDJ-451: ACLRights and ACLRightsInfo are incorrect when attribute options are used.
  • OPENDJ-450: Attribute options in ACI are not properly handled.
  • OPENDJ-443: dsconfig should return wider range of error codes
  • OPENDJ-442: ldapsearch asking for password with GSSAPI when it should not need to
  • OPENDJ-439: export-ldif on jeb produces duplicate entries
  • OPENDJ-433: Every other permissions-subjects pair in ACI is ignored
  • OPENDJ-432: LDAPURL doesn't always url-decode baseDN
  • OPENDJ-427: AuthenticatedConnectionFactory hides exception with NPE
  • OPENDJ-423: Single AND component filter causes an uncatch exception in ECL (
  • OPENDJ-414: Avoid displaying debug messages to stdout when running various tools
  • OPENDJ-412: Blocked persistent searches may block all worker threads
  • OPENDJ-405: Upgrade fails in many cases when configuration modified in the server to upgrade.
  • OPENDJ-399: DirectoryException thrown processing of virtual static groups during backend initialization
  • OPENDJ-398: Misleading replication messages: "Replication server XXXX was attempting to connect to replication server YYYY but has disconnected in handshake phase"
  • OPENDJ-390: ConcurrentModificationException during backup all
  • OPENDJ-384: Substring search on entryUUID fails with a NullPointerException
  • OPENDJ-380: index-entry-limit=0 not working as expected
  • OPENDJ-379: Improve help for the db-evictor-nodes-per-scan parameter.
  • OPENDJ-377: Kerberos authentication with AD KDC fails with LoginException(Client not found in Kerberos database (6))
  • OPENDJ-365: Potential deadlock in JE backend while performing a mix of update operations
  • OPENDJ-356: Task email shows as from opends-task-notification
  • OPENDJ-347: Misleading error when running setup
  • OPENDJ-344: Upgrade fails when there's an extension with additional JAR dependency.
  • OPENDJ-339: Don't register alert handler in unique attribute plugin until we are sure that the configuration is valid
  • OPENDJ-338: Referential integrity plugin updates internal state when validating configuration
  • OPENDJ-337: dsconfig allows users to create hidden components such as network group plugin
  • OPENDJ-333: Missing entryUUID attributes in "cn=admin data" backend prevent updates from being replicated.
  • OPENDJ-332: In Replication server Replication Server 9989 15435: replication servers and have the same ServerId : 12360
  • OPENDJ-323: If you attempt to rebuild an index that doesn't exist while OpenDJ is running then the backend is left offline
  • OPENDJ-322: Binary encoding option causing problems in replace operations
  • OPENDJ-318: QuickSetup upgrade does not start server if upgrade completed checked
  • OPENDJ-315: OpenDJ not restart when enable as automatic windows service after reboot
  • OPENDJ-314: OpenDJ as Windows Service can not be stopped using control-panel
  • OPENDJ-312: Control Panel Restore Verify Backup fails with a NPE if no base DN
  • OPENDJ-311: setup --cli throws IllegalStateException in getConnectTimeout
  • OPENDJ-310: Replicated changes to referral entries are not applied on replicas
  • OPENDJ-301: Unauthenticated rebuid indexes only shuts down the backend
  • OPENDJ-298: Review screen content is wrong when using QuickSetup
  • OPENDJ-278: ldapSubentry entries should have an implicit scope of { base="" } when no subtree specification is specified
  • OPENDJ-270: dsreplication disable takes a long time
  • OPENDJ-255: Incorrect dsconfig usage for setting multiple property values at once
  • OPENDJ-249: dsreplication disable --disableAll error removing contents of "cn=admin data"
  • OPENDJ-219: Replication server and draft changelog DB code may attempt to reference closed DB
  • OPENDJ-209: dsframework cannot connect
  • OPENDJ-208: Schema changes over LDAP allow duplicate attributes depending if the attribute is defined as single-valued or not
  • OPENDJ-204: QuickInstaller uses browser's current proxy settings for verifying listener port acces
  • OPENDJ-200: On Windows ldapmodify.bat -f cannot accept relative path
  • OPENDJ-169: Modifying an existing object class definition requires server restart
  • OPENDJ-161: Windows services still refers to the OpenDJ server as opends.
  • OPENDJ-150: ChangeLogEntry schema is not compliant with internet-draft
  • OPENDJ-137: Windows Service management flakiness
  • OPENDJ-136: On Windows, upgrade fails with NPE during Verify phase
  • OPENDJ-135: upgrade -r fails on Windows
  • OPENDJ-134: upgrade fails when server registered as Windows service
  • OPENDJ-132: upgrade utility does not accept relative path
  • OPENDJ-126: Bad syntax for lastChangeNumber, firstChangeNumber, and lastExternalChangelogCookie
  • OPENDJ-122: add child, del parent before child replicated causes unresolved conflict
  • OPENDJ-119: Enabling replication results in ERROR_UNEXPECTED if other RS down
  • OPENDJ-118: RS load balancing does not occur after an RS becomes available after an outage
  • OPENDJ-115: Make replication connection timeouts and various monitoring intervals configurable
  • OPENDJ-114: Import failure: cursors left open due to RuntimeException in failed attribute indexing thread
  • OPENDJ-113: Permissive Modify Control fails when deleting non existing attribute
  • OPENDJ-112: The changelog virtual attribute appears in all entries, should only apply to the rootDSE
  • OPENDJ-110: Searches on dc=replicationchanges return incomplete results for certain types of LDAP modifications.
  • OPENDJ-108: Wrong icon in QuickSetup on Windows
  • OPENDJ-104: Remove Thread.sleep() synchronization design anti-pattern in replication code.
  • OPENDJ-102: Windows 7 French locale: setup, status, uninstall commands display garbage characters in cmd.exe
  • OPENDJ-100: ControlPanel display schema elements as Custom schema when using remote connection a server (and standard for local)
  • OPENDJ-98: Searches on cn=monitor take a long time
  • OPENDJ-88: Online backup of cn=config does not work
  • OPENDJ-82: Improve dsreplication status script friendly mode.
  • OPENDJ-66: DS does not failover between replication servers in different groups when configured explicitly for one of the groups
  • OPENDJ-64: Exception and stacktrace while running dsreplication
  • OPENDJ-61: Log LDAP protocol version in bind request logging
  • OPENDJ-51: ECL: virtual attributes are calculated twice per retrieval and gratuitously allocate memory
  • OPENDJ-49: Replication replay does not take into consideration the server/backend's writability mode.
  • OPENDJ-46: Extensible filters which use dnAttributes are not processed correctly when there is an existing index for the named attribute
  • OPENDJ-28: Investigate why Virtual Attribute unit tests take so long.
  • OPENDJ-25: Over-verbose logging of LDAP compare operations in access log
  • OPENDJ-24: Fix OpenDS issue 4583: during a search op, ACI with targetfilter and targetattrs gets evaluated wrongly
  • OPENDJ-22: Abandon operations are not always removed from pending list on completion.
  • OPENDJ-21: Account Status Notifications (password changed/reset) are not sent for the Password Modify Extended Operation
  • OPENDJ-20: Replication/update don't work when extending the schema from scemafiles

Tested Operating Systems and Application Servers

OpenDJ software depends on the Java environment more than it depends on the underlying operating systems.

That said, OpenDJ 2.4.6 has been validated on the following operating systems.

  • Apple Mac OS X 10.7
  • Linux 2.6 and later
  • Microsoft Windows Server 2008
  • Oracle Solaris 10

OpenDJ 2.4.6 DSML gateway has been validated on Apache Tomcat 6.

Available Locales

OpenDJ administrative tools and log messages have been translated into the following languages.

  • French
  • German
  • Japanese
  • Simplified Chinese
  • Spanish

Several messages are also translated into Catalan, Korean, Polish and Traditional Chinese.

Note - Certain SEVERE and FATAL error messages are displayed in English only.

How to Report Problems and Provide Feedback

If you have questions regarding OpenDJ which are not answered by the documentation or here in the wiki, there is a mailing list which can be found at where you are likely to find an answer.

If you have found issues or reproducible bugs within OpenDJ 2.4.6, report them in

When requesting help with a problem, please include the following information:

  • Description of the problem, including when the problem occurs and its impact on your operation
  • Machine type, operating system version, web container and version, JDK version, and OpenDJ release version, including any patches or other software that might be affecting the problem
  • Steps to reproduce the problem
  • Any error logs or core dumps


You can purchase OpenDJ support subscriptions and training courses from ForgeRock and from consulting partners around the world and in your area. To contact ForgeRock, send mail to To find a partner in your area, see

  • No labels