diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata
index c23be8f..e422dd9 100644
--- a/.389-ds-base.metadata
+++ b/.389-ds-base.metadata
@@ -1,2 +1,2 @@
-edf4fc7da08f84699a07586e21d55856e5be7d4f SOURCES/389-ds-base-1.3.4.0.tar.bz2
-7e52309f61c38b241fcdaf0284559d683f3ba700 SOURCES/nunc-stans-0.1.5.tar.bz2
+b598dfe4a27f2518a6625f3852f8462553a6a483 SOURCES/389-ds-base-1.3.5.10.tar.bz2
+835c9788650d1b9ef0896c267b06b9e529612835 SOURCES/nunc-stans-0.1.8.tar.bz2
diff --git a/.gitignore b/.gitignore
index 61b66d3..cf11ad0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/389-ds-base-1.3.4.0.tar.bz2
-SOURCES/nunc-stans-0.1.5.tar.bz2
+SOURCES/389-ds-base-1.3.5.10.tar.bz2
+SOURCES/nunc-stans-0.1.8.tar.bz2
diff --git a/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch b/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch
new file mode 100644
index 0000000..42ca5ca
--- /dev/null
+++ b/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch
@@ -0,0 +1,36 @@
+From e39b61ea17ae2cecbadee304678f6506d228c504 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 7 Jul 2016 14:53:48 -0400
+Subject: [PATCH 0/3] Ticket 48743 - If a cipher is disabled do not attempt to
+ look it up
+
+Description:  Even if a SSL cipher is disabled the server still attempts
+              to locate the cipher in the security library.  If the disabled
+              cipher is unknown it logs a warning at server startup, but
+              if it's disabled there is no reason to check if it exists.
+
+https://fedorahosted.org/389/ticket/48743
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 6b61e05e04661312871c0b1c6121901d786d54c3)
+---
+ ldap/servers/slapd/ssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
+index 12a0360..b176460 100644
+--- a/ldap/servers/slapd/ssl.c
++++ b/ldap/servers/slapd/ssl.c
+@@ -749,7 +749,7 @@ _conf_setciphers(char *ciphers, int flags)
+             if (lookup) { /* lookup with old cipher name and get NSS cipherSuiteName */
+                 for (i = 0; _lookup_cipher[i].alias; i++) {
+                     if (!PL_strcasecmp(ciphers, _lookup_cipher[i].alias)) {
+-                        if (!_lookup_cipher[i].name[0]) {
++                        if (enabled && !_lookup_cipher[i].name[0]) {
+                             slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d.  Ignoring %s",
+                                            ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
+                             continue;
+-- 
+2.4.11
+
diff --git a/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch b/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
deleted file mode 100644
index ee98694..0000000
--- a/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 97da9cb32b41d87d9dc5930a2ad931df559ae7f5 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 23 Jun 2015 14:48:13 -0700
-Subject: [PATCH 1/2] Ticket #48203 - Fix coverity issues - 06/22/2015
-
-Description:
-13294       Uninitialized scalar variable -- retrocl_init_trimming (introduced by #47669)
-13293       Resource leak -- retrocl_init_trimming (introduced by #47669)
-
-2. Defect type: CHECKED_RETURN
-50. ldap/servers/slapd/tools/ldclt/ldapfct.c:1945:
-9.  ldap/servers/slapd/tools/ldclt/ldapfct.c:952:
-    check_return: Calling "addErrorStat" without checking return value
-    (as is done elsewhere 26 out of 28 times).
-
-1. Defect type: COMPILER_WARNING
-2.  ldap/servers/slapd/daemon.c:1412:21:
-    warning: 'tp' may be used uninitialized in this function [-Wmaybe-uninitialized]
-
-https://fedorahosted.org/389/ticket/48203
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 32d45c74231545ad91934147962bfb676dcdd391)
----
- ldap/servers/plugins/retrocl/retrocl_trim.c | 3 ++-
- ldap/servers/slapd/daemon.c                 | 2 +-
- ldap/servers/slapd/tools/ldclt/ldapfct.c    | 4 ++--
- 3 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/plugins/retrocl/retrocl_trim.c b/ldap/servers/plugins/retrocl/retrocl_trim.c
-index 65f3015..b09f669 100644
---- a/ldap/servers/plugins/retrocl/retrocl_trim.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_trim.c
-@@ -412,7 +412,7 @@ void retrocl_housekeeping ( time_t cur_time, void *noarg )
- void retrocl_init_trimming (void)
- {
-     const char *cl_maxage;
--    time_t ageval;
-+    time_t ageval = 0; /* Don't trim, by default */
-     const char *cl_trim_interval;
-     
-     cl_maxage = retrocl_get_config_str(CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE);
-@@ -425,6 +425,7 @@ void retrocl_init_trimming (void)
-                         "retrocl_init_trimming: ignoring invalid %s value %s; "
-                         "not trimming retro changelog.\n",
-                         CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE, cl_maxage);
-+            slapi_ch_free_string((char **)&cl_maxage);
-             return;
-         }
-     }
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 436f3d5..ba73da3 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1026,7 +1026,7 @@ void slapd_daemon( daemon_ports_t *ports )
- 	int threads;
- 	int in_referral_mode = config_check_referral_mode();
- #ifdef ENABLE_NUNC_STANS
--	ns_thrpool_t *tp;
-+	ns_thrpool_t *tp = NULL;
- 	struct ns_thrpool_config tp_config;
- #endif
- 	int connection_table_size = get_configured_connection_table_size();
-diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-index bc8c89d..f906c5a 100644
---- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
-+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-@@ -949,7 +949,7 @@ connectToServer (
-       fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n",
- 			mctx.pid, tttctx->thrdNum, ret,strerror (ret));
-       fflush (stderr);
--      addErrorStat(ret);
-+      (void)addErrorStat(ret);
-       return (-1);
-     }
-     tttctx->ldapCtx = NULL;
-@@ -1942,7 +1942,7 @@ createMissingNodes (
-     printf ("ldclt[%d]: T%03d: Cannot add (%s), error=%d (%s)\n",
- 	mctx.pid, tttctx->thrdNum, nodeDN, ret, my_ldap_err2string (ret));
-     fflush (stdout);
--    addErrorStat(ret);
-+    (void)addErrorStat(ret);
-     return (-1);
-   }
- 
--- 
-1.9.3
-
diff --git a/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch b/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch
new file mode 100644
index 0000000..bb5a3b0
--- /dev/null
+++ b/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch
@@ -0,0 +1,33 @@
+From e23985aa9123b5dda2c7fe6d5205356d3fc4f5b7 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 7 Jul 2016 16:38:13 -0700
+Subject: [PATCH 1/3] Ticket #48755 - moving an entry could make the online
+ init fail
+
+Description: The upgrade script template 91reindex.pl.in had a syntax error.
+See also Bug 1353592 - Setup-ds.pl --update fails
+
+https://fedorahosted.org/389/ticket/48755
+
+Note: one character fix.
+(cherry picked from commit aa64641d1974bb52fc4d02808362e76dd86d9cd0)
+---
+ ldap/admin/src/scripts/91reindex.pl.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/admin/src/scripts/91reindex.pl.in b/ldap/admin/src/scripts/91reindex.pl.in
+index c861f64..99b08e3 100644
+--- a/ldap/admin/src/scripts/91reindex.pl.in
++++ b/ldap/admin/src/scripts/91reindex.pl.in
+@@ -12,7 +12,7 @@ sub runinst {
+     # rdn-format value.  See $rdn_format set below.
+     # If equal to or greater than this value, no need to reindex.
+     # If it needs to be unconditionally reindexed, set 0.
+-    my @rdnconditions = (4)
++    my @rdnconditions = (4);
+ 
+     my $config = $conn->search("cn=config", "base", "(objectclass=*)");
+     if (!$config) {
+-- 
+2.4.11
+
diff --git a/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch b/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
deleted file mode 100644
index f6890db..0000000
--- a/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0ad9acb61f83244af02081ffd79c350af831f21c Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Thu, 18 Jun 2015 15:22:54 +0200
-Subject: [PATCH 2/2] Ticket 48195 - Slow replication when deleting large
- quantities of multi-valued attributes
-
-https://fedorahosted.org/389/ticket/48195
-
-In update resoultion for entry deletion, there is still use of valuearray_find() to find an existingvalue to update its csn.
-with the fix for ticket #346 there exists slapi_valueset_find() which uses the possibility to do a binary search on the
-values.
-Fix: do not use valuearray_find
-
-Review: Rich, Thanks
-(cherry picked from commit 09ab8c799fc3d87db7a5b3aa07eccf9b41ea43d5)
-(cherry picked from commit a980b795ac03200fd01a2d05ce568691681d50ef)
----
- ldap/servers/slapd/valueset.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 73208f5..0cf3ded 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1411,12 +1411,12 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- 		int del_index = -1, del_count = 0;
- 		for (i=0;valuestoupdate[i]!=NULL;++i)
- 		{
--			int index= valuearray_find(a, vs->va, valuestoupdate[i]);
--			if(index!=-1)
-+			Slapi_Value *v = slapi_valueset_find(a, vs, valuestoupdate[i]);
-+			if(v)
- 			{
--				value_update_csn(vs->va[index],t,csn);
-+				value_update_csn(v,t,csn);
- 				if (csnref_updated)
--					valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(vs->va[index]);
-+					valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
- 				valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
- 				valuestoupdate[i]= NULL;
- 				del_count++;
--- 
-1.9.3
-
diff --git a/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch b/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch
new file mode 100644
index 0000000..163431f
--- /dev/null
+++ b/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch
@@ -0,0 +1,209 @@
+From 320ad877fc74b2396fd5dad59cfa990c3ace09f9 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Sat, 9 Jul 2016 18:36:17 -0700
+Subject: [PATCH 2/3] Ticket #48914 - db2bak.pl task enters infinitive loop
+ when bak fs is almost full
+
+Description: A backend helper function dblayer_copyfile returns an error
+when any of the copy operation fails.  But one of the caller functions
+dblayer_backup ignored the error.
+
+This patch checks the error returned from dblayer_copyfile and abort the
+back-up.
+
+Also, more error info is added to the log messages.
+
+https://fedorahosted.org/389/ticket/48914
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit ff997cd6fa5f2a0678721ba0b6a56fdce327feb0)
+---
+ ldap/servers/slapd/back-ldbm/dblayer.c | 95 ++++++++++++++++++++++------------
+ 1 file changed, 61 insertions(+), 34 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
+index 93d42be..783d104 100644
+--- a/ldap/servers/slapd/back-ldbm/dblayer.c
++++ b/ldap/servers/slapd/back-ldbm/dblayer.c
+@@ -5643,18 +5643,16 @@ dblayer_copyfile(char *source, char *destination, int overwrite, int mode)
+     source_fd = OPEN_FUNCTION(source,O_RDONLY,0);
+     if (-1 == source_fd)
+     {
+-        LDAPDebug1Arg(LDAP_DEBUG_ANY,
+-                      "dblayer_copyfile: failed to open source file: %s\n",
+-                      source);
++        LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to open source file %s by \"%s\"\n",
++                       source, strerror(errno));
+         goto error;
+     }
+     /* Open destination file */
+     dest_fd = OPEN_FUNCTION(destination,O_CREAT | O_WRONLY, mode);
+     if (-1 == dest_fd)
+     {
+-        LDAPDebug1Arg(LDAP_DEBUG_ANY,
+-                      "dblayer_copyfile: failed to open dest file: %s\n",
+-                      destination);
++        LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to open dest file %s by \"%s\"\n",
++                       destination, strerror(errno));
+         goto error;
+     }
+     LDAPDebug2Args(LDAP_DEBUG_BACKLDBM,
+@@ -5662,24 +5660,38 @@ dblayer_copyfile(char *source, char *destination, int overwrite, int mode)
+     /* Loop round reading data and writing it */
+     while (1)
+     {
++        int i;
++        char *ptr = NULL;
+         return_value = read(source_fd,buffer,64*1024);
+-        if (return_value <= 0)
+-        {
++        if (return_value <= 0) {
+             /* means error or EOF */
+-            if (return_value < 0)
+-            {
+-                LDAPDebug1Arg(LDAP_DEBUG_ANY,
+-                              "dblayer_copyfile: failed to read: %d\n", errno);
++            if (return_value < 0) {
++                LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to read by \"%s\": rval = %d\n",
++                               strerror(errno), return_value);
+             }
+             break;
+         }
+         bytes_to_write = return_value;
+-        return_value = write(dest_fd,buffer,bytes_to_write);
+-        if (return_value != bytes_to_write)
+-        {
+-            /* means error */
+-            LDAPDebug1Arg(LDAP_DEBUG_ANY,
+-                          "dblayer_copyfile: failed to write: %d\n", errno);
++        ptr = buffer;
++#define CPRETRY 4
++        for (i = 0; i < CPRETRY; i++) { /* retry twice */
++            return_value = write(dest_fd, ptr, bytes_to_write);
++            if (return_value == bytes_to_write) {
++                break;
++            } else {
++                /* means error */
++                LDAPDebug(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to write by \"%s\"; real: %d bytes, exp: %d bytes\n",
++                          strerror(errno), return_value, bytes_to_write);
++                if (return_value > 0) {
++                    bytes_to_write -= return_value;
++                    ptr += return_value;
++                    LDAPDebug1Arg(LDAP_DEBUG_ANY, "dblayer_copyfile: retrying to write %d bytes\n", bytes_to_write);
++                } else {
++                    break;
++                }
++            }
++        }
++        if ((CPRETRY == i) || (return_value < 0)) {
+             return_value = -1;
+             break;
+         }
+@@ -5906,10 +5918,15 @@ dblayer_copy_directory(struct ldbminfo *li,
+                 return_value = dblayer_copyfile(filename1, filename2,
+                                                 0, priv->dblayer_file_mode);
+             }
++            if (return_value < 0) {
++                LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copy_directory: Failed to copy file %s to %s\n",
++                               filename1, filename2);
++                slapi_ch_free((void**)&filename1);
++                slapi_ch_free((void**)&filename2);
++                break;
++            }
+             slapi_ch_free((void**)&filename1);
+             slapi_ch_free((void**)&filename2);
+-            if (0 > return_value)
+-                break;
+ 
+             (*cnt)++;
+         }
+@@ -6165,9 +6182,14 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task)
+                                          changelog_destdir, DBVERSION_FILENAME);
+             return_value = dblayer_copyfile(pathname1, pathname2,
+                                             0, priv->dblayer_file_mode);
+-            slapi_ch_free_string(&pathname1);
+             slapi_ch_free_string(&pathname2);
+             slapi_ch_free_string(&changelog_destdir);
++            if (0 > return_value) {
++                LDAPDebug1Arg(LDAP_DEBUG_ANY, "Backup: Failed to copy file %s\n", pathname1);
++                slapi_ch_free_string(&pathname1);
++                goto bail;
++            }
++            slapi_ch_free_string(&pathname1);
+         }
+         if (priv->dblayer_enable_transactions) {
+             /* now, get the list of logfiles that still exist */
+@@ -6240,15 +6262,15 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task)
+                     return_value = dblayer_copyfile(pathname1, pathname2,
+                         0, priv->dblayer_file_mode);
+                     if (0 > return_value) {
+-                        LDAPDebug2Args(LDAP_DEBUG_ANY, "Backup: error in "
+-                            "copying file '%s' (err=%d) -- Starting over...\n",
+-                            pathname1, return_value);
++                        LDAPDebug2Args(LDAP_DEBUG_ANY, "Backup: error in copying file '%s' (err=%d)\n",
++                                       pathname1, return_value);
+                         if (task) {
+-                            slapi_task_log_notice(task,
+-                                "Error copying file '%s' (err=%d) -- Starting "
+-                                "over...", pathname1, return_value);
++                            slapi_task_log_notice(task, "Error copying file '%s' (err=%d)",
++                                                  pathname1, return_value);
+                         }
+-                        ok = 0;
++                        slapi_ch_free((void **)&pathname1);
++                        slapi_ch_free((void **)&pathname2);
++                        goto bail;
+                     }
+                     if ( g_get_shutdown() || c_get_shutdown() ) {
+                         LDAPDebug0Args(LDAP_DEBUG_ANY, "Backup aborted\n");
+@@ -6276,9 +6298,8 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task)
+         slapi_task_log_notice(task, "Backing up file %d (%s)", cnt, pathname2);
+         slapi_task_log_status(task, "Backing up file %d (%s)", cnt, pathname2);
+     }
+-    return_value =
+-             dblayer_copyfile(pathname1, pathname2, 0, priv->dblayer_file_mode);
+-    if (return_value) {
++    return_value = dblayer_copyfile(pathname1, pathname2, 0, priv->dblayer_file_mode);
++    if (0 > return_value) {
+         LDAPDebug(LDAP_DEBUG_ANY,
+                   "Backup: error in copying version file "
+                   "(%s -> %s): err=%d\n",
+@@ -6458,11 +6479,12 @@ static int dblayer_copy_dirand_contents(char* src_dir, char* dst_dir, int mode,
+ 				slapi_task_log_status(task, "Moving file %s",
+                                           filename2);
+ 			}
+-			return_value = dblayer_copyfile(filename1, filename2, 0,
+-                                               mode);
++			return_value = dblayer_copyfile(filename1, filename2, 0, mode);
+ 	   }
+-       if (0 > return_value)
++       if (0 > return_value) {
++         LDAPDebug1Arg(LDAP_DEBUG_ANY, "dblayer_copy_dirand_contents: failed to copy file %s\n", filename1);
+          break;
++       }
+     }
+     PR_CloseDir(dirhandle);
+   }
+@@ -6838,6 +6860,10 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char *
+                                               changelogdir, DBVERSION_FILENAME);
+                     return_value = dblayer_copyfile(filename1, filename2,
+                                                     0, priv->dblayer_file_mode);
++                    if (0 > return_value) {
++                        LDAPDebug1Arg(LDAP_DEBUG_ANY, "Restore: failed to copy file %s\n", filename1);
++                        goto error_out;
++                    }
+                 }
+                 continue;
+             }
+@@ -6897,6 +6923,7 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char *
+         return_value = dblayer_copyfile(filename1, filename2, 0,
+                                         priv->dblayer_file_mode);
+         if (0 > return_value) {
++            LDAPDebug1Arg(LDAP_DEBUG_ANY, "Restore: failed to copy file %s\n", filename1);
+             goto error_out;
+         }
+         cnt++;
+-- 
+2.4.11
+
diff --git a/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch b/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
deleted file mode 100644
index 93e3d89..0000000
--- a/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 2ad324a00c8e429171d5c096a56c32aed3206466 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 1 Jul 2015 18:16:20 -0700
-Subject: [PATCH 3/7] Ticket #48212 - Dynamic nsMatchingRule changes had no
- effect on the attrinfo thus following reindexing, as well.
-
-Description: When nsMatchingRule was dynamically updated in an index entry,
-the value was set to the configuration but was not applied to the attribute
-info.  On-line reindexing following the nsMatchingRule change actually ignored
-the setting. On the other hand, the standalone utility dbverify independently
-picked up the nsMatchingRule from the configuration and generated the attribute
-info, which expected the index reindexed based upon the new nsMatchingRule. But
-it was actually not and dbverify reported the index corruption.
-
-This patch applies the changes to the attribute info when nsMatchingRule is
-modified.
-
-https://fedorahosted.org/389/ticket/48212
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit d9679725e69df1d191864ca00bad6b79b13e7362)
-(cherry picked from commit d15beff66fd28902bd8ca80af12ad76a7ecbe57d)
----
- ldap/servers/slapd/back-ldbm/ldbm_attr.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-index 62ed6e1..092b6b5 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-@@ -127,7 +127,16 @@ ainfo_dup(
-   attrinfo_delete_idlistinfo(&a->ai_idlistinfo);
-   a->ai_idlistinfo = b->ai_idlistinfo;
-   b->ai_idlistinfo = NULL;
--  
-+
-+  /* copy cmp functions and substr lengths */
-+  a->ai_key_cmp_fn = b->ai_key_cmp_fn;
-+  a->ai_dup_cmp_fn = b->ai_dup_cmp_fn;
-+  if (b->ai_substr_lens) {
-+    size_t substrlen = sizeof(int) * INDEX_SUBSTRLEN;
-+    a->ai_substr_lens = (int *)slapi_ch_calloc(1, substrlen);
-+    memcpy(a->ai_substr_lens, b->ai_substr_lens, substrlen);
-+  }
-+
-   return( 1 );
- }
- 
--- 
-1.9.3
-
diff --git a/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch b/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch
new file mode 100644
index 0000000..47a9740
--- /dev/null
+++ b/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch
@@ -0,0 +1,64 @@
+From 6e3de01c0a6f07f82d514d0d7f546a4eb408a445 Mon Sep 17 00:00:00 2001
+From: Viktor Ashirov <vashirov@redhat.com>
+Date: Mon, 11 Jul 2016 10:10:42 +0200
+Subject: [PATCH 3/3] Ticket #48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't
+ install 389-ds-base-snmp
+
+Bug description:
+During upgrade from 389-ds-base version <1.3.5.5 additional
+package 389-ds-base-snmp is not installed.
+
+Fix description:
+Move "Obsoletes:" section from %description to %package.
+
+https://fedorahosted.org/389/ticket/48918
+
+Reviewed by: nhosoi@redhat.com.
+
+(cherry picked from commit f593ae7790e3372c6812bfe59e58e6d709ec171f)
+---
+ rpm/389-ds-base.spec.in | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
+index d08d379..0924cb5 100644
+--- a/rpm/389-ds-base.spec.in
++++ b/rpm/389-ds-base.spec.in
+@@ -47,6 +47,8 @@ Group:            System Environment/Daemons
+ BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+ Obsoletes:        %{name}-selinux
+ Conflicts:        selinux-policy-base < 3.9.8
++# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
++Obsoletes:        %{name} <= 1.3.5.4
+ Requires:         %{name}-libs = %{version}-%{release}
+ Provides:         ldif2ldbm 
+ 
+@@ -152,9 +154,6 @@ isn't what you want. Please contact support immediately.
+ Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
+ %endif
+ 
+-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+-Obsoletes:        %{name} <= 1.3.5.4
+-
+ %package          libs
+ Summary:          Core libraries for 389 Directory Server (%{variant})
+ Group:            System Environment/Daemons
+@@ -213,13 +212,12 @@ Development Libraries and headers for the 389 Directory Server base package.
+ Summary:          SNMP Agent for 389 Directory Server
+ Group:            System Environment/Daemons
+ Requires:         %{name} = %{version}-%{release}
++# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
++Obsoletes:        %{name} <= 1.3.5.4
+ 
+ %description      snmp
+ SNMP Agent for the 389 Directory Server base package.
+ 
+-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+-Obsoletes:        %{name} <= 1.3.5.4
+-
+ %package          tests
+ Summary:          The lib389 Continuous Integration Tests
+ Group:            Development/Libraries
+-- 
+2.4.11
+
diff --git a/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index e3e8236..0000000
--- a/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,17261 +0,0 @@
-From b9de59847038d4baecacfb911c21798f78e3c52a Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 1 Jul 2015 18:23:22 -0700
-Subject: [PATCH 4/7] Ticket #48212 - CI test: added test cases for ticket
- 48212
-
-Description: Dynamic nsMatchingRule changes had no effect on the attrinfo
-             thus following reindexing, as well.
-
-https://fedorahosted.org/389/ticket/48212
-(cherry picked from commit a533145d1dc3c11bb0aa7745f656049b287e501e)
-(cherry picked from commit 0e079ab39f7ee3d5fe77b505fb40c647d149f1b0)
----
- dirsrvtests/data/ticket48212/example1k_posix.ldif | 17017 ++++++++++++++++++++
- dirsrvtests/tickets/ticket48212_test.py           |   210 +
- 2 files changed, 17227 insertions(+)
- create mode 100644 dirsrvtests/data/ticket48212/example1k_posix.ldif
- create mode 100644 dirsrvtests/tickets/ticket48212_test.py
-
-diff --git a/dirsrvtests/data/ticket48212/example1k_posix.ldif b/dirsrvtests/data/ticket48212/example1k_posix.ldif
-new file mode 100644
-index 0000000..50000f2
---- /dev/null
-+++ b/dirsrvtests/data/ticket48212/example1k_posix.ldif
-@@ -0,0 +1,17017 @@
-+dn: dc=example,dc=com
-+objectClass: top
-+objectClass: domain
-+dc: example
-+aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl1"; allow(write) userdn = "ldap:///self";)
-+aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl2"; allow(read, search, compare) userdn = "ldap:///anyone";)
-+
-+dn: ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: organizationalunit
-+ou: People
-+
-+dn: ou=Groups,dc=example,dc=com
-+objectClass: top
-+objectClass: organizationalunit
-+ou: Groups
-+
-+dn: cn=user0,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user0
-+sn: user0
-+uid: uid0
-+givenname: givenname0
-+description: description0
-+userPassword: password0
-+mail: uid0
-+uidnumber: 0
-+gidnumber: 0
-+homeDirectory: /home/uid0
-+
-+dn: cn=user1,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user1
-+sn: user1
-+uid: uid1
-+givenname: givenname1
-+description: description1
-+userPassword: password1
-+mail: uid1
-+uidnumber: 1
-+gidnumber: 1
-+homeDirectory: /home/uid1
-+
-+dn: cn=user2,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user2
-+sn: user2
-+uid: uid2
-+givenname: givenname2
-+description: description2
-+userPassword: password2
-+mail: uid2
-+uidnumber: 2
-+gidnumber: 2
-+homeDirectory: /home/uid2
-+
-+dn: cn=user3,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user3
-+sn: user3
-+uid: uid3
-+givenname: givenname3
-+description: description3
-+userPassword: password3
-+mail: uid3
-+uidnumber: 3
-+gidnumber: 3
-+homeDirectory: /home/uid3
-+
-+dn: cn=user4,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user4
-+sn: user4
-+uid: uid4
-+givenname: givenname4
-+description: description4
-+userPassword: password4
-+mail: uid4
-+uidnumber: 4
-+gidnumber: 4
-+homeDirectory: /home/uid4
-+
-+dn: cn=user5,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user5
-+sn: user5
-+uid: uid5
-+givenname: givenname5
-+description: description5
-+userPassword: password5
-+mail: uid5
-+uidnumber: 5
-+gidnumber: 5
-+homeDirectory: /home/uid5
-+
-+dn: cn=user6,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user6
-+sn: user6
-+uid: uid6
-+givenname: givenname6
-+description: description6
-+userPassword: password6
-+mail: uid6
-+uidnumber: 6
-+gidnumber: 6
-+homeDirectory: /home/uid6
-+
-+dn: cn=user7,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user7
-+sn: user7
-+uid: uid7
-+givenname: givenname7
-+description: description7
-+userPassword: password7
-+mail: uid7
-+uidnumber: 7
-+gidnumber: 7
-+homeDirectory: /home/uid7
-+
-+dn: cn=user8,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user8
-+sn: user8
-+uid: uid8
-+givenname: givenname8
-+description: description8
-+userPassword: password8
-+mail: uid8
-+uidnumber: 8
-+gidnumber: 8
-+homeDirectory: /home/uid8
-+
-+dn: cn=user9,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user9
-+sn: user9
-+uid: uid9
-+givenname: givenname9
-+description: description9
-+userPassword: password9
-+mail: uid9
-+uidnumber: 9
-+gidnumber: 9
-+homeDirectory: /home/uid9
-+
-+dn: cn=user10,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user10
-+sn: user10
-+uid: uid10
-+givenname: givenname10
-+description: description10
-+userPassword: password10
-+mail: uid10
-+uidnumber: 10
-+gidnumber: 10
-+homeDirectory: /home/uid10
-+
-+dn: cn=user11,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user11
-+sn: user11
-+uid: uid11
-+givenname: givenname11
-+description: description11
-+userPassword: password11
-+mail: uid11
-+uidnumber: 11
-+gidnumber: 11
-+homeDirectory: /home/uid11
-+
-+dn: cn=user12,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user12
-+sn: user12
-+uid: uid12
-+givenname: givenname12
-+description: description12
-+userPassword: password12
-+mail: uid12
-+uidnumber: 12
-+gidnumber: 12
-+homeDirectory: /home/uid12
-+
-+dn: cn=user13,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user13
-+sn: user13
-+uid: uid13
-+givenname: givenname13
-+description: description13
-+userPassword: password13
-+mail: uid13
-+uidnumber: 13
-+gidnumber: 13
-+homeDirectory: /home/uid13
-+
-+dn: cn=user14,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user14
-+sn: user14
-+uid: uid14
-+givenname: givenname14
-+description: description14
-+userPassword: password14
-+mail: uid14
-+uidnumber: 14
-+gidnumber: 14
-+homeDirectory: /home/uid14
-+
-+dn: cn=user15,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user15
-+sn: user15
-+uid: uid15
-+givenname: givenname15
-+description: description15
-+userPassword: password15
-+mail: uid15
-+uidnumber: 15
-+gidnumber: 15
-+homeDirectory: /home/uid15
-+
-+dn: cn=user16,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user16
-+sn: user16
-+uid: uid16
-+givenname: givenname16
-+description: description16
-+userPassword: password16
-+mail: uid16
-+uidnumber: 16
-+gidnumber: 16
-+homeDirectory: /home/uid16
-+
-+dn: cn=user17,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user17
-+sn: user17
-+uid: uid17
-+givenname: givenname17
-+description: description17
-+userPassword: password17
-+mail: uid17
-+uidnumber: 17
-+gidnumber: 17
-+homeDirectory: /home/uid17
-+
-+dn: cn=user18,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user18
-+sn: user18
-+uid: uid18
-+givenname: givenname18
-+description: description18
-+userPassword: password18
-+mail: uid18
-+uidnumber: 18
-+gidnumber: 18
-+homeDirectory: /home/uid18
-+
-+dn: cn=user19,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user19
-+sn: user19
-+uid: uid19
-+givenname: givenname19
-+description: description19
-+userPassword: password19
-+mail: uid19
-+uidnumber: 19
-+gidnumber: 19
-+homeDirectory: /home/uid19
-+
-+dn: cn=user20,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user20
-+sn: user20
-+uid: uid20
-+givenname: givenname20
-+description: description20
-+userPassword: password20
-+mail: uid20
-+uidnumber: 20
-+gidnumber: 20
-+homeDirectory: /home/uid20
-+
-+dn: cn=user21,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user21
-+sn: user21
-+uid: uid21
-+givenname: givenname21
-+description: description21
-+userPassword: password21
-+mail: uid21
-+uidnumber: 21
-+gidnumber: 21
-+homeDirectory: /home/uid21
-+
-+dn: cn=user22,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user22
-+sn: user22
-+uid: uid22
-+givenname: givenname22
-+description: description22
-+userPassword: password22
-+mail: uid22
-+uidnumber: 22
-+gidnumber: 22
-+homeDirectory: /home/uid22
-+
-+dn: cn=user23,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user23
-+sn: user23
-+uid: uid23
-+givenname: givenname23
-+description: description23
-+userPassword: password23
-+mail: uid23
-+uidnumber: 23
-+gidnumber: 23
-+homeDirectory: /home/uid23
-+
-+dn: cn=user24,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user24
-+sn: user24
-+uid: uid24
-+givenname: givenname24
-+description: description24
-+userPassword: password24
-+mail: uid24
-+uidnumber: 24
-+gidnumber: 24
-+homeDirectory: /home/uid24
-+
-+dn: cn=user25,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user25
-+sn: user25
-+uid: uid25
-+givenname: givenname25
-+description: description25
-+userPassword: password25
-+mail: uid25
-+uidnumber: 25
-+gidnumber: 25
-+homeDirectory: /home/uid25
-+
-+dn: cn=user26,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user26
-+sn: user26
-+uid: uid26
-+givenname: givenname26
-+description: description26
-+userPassword: password26
-+mail: uid26
-+uidnumber: 26
-+gidnumber: 26
-+homeDirectory: /home/uid26
-+
-+dn: cn=user27,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user27
-+sn: user27
-+uid: uid27
-+givenname: givenname27
-+description: description27
-+userPassword: password27
-+mail: uid27
-+uidnumber: 27
-+gidnumber: 27
-+homeDirectory: /home/uid27
-+
-+dn: cn=user28,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user28
-+sn: user28
-+uid: uid28
-+givenname: givenname28
-+description: description28
-+userPassword: password28
-+mail: uid28
-+uidnumber: 28
-+gidnumber: 28
-+homeDirectory: /home/uid28
-+
-+dn: cn=user29,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user29
-+sn: user29
-+uid: uid29
-+givenname: givenname29
-+description: description29
-+userPassword: password29
-+mail: uid29
-+uidnumber: 29
-+gidnumber: 29
-+homeDirectory: /home/uid29
-+
-+dn: cn=user30,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user30
-+sn: user30
-+uid: uid30
-+givenname: givenname30
-+description: description30
-+userPassword: password30
-+mail: uid30
-+uidnumber: 30
-+gidnumber: 30
-+homeDirectory: /home/uid30
-+
-+dn: cn=user31,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user31
-+sn: user31
-+uid: uid31
-+givenname: givenname31
-+description: description31
-+userPassword: password31
-+mail: uid31
-+uidnumber: 31
-+gidnumber: 31
-+homeDirectory: /home/uid31
-+
-+dn: cn=user32,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user32
-+sn: user32
-+uid: uid32
-+givenname: givenname32
-+description: description32
-+userPassword: password32
-+mail: uid32
-+uidnumber: 32
-+gidnumber: 32
-+homeDirectory: /home/uid32
-+
-+dn: cn=user33,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user33
-+sn: user33
-+uid: uid33
-+givenname: givenname33
-+description: description33
-+userPassword: password33
-+mail: uid33
-+uidnumber: 33
-+gidnumber: 33
-+homeDirectory: /home/uid33
-+
-+dn: cn=user34,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user34
-+sn: user34
-+uid: uid34
-+givenname: givenname34
-+description: description34
-+userPassword: password34
-+mail: uid34
-+uidnumber: 34
-+gidnumber: 34
-+homeDirectory: /home/uid34
-+
-+dn: cn=user35,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user35
-+sn: user35
-+uid: uid35
-+givenname: givenname35
-+description: description35
-+userPassword: password35
-+mail: uid35
-+uidnumber: 35
-+gidnumber: 35
-+homeDirectory: /home/uid35
-+
-+dn: cn=user36,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user36
-+sn: user36
-+uid: uid36
-+givenname: givenname36
-+description: description36
-+userPassword: password36
-+mail: uid36
-+uidnumber: 36
-+gidnumber: 36
-+homeDirectory: /home/uid36
-+
-+dn: cn=user37,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user37
-+sn: user37
-+uid: uid37
-+givenname: givenname37
-+description: description37
-+userPassword: password37
-+mail: uid37
-+uidnumber: 37
-+gidnumber: 37
-+homeDirectory: /home/uid37
-+
-+dn: cn=user38,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user38
-+sn: user38
-+uid: uid38
-+givenname: givenname38
-+description: description38
-+userPassword: password38
-+mail: uid38
-+uidnumber: 38
-+gidnumber: 38
-+homeDirectory: /home/uid38
-+
-+dn: cn=user39,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user39
-+sn: user39
-+uid: uid39
-+givenname: givenname39
-+description: description39
-+userPassword: password39
-+mail: uid39
-+uidnumber: 39
-+gidnumber: 39
-+homeDirectory: /home/uid39
-+
-+dn: cn=user40,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user40
-+sn: user40
-+uid: uid40
-+givenname: givenname40
-+description: description40
-+userPassword: password40
-+mail: uid40
-+uidnumber: 40
-+gidnumber: 40
-+homeDirectory: /home/uid40
-+
-+dn: cn=user41,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user41
-+sn: user41
-+uid: uid41
-+givenname: givenname41
-+description: description41
-+userPassword: password41
-+mail: uid41
-+uidnumber: 41
-+gidnumber: 41
-+homeDirectory: /home/uid41
-+
-+dn: cn=user42,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user42
-+sn: user42
-+uid: uid42
-+givenname: givenname42
-+description: description42
-+userPassword: password42
-+mail: uid42
-+uidnumber: 42
-+gidnumber: 42
-+homeDirectory: /home/uid42
-+
-+dn: cn=user43,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user43
-+sn: user43
-+uid: uid43
-+givenname: givenname43
-+description: description43
-+userPassword: password43
-+mail: uid43
-+uidnumber: 43
-+gidnumber: 43
-+homeDirectory: /home/uid43
-+
-+dn: cn=user44,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user44
-+sn: user44
-+uid: uid44
-+givenname: givenname44
-+description: description44
-+userPassword: password44
-+mail: uid44
-+uidnumber: 44
-+gidnumber: 44
-+homeDirectory: /home/uid44
-+
-+dn: cn=user45,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user45
-+sn: user45
-+uid: uid45
-+givenname: givenname45
-+description: description45
-+userPassword: password45
-+mail: uid45
-+uidnumber: 45
-+gidnumber: 45
-+homeDirectory: /home/uid45
-+
-+dn: cn=user46,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user46
-+sn: user46
-+uid: uid46
-+givenname: givenname46
-+description: description46
-+userPassword: password46
-+mail: uid46
-+uidnumber: 46
-+gidnumber: 46
-+homeDirectory: /home/uid46
-+
-+dn: cn=user47,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user47
-+sn: user47
-+uid: uid47
-+givenname: givenname47
-+description: description47
-+userPassword: password47
-+mail: uid47
-+uidnumber: 47
-+gidnumber: 47
-+homeDirectory: /home/uid47
-+
-+dn: cn=user48,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user48
-+sn: user48
-+uid: uid48
-+givenname: givenname48
-+description: description48
-+userPassword: password48
-+mail: uid48
-+uidnumber: 48
-+gidnumber: 48
-+homeDirectory: /home/uid48
-+
-+dn: cn=user49,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user49
-+sn: user49
-+uid: uid49
-+givenname: givenname49
-+description: description49
-+userPassword: password49
-+mail: uid49
-+uidnumber: 49
-+gidnumber: 49
-+homeDirectory: /home/uid49
-+
-+dn: cn=user50,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user50
-+sn: user50
-+uid: uid50
-+givenname: givenname50
-+description: description50
-+userPassword: password50
-+mail: uid50
-+uidnumber: 50
-+gidnumber: 50
-+homeDirectory: /home/uid50
-+
-+dn: cn=user51,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user51
-+sn: user51
-+uid: uid51
-+givenname: givenname51
-+description: description51
-+userPassword: password51
-+mail: uid51
-+uidnumber: 51
-+gidnumber: 51
-+homeDirectory: /home/uid51
-+
-+dn: cn=user52,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user52
-+sn: user52
-+uid: uid52
-+givenname: givenname52
-+description: description52
-+userPassword: password52
-+mail: uid52
-+uidnumber: 52
-+gidnumber: 52
-+homeDirectory: /home/uid52
-+
-+dn: cn=user53,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user53
-+sn: user53
-+uid: uid53
-+givenname: givenname53
-+description: description53
-+userPassword: password53
-+mail: uid53
-+uidnumber: 53
-+gidnumber: 53
-+homeDirectory: /home/uid53
-+
-+dn: cn=user54,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user54
-+sn: user54
-+uid: uid54
-+givenname: givenname54
-+description: description54
-+userPassword: password54
-+mail: uid54
-+uidnumber: 54
-+gidnumber: 54
-+homeDirectory: /home/uid54
-+
-+dn: cn=user55,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user55
-+sn: user55
-+uid: uid55
-+givenname: givenname55
-+description: description55
-+userPassword: password55
-+mail: uid55
-+uidnumber: 55
-+gidnumber: 55
-+homeDirectory: /home/uid55
-+
-+dn: cn=user56,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user56
-+sn: user56
-+uid: uid56
-+givenname: givenname56
-+description: description56
-+userPassword: password56
-+mail: uid56
-+uidnumber: 56
-+gidnumber: 56
-+homeDirectory: /home/uid56
-+
-+dn: cn=user57,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user57
-+sn: user57
-+uid: uid57
-+givenname: givenname57
-+description: description57
-+userPassword: password57
-+mail: uid57
-+uidnumber: 57
-+gidnumber: 57
-+homeDirectory: /home/uid57
-+
-+dn: cn=user58,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user58
-+sn: user58
-+uid: uid58
-+givenname: givenname58
-+description: description58
-+userPassword: password58
-+mail: uid58
-+uidnumber: 58
-+gidnumber: 58
-+homeDirectory: /home/uid58
-+
-+dn: cn=user59,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user59
-+sn: user59
-+uid: uid59
-+givenname: givenname59
-+description: description59
-+userPassword: password59
-+mail: uid59
-+uidnumber: 59
-+gidnumber: 59
-+homeDirectory: /home/uid59
-+
-+dn: cn=user60,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user60
-+sn: user60
-+uid: uid60
-+givenname: givenname60
-+description: description60
-+userPassword: password60
-+mail: uid60
-+uidnumber: 60
-+gidnumber: 60
-+homeDirectory: /home/uid60
-+
-+dn: cn=user61,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user61
-+sn: user61
-+uid: uid61
-+givenname: givenname61
-+description: description61
-+userPassword: password61
-+mail: uid61
-+uidnumber: 61
-+gidnumber: 61
-+homeDirectory: /home/uid61
-+
-+dn: cn=user62,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user62
-+sn: user62
-+uid: uid62
-+givenname: givenname62
-+description: description62
-+userPassword: password62
-+mail: uid62
-+uidnumber: 62
-+gidnumber: 62
-+homeDirectory: /home/uid62
-+
-+dn: cn=user63,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user63
-+sn: user63
-+uid: uid63
-+givenname: givenname63
-+description: description63
-+userPassword: password63
-+mail: uid63
-+uidnumber: 63
-+gidnumber: 63
-+homeDirectory: /home/uid63
-+
-+dn: cn=user64,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user64
-+sn: user64
-+uid: uid64
-+givenname: givenname64
-+description: description64
-+userPassword: password64
-+mail: uid64
-+uidnumber: 64
-+gidnumber: 64
-+homeDirectory: /home/uid64
-+
-+dn: cn=user65,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user65
-+sn: user65
-+uid: uid65
-+givenname: givenname65
-+description: description65
-+userPassword: password65
-+mail: uid65
-+uidnumber: 65
-+gidnumber: 65
-+homeDirectory: /home/uid65
-+
-+dn: cn=user66,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user66
-+sn: user66
-+uid: uid66
-+givenname: givenname66
-+description: description66
-+userPassword: password66
-+mail: uid66
-+uidnumber: 66
-+gidnumber: 66
-+homeDirectory: /home/uid66
-+
-+dn: cn=user67,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user67
-+sn: user67
-+uid: uid67
-+givenname: givenname67
-+description: description67
-+userPassword: password67
-+mail: uid67
-+uidnumber: 67
-+gidnumber: 67
-+homeDirectory: /home/uid67
-+
-+dn: cn=user68,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user68
-+sn: user68
-+uid: uid68
-+givenname: givenname68
-+description: description68
-+userPassword: password68
-+mail: uid68
-+uidnumber: 68
-+gidnumber: 68
-+homeDirectory: /home/uid68
-+
-+dn: cn=user69,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user69
-+sn: user69
-+uid: uid69
-+givenname: givenname69
-+description: description69
-+userPassword: password69
-+mail: uid69
-+uidnumber: 69
-+gidnumber: 69
-+homeDirectory: /home/uid69
-+
-+dn: cn=user70,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user70
-+sn: user70
-+uid: uid70
-+givenname: givenname70
-+description: description70
-+userPassword: password70
-+mail: uid70
-+uidnumber: 70
-+gidnumber: 70
-+homeDirectory: /home/uid70
-+
-+dn: cn=user71,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user71
-+sn: user71
-+uid: uid71
-+givenname: givenname71
-+description: description71
-+userPassword: password71
-+mail: uid71
-+uidnumber: 71
-+gidnumber: 71
-+homeDirectory: /home/uid71
-+
-+dn: cn=user72,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user72
-+sn: user72
-+uid: uid72
-+givenname: givenname72
-+description: description72
-+userPassword: password72
-+mail: uid72
-+uidnumber: 72
-+gidnumber: 72
-+homeDirectory: /home/uid72
-+
-+dn: cn=user73,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user73
-+sn: user73
-+uid: uid73
-+givenname: givenname73
-+description: description73
-+userPassword: password73
-+mail: uid73
-+uidnumber: 73
-+gidnumber: 73
-+homeDirectory: /home/uid73
-+
-+dn: cn=user74,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user74
-+sn: user74
-+uid: uid74
-+givenname: givenname74
-+description: description74
-+userPassword: password74
-+mail: uid74
-+uidnumber: 74
-+gidnumber: 74
-+homeDirectory: /home/uid74
-+
-+dn: cn=user75,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user75
-+sn: user75
-+uid: uid75
-+givenname: givenname75
-+description: description75
-+userPassword: password75
-+mail: uid75
-+uidnumber: 75
-+gidnumber: 75
-+homeDirectory: /home/uid75
-+
-+dn: cn=user76,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user76
-+sn: user76
-+uid: uid76
-+givenname: givenname76
-+description: description76
-+userPassword: password76
-+mail: uid76
-+uidnumber: 76
-+gidnumber: 76
-+homeDirectory: /home/uid76
-+
-+dn: cn=user77,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user77
-+sn: user77
-+uid: uid77
-+givenname: givenname77
-+description: description77
-+userPassword: password77
-+mail: uid77
-+uidnumber: 77
-+gidnumber: 77
-+homeDirectory: /home/uid77
-+
-+dn: cn=user78,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user78
-+sn: user78
-+uid: uid78
-+givenname: givenname78
-+description: description78
-+userPassword: password78
-+mail: uid78
-+uidnumber: 78
-+gidnumber: 78
-+homeDirectory: /home/uid78
-+
-+dn: cn=user79,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user79
-+sn: user79
-+uid: uid79
-+givenname: givenname79
-+description: description79
-+userPassword: password79
-+mail: uid79
-+uidnumber: 79
-+gidnumber: 79
-+homeDirectory: /home/uid79
-+
-+dn: cn=user80,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user80
-+sn: user80
-+uid: uid80
-+givenname: givenname80
-+description: description80
-+userPassword: password80
-+mail: uid80
-+uidnumber: 80
-+gidnumber: 80
-+homeDirectory: /home/uid80
-+
-+dn: cn=user81,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user81
-+sn: user81
-+uid: uid81
-+givenname: givenname81
-+description: description81
-+userPassword: password81
-+mail: uid81
-+uidnumber: 81
-+gidnumber: 81
-+homeDirectory: /home/uid81
-+
-+dn: cn=user82,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user82
-+sn: user82
-+uid: uid82
-+givenname: givenname82
-+description: description82
-+userPassword: password82
-+mail: uid82
-+uidnumber: 82
-+gidnumber: 82
-+homeDirectory: /home/uid82
-+
-+dn: cn=user83,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user83
-+sn: user83
-+uid: uid83
-+givenname: givenname83
-+description: description83
-+userPassword: password83
-+mail: uid83
-+uidnumber: 83
-+gidnumber: 83
-+homeDirectory: /home/uid83
-+
-+dn: cn=user84,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user84
-+sn: user84
-+uid: uid84
-+givenname: givenname84
-+description: description84
-+userPassword: password84
-+mail: uid84
-+uidnumber: 84
-+gidnumber: 84
-+homeDirectory: /home/uid84
-+
-+dn: cn=user85,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user85
-+sn: user85
-+uid: uid85
-+givenname: givenname85
-+description: description85
-+userPassword: password85
-+mail: uid85
-+uidnumber: 85
-+gidnumber: 85
-+homeDirectory: /home/uid85
-+
-+dn: cn=user86,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user86
-+sn: user86
-+uid: uid86
-+givenname: givenname86
-+description: description86
-+userPassword: password86
-+mail: uid86
-+uidnumber: 86
-+gidnumber: 86
-+homeDirectory: /home/uid86
-+
-+dn: cn=user87,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user87
-+sn: user87
-+uid: uid87
-+givenname: givenname87
-+description: description87
-+userPassword: password87
-+mail: uid87
-+uidnumber: 87
-+gidnumber: 87
-+homeDirectory: /home/uid87
-+
-+dn: cn=user88,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user88
-+sn: user88
-+uid: uid88
-+givenname: givenname88
-+description: description88
-+userPassword: password88
-+mail: uid88
-+uidnumber: 88
-+gidnumber: 88
-+homeDirectory: /home/uid88
-+
-+dn: cn=user89,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user89
-+sn: user89
-+uid: uid89
-+givenname: givenname89
-+description: description89
-+userPassword: password89
-+mail: uid89
-+uidnumber: 89
-+gidnumber: 89
-+homeDirectory: /home/uid89
-+
-+dn: cn=user90,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user90
-+sn: user90
-+uid: uid90
-+givenname: givenname90
-+description: description90
-+userPassword: password90
-+mail: uid90
-+uidnumber: 90
-+gidnumber: 90
-+homeDirectory: /home/uid90
-+
-+dn: cn=user91,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user91
-+sn: user91
-+uid: uid91
-+givenname: givenname91
-+description: description91
-+userPassword: password91
-+mail: uid91
-+uidnumber: 91
-+gidnumber: 91
-+homeDirectory: /home/uid91
-+
-+dn: cn=user92,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user92
-+sn: user92
-+uid: uid92
-+givenname: givenname92
-+description: description92
-+userPassword: password92
-+mail: uid92
-+uidnumber: 92
-+gidnumber: 92
-+homeDirectory: /home/uid92
-+
-+dn: cn=user93,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user93
-+sn: user93
-+uid: uid93
-+givenname: givenname93
-+description: description93
-+userPassword: password93
-+mail: uid93
-+uidnumber: 93
-+gidnumber: 93
-+homeDirectory: /home/uid93
-+
-+dn: cn=user94,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user94
-+sn: user94
-+uid: uid94
-+givenname: givenname94
-+description: description94
-+userPassword: password94
-+mail: uid94
-+uidnumber: 94
-+gidnumber: 94
-+homeDirectory: /home/uid94
-+
-+dn: cn=user95,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user95
-+sn: user95
-+uid: uid95
-+givenname: givenname95
-+description: description95
-+userPassword: password95
-+mail: uid95
-+uidnumber: 95
-+gidnumber: 95
-+homeDirectory: /home/uid95
-+
-+dn: cn=user96,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user96
-+sn: user96
-+uid: uid96
-+givenname: givenname96
-+description: description96
-+userPassword: password96
-+mail: uid96
-+uidnumber: 96
-+gidnumber: 96
-+homeDirectory: /home/uid96
-+
-+dn: cn=user97,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user97
-+sn: user97
-+uid: uid97
-+givenname: givenname97
-+description: description97
-+userPassword: password97
-+mail: uid97
-+uidnumber: 97
-+gidnumber: 97
-+homeDirectory: /home/uid97
-+
-+dn: cn=user98,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user98
-+sn: user98
-+uid: uid98
-+givenname: givenname98
-+description: description98
-+userPassword: password98
-+mail: uid98
-+uidnumber: 98
-+gidnumber: 98
-+homeDirectory: /home/uid98
-+
-+dn: cn=user99,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user99
-+sn: user99
-+uid: uid99
-+givenname: givenname99
-+description: description99
-+userPassword: password99
-+mail: uid99
-+uidnumber: 99
-+gidnumber: 99
-+homeDirectory: /home/uid99
-+
-+dn: cn=user100,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user100
-+sn: user100
-+uid: uid100
-+givenname: givenname100
-+description: description100
-+userPassword: password100
-+mail: uid100
-+uidnumber: 100
-+gidnumber: 100
-+homeDirectory: /home/uid100
-+
-+dn: cn=user101,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user101
-+sn: user101
-+uid: uid101
-+givenname: givenname101
-+description: description101
-+userPassword: password101
-+mail: uid101
-+uidnumber: 101
-+gidnumber: 101
-+homeDirectory: /home/uid101
-+
-+dn: cn=user102,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user102
-+sn: user102
-+uid: uid102
-+givenname: givenname102
-+description: description102
-+userPassword: password102
-+mail: uid102
-+uidnumber: 102
-+gidnumber: 102
-+homeDirectory: /home/uid102
-+
-+dn: cn=user103,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user103
-+sn: user103
-+uid: uid103
-+givenname: givenname103
-+description: description103
-+userPassword: password103
-+mail: uid103
-+uidnumber: 103
-+gidnumber: 103
-+homeDirectory: /home/uid103
-+
-+dn: cn=user104,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user104
-+sn: user104
-+uid: uid104
-+givenname: givenname104
-+description: description104
-+userPassword: password104
-+mail: uid104
-+uidnumber: 104
-+gidnumber: 104
-+homeDirectory: /home/uid104
-+
-+dn: cn=user105,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user105
-+sn: user105
-+uid: uid105
-+givenname: givenname105
-+description: description105
-+userPassword: password105
-+mail: uid105
-+uidnumber: 105
-+gidnumber: 105
-+homeDirectory: /home/uid105
-+
-+dn: cn=user106,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user106
-+sn: user106
-+uid: uid106
-+givenname: givenname106
-+description: description106
-+userPassword: password106
-+mail: uid106
-+uidnumber: 106
-+gidnumber: 106
-+homeDirectory: /home/uid106
-+
-+dn: cn=user107,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user107
-+sn: user107
-+uid: uid107
-+givenname: givenname107
-+description: description107
-+userPassword: password107
-+mail: uid107
-+uidnumber: 107
-+gidnumber: 107
-+homeDirectory: /home/uid107
-+
-+dn: cn=user108,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user108
-+sn: user108
-+uid: uid108
-+givenname: givenname108
-+description: description108
-+userPassword: password108
-+mail: uid108
-+uidnumber: 108
-+gidnumber: 108
-+homeDirectory: /home/uid108
-+
-+dn: cn=user109,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user109
-+sn: user109
-+uid: uid109
-+givenname: givenname109
-+description: description109
-+userPassword: password109
-+mail: uid109
-+uidnumber: 109
-+gidnumber: 109
-+homeDirectory: /home/uid109
-+
-+dn: cn=user110,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user110
-+sn: user110
-+uid: uid110
-+givenname: givenname110
-+description: description110
-+userPassword: password110
-+mail: uid110
-+uidnumber: 110
-+gidnumber: 110
-+homeDirectory: /home/uid110
-+
-+dn: cn=user111,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user111
-+sn: user111
-+uid: uid111
-+givenname: givenname111
-+description: description111
-+userPassword: password111
-+mail: uid111
-+uidnumber: 111
-+gidnumber: 111
-+homeDirectory: /home/uid111
-+
-+dn: cn=user112,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user112
-+sn: user112
-+uid: uid112
-+givenname: givenname112
-+description: description112
-+userPassword: password112
-+mail: uid112
-+uidnumber: 112
-+gidnumber: 112
-+homeDirectory: /home/uid112
-+
-+dn: cn=user113,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user113
-+sn: user113
-+uid: uid113
-+givenname: givenname113
-+description: description113
-+userPassword: password113
-+mail: uid113
-+uidnumber: 113
-+gidnumber: 113
-+homeDirectory: /home/uid113
-+
-+dn: cn=user114,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user114
-+sn: user114
-+uid: uid114
-+givenname: givenname114
-+description: description114
-+userPassword: password114
-+mail: uid114
-+uidnumber: 114
-+gidnumber: 114
-+homeDirectory: /home/uid114
-+
-+dn: cn=user115,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user115
-+sn: user115
-+uid: uid115
-+givenname: givenname115
-+description: description115
-+userPassword: password115
-+mail: uid115
-+uidnumber: 115
-+gidnumber: 115
-+homeDirectory: /home/uid115
-+
-+dn: cn=user116,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user116
-+sn: user116
-+uid: uid116
-+givenname: givenname116
-+description: description116
-+userPassword: password116
-+mail: uid116
-+uidnumber: 116
-+gidnumber: 116
-+homeDirectory: /home/uid116
-+
-+dn: cn=user117,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user117
-+sn: user117
-+uid: uid117
-+givenname: givenname117
-+description: description117
-+userPassword: password117
-+mail: uid117
-+uidnumber: 117
-+gidnumber: 117
-+homeDirectory: /home/uid117
-+
-+dn: cn=user118,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user118
-+sn: user118
-+uid: uid118
-+givenname: givenname118
-+description: description118
-+userPassword: password118
-+mail: uid118
-+uidnumber: 118
-+gidnumber: 118
-+homeDirectory: /home/uid118
-+
-+dn: cn=user119,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user119
-+sn: user119
-+uid: uid119
-+givenname: givenname119
-+description: description119
-+userPassword: password119
-+mail: uid119
-+uidnumber: 119
-+gidnumber: 119
-+homeDirectory: /home/uid119
-+
-+dn: cn=user120,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user120
-+sn: user120
-+uid: uid120
-+givenname: givenname120
-+description: description120
-+userPassword: password120
-+mail: uid120
-+uidnumber: 120
-+gidnumber: 120
-+homeDirectory: /home/uid120
-+
-+dn: cn=user121,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user121
-+sn: user121
-+uid: uid121
-+givenname: givenname121
-+description: description121
-+userPassword: password121
-+mail: uid121
-+uidnumber: 121
-+gidnumber: 121
-+homeDirectory: /home/uid121
-+
-+dn: cn=user122,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user122
-+sn: user122
-+uid: uid122
-+givenname: givenname122
-+description: description122
-+userPassword: password122
-+mail: uid122
-+uidnumber: 122
-+gidnumber: 122
-+homeDirectory: /home/uid122
-+
-+dn: cn=user123,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user123
-+sn: user123
-+uid: uid123
-+givenname: givenname123
-+description: description123
-+userPassword: password123
-+mail: uid123
-+uidnumber: 123
-+gidnumber: 123
-+homeDirectory: /home/uid123
-+
-+dn: cn=user124,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user124
-+sn: user124
-+uid: uid124
-+givenname: givenname124
-+description: description124
-+userPassword: password124
-+mail: uid124
-+uidnumber: 124
-+gidnumber: 124
-+homeDirectory: /home/uid124
-+
-+dn: cn=user125,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user125
-+sn: user125
-+uid: uid125
-+givenname: givenname125
-+description: description125
-+userPassword: password125
-+mail: uid125
-+uidnumber: 125
-+gidnumber: 125
-+homeDirectory: /home/uid125
-+
-+dn: cn=user126,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user126
-+sn: user126
-+uid: uid126
-+givenname: givenname126
-+description: description126
-+userPassword: password126
-+mail: uid126
-+uidnumber: 126
-+gidnumber: 126
-+homeDirectory: /home/uid126
-+
-+dn: cn=user127,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user127
-+sn: user127
-+uid: uid127
-+givenname: givenname127
-+description: description127
-+userPassword: password127
-+mail: uid127
-+uidnumber: 127
-+gidnumber: 127
-+homeDirectory: /home/uid127
-+
-+dn: cn=user128,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user128
-+sn: user128
-+uid: uid128
-+givenname: givenname128
-+description: description128
-+userPassword: password128
-+mail: uid128
-+uidnumber: 128
-+gidnumber: 128
-+homeDirectory: /home/uid128
-+
-+dn: cn=user129,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user129
-+sn: user129
-+uid: uid129
-+givenname: givenname129
-+description: description129
-+userPassword: password129
-+mail: uid129
-+uidnumber: 129
-+gidnumber: 129
-+homeDirectory: /home/uid129
-+
-+dn: cn=user130,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user130
-+sn: user130
-+uid: uid130
-+givenname: givenname130
-+description: description130
-+userPassword: password130
-+mail: uid130
-+uidnumber: 130
-+gidnumber: 130
-+homeDirectory: /home/uid130
-+
-+dn: cn=user131,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user131
-+sn: user131
-+uid: uid131
-+givenname: givenname131
-+description: description131
-+userPassword: password131
-+mail: uid131
-+uidnumber: 131
-+gidnumber: 131
-+homeDirectory: /home/uid131
-+
-+dn: cn=user132,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user132
-+sn: user132
-+uid: uid132
-+givenname: givenname132
-+description: description132
-+userPassword: password132
-+mail: uid132
-+uidnumber: 132
-+gidnumber: 132
-+homeDirectory: /home/uid132
-+
-+dn: cn=user133,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user133
-+sn: user133
-+uid: uid133
-+givenname: givenname133
-+description: description133
-+userPassword: password133
-+mail: uid133
-+uidnumber: 133
-+gidnumber: 133
-+homeDirectory: /home/uid133
-+
-+dn: cn=user134,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user134
-+sn: user134
-+uid: uid134
-+givenname: givenname134
-+description: description134
-+userPassword: password134
-+mail: uid134
-+uidnumber: 134
-+gidnumber: 134
-+homeDirectory: /home/uid134
-+
-+dn: cn=user135,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user135
-+sn: user135
-+uid: uid135
-+givenname: givenname135
-+description: description135
-+userPassword: password135
-+mail: uid135
-+uidnumber: 135
-+gidnumber: 135
-+homeDirectory: /home/uid135
-+
-+dn: cn=user136,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user136
-+sn: user136
-+uid: uid136
-+givenname: givenname136
-+description: description136
-+userPassword: password136
-+mail: uid136
-+uidnumber: 136
-+gidnumber: 136
-+homeDirectory: /home/uid136
-+
-+dn: cn=user137,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user137
-+sn: user137
-+uid: uid137
-+givenname: givenname137
-+description: description137
-+userPassword: password137
-+mail: uid137
-+uidnumber: 137
-+gidnumber: 137
-+homeDirectory: /home/uid137
-+
-+dn: cn=user138,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user138
-+sn: user138
-+uid: uid138
-+givenname: givenname138
-+description: description138
-+userPassword: password138
-+mail: uid138
-+uidnumber: 138
-+gidnumber: 138
-+homeDirectory: /home/uid138
-+
-+dn: cn=user139,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user139
-+sn: user139
-+uid: uid139
-+givenname: givenname139
-+description: description139
-+userPassword: password139
-+mail: uid139
-+uidnumber: 139
-+gidnumber: 139
-+homeDirectory: /home/uid139
-+
-+dn: cn=user140,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user140
-+sn: user140
-+uid: uid140
-+givenname: givenname140
-+description: description140
-+userPassword: password140
-+mail: uid140
-+uidnumber: 140
-+gidnumber: 140
-+homeDirectory: /home/uid140
-+
-+dn: cn=user141,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user141
-+sn: user141
-+uid: uid141
-+givenname: givenname141
-+description: description141
-+userPassword: password141
-+mail: uid141
-+uidnumber: 141
-+gidnumber: 141
-+homeDirectory: /home/uid141
-+
-+dn: cn=user142,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user142
-+sn: user142
-+uid: uid142
-+givenname: givenname142
-+description: description142
-+userPassword: password142
-+mail: uid142
-+uidnumber: 142
-+gidnumber: 142
-+homeDirectory: /home/uid142
-+
-+dn: cn=user143,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user143
-+sn: user143
-+uid: uid143
-+givenname: givenname143
-+description: description143
-+userPassword: password143
-+mail: uid143
-+uidnumber: 143
-+gidnumber: 143
-+homeDirectory: /home/uid143
-+
-+dn: cn=user144,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user144
-+sn: user144
-+uid: uid144
-+givenname: givenname144
-+description: description144
-+userPassword: password144
-+mail: uid144
-+uidnumber: 144
-+gidnumber: 144
-+homeDirectory: /home/uid144
-+
-+dn: cn=user145,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user145
-+sn: user145
-+uid: uid145
-+givenname: givenname145
-+description: description145
-+userPassword: password145
-+mail: uid145
-+uidnumber: 145
-+gidnumber: 145
-+homeDirectory: /home/uid145
-+
-+dn: cn=user146,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user146
-+sn: user146
-+uid: uid146
-+givenname: givenname146
-+description: description146
-+userPassword: password146
-+mail: uid146
-+uidnumber: 146
-+gidnumber: 146
-+homeDirectory: /home/uid146
-+
-+dn: cn=user147,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user147
-+sn: user147
-+uid: uid147
-+givenname: givenname147
-+description: description147
-+userPassword: password147
-+mail: uid147
-+uidnumber: 147
-+gidnumber: 147
-+homeDirectory: /home/uid147
-+
-+dn: cn=user148,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user148
-+sn: user148
-+uid: uid148
-+givenname: givenname148
-+description: description148
-+userPassword: password148
-+mail: uid148
-+uidnumber: 148
-+gidnumber: 148
-+homeDirectory: /home/uid148
-+
-+dn: cn=user149,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user149
-+sn: user149
-+uid: uid149
-+givenname: givenname149
-+description: description149
-+userPassword: password149
-+mail: uid149
-+uidnumber: 149
-+gidnumber: 149
-+homeDirectory: /home/uid149
-+
-+dn: cn=user150,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user150
-+sn: user150
-+uid: uid150
-+givenname: givenname150
-+description: description150
-+userPassword: password150
-+mail: uid150
-+uidnumber: 150
-+gidnumber: 150
-+homeDirectory: /home/uid150
-+
-+dn: cn=user151,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user151
-+sn: user151
-+uid: uid151
-+givenname: givenname151
-+description: description151
-+userPassword: password151
-+mail: uid151
-+uidnumber: 151
-+gidnumber: 151
-+homeDirectory: /home/uid151
-+
-+dn: cn=user152,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user152
-+sn: user152
-+uid: uid152
-+givenname: givenname152
-+description: description152
-+userPassword: password152
-+mail: uid152
-+uidnumber: 152
-+gidnumber: 152
-+homeDirectory: /home/uid152
-+
-+dn: cn=user153,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user153
-+sn: user153
-+uid: uid153
-+givenname: givenname153
-+description: description153
-+userPassword: password153
-+mail: uid153
-+uidnumber: 153
-+gidnumber: 153
-+homeDirectory: /home/uid153
-+
-+dn: cn=user154,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user154
-+sn: user154
-+uid: uid154
-+givenname: givenname154
-+description: description154
-+userPassword: password154
-+mail: uid154
-+uidnumber: 154
-+gidnumber: 154
-+homeDirectory: /home/uid154
-+
-+dn: cn=user155,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user155
-+sn: user155
-+uid: uid155
-+givenname: givenname155
-+description: description155
-+userPassword: password155
-+mail: uid155
-+uidnumber: 155
-+gidnumber: 155
-+homeDirectory: /home/uid155
-+
-+dn: cn=user156,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user156
-+sn: user156
-+uid: uid156
-+givenname: givenname156
-+description: description156
-+userPassword: password156
-+mail: uid156
-+uidnumber: 156
-+gidnumber: 156
-+homeDirectory: /home/uid156
-+
-+dn: cn=user157,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user157
-+sn: user157
-+uid: uid157
-+givenname: givenname157
-+description: description157
-+userPassword: password157
-+mail: uid157
-+uidnumber: 157
-+gidnumber: 157
-+homeDirectory: /home/uid157
-+
-+dn: cn=user158,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user158
-+sn: user158
-+uid: uid158
-+givenname: givenname158
-+description: description158
-+userPassword: password158
-+mail: uid158
-+uidnumber: 158
-+gidnumber: 158
-+homeDirectory: /home/uid158
-+
-+dn: cn=user159,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user159
-+sn: user159
-+uid: uid159
-+givenname: givenname159
-+description: description159
-+userPassword: password159
-+mail: uid159
-+uidnumber: 159
-+gidnumber: 159
-+homeDirectory: /home/uid159
-+
-+dn: cn=user160,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user160
-+sn: user160
-+uid: uid160
-+givenname: givenname160
-+description: description160
-+userPassword: password160
-+mail: uid160
-+uidnumber: 160
-+gidnumber: 160
-+homeDirectory: /home/uid160
-+
-+dn: cn=user161,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user161
-+sn: user161
-+uid: uid161
-+givenname: givenname161
-+description: description161
-+userPassword: password161
-+mail: uid161
-+uidnumber: 161
-+gidnumber: 161
-+homeDirectory: /home/uid161
-+
-+dn: cn=user162,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user162
-+sn: user162
-+uid: uid162
-+givenname: givenname162
-+description: description162
-+userPassword: password162
-+mail: uid162
-+uidnumber: 162
-+gidnumber: 162
-+homeDirectory: /home/uid162
-+
-+dn: cn=user163,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user163
-+sn: user163
-+uid: uid163
-+givenname: givenname163
-+description: description163
-+userPassword: password163
-+mail: uid163
-+uidnumber: 163
-+gidnumber: 163
-+homeDirectory: /home/uid163
-+
-+dn: cn=user164,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user164
-+sn: user164
-+uid: uid164
-+givenname: givenname164
-+description: description164
-+userPassword: password164
-+mail: uid164
-+uidnumber: 164
-+gidnumber: 164
-+homeDirectory: /home/uid164
-+
-+dn: cn=user165,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user165
-+sn: user165
-+uid: uid165
-+givenname: givenname165
-+description: description165
-+userPassword: password165
-+mail: uid165
-+uidnumber: 165
-+gidnumber: 165
-+homeDirectory: /home/uid165
-+
-+dn: cn=user166,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user166
-+sn: user166
-+uid: uid166
-+givenname: givenname166
-+description: description166
-+userPassword: password166
-+mail: uid166
-+uidnumber: 166
-+gidnumber: 166
-+homeDirectory: /home/uid166
-+
-+dn: cn=user167,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user167
-+sn: user167
-+uid: uid167
-+givenname: givenname167
-+description: description167
-+userPassword: password167
-+mail: uid167
-+uidnumber: 167
-+gidnumber: 167
-+homeDirectory: /home/uid167
-+
-+dn: cn=user168,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user168
-+sn: user168
-+uid: uid168
-+givenname: givenname168
-+description: description168
-+userPassword: password168
-+mail: uid168
-+uidnumber: 168
-+gidnumber: 168
-+homeDirectory: /home/uid168
-+
-+dn: cn=user169,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user169
-+sn: user169
-+uid: uid169
-+givenname: givenname169
-+description: description169
-+userPassword: password169
-+mail: uid169
-+uidnumber: 169
-+gidnumber: 169
-+homeDirectory: /home/uid169
-+
-+dn: cn=user170,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user170
-+sn: user170
-+uid: uid170
-+givenname: givenname170
-+description: description170
-+userPassword: password170
-+mail: uid170
-+uidnumber: 170
-+gidnumber: 170
-+homeDirectory: /home/uid170
-+
-+dn: cn=user171,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user171
-+sn: user171
-+uid: uid171
-+givenname: givenname171
-+description: description171
-+userPassword: password171
-+mail: uid171
-+uidnumber: 171
-+gidnumber: 171
-+homeDirectory: /home/uid171
-+
-+dn: cn=user172,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user172
-+sn: user172
-+uid: uid172
-+givenname: givenname172
-+description: description172
-+userPassword: password172
-+mail: uid172
-+uidnumber: 172
-+gidnumber: 172
-+homeDirectory: /home/uid172
-+
-+dn: cn=user173,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user173
-+sn: user173
-+uid: uid173
-+givenname: givenname173
-+description: description173
-+userPassword: password173
-+mail: uid173
-+uidnumber: 173
-+gidnumber: 173
-+homeDirectory: /home/uid173
-+
-+dn: cn=user174,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user174
-+sn: user174
-+uid: uid174
-+givenname: givenname174
-+description: description174
-+userPassword: password174
-+mail: uid174
-+uidnumber: 174
-+gidnumber: 174
-+homeDirectory: /home/uid174
-+
-+dn: cn=user175,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user175
-+sn: user175
-+uid: uid175
-+givenname: givenname175
-+description: description175
-+userPassword: password175
-+mail: uid175
-+uidnumber: 175
-+gidnumber: 175
-+homeDirectory: /home/uid175
-+
-+dn: cn=user176,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user176
-+sn: user176
-+uid: uid176
-+givenname: givenname176
-+description: description176
-+userPassword: password176
-+mail: uid176
-+uidnumber: 176
-+gidnumber: 176
-+homeDirectory: /home/uid176
-+
-+dn: cn=user177,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user177
-+sn: user177
-+uid: uid177
-+givenname: givenname177
-+description: description177
-+userPassword: password177
-+mail: uid177
-+uidnumber: 177
-+gidnumber: 177
-+homeDirectory: /home/uid177
-+
-+dn: cn=user178,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user178
-+sn: user178
-+uid: uid178
-+givenname: givenname178
-+description: description178
-+userPassword: password178
-+mail: uid178
-+uidnumber: 178
-+gidnumber: 178
-+homeDirectory: /home/uid178
-+
-+dn: cn=user179,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user179
-+sn: user179
-+uid: uid179
-+givenname: givenname179
-+description: description179
-+userPassword: password179
-+mail: uid179
-+uidnumber: 179
-+gidnumber: 179
-+homeDirectory: /home/uid179
-+
-+dn: cn=user180,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user180
-+sn: user180
-+uid: uid180
-+givenname: givenname180
-+description: description180
-+userPassword: password180
-+mail: uid180
-+uidnumber: 180
-+gidnumber: 180
-+homeDirectory: /home/uid180
-+
-+dn: cn=user181,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user181
-+sn: user181
-+uid: uid181
-+givenname: givenname181
-+description: description181
-+userPassword: password181
-+mail: uid181
-+uidnumber: 181
-+gidnumber: 181
-+homeDirectory: /home/uid181
-+
-+dn: cn=user182,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user182
-+sn: user182
-+uid: uid182
-+givenname: givenname182
-+description: description182
-+userPassword: password182
-+mail: uid182
-+uidnumber: 182
-+gidnumber: 182
-+homeDirectory: /home/uid182
-+
-+dn: cn=user183,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user183
-+sn: user183
-+uid: uid183
-+givenname: givenname183
-+description: description183
-+userPassword: password183
-+mail: uid183
-+uidnumber: 183
-+gidnumber: 183
-+homeDirectory: /home/uid183
-+
-+dn: cn=user184,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user184
-+sn: user184
-+uid: uid184
-+givenname: givenname184
-+description: description184
-+userPassword: password184
-+mail: uid184
-+uidnumber: 184
-+gidnumber: 184
-+homeDirectory: /home/uid184
-+
-+dn: cn=user185,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user185
-+sn: user185
-+uid: uid185
-+givenname: givenname185
-+description: description185
-+userPassword: password185
-+mail: uid185
-+uidnumber: 185
-+gidnumber: 185
-+homeDirectory: /home/uid185
-+
-+dn: cn=user186,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user186
-+sn: user186
-+uid: uid186
-+givenname: givenname186
-+description: description186
-+userPassword: password186
-+mail: uid186
-+uidnumber: 186
-+gidnumber: 186
-+homeDirectory: /home/uid186
-+
-+dn: cn=user187,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user187
-+sn: user187
-+uid: uid187
-+givenname: givenname187
-+description: description187
-+userPassword: password187
-+mail: uid187
-+uidnumber: 187
-+gidnumber: 187
-+homeDirectory: /home/uid187
-+
-+dn: cn=user188,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user188
-+sn: user188
-+uid: uid188
-+givenname: givenname188
-+description: description188
-+userPassword: password188
-+mail: uid188
-+uidnumber: 188
-+gidnumber: 188
-+homeDirectory: /home/uid188
-+
-+dn: cn=user189,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user189
-+sn: user189
-+uid: uid189
-+givenname: givenname189
-+description: description189
-+userPassword: password189
-+mail: uid189
-+uidnumber: 189
-+gidnumber: 189
-+homeDirectory: /home/uid189
-+
-+dn: cn=user190,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user190
-+sn: user190
-+uid: uid190
-+givenname: givenname190
-+description: description190
-+userPassword: password190
-+mail: uid190
-+uidnumber: 190
-+gidnumber: 190
-+homeDirectory: /home/uid190
-+
-+dn: cn=user191,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user191
-+sn: user191
-+uid: uid191
-+givenname: givenname191
-+description: description191
-+userPassword: password191
-+mail: uid191
-+uidnumber: 191
-+gidnumber: 191
-+homeDirectory: /home/uid191
-+
-+dn: cn=user192,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user192
-+sn: user192
-+uid: uid192
-+givenname: givenname192
-+description: description192
-+userPassword: password192
-+mail: uid192
-+uidnumber: 192
-+gidnumber: 192
-+homeDirectory: /home/uid192
-+
-+dn: cn=user193,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user193
-+sn: user193
-+uid: uid193
-+givenname: givenname193
-+description: description193
-+userPassword: password193
-+mail: uid193
-+uidnumber: 193
-+gidnumber: 193
-+homeDirectory: /home/uid193
-+
-+dn: cn=user194,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user194
-+sn: user194
-+uid: uid194
-+givenname: givenname194
-+description: description194
-+userPassword: password194
-+mail: uid194
-+uidnumber: 194
-+gidnumber: 194
-+homeDirectory: /home/uid194
-+
-+dn: cn=user195,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user195
-+sn: user195
-+uid: uid195
-+givenname: givenname195
-+description: description195
-+userPassword: password195
-+mail: uid195
-+uidnumber: 195
-+gidnumber: 195
-+homeDirectory: /home/uid195
-+
-+dn: cn=user196,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user196
-+sn: user196
-+uid: uid196
-+givenname: givenname196
-+description: description196
-+userPassword: password196
-+mail: uid196
-+uidnumber: 196
-+gidnumber: 196
-+homeDirectory: /home/uid196
-+
-+dn: cn=user197,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user197
-+sn: user197
-+uid: uid197
-+givenname: givenname197
-+description: description197
-+userPassword: password197
-+mail: uid197
-+uidnumber: 197
-+gidnumber: 197
-+homeDirectory: /home/uid197
-+
-+dn: cn=user198,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user198
-+sn: user198
-+uid: uid198
-+givenname: givenname198
-+description: description198
-+userPassword: password198
-+mail: uid198
-+uidnumber: 198
-+gidnumber: 198
-+homeDirectory: /home/uid198
-+
-+dn: cn=user199,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user199
-+sn: user199
-+uid: uid199
-+givenname: givenname199
-+description: description199
-+userPassword: password199
-+mail: uid199
-+uidnumber: 199
-+gidnumber: 199
-+homeDirectory: /home/uid199
-+
-+dn: cn=user200,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user200
-+sn: user200
-+uid: uid200
-+givenname: givenname200
-+description: description200
-+userPassword: password200
-+mail: uid200
-+uidnumber: 200
-+gidnumber: 200
-+homeDirectory: /home/uid200
-+
-+dn: cn=user201,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user201
-+sn: user201
-+uid: uid201
-+givenname: givenname201
-+description: description201
-+userPassword: password201
-+mail: uid201
-+uidnumber: 201
-+gidnumber: 201
-+homeDirectory: /home/uid201
-+
-+dn: cn=user202,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user202
-+sn: user202
-+uid: uid202
-+givenname: givenname202
-+description: description202
-+userPassword: password202
-+mail: uid202
-+uidnumber: 202
-+gidnumber: 202
-+homeDirectory: /home/uid202
-+
-+dn: cn=user203,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user203
-+sn: user203
-+uid: uid203
-+givenname: givenname203
-+description: description203
-+userPassword: password203
-+mail: uid203
-+uidnumber: 203
-+gidnumber: 203
-+homeDirectory: /home/uid203
-+
-+dn: cn=user204,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user204
-+sn: user204
-+uid: uid204
-+givenname: givenname204
-+description: description204
-+userPassword: password204
-+mail: uid204
-+uidnumber: 204
-+gidnumber: 204
-+homeDirectory: /home/uid204
-+
-+dn: cn=user205,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user205
-+sn: user205
-+uid: uid205
-+givenname: givenname205
-+description: description205
-+userPassword: password205
-+mail: uid205
-+uidnumber: 205
-+gidnumber: 205
-+homeDirectory: /home/uid205
-+
-+dn: cn=user206,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user206
-+sn: user206
-+uid: uid206
-+givenname: givenname206
-+description: description206
-+userPassword: password206
-+mail: uid206
-+uidnumber: 206
-+gidnumber: 206
-+homeDirectory: /home/uid206
-+
-+dn: cn=user207,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user207
-+sn: user207
-+uid: uid207
-+givenname: givenname207
-+description: description207
-+userPassword: password207
-+mail: uid207
-+uidnumber: 207
-+gidnumber: 207
-+homeDirectory: /home/uid207
-+
-+dn: cn=user208,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user208
-+sn: user208
-+uid: uid208
-+givenname: givenname208
-+description: description208
-+userPassword: password208
-+mail: uid208
-+uidnumber: 208
-+gidnumber: 208
-+homeDirectory: /home/uid208
-+
-+dn: cn=user209,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user209
-+sn: user209
-+uid: uid209
-+givenname: givenname209
-+description: description209
-+userPassword: password209
-+mail: uid209
-+uidnumber: 209
-+gidnumber: 209
-+homeDirectory: /home/uid209
-+
-+dn: cn=user210,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user210
-+sn: user210
-+uid: uid210
-+givenname: givenname210
-+description: description210
-+userPassword: password210
-+mail: uid210
-+uidnumber: 210
-+gidnumber: 210
-+homeDirectory: /home/uid210
-+
-+dn: cn=user211,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user211
-+sn: user211
-+uid: uid211
-+givenname: givenname211
-+description: description211
-+userPassword: password211
-+mail: uid211
-+uidnumber: 211
-+gidnumber: 211
-+homeDirectory: /home/uid211
-+
-+dn: cn=user212,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user212
-+sn: user212
-+uid: uid212
-+givenname: givenname212
-+description: description212
-+userPassword: password212
-+mail: uid212
-+uidnumber: 212
-+gidnumber: 212
-+homeDirectory: /home/uid212
-+
-+dn: cn=user213,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user213
-+sn: user213
-+uid: uid213
-+givenname: givenname213
-+description: description213
-+userPassword: password213
-+mail: uid213
-+uidnumber: 213
-+gidnumber: 213
-+homeDirectory: /home/uid213
-+
-+dn: cn=user214,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user214
-+sn: user214
-+uid: uid214
-+givenname: givenname214
-+description: description214
-+userPassword: password214
-+mail: uid214
-+uidnumber: 214
-+gidnumber: 214
-+homeDirectory: /home/uid214
-+
-+dn: cn=user215,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user215
-+sn: user215
-+uid: uid215
-+givenname: givenname215
-+description: description215
-+userPassword: password215
-+mail: uid215
-+uidnumber: 215
-+gidnumber: 215
-+homeDirectory: /home/uid215
-+
-+dn: cn=user216,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user216
-+sn: user216
-+uid: uid216
-+givenname: givenname216
-+description: description216
-+userPassword: password216
-+mail: uid216
-+uidnumber: 216
-+gidnumber: 216
-+homeDirectory: /home/uid216
-+
-+dn: cn=user217,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user217
-+sn: user217
-+uid: uid217
-+givenname: givenname217
-+description: description217
-+userPassword: password217
-+mail: uid217
-+uidnumber: 217
-+gidnumber: 217
-+homeDirectory: /home/uid217
-+
-+dn: cn=user218,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user218
-+sn: user218
-+uid: uid218
-+givenname: givenname218
-+description: description218
-+userPassword: password218
-+mail: uid218
-+uidnumber: 218
-+gidnumber: 218
-+homeDirectory: /home/uid218
-+
-+dn: cn=user219,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user219
-+sn: user219
-+uid: uid219
-+givenname: givenname219
-+description: description219
-+userPassword: password219
-+mail: uid219
-+uidnumber: 219
-+gidnumber: 219
-+homeDirectory: /home/uid219
-+
-+dn: cn=user220,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user220
-+sn: user220
-+uid: uid220
-+givenname: givenname220
-+description: description220
-+userPassword: password220
-+mail: uid220
-+uidnumber: 220
-+gidnumber: 220
-+homeDirectory: /home/uid220
-+
-+dn: cn=user221,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user221
-+sn: user221
-+uid: uid221
-+givenname: givenname221
-+description: description221
-+userPassword: password221
-+mail: uid221
-+uidnumber: 221
-+gidnumber: 221
-+homeDirectory: /home/uid221
-+
-+dn: cn=user222,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user222
-+sn: user222
-+uid: uid222
-+givenname: givenname222
-+description: description222
-+userPassword: password222
-+mail: uid222
-+uidnumber: 222
-+gidnumber: 222
-+homeDirectory: /home/uid222
-+
-+dn: cn=user223,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user223
-+sn: user223
-+uid: uid223
-+givenname: givenname223
-+description: description223
-+userPassword: password223
-+mail: uid223
-+uidnumber: 223
-+gidnumber: 223
-+homeDirectory: /home/uid223
-+
-+dn: cn=user224,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user224
-+sn: user224
-+uid: uid224
-+givenname: givenname224
-+description: description224
-+userPassword: password224
-+mail: uid224
-+uidnumber: 224
-+gidnumber: 224
-+homeDirectory: /home/uid224
-+
-+dn: cn=user225,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user225
-+sn: user225
-+uid: uid225
-+givenname: givenname225
-+description: description225
-+userPassword: password225
-+mail: uid225
-+uidnumber: 225
-+gidnumber: 225
-+homeDirectory: /home/uid225
-+
-+dn: cn=user226,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user226
-+sn: user226
-+uid: uid226
-+givenname: givenname226
-+description: description226
-+userPassword: password226
-+mail: uid226
-+uidnumber: 226
-+gidnumber: 226
-+homeDirectory: /home/uid226
-+
-+dn: cn=user227,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user227
-+sn: user227
-+uid: uid227
-+givenname: givenname227
-+description: description227
-+userPassword: password227
-+mail: uid227
-+uidnumber: 227
-+gidnumber: 227
-+homeDirectory: /home/uid227
-+
-+dn: cn=user228,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user228
-+sn: user228
-+uid: uid228
-+givenname: givenname228
-+description: description228
-+userPassword: password228
-+mail: uid228
-+uidnumber: 228
-+gidnumber: 228
-+homeDirectory: /home/uid228
-+
-+dn: cn=user229,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user229
-+sn: user229
-+uid: uid229
-+givenname: givenname229
-+description: description229
-+userPassword: password229
-+mail: uid229
-+uidnumber: 229
-+gidnumber: 229
-+homeDirectory: /home/uid229
-+
-+dn: cn=user230,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user230
-+sn: user230
-+uid: uid230
-+givenname: givenname230
-+description: description230
-+userPassword: password230
-+mail: uid230
-+uidnumber: 230
-+gidnumber: 230
-+homeDirectory: /home/uid230
-+
-+dn: cn=user231,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user231
-+sn: user231
-+uid: uid231
-+givenname: givenname231
-+description: description231
-+userPassword: password231
-+mail: uid231
-+uidnumber: 231
-+gidnumber: 231
-+homeDirectory: /home/uid231
-+
-+dn: cn=user232,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user232
-+sn: user232
-+uid: uid232
-+givenname: givenname232
-+description: description232
-+userPassword: password232
-+mail: uid232
-+uidnumber: 232
-+gidnumber: 232
-+homeDirectory: /home/uid232
-+
-+dn: cn=user233,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user233
-+sn: user233
-+uid: uid233
-+givenname: givenname233
-+description: description233
-+userPassword: password233
-+mail: uid233
-+uidnumber: 233
-+gidnumber: 233
-+homeDirectory: /home/uid233
-+
-+dn: cn=user234,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user234
-+sn: user234
-+uid: uid234
-+givenname: givenname234
-+description: description234
-+userPassword: password234
-+mail: uid234
-+uidnumber: 234
-+gidnumber: 234
-+homeDirectory: /home/uid234
-+
-+dn: cn=user235,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user235
-+sn: user235
-+uid: uid235
-+givenname: givenname235
-+description: description235
-+userPassword: password235
-+mail: uid235
-+uidnumber: 235
-+gidnumber: 235
-+homeDirectory: /home/uid235
-+
-+dn: cn=user236,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user236
-+sn: user236
-+uid: uid236
-+givenname: givenname236
-+description: description236
-+userPassword: password236
-+mail: uid236
-+uidnumber: 236
-+gidnumber: 236
-+homeDirectory: /home/uid236
-+
-+dn: cn=user237,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user237
-+sn: user237
-+uid: uid237
-+givenname: givenname237
-+description: description237
-+userPassword: password237
-+mail: uid237
-+uidnumber: 237
-+gidnumber: 237
-+homeDirectory: /home/uid237
-+
-+dn: cn=user238,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user238
-+sn: user238
-+uid: uid238
-+givenname: givenname238
-+description: description238
-+userPassword: password238
-+mail: uid238
-+uidnumber: 238
-+gidnumber: 238
-+homeDirectory: /home/uid238
-+
-+dn: cn=user239,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user239
-+sn: user239
-+uid: uid239
-+givenname: givenname239
-+description: description239
-+userPassword: password239
-+mail: uid239
-+uidnumber: 239
-+gidnumber: 239
-+homeDirectory: /home/uid239
-+
-+dn: cn=user240,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user240
-+sn: user240
-+uid: uid240
-+givenname: givenname240
-+description: description240
-+userPassword: password240
-+mail: uid240
-+uidnumber: 240
-+gidnumber: 240
-+homeDirectory: /home/uid240
-+
-+dn: cn=user241,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user241
-+sn: user241
-+uid: uid241
-+givenname: givenname241
-+description: description241
-+userPassword: password241
-+mail: uid241
-+uidnumber: 241
-+gidnumber: 241
-+homeDirectory: /home/uid241
-+
-+dn: cn=user242,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user242
-+sn: user242
-+uid: uid242
-+givenname: givenname242
-+description: description242
-+userPassword: password242
-+mail: uid242
-+uidnumber: 242
-+gidnumber: 242
-+homeDirectory: /home/uid242
-+
-+dn: cn=user243,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user243
-+sn: user243
-+uid: uid243
-+givenname: givenname243
-+description: description243
-+userPassword: password243
-+mail: uid243
-+uidnumber: 243
-+gidnumber: 243
-+homeDirectory: /home/uid243
-+
-+dn: cn=user244,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user244
-+sn: user244
-+uid: uid244
-+givenname: givenname244
-+description: description244
-+userPassword: password244
-+mail: uid244
-+uidnumber: 244
-+gidnumber: 244
-+homeDirectory: /home/uid244
-+
-+dn: cn=user245,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user245
-+sn: user245
-+uid: uid245
-+givenname: givenname245
-+description: description245
-+userPassword: password245
-+mail: uid245
-+uidnumber: 245
-+gidnumber: 245
-+homeDirectory: /home/uid245
-+
-+dn: cn=user246,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user246
-+sn: user246
-+uid: uid246
-+givenname: givenname246
-+description: description246
-+userPassword: password246
-+mail: uid246
-+uidnumber: 246
-+gidnumber: 246
-+homeDirectory: /home/uid246
-+
-+dn: cn=user247,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user247
-+sn: user247
-+uid: uid247
-+givenname: givenname247
-+description: description247
-+userPassword: password247
-+mail: uid247
-+uidnumber: 247
-+gidnumber: 247
-+homeDirectory: /home/uid247
-+
-+dn: cn=user248,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user248
-+sn: user248
-+uid: uid248
-+givenname: givenname248
-+description: description248
-+userPassword: password248
-+mail: uid248
-+uidnumber: 248
-+gidnumber: 248
-+homeDirectory: /home/uid248
-+
-+dn: cn=user249,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user249
-+sn: user249
-+uid: uid249
-+givenname: givenname249
-+description: description249
-+userPassword: password249
-+mail: uid249
-+uidnumber: 249
-+gidnumber: 249
-+homeDirectory: /home/uid249
-+
-+dn: cn=user250,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user250
-+sn: user250
-+uid: uid250
-+givenname: givenname250
-+description: description250
-+userPassword: password250
-+mail: uid250
-+uidnumber: 250
-+gidnumber: 250
-+homeDirectory: /home/uid250
-+
-+dn: cn=user251,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user251
-+sn: user251
-+uid: uid251
-+givenname: givenname251
-+description: description251
-+userPassword: password251
-+mail: uid251
-+uidnumber: 251
-+gidnumber: 251
-+homeDirectory: /home/uid251
-+
-+dn: cn=user252,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user252
-+sn: user252
-+uid: uid252
-+givenname: givenname252
-+description: description252
-+userPassword: password252
-+mail: uid252
-+uidnumber: 252
-+gidnumber: 252
-+homeDirectory: /home/uid252
-+
-+dn: cn=user253,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user253
-+sn: user253
-+uid: uid253
-+givenname: givenname253
-+description: description253
-+userPassword: password253
-+mail: uid253
-+uidnumber: 253
-+gidnumber: 253
-+homeDirectory: /home/uid253
-+
-+dn: cn=user254,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user254
-+sn: user254
-+uid: uid254
-+givenname: givenname254
-+description: description254
-+userPassword: password254
-+mail: uid254
-+uidnumber: 254
-+gidnumber: 254
-+homeDirectory: /home/uid254
-+
-+dn: cn=user255,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user255
-+sn: user255
-+uid: uid255
-+givenname: givenname255
-+description: description255
-+userPassword: password255
-+mail: uid255
-+uidnumber: 255
-+gidnumber: 255
-+homeDirectory: /home/uid255
-+
-+dn: cn=user256,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user256
-+sn: user256
-+uid: uid256
-+givenname: givenname256
-+description: description256
-+userPassword: password256
-+mail: uid256
-+uidnumber: 256
-+gidnumber: 256
-+homeDirectory: /home/uid256
-+
-+dn: cn=user257,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user257
-+sn: user257
-+uid: uid257
-+givenname: givenname257
-+description: description257
-+userPassword: password257
-+mail: uid257
-+uidnumber: 257
-+gidnumber: 257
-+homeDirectory: /home/uid257
-+
-+dn: cn=user258,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user258
-+sn: user258
-+uid: uid258
-+givenname: givenname258
-+description: description258
-+userPassword: password258
-+mail: uid258
-+uidnumber: 258
-+gidnumber: 258
-+homeDirectory: /home/uid258
-+
-+dn: cn=user259,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user259
-+sn: user259
-+uid: uid259
-+givenname: givenname259
-+description: description259
-+userPassword: password259
-+mail: uid259
-+uidnumber: 259
-+gidnumber: 259
-+homeDirectory: /home/uid259
-+
-+dn: cn=user260,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user260
-+sn: user260
-+uid: uid260
-+givenname: givenname260
-+description: description260
-+userPassword: password260
-+mail: uid260
-+uidnumber: 260
-+gidnumber: 260
-+homeDirectory: /home/uid260
-+
-+dn: cn=user261,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user261
-+sn: user261
-+uid: uid261
-+givenname: givenname261
-+description: description261
-+userPassword: password261
-+mail: uid261
-+uidnumber: 261
-+gidnumber: 261
-+homeDirectory: /home/uid261
-+
-+dn: cn=user262,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user262
-+sn: user262
-+uid: uid262
-+givenname: givenname262
-+description: description262
-+userPassword: password262
-+mail: uid262
-+uidnumber: 262
-+gidnumber: 262
-+homeDirectory: /home/uid262
-+
-+dn: cn=user263,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user263
-+sn: user263
-+uid: uid263
-+givenname: givenname263
-+description: description263
-+userPassword: password263
-+mail: uid263
-+uidnumber: 263
-+gidnumber: 263
-+homeDirectory: /home/uid263
-+
-+dn: cn=user264,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user264
-+sn: user264
-+uid: uid264
-+givenname: givenname264
-+description: description264
-+userPassword: password264
-+mail: uid264
-+uidnumber: 264
-+gidnumber: 264
-+homeDirectory: /home/uid264
-+
-+dn: cn=user265,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user265
-+sn: user265
-+uid: uid265
-+givenname: givenname265
-+description: description265
-+userPassword: password265
-+mail: uid265
-+uidnumber: 265
-+gidnumber: 265
-+homeDirectory: /home/uid265
-+
-+dn: cn=user266,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user266
-+sn: user266
-+uid: uid266
-+givenname: givenname266
-+description: description266
-+userPassword: password266
-+mail: uid266
-+uidnumber: 266
-+gidnumber: 266
-+homeDirectory: /home/uid266
-+
-+dn: cn=user267,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user267
-+sn: user267
-+uid: uid267
-+givenname: givenname267
-+description: description267
-+userPassword: password267
-+mail: uid267
-+uidnumber: 267
-+gidnumber: 267
-+homeDirectory: /home/uid267
-+
-+dn: cn=user268,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user268
-+sn: user268
-+uid: uid268
-+givenname: givenname268
-+description: description268
-+userPassword: password268
-+mail: uid268
-+uidnumber: 268
-+gidnumber: 268
-+homeDirectory: /home/uid268
-+
-+dn: cn=user269,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user269
-+sn: user269
-+uid: uid269
-+givenname: givenname269
-+description: description269
-+userPassword: password269
-+mail: uid269
-+uidnumber: 269
-+gidnumber: 269
-+homeDirectory: /home/uid269
-+
-+dn: cn=user270,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user270
-+sn: user270
-+uid: uid270
-+givenname: givenname270
-+description: description270
-+userPassword: password270
-+mail: uid270
-+uidnumber: 270
-+gidnumber: 270
-+homeDirectory: /home/uid270
-+
-+dn: cn=user271,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user271
-+sn: user271
-+uid: uid271
-+givenname: givenname271
-+description: description271
-+userPassword: password271
-+mail: uid271
-+uidnumber: 271
-+gidnumber: 271
-+homeDirectory: /home/uid271
-+
-+dn: cn=user272,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user272
-+sn: user272
-+uid: uid272
-+givenname: givenname272
-+description: description272
-+userPassword: password272
-+mail: uid272
-+uidnumber: 272
-+gidnumber: 272
-+homeDirectory: /home/uid272
-+
-+dn: cn=user273,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user273
-+sn: user273
-+uid: uid273
-+givenname: givenname273
-+description: description273
-+userPassword: password273
-+mail: uid273
-+uidnumber: 273
-+gidnumber: 273
-+homeDirectory: /home/uid273
-+
-+dn: cn=user274,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user274
-+sn: user274
-+uid: uid274
-+givenname: givenname274
-+description: description274
-+userPassword: password274
-+mail: uid274
-+uidnumber: 274
-+gidnumber: 274
-+homeDirectory: /home/uid274
-+
-+dn: cn=user275,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user275
-+sn: user275
-+uid: uid275
-+givenname: givenname275
-+description: description275
-+userPassword: password275
-+mail: uid275
-+uidnumber: 275
-+gidnumber: 275
-+homeDirectory: /home/uid275
-+
-+dn: cn=user276,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user276
-+sn: user276
-+uid: uid276
-+givenname: givenname276
-+description: description276
-+userPassword: password276
-+mail: uid276
-+uidnumber: 276
-+gidnumber: 276
-+homeDirectory: /home/uid276
-+
-+dn: cn=user277,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user277
-+sn: user277
-+uid: uid277
-+givenname: givenname277
-+description: description277
-+userPassword: password277
-+mail: uid277
-+uidnumber: 277
-+gidnumber: 277
-+homeDirectory: /home/uid277
-+
-+dn: cn=user278,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user278
-+sn: user278
-+uid: uid278
-+givenname: givenname278
-+description: description278
-+userPassword: password278
-+mail: uid278
-+uidnumber: 278
-+gidnumber: 278
-+homeDirectory: /home/uid278
-+
-+dn: cn=user279,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user279
-+sn: user279
-+uid: uid279
-+givenname: givenname279
-+description: description279
-+userPassword: password279
-+mail: uid279
-+uidnumber: 279
-+gidnumber: 279
-+homeDirectory: /home/uid279
-+
-+dn: cn=user280,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user280
-+sn: user280
-+uid: uid280
-+givenname: givenname280
-+description: description280
-+userPassword: password280
-+mail: uid280
-+uidnumber: 280
-+gidnumber: 280
-+homeDirectory: /home/uid280
-+
-+dn: cn=user281,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user281
-+sn: user281
-+uid: uid281
-+givenname: givenname281
-+description: description281
-+userPassword: password281
-+mail: uid281
-+uidnumber: 281
-+gidnumber: 281
-+homeDirectory: /home/uid281
-+
-+dn: cn=user282,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user282
-+sn: user282
-+uid: uid282
-+givenname: givenname282
-+description: description282
-+userPassword: password282
-+mail: uid282
-+uidnumber: 282
-+gidnumber: 282
-+homeDirectory: /home/uid282
-+
-+dn: cn=user283,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user283
-+sn: user283
-+uid: uid283
-+givenname: givenname283
-+description: description283
-+userPassword: password283
-+mail: uid283
-+uidnumber: 283
-+gidnumber: 283
-+homeDirectory: /home/uid283
-+
-+dn: cn=user284,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user284
-+sn: user284
-+uid: uid284
-+givenname: givenname284
-+description: description284
-+userPassword: password284
-+mail: uid284
-+uidnumber: 284
-+gidnumber: 284
-+homeDirectory: /home/uid284
-+
-+dn: cn=user285,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user285
-+sn: user285
-+uid: uid285
-+givenname: givenname285
-+description: description285
-+userPassword: password285
-+mail: uid285
-+uidnumber: 285
-+gidnumber: 285
-+homeDirectory: /home/uid285
-+
-+dn: cn=user286,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user286
-+sn: user286
-+uid: uid286
-+givenname: givenname286
-+description: description286
-+userPassword: password286
-+mail: uid286
-+uidnumber: 286
-+gidnumber: 286
-+homeDirectory: /home/uid286
-+
-+dn: cn=user287,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user287
-+sn: user287
-+uid: uid287
-+givenname: givenname287
-+description: description287
-+userPassword: password287
-+mail: uid287
-+uidnumber: 287
-+gidnumber: 287
-+homeDirectory: /home/uid287
-+
-+dn: cn=user288,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user288
-+sn: user288
-+uid: uid288
-+givenname: givenname288
-+description: description288
-+userPassword: password288
-+mail: uid288
-+uidnumber: 288
-+gidnumber: 288
-+homeDirectory: /home/uid288
-+
-+dn: cn=user289,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user289
-+sn: user289
-+uid: uid289
-+givenname: givenname289
-+description: description289
-+userPassword: password289
-+mail: uid289
-+uidnumber: 289
-+gidnumber: 289
-+homeDirectory: /home/uid289
-+
-+dn: cn=user290,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user290
-+sn: user290
-+uid: uid290
-+givenname: givenname290
-+description: description290
-+userPassword: password290
-+mail: uid290
-+uidnumber: 290
-+gidnumber: 290
-+homeDirectory: /home/uid290
-+
-+dn: cn=user291,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user291
-+sn: user291
-+uid: uid291
-+givenname: givenname291
-+description: description291
-+userPassword: password291
-+mail: uid291
-+uidnumber: 291
-+gidnumber: 291
-+homeDirectory: /home/uid291
-+
-+dn: cn=user292,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user292
-+sn: user292
-+uid: uid292
-+givenname: givenname292
-+description: description292
-+userPassword: password292
-+mail: uid292
-+uidnumber: 292
-+gidnumber: 292
-+homeDirectory: /home/uid292
-+
-+dn: cn=user293,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user293
-+sn: user293
-+uid: uid293
-+givenname: givenname293
-+description: description293
-+userPassword: password293
-+mail: uid293
-+uidnumber: 293
-+gidnumber: 293
-+homeDirectory: /home/uid293
-+
-+dn: cn=user294,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user294
-+sn: user294
-+uid: uid294
-+givenname: givenname294
-+description: description294
-+userPassword: password294
-+mail: uid294
-+uidnumber: 294
-+gidnumber: 294
-+homeDirectory: /home/uid294
-+
-+dn: cn=user295,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user295
-+sn: user295
-+uid: uid295
-+givenname: givenname295
-+description: description295
-+userPassword: password295
-+mail: uid295
-+uidnumber: 295
-+gidnumber: 295
-+homeDirectory: /home/uid295
-+
-+dn: cn=user296,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user296
-+sn: user296
-+uid: uid296
-+givenname: givenname296
-+description: description296
-+userPassword: password296
-+mail: uid296
-+uidnumber: 296
-+gidnumber: 296
-+homeDirectory: /home/uid296
-+
-+dn: cn=user297,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user297
-+sn: user297
-+uid: uid297
-+givenname: givenname297
-+description: description297
-+userPassword: password297
-+mail: uid297
-+uidnumber: 297
-+gidnumber: 297
-+homeDirectory: /home/uid297
-+
-+dn: cn=user298,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user298
-+sn: user298
-+uid: uid298
-+givenname: givenname298
-+description: description298
-+userPassword: password298
-+mail: uid298
-+uidnumber: 298
-+gidnumber: 298
-+homeDirectory: /home/uid298
-+
-+dn: cn=user299,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user299
-+sn: user299
-+uid: uid299
-+givenname: givenname299
-+description: description299
-+userPassword: password299
-+mail: uid299
-+uidnumber: 299
-+gidnumber: 299
-+homeDirectory: /home/uid299
-+
-+dn: cn=user300,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user300
-+sn: user300
-+uid: uid300
-+givenname: givenname300
-+description: description300
-+userPassword: password300
-+mail: uid300
-+uidnumber: 300
-+gidnumber: 300
-+homeDirectory: /home/uid300
-+
-+dn: cn=user301,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user301
-+sn: user301
-+uid: uid301
-+givenname: givenname301
-+description: description301
-+userPassword: password301
-+mail: uid301
-+uidnumber: 301
-+gidnumber: 301
-+homeDirectory: /home/uid301
-+
-+dn: cn=user302,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user302
-+sn: user302
-+uid: uid302
-+givenname: givenname302
-+description: description302
-+userPassword: password302
-+mail: uid302
-+uidnumber: 302
-+gidnumber: 302
-+homeDirectory: /home/uid302
-+
-+dn: cn=user303,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user303
-+sn: user303
-+uid: uid303
-+givenname: givenname303
-+description: description303
-+userPassword: password303
-+mail: uid303
-+uidnumber: 303
-+gidnumber: 303
-+homeDirectory: /home/uid303
-+
-+dn: cn=user304,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user304
-+sn: user304
-+uid: uid304
-+givenname: givenname304
-+description: description304
-+userPassword: password304
-+mail: uid304
-+uidnumber: 304
-+gidnumber: 304
-+homeDirectory: /home/uid304
-+
-+dn: cn=user305,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user305
-+sn: user305
-+uid: uid305
-+givenname: givenname305
-+description: description305
-+userPassword: password305
-+mail: uid305
-+uidnumber: 305
-+gidnumber: 305
-+homeDirectory: /home/uid305
-+
-+dn: cn=user306,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user306
-+sn: user306
-+uid: uid306
-+givenname: givenname306
-+description: description306
-+userPassword: password306
-+mail: uid306
-+uidnumber: 306
-+gidnumber: 306
-+homeDirectory: /home/uid306
-+
-+dn: cn=user307,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user307
-+sn: user307
-+uid: uid307
-+givenname: givenname307
-+description: description307
-+userPassword: password307
-+mail: uid307
-+uidnumber: 307
-+gidnumber: 307
-+homeDirectory: /home/uid307
-+
-+dn: cn=user308,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user308
-+sn: user308
-+uid: uid308
-+givenname: givenname308
-+description: description308
-+userPassword: password308
-+mail: uid308
-+uidnumber: 308
-+gidnumber: 308
-+homeDirectory: /home/uid308
-+
-+dn: cn=user309,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user309
-+sn: user309
-+uid: uid309
-+givenname: givenname309
-+description: description309
-+userPassword: password309
-+mail: uid309
-+uidnumber: 309
-+gidnumber: 309
-+homeDirectory: /home/uid309
-+
-+dn: cn=user310,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user310
-+sn: user310
-+uid: uid310
-+givenname: givenname310
-+description: description310
-+userPassword: password310
-+mail: uid310
-+uidnumber: 310
-+gidnumber: 310
-+homeDirectory: /home/uid310
-+
-+dn: cn=user311,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user311
-+sn: user311
-+uid: uid311
-+givenname: givenname311
-+description: description311
-+userPassword: password311
-+mail: uid311
-+uidnumber: 311
-+gidnumber: 311
-+homeDirectory: /home/uid311
-+
-+dn: cn=user312,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user312
-+sn: user312
-+uid: uid312
-+givenname: givenname312
-+description: description312
-+userPassword: password312
-+mail: uid312
-+uidnumber: 312
-+gidnumber: 312
-+homeDirectory: /home/uid312
-+
-+dn: cn=user313,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user313
-+sn: user313
-+uid: uid313
-+givenname: givenname313
-+description: description313
-+userPassword: password313
-+mail: uid313
-+uidnumber: 313
-+gidnumber: 313
-+homeDirectory: /home/uid313
-+
-+dn: cn=user314,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user314
-+sn: user314
-+uid: uid314
-+givenname: givenname314
-+description: description314
-+userPassword: password314
-+mail: uid314
-+uidnumber: 314
-+gidnumber: 314
-+homeDirectory: /home/uid314
-+
-+dn: cn=user315,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user315
-+sn: user315
-+uid: uid315
-+givenname: givenname315
-+description: description315
-+userPassword: password315
-+mail: uid315
-+uidnumber: 315
-+gidnumber: 315
-+homeDirectory: /home/uid315
-+
-+dn: cn=user316,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user316
-+sn: user316
-+uid: uid316
-+givenname: givenname316
-+description: description316
-+userPassword: password316
-+mail: uid316
-+uidnumber: 316
-+gidnumber: 316
-+homeDirectory: /home/uid316
-+
-+dn: cn=user317,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user317
-+sn: user317
-+uid: uid317
-+givenname: givenname317
-+description: description317
-+userPassword: password317
-+mail: uid317
-+uidnumber: 317
-+gidnumber: 317
-+homeDirectory: /home/uid317
-+
-+dn: cn=user318,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user318
-+sn: user318
-+uid: uid318
-+givenname: givenname318
-+description: description318
-+userPassword: password318
-+mail: uid318
-+uidnumber: 318
-+gidnumber: 318
-+homeDirectory: /home/uid318
-+
-+dn: cn=user319,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user319
-+sn: user319
-+uid: uid319
-+givenname: givenname319
-+description: description319
-+userPassword: password319
-+mail: uid319
-+uidnumber: 319
-+gidnumber: 319
-+homeDirectory: /home/uid319
-+
-+dn: cn=user320,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user320
-+sn: user320
-+uid: uid320
-+givenname: givenname320
-+description: description320
-+userPassword: password320
-+mail: uid320
-+uidnumber: 320
-+gidnumber: 320
-+homeDirectory: /home/uid320
-+
-+dn: cn=user321,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user321
-+sn: user321
-+uid: uid321
-+givenname: givenname321
-+description: description321
-+userPassword: password321
-+mail: uid321
-+uidnumber: 321
-+gidnumber: 321
-+homeDirectory: /home/uid321
-+
-+dn: cn=user322,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user322
-+sn: user322
-+uid: uid322
-+givenname: givenname322
-+description: description322
-+userPassword: password322
-+mail: uid322
-+uidnumber: 322
-+gidnumber: 322
-+homeDirectory: /home/uid322
-+
-+dn: cn=user323,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user323
-+sn: user323
-+uid: uid323
-+givenname: givenname323
-+description: description323
-+userPassword: password323
-+mail: uid323
-+uidnumber: 323
-+gidnumber: 323
-+homeDirectory: /home/uid323
-+
-+dn: cn=user324,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user324
-+sn: user324
-+uid: uid324
-+givenname: givenname324
-+description: description324
-+userPassword: password324
-+mail: uid324
-+uidnumber: 324
-+gidnumber: 324
-+homeDirectory: /home/uid324
-+
-+dn: cn=user325,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user325
-+sn: user325
-+uid: uid325
-+givenname: givenname325
-+description: description325
-+userPassword: password325
-+mail: uid325
-+uidnumber: 325
-+gidnumber: 325
-+homeDirectory: /home/uid325
-+
-+dn: cn=user326,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user326
-+sn: user326
-+uid: uid326
-+givenname: givenname326
-+description: description326
-+userPassword: password326
-+mail: uid326
-+uidnumber: 326
-+gidnumber: 326
-+homeDirectory: /home/uid326
-+
-+dn: cn=user327,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user327
-+sn: user327
-+uid: uid327
-+givenname: givenname327
-+description: description327
-+userPassword: password327
-+mail: uid327
-+uidnumber: 327
-+gidnumber: 327
-+homeDirectory: /home/uid327
-+
-+dn: cn=user328,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user328
-+sn: user328
-+uid: uid328
-+givenname: givenname328
-+description: description328
-+userPassword: password328
-+mail: uid328
-+uidnumber: 328
-+gidnumber: 328
-+homeDirectory: /home/uid328
-+
-+dn: cn=user329,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user329
-+sn: user329
-+uid: uid329
-+givenname: givenname329
-+description: description329
-+userPassword: password329
-+mail: uid329
-+uidnumber: 329
-+gidnumber: 329
-+homeDirectory: /home/uid329
-+
-+dn: cn=user330,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user330
-+sn: user330
-+uid: uid330
-+givenname: givenname330
-+description: description330
-+userPassword: password330
-+mail: uid330
-+uidnumber: 330
-+gidnumber: 330
-+homeDirectory: /home/uid330
-+
-+dn: cn=user331,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user331
-+sn: user331
-+uid: uid331
-+givenname: givenname331
-+description: description331
-+userPassword: password331
-+mail: uid331
-+uidnumber: 331
-+gidnumber: 331
-+homeDirectory: /home/uid331
-+
-+dn: cn=user332,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user332
-+sn: user332
-+uid: uid332
-+givenname: givenname332
-+description: description332
-+userPassword: password332
-+mail: uid332
-+uidnumber: 332
-+gidnumber: 332
-+homeDirectory: /home/uid332
-+
-+dn: cn=user333,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user333
-+sn: user333
-+uid: uid333
-+givenname: givenname333
-+description: description333
-+userPassword: password333
-+mail: uid333
-+uidnumber: 333
-+gidnumber: 333
-+homeDirectory: /home/uid333
-+
-+dn: cn=user334,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user334
-+sn: user334
-+uid: uid334
-+givenname: givenname334
-+description: description334
-+userPassword: password334
-+mail: uid334
-+uidnumber: 334
-+gidnumber: 334
-+homeDirectory: /home/uid334
-+
-+dn: cn=user335,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user335
-+sn: user335
-+uid: uid335
-+givenname: givenname335
-+description: description335
-+userPassword: password335
-+mail: uid335
-+uidnumber: 335
-+gidnumber: 335
-+homeDirectory: /home/uid335
-+
-+dn: cn=user336,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user336
-+sn: user336
-+uid: uid336
-+givenname: givenname336
-+description: description336
-+userPassword: password336
-+mail: uid336
-+uidnumber: 336
-+gidnumber: 336
-+homeDirectory: /home/uid336
-+
-+dn: cn=user337,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user337
-+sn: user337
-+uid: uid337
-+givenname: givenname337
-+description: description337
-+userPassword: password337
-+mail: uid337
-+uidnumber: 337
-+gidnumber: 337
-+homeDirectory: /home/uid337
-+
-+dn: cn=user338,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user338
-+sn: user338
-+uid: uid338
-+givenname: givenname338
-+description: description338
-+userPassword: password338
-+mail: uid338
-+uidnumber: 338
-+gidnumber: 338
-+homeDirectory: /home/uid338
-+
-+dn: cn=user339,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user339
-+sn: user339
-+uid: uid339
-+givenname: givenname339
-+description: description339
-+userPassword: password339
-+mail: uid339
-+uidnumber: 339
-+gidnumber: 339
-+homeDirectory: /home/uid339
-+
-+dn: cn=user340,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user340
-+sn: user340
-+uid: uid340
-+givenname: givenname340
-+description: description340
-+userPassword: password340
-+mail: uid340
-+uidnumber: 340
-+gidnumber: 340
-+homeDirectory: /home/uid340
-+
-+dn: cn=user341,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user341
-+sn: user341
-+uid: uid341
-+givenname: givenname341
-+description: description341
-+userPassword: password341
-+mail: uid341
-+uidnumber: 341
-+gidnumber: 341
-+homeDirectory: /home/uid341
-+
-+dn: cn=user342,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user342
-+sn: user342
-+uid: uid342
-+givenname: givenname342
-+description: description342
-+userPassword: password342
-+mail: uid342
-+uidnumber: 342
-+gidnumber: 342
-+homeDirectory: /home/uid342
-+
-+dn: cn=user343,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user343
-+sn: user343
-+uid: uid343
-+givenname: givenname343
-+description: description343
-+userPassword: password343
-+mail: uid343
-+uidnumber: 343
-+gidnumber: 343
-+homeDirectory: /home/uid343
-+
-+dn: cn=user344,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user344
-+sn: user344
-+uid: uid344
-+givenname: givenname344
-+description: description344
-+userPassword: password344
-+mail: uid344
-+uidnumber: 344
-+gidnumber: 344
-+homeDirectory: /home/uid344
-+
-+dn: cn=user345,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user345
-+sn: user345
-+uid: uid345
-+givenname: givenname345
-+description: description345
-+userPassword: password345
-+mail: uid345
-+uidnumber: 345
-+gidnumber: 345
-+homeDirectory: /home/uid345
-+
-+dn: cn=user346,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user346
-+sn: user346
-+uid: uid346
-+givenname: givenname346
-+description: description346
-+userPassword: password346
-+mail: uid346
-+uidnumber: 346
-+gidnumber: 346
-+homeDirectory: /home/uid346
-+
-+dn: cn=user347,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user347
-+sn: user347
-+uid: uid347
-+givenname: givenname347
-+description: description347
-+userPassword: password347
-+mail: uid347
-+uidnumber: 347
-+gidnumber: 347
-+homeDirectory: /home/uid347
-+
-+dn: cn=user348,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user348
-+sn: user348
-+uid: uid348
-+givenname: givenname348
-+description: description348
-+userPassword: password348
-+mail: uid348
-+uidnumber: 348
-+gidnumber: 348
-+homeDirectory: /home/uid348
-+
-+dn: cn=user349,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user349
-+sn: user349
-+uid: uid349
-+givenname: givenname349
-+description: description349
-+userPassword: password349
-+mail: uid349
-+uidnumber: 349
-+gidnumber: 349
-+homeDirectory: /home/uid349
-+
-+dn: cn=user350,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user350
-+sn: user350
-+uid: uid350
-+givenname: givenname350
-+description: description350
-+userPassword: password350
-+mail: uid350
-+uidnumber: 350
-+gidnumber: 350
-+homeDirectory: /home/uid350
-+
-+dn: cn=user351,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user351
-+sn: user351
-+uid: uid351
-+givenname: givenname351
-+description: description351
-+userPassword: password351
-+mail: uid351
-+uidnumber: 351
-+gidnumber: 351
-+homeDirectory: /home/uid351
-+
-+dn: cn=user352,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user352
-+sn: user352
-+uid: uid352
-+givenname: givenname352
-+description: description352
-+userPassword: password352
-+mail: uid352
-+uidnumber: 352
-+gidnumber: 352
-+homeDirectory: /home/uid352
-+
-+dn: cn=user353,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user353
-+sn: user353
-+uid: uid353
-+givenname: givenname353
-+description: description353
-+userPassword: password353
-+mail: uid353
-+uidnumber: 353
-+gidnumber: 353
-+homeDirectory: /home/uid353
-+
-+dn: cn=user354,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user354
-+sn: user354
-+uid: uid354
-+givenname: givenname354
-+description: description354
-+userPassword: password354
-+mail: uid354
-+uidnumber: 354
-+gidnumber: 354
-+homeDirectory: /home/uid354
-+
-+dn: cn=user355,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user355
-+sn: user355
-+uid: uid355
-+givenname: givenname355
-+description: description355
-+userPassword: password355
-+mail: uid355
-+uidnumber: 355
-+gidnumber: 355
-+homeDirectory: /home/uid355
-+
-+dn: cn=user356,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user356
-+sn: user356
-+uid: uid356
-+givenname: givenname356
-+description: description356
-+userPassword: password356
-+mail: uid356
-+uidnumber: 356
-+gidnumber: 356
-+homeDirectory: /home/uid356
-+
-+dn: cn=user357,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user357
-+sn: user357
-+uid: uid357
-+givenname: givenname357
-+description: description357
-+userPassword: password357
-+mail: uid357
-+uidnumber: 357
-+gidnumber: 357
-+homeDirectory: /home/uid357
-+
-+dn: cn=user358,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user358
-+sn: user358
-+uid: uid358
-+givenname: givenname358
-+description: description358
-+userPassword: password358
-+mail: uid358
-+uidnumber: 358
-+gidnumber: 358
-+homeDirectory: /home/uid358
-+
-+dn: cn=user359,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user359
-+sn: user359
-+uid: uid359
-+givenname: givenname359
-+description: description359
-+userPassword: password359
-+mail: uid359
-+uidnumber: 359
-+gidnumber: 359
-+homeDirectory: /home/uid359
-+
-+dn: cn=user360,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user360
-+sn: user360
-+uid: uid360
-+givenname: givenname360
-+description: description360
-+userPassword: password360
-+mail: uid360
-+uidnumber: 360
-+gidnumber: 360
-+homeDirectory: /home/uid360
-+
-+dn: cn=user361,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user361
-+sn: user361
-+uid: uid361
-+givenname: givenname361
-+description: description361
-+userPassword: password361
-+mail: uid361
-+uidnumber: 361
-+gidnumber: 361
-+homeDirectory: /home/uid361
-+
-+dn: cn=user362,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user362
-+sn: user362
-+uid: uid362
-+givenname: givenname362
-+description: description362
-+userPassword: password362
-+mail: uid362
-+uidnumber: 362
-+gidnumber: 362
-+homeDirectory: /home/uid362
-+
-+dn: cn=user363,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user363
-+sn: user363
-+uid: uid363
-+givenname: givenname363
-+description: description363
-+userPassword: password363
-+mail: uid363
-+uidnumber: 363
-+gidnumber: 363
-+homeDirectory: /home/uid363
-+
-+dn: cn=user364,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user364
-+sn: user364
-+uid: uid364
-+givenname: givenname364
-+description: description364
-+userPassword: password364
-+mail: uid364
-+uidnumber: 364
-+gidnumber: 364
-+homeDirectory: /home/uid364
-+
-+dn: cn=user365,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user365
-+sn: user365
-+uid: uid365
-+givenname: givenname365
-+description: description365
-+userPassword: password365
-+mail: uid365
-+uidnumber: 365
-+gidnumber: 365
-+homeDirectory: /home/uid365
-+
-+dn: cn=user366,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user366
-+sn: user366
-+uid: uid366
-+givenname: givenname366
-+description: description366
-+userPassword: password366
-+mail: uid366
-+uidnumber: 366
-+gidnumber: 366
-+homeDirectory: /home/uid366
-+
-+dn: cn=user367,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user367
-+sn: user367
-+uid: uid367
-+givenname: givenname367
-+description: description367
-+userPassword: password367
-+mail: uid367
-+uidnumber: 367
-+gidnumber: 367
-+homeDirectory: /home/uid367
-+
-+dn: cn=user368,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user368
-+sn: user368
-+uid: uid368
-+givenname: givenname368
-+description: description368
-+userPassword: password368
-+mail: uid368
-+uidnumber: 368
-+gidnumber: 368
-+homeDirectory: /home/uid368
-+
-+dn: cn=user369,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user369
-+sn: user369
-+uid: uid369
-+givenname: givenname369
-+description: description369
-+userPassword: password369
-+mail: uid369
-+uidnumber: 369
-+gidnumber: 369
-+homeDirectory: /home/uid369
-+
-+dn: cn=user370,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user370
-+sn: user370
-+uid: uid370
-+givenname: givenname370
-+description: description370
-+userPassword: password370
-+mail: uid370
-+uidnumber: 370
-+gidnumber: 370
-+homeDirectory: /home/uid370
-+
-+dn: cn=user371,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user371
-+sn: user371
-+uid: uid371
-+givenname: givenname371
-+description: description371
-+userPassword: password371
-+mail: uid371
-+uidnumber: 371
-+gidnumber: 371
-+homeDirectory: /home/uid371
-+
-+dn: cn=user372,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user372
-+sn: user372
-+uid: uid372
-+givenname: givenname372
-+description: description372
-+userPassword: password372
-+mail: uid372
-+uidnumber: 372
-+gidnumber: 372
-+homeDirectory: /home/uid372
-+
-+dn: cn=user373,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user373
-+sn: user373
-+uid: uid373
-+givenname: givenname373
-+description: description373
-+userPassword: password373
-+mail: uid373
-+uidnumber: 373
-+gidnumber: 373
-+homeDirectory: /home/uid373
-+
-+dn: cn=user374,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user374
-+sn: user374
-+uid: uid374
-+givenname: givenname374
-+description: description374
-+userPassword: password374
-+mail: uid374
-+uidnumber: 374
-+gidnumber: 374
-+homeDirectory: /home/uid374
-+
-+dn: cn=user375,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user375
-+sn: user375
-+uid: uid375
-+givenname: givenname375
-+description: description375
-+userPassword: password375
-+mail: uid375
-+uidnumber: 375
-+gidnumber: 375
-+homeDirectory: /home/uid375
-+
-+dn: cn=user376,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user376
-+sn: user376
-+uid: uid376
-+givenname: givenname376
-+description: description376
-+userPassword: password376
-+mail: uid376
-+uidnumber: 376
-+gidnumber: 376
-+homeDirectory: /home/uid376
-+
-+dn: cn=user377,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user377
-+sn: user377
-+uid: uid377
-+givenname: givenname377
-+description: description377
-+userPassword: password377
-+mail: uid377
-+uidnumber: 377
-+gidnumber: 377
-+homeDirectory: /home/uid377
-+
-+dn: cn=user378,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user378
-+sn: user378
-+uid: uid378
-+givenname: givenname378
-+description: description378
-+userPassword: password378
-+mail: uid378
-+uidnumber: 378
-+gidnumber: 378
-+homeDirectory: /home/uid378
-+
-+dn: cn=user379,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user379
-+sn: user379
-+uid: uid379
-+givenname: givenname379
-+description: description379
-+userPassword: password379
-+mail: uid379
-+uidnumber: 379
-+gidnumber: 379
-+homeDirectory: /home/uid379
-+
-+dn: cn=user380,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user380
-+sn: user380
-+uid: uid380
-+givenname: givenname380
-+description: description380
-+userPassword: password380
-+mail: uid380
-+uidnumber: 380
-+gidnumber: 380
-+homeDirectory: /home/uid380
-+
-+dn: cn=user381,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user381
-+sn: user381
-+uid: uid381
-+givenname: givenname381
-+description: description381
-+userPassword: password381
-+mail: uid381
-+uidnumber: 381
-+gidnumber: 381
-+homeDirectory: /home/uid381
-+
-+dn: cn=user382,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user382
-+sn: user382
-+uid: uid382
-+givenname: givenname382
-+description: description382
-+userPassword: password382
-+mail: uid382
-+uidnumber: 382
-+gidnumber: 382
-+homeDirectory: /home/uid382
-+
-+dn: cn=user383,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user383
-+sn: user383
-+uid: uid383
-+givenname: givenname383
-+description: description383
-+userPassword: password383
-+mail: uid383
-+uidnumber: 383
-+gidnumber: 383
-+homeDirectory: /home/uid383
-+
-+dn: cn=user384,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user384
-+sn: user384
-+uid: uid384
-+givenname: givenname384
-+description: description384
-+userPassword: password384
-+mail: uid384
-+uidnumber: 384
-+gidnumber: 384
-+homeDirectory: /home/uid384
-+
-+dn: cn=user385,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user385
-+sn: user385
-+uid: uid385
-+givenname: givenname385
-+description: description385
-+userPassword: password385
-+mail: uid385
-+uidnumber: 385
-+gidnumber: 385
-+homeDirectory: /home/uid385
-+
-+dn: cn=user386,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user386
-+sn: user386
-+uid: uid386
-+givenname: givenname386
-+description: description386
-+userPassword: password386
-+mail: uid386
-+uidnumber: 386
-+gidnumber: 386
-+homeDirectory: /home/uid386
-+
-+dn: cn=user387,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user387
-+sn: user387
-+uid: uid387
-+givenname: givenname387
-+description: description387
-+userPassword: password387
-+mail: uid387
-+uidnumber: 387
-+gidnumber: 387
-+homeDirectory: /home/uid387
-+
-+dn: cn=user388,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user388
-+sn: user388
-+uid: uid388
-+givenname: givenname388
-+description: description388
-+userPassword: password388
-+mail: uid388
-+uidnumber: 388
-+gidnumber: 388
-+homeDirectory: /home/uid388
-+
-+dn: cn=user389,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user389
-+sn: user389
-+uid: uid389
-+givenname: givenname389
-+description: description389
-+userPassword: password389
-+mail: uid389
-+uidnumber: 389
-+gidnumber: 389
-+homeDirectory: /home/uid389
-+
-+dn: cn=user390,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user390
-+sn: user390
-+uid: uid390
-+givenname: givenname390
-+description: description390
-+userPassword: password390
-+mail: uid390
-+uidnumber: 390
-+gidnumber: 390
-+homeDirectory: /home/uid390
-+
-+dn: cn=user391,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user391
-+sn: user391
-+uid: uid391
-+givenname: givenname391
-+description: description391
-+userPassword: password391
-+mail: uid391
-+uidnumber: 391
-+gidnumber: 391
-+homeDirectory: /home/uid391
-+
-+dn: cn=user392,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user392
-+sn: user392
-+uid: uid392
-+givenname: givenname392
-+description: description392
-+userPassword: password392
-+mail: uid392
-+uidnumber: 392
-+gidnumber: 392
-+homeDirectory: /home/uid392
-+
-+dn: cn=user393,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user393
-+sn: user393
-+uid: uid393
-+givenname: givenname393
-+description: description393
-+userPassword: password393
-+mail: uid393
-+uidnumber: 393
-+gidnumber: 393
-+homeDirectory: /home/uid393
-+
-+dn: cn=user394,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user394
-+sn: user394
-+uid: uid394
-+givenname: givenname394
-+description: description394
-+userPassword: password394
-+mail: uid394
-+uidnumber: 394
-+gidnumber: 394
-+homeDirectory: /home/uid394
-+
-+dn: cn=user395,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user395
-+sn: user395
-+uid: uid395
-+givenname: givenname395
-+description: description395
-+userPassword: password395
-+mail: uid395
-+uidnumber: 395
-+gidnumber: 395
-+homeDirectory: /home/uid395
-+
-+dn: cn=user396,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user396
-+sn: user396
-+uid: uid396
-+givenname: givenname396
-+description: description396
-+userPassword: password396
-+mail: uid396
-+uidnumber: 396
-+gidnumber: 396
-+homeDirectory: /home/uid396
-+
-+dn: cn=user397,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user397
-+sn: user397
-+uid: uid397
-+givenname: givenname397
-+description: description397
-+userPassword: password397
-+mail: uid397
-+uidnumber: 397
-+gidnumber: 397
-+homeDirectory: /home/uid397
-+
-+dn: cn=user398,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user398
-+sn: user398
-+uid: uid398
-+givenname: givenname398
-+description: description398
-+userPassword: password398
-+mail: uid398
-+uidnumber: 398
-+gidnumber: 398
-+homeDirectory: /home/uid398
-+
-+dn: cn=user399,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user399
-+sn: user399
-+uid: uid399
-+givenname: givenname399
-+description: description399
-+userPassword: password399
-+mail: uid399
-+uidnumber: 399
-+gidnumber: 399
-+homeDirectory: /home/uid399
-+
-+dn: cn=user400,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user400
-+sn: user400
-+uid: uid400
-+givenname: givenname400
-+description: description400
-+userPassword: password400
-+mail: uid400
-+uidnumber: 400
-+gidnumber: 400
-+homeDirectory: /home/uid400
-+
-+dn: cn=user401,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user401
-+sn: user401
-+uid: uid401
-+givenname: givenname401
-+description: description401
-+userPassword: password401
-+mail: uid401
-+uidnumber: 401
-+gidnumber: 401
-+homeDirectory: /home/uid401
-+
-+dn: cn=user402,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user402
-+sn: user402
-+uid: uid402
-+givenname: givenname402
-+description: description402
-+userPassword: password402
-+mail: uid402
-+uidnumber: 402
-+gidnumber: 402
-+homeDirectory: /home/uid402
-+
-+dn: cn=user403,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user403
-+sn: user403
-+uid: uid403
-+givenname: givenname403
-+description: description403
-+userPassword: password403
-+mail: uid403
-+uidnumber: 403
-+gidnumber: 403
-+homeDirectory: /home/uid403
-+
-+dn: cn=user404,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user404
-+sn: user404
-+uid: uid404
-+givenname: givenname404
-+description: description404
-+userPassword: password404
-+mail: uid404
-+uidnumber: 404
-+gidnumber: 404
-+homeDirectory: /home/uid404
-+
-+dn: cn=user405,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user405
-+sn: user405
-+uid: uid405
-+givenname: givenname405
-+description: description405
-+userPassword: password405
-+mail: uid405
-+uidnumber: 405
-+gidnumber: 405
-+homeDirectory: /home/uid405
-+
-+dn: cn=user406,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user406
-+sn: user406
-+uid: uid406
-+givenname: givenname406
-+description: description406
-+userPassword: password406
-+mail: uid406
-+uidnumber: 406
-+gidnumber: 406
-+homeDirectory: /home/uid406
-+
-+dn: cn=user407,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user407
-+sn: user407
-+uid: uid407
-+givenname: givenname407
-+description: description407
-+userPassword: password407
-+mail: uid407
-+uidnumber: 407
-+gidnumber: 407
-+homeDirectory: /home/uid407
-+
-+dn: cn=user408,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user408
-+sn: user408
-+uid: uid408
-+givenname: givenname408
-+description: description408
-+userPassword: password408
-+mail: uid408
-+uidnumber: 408
-+gidnumber: 408
-+homeDirectory: /home/uid408
-+
-+dn: cn=user409,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user409
-+sn: user409
-+uid: uid409
-+givenname: givenname409
-+description: description409
-+userPassword: password409
-+mail: uid409
-+uidnumber: 409
-+gidnumber: 409
-+homeDirectory: /home/uid409
-+
-+dn: cn=user410,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user410
-+sn: user410
-+uid: uid410
-+givenname: givenname410
-+description: description410
-+userPassword: password410
-+mail: uid410
-+uidnumber: 410
-+gidnumber: 410
-+homeDirectory: /home/uid410
-+
-+dn: cn=user411,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user411
-+sn: user411
-+uid: uid411
-+givenname: givenname411
-+description: description411
-+userPassword: password411
-+mail: uid411
-+uidnumber: 411
-+gidnumber: 411
-+homeDirectory: /home/uid411
-+
-+dn: cn=user412,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user412
-+sn: user412
-+uid: uid412
-+givenname: givenname412
-+description: description412
-+userPassword: password412
-+mail: uid412
-+uidnumber: 412
-+gidnumber: 412
-+homeDirectory: /home/uid412
-+
-+dn: cn=user413,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user413
-+sn: user413
-+uid: uid413
-+givenname: givenname413
-+description: description413
-+userPassword: password413
-+mail: uid413
-+uidnumber: 413
-+gidnumber: 413
-+homeDirectory: /home/uid413
-+
-+dn: cn=user414,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user414
-+sn: user414
-+uid: uid414
-+givenname: givenname414
-+description: description414
-+userPassword: password414
-+mail: uid414
-+uidnumber: 414
-+gidnumber: 414
-+homeDirectory: /home/uid414
-+
-+dn: cn=user415,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user415
-+sn: user415
-+uid: uid415
-+givenname: givenname415
-+description: description415
-+userPassword: password415
-+mail: uid415
-+uidnumber: 415
-+gidnumber: 415
-+homeDirectory: /home/uid415
-+
-+dn: cn=user416,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user416
-+sn: user416
-+uid: uid416
-+givenname: givenname416
-+description: description416
-+userPassword: password416
-+mail: uid416
-+uidnumber: 416
-+gidnumber: 416
-+homeDirectory: /home/uid416
-+
-+dn: cn=user417,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user417
-+sn: user417
-+uid: uid417
-+givenname: givenname417
-+description: description417
-+userPassword: password417
-+mail: uid417
-+uidnumber: 417
-+gidnumber: 417
-+homeDirectory: /home/uid417
-+
-+dn: cn=user418,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user418
-+sn: user418
-+uid: uid418
-+givenname: givenname418
-+description: description418
-+userPassword: password418
-+mail: uid418
-+uidnumber: 418
-+gidnumber: 418
-+homeDirectory: /home/uid418
-+
-+dn: cn=user419,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user419
-+sn: user419
-+uid: uid419
-+givenname: givenname419
-+description: description419
-+userPassword: password419
-+mail: uid419
-+uidnumber: 419
-+gidnumber: 419
-+homeDirectory: /home/uid419
-+
-+dn: cn=user420,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user420
-+sn: user420
-+uid: uid420
-+givenname: givenname420
-+description: description420
-+userPassword: password420
-+mail: uid420
-+uidnumber: 420
-+gidnumber: 420
-+homeDirectory: /home/uid420
-+
-+dn: cn=user421,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user421
-+sn: user421
-+uid: uid421
-+givenname: givenname421
-+description: description421
-+userPassword: password421
-+mail: uid421
-+uidnumber: 421
-+gidnumber: 421
-+homeDirectory: /home/uid421
-+
-+dn: cn=user422,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user422
-+sn: user422
-+uid: uid422
-+givenname: givenname422
-+description: description422
-+userPassword: password422
-+mail: uid422
-+uidnumber: 422
-+gidnumber: 422
-+homeDirectory: /home/uid422
-+
-+dn: cn=user423,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user423
-+sn: user423
-+uid: uid423
-+givenname: givenname423
-+description: description423
-+userPassword: password423
-+mail: uid423
-+uidnumber: 423
-+gidnumber: 423
-+homeDirectory: /home/uid423
-+
-+dn: cn=user424,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user424
-+sn: user424
-+uid: uid424
-+givenname: givenname424
-+description: description424
-+userPassword: password424
-+mail: uid424
-+uidnumber: 424
-+gidnumber: 424
-+homeDirectory: /home/uid424
-+
-+dn: cn=user425,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user425
-+sn: user425
-+uid: uid425
-+givenname: givenname425
-+description: description425
-+userPassword: password425
-+mail: uid425
-+uidnumber: 425
-+gidnumber: 425
-+homeDirectory: /home/uid425
-+
-+dn: cn=user426,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user426
-+sn: user426
-+uid: uid426
-+givenname: givenname426
-+description: description426
-+userPassword: password426
-+mail: uid426
-+uidnumber: 426
-+gidnumber: 426
-+homeDirectory: /home/uid426
-+
-+dn: cn=user427,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user427
-+sn: user427
-+uid: uid427
-+givenname: givenname427
-+description: description427
-+userPassword: password427
-+mail: uid427
-+uidnumber: 427
-+gidnumber: 427
-+homeDirectory: /home/uid427
-+
-+dn: cn=user428,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user428
-+sn: user428
-+uid: uid428
-+givenname: givenname428
-+description: description428
-+userPassword: password428
-+mail: uid428
-+uidnumber: 428
-+gidnumber: 428
-+homeDirectory: /home/uid428
-+
-+dn: cn=user429,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user429
-+sn: user429
-+uid: uid429
-+givenname: givenname429
-+description: description429
-+userPassword: password429
-+mail: uid429
-+uidnumber: 429
-+gidnumber: 429
-+homeDirectory: /home/uid429
-+
-+dn: cn=user430,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user430
-+sn: user430
-+uid: uid430
-+givenname: givenname430
-+description: description430
-+userPassword: password430
-+mail: uid430
-+uidnumber: 430
-+gidnumber: 430
-+homeDirectory: /home/uid430
-+
-+dn: cn=user431,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user431
-+sn: user431
-+uid: uid431
-+givenname: givenname431
-+description: description431
-+userPassword: password431
-+mail: uid431
-+uidnumber: 431
-+gidnumber: 431
-+homeDirectory: /home/uid431
-+
-+dn: cn=user432,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user432
-+sn: user432
-+uid: uid432
-+givenname: givenname432
-+description: description432
-+userPassword: password432
-+mail: uid432
-+uidnumber: 432
-+gidnumber: 432
-+homeDirectory: /home/uid432
-+
-+dn: cn=user433,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user433
-+sn: user433
-+uid: uid433
-+givenname: givenname433
-+description: description433
-+userPassword: password433
-+mail: uid433
-+uidnumber: 433
-+gidnumber: 433
-+homeDirectory: /home/uid433
-+
-+dn: cn=user434,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user434
-+sn: user434
-+uid: uid434
-+givenname: givenname434
-+description: description434
-+userPassword: password434
-+mail: uid434
-+uidnumber: 434
-+gidnumber: 434
-+homeDirectory: /home/uid434
-+
-+dn: cn=user435,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user435
-+sn: user435
-+uid: uid435
-+givenname: givenname435
-+description: description435
-+userPassword: password435
-+mail: uid435
-+uidnumber: 435
-+gidnumber: 435
-+homeDirectory: /home/uid435
-+
-+dn: cn=user436,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user436
-+sn: user436
-+uid: uid436
-+givenname: givenname436
-+description: description436
-+userPassword: password436
-+mail: uid436
-+uidnumber: 436
-+gidnumber: 436
-+homeDirectory: /home/uid436
-+
-+dn: cn=user437,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user437
-+sn: user437
-+uid: uid437
-+givenname: givenname437
-+description: description437
-+userPassword: password437
-+mail: uid437
-+uidnumber: 437
-+gidnumber: 437
-+homeDirectory: /home/uid437
-+
-+dn: cn=user438,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user438
-+sn: user438
-+uid: uid438
-+givenname: givenname438
-+description: description438
-+userPassword: password438
-+mail: uid438
-+uidnumber: 438
-+gidnumber: 438
-+homeDirectory: /home/uid438
-+
-+dn: cn=user439,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user439
-+sn: user439
-+uid: uid439
-+givenname: givenname439
-+description: description439
-+userPassword: password439
-+mail: uid439
-+uidnumber: 439
-+gidnumber: 439
-+homeDirectory: /home/uid439
-+
-+dn: cn=user440,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user440
-+sn: user440
-+uid: uid440
-+givenname: givenname440
-+description: description440
-+userPassword: password440
-+mail: uid440
-+uidnumber: 440
-+gidnumber: 440
-+homeDirectory: /home/uid440
-+
-+dn: cn=user441,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user441
-+sn: user441
-+uid: uid441
-+givenname: givenname441
-+description: description441
-+userPassword: password441
-+mail: uid441
-+uidnumber: 441
-+gidnumber: 441
-+homeDirectory: /home/uid441
-+
-+dn: cn=user442,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user442
-+sn: user442
-+uid: uid442
-+givenname: givenname442
-+description: description442
-+userPassword: password442
-+mail: uid442
-+uidnumber: 442
-+gidnumber: 442
-+homeDirectory: /home/uid442
-+
-+dn: cn=user443,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user443
-+sn: user443
-+uid: uid443
-+givenname: givenname443
-+description: description443
-+userPassword: password443
-+mail: uid443
-+uidnumber: 443
-+gidnumber: 443
-+homeDirectory: /home/uid443
-+
-+dn: cn=user444,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user444
-+sn: user444
-+uid: uid444
-+givenname: givenname444
-+description: description444
-+userPassword: password444
-+mail: uid444
-+uidnumber: 444
-+gidnumber: 444
-+homeDirectory: /home/uid444
-+
-+dn: cn=user445,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user445
-+sn: user445
-+uid: uid445
-+givenname: givenname445
-+description: description445
-+userPassword: password445
-+mail: uid445
-+uidnumber: 445
-+gidnumber: 445
-+homeDirectory: /home/uid445
-+
-+dn: cn=user446,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user446
-+sn: user446
-+uid: uid446
-+givenname: givenname446
-+description: description446
-+userPassword: password446
-+mail: uid446
-+uidnumber: 446
-+gidnumber: 446
-+homeDirectory: /home/uid446
-+
-+dn: cn=user447,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user447
-+sn: user447
-+uid: uid447
-+givenname: givenname447
-+description: description447
-+userPassword: password447
-+mail: uid447
-+uidnumber: 447
-+gidnumber: 447
-+homeDirectory: /home/uid447
-+
-+dn: cn=user448,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user448
-+sn: user448
-+uid: uid448
-+givenname: givenname448
-+description: description448
-+userPassword: password448
-+mail: uid448
-+uidnumber: 448
-+gidnumber: 448
-+homeDirectory: /home/uid448
-+
-+dn: cn=user449,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user449
-+sn: user449
-+uid: uid449
-+givenname: givenname449
-+description: description449
-+userPassword: password449
-+mail: uid449
-+uidnumber: 449
-+gidnumber: 449
-+homeDirectory: /home/uid449
-+
-+dn: cn=user450,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user450
-+sn: user450
-+uid: uid450
-+givenname: givenname450
-+description: description450
-+userPassword: password450
-+mail: uid450
-+uidnumber: 450
-+gidnumber: 450
-+homeDirectory: /home/uid450
-+
-+dn: cn=user451,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user451
-+sn: user451
-+uid: uid451
-+givenname: givenname451
-+description: description451
-+userPassword: password451
-+mail: uid451
-+uidnumber: 451
-+gidnumber: 451
-+homeDirectory: /home/uid451
-+
-+dn: cn=user452,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user452
-+sn: user452
-+uid: uid452
-+givenname: givenname452
-+description: description452
-+userPassword: password452
-+mail: uid452
-+uidnumber: 452
-+gidnumber: 452
-+homeDirectory: /home/uid452
-+
-+dn: cn=user453,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user453
-+sn: user453
-+uid: uid453
-+givenname: givenname453
-+description: description453
-+userPassword: password453
-+mail: uid453
-+uidnumber: 453
-+gidnumber: 453
-+homeDirectory: /home/uid453
-+
-+dn: cn=user454,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user454
-+sn: user454
-+uid: uid454
-+givenname: givenname454
-+description: description454
-+userPassword: password454
-+mail: uid454
-+uidnumber: 454
-+gidnumber: 454
-+homeDirectory: /home/uid454
-+
-+dn: cn=user455,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user455
-+sn: user455
-+uid: uid455
-+givenname: givenname455
-+description: description455
-+userPassword: password455
-+mail: uid455
-+uidnumber: 455
-+gidnumber: 455
-+homeDirectory: /home/uid455
-+
-+dn: cn=user456,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user456
-+sn: user456
-+uid: uid456
-+givenname: givenname456
-+description: description456
-+userPassword: password456
-+mail: uid456
-+uidnumber: 456
-+gidnumber: 456
-+homeDirectory: /home/uid456
-+
-+dn: cn=user457,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user457
-+sn: user457
-+uid: uid457
-+givenname: givenname457
-+description: description457
-+userPassword: password457
-+mail: uid457
-+uidnumber: 457
-+gidnumber: 457
-+homeDirectory: /home/uid457
-+
-+dn: cn=user458,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user458
-+sn: user458
-+uid: uid458
-+givenname: givenname458
-+description: description458
-+userPassword: password458
-+mail: uid458
-+uidnumber: 458
-+gidnumber: 458
-+homeDirectory: /home/uid458
-+
-+dn: cn=user459,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user459
-+sn: user459
-+uid: uid459
-+givenname: givenname459
-+description: description459
-+userPassword: password459
-+mail: uid459
-+uidnumber: 459
-+gidnumber: 459
-+homeDirectory: /home/uid459
-+
-+dn: cn=user460,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user460
-+sn: user460
-+uid: uid460
-+givenname: givenname460
-+description: description460
-+userPassword: password460
-+mail: uid460
-+uidnumber: 460
-+gidnumber: 460
-+homeDirectory: /home/uid460
-+
-+dn: cn=user461,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user461
-+sn: user461
-+uid: uid461
-+givenname: givenname461
-+description: description461
-+userPassword: password461
-+mail: uid461
-+uidnumber: 461
-+gidnumber: 461
-+homeDirectory: /home/uid461
-+
-+dn: cn=user462,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user462
-+sn: user462
-+uid: uid462
-+givenname: givenname462
-+description: description462
-+userPassword: password462
-+mail: uid462
-+uidnumber: 462
-+gidnumber: 462
-+homeDirectory: /home/uid462
-+
-+dn: cn=user463,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user463
-+sn: user463
-+uid: uid463
-+givenname: givenname463
-+description: description463
-+userPassword: password463
-+mail: uid463
-+uidnumber: 463
-+gidnumber: 463
-+homeDirectory: /home/uid463
-+
-+dn: cn=user464,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user464
-+sn: user464
-+uid: uid464
-+givenname: givenname464
-+description: description464
-+userPassword: password464
-+mail: uid464
-+uidnumber: 464
-+gidnumber: 464
-+homeDirectory: /home/uid464
-+
-+dn: cn=user465,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user465
-+sn: user465
-+uid: uid465
-+givenname: givenname465
-+description: description465
-+userPassword: password465
-+mail: uid465
-+uidnumber: 465
-+gidnumber: 465
-+homeDirectory: /home/uid465
-+
-+dn: cn=user466,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user466
-+sn: user466
-+uid: uid466
-+givenname: givenname466
-+description: description466
-+userPassword: password466
-+mail: uid466
-+uidnumber: 466
-+gidnumber: 466
-+homeDirectory: /home/uid466
-+
-+dn: cn=user467,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user467
-+sn: user467
-+uid: uid467
-+givenname: givenname467
-+description: description467
-+userPassword: password467
-+mail: uid467
-+uidnumber: 467
-+gidnumber: 467
-+homeDirectory: /home/uid467
-+
-+dn: cn=user468,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user468
-+sn: user468
-+uid: uid468
-+givenname: givenname468
-+description: description468
-+userPassword: password468
-+mail: uid468
-+uidnumber: 468
-+gidnumber: 468
-+homeDirectory: /home/uid468
-+
-+dn: cn=user469,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user469
-+sn: user469
-+uid: uid469
-+givenname: givenname469
-+description: description469
-+userPassword: password469
-+mail: uid469
-+uidnumber: 469
-+gidnumber: 469
-+homeDirectory: /home/uid469
-+
-+dn: cn=user470,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user470
-+sn: user470
-+uid: uid470
-+givenname: givenname470
-+description: description470
-+userPassword: password470
-+mail: uid470
-+uidnumber: 470
-+gidnumber: 470
-+homeDirectory: /home/uid470
-+
-+dn: cn=user471,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user471
-+sn: user471
-+uid: uid471
-+givenname: givenname471
-+description: description471
-+userPassword: password471
-+mail: uid471
-+uidnumber: 471
-+gidnumber: 471
-+homeDirectory: /home/uid471
-+
-+dn: cn=user472,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user472
-+sn: user472
-+uid: uid472
-+givenname: givenname472
-+description: description472
-+userPassword: password472
-+mail: uid472
-+uidnumber: 472
-+gidnumber: 472
-+homeDirectory: /home/uid472
-+
-+dn: cn=user473,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user473
-+sn: user473
-+uid: uid473
-+givenname: givenname473
-+description: description473
-+userPassword: password473
-+mail: uid473
-+uidnumber: 473
-+gidnumber: 473
-+homeDirectory: /home/uid473
-+
-+dn: cn=user474,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user474
-+sn: user474
-+uid: uid474
-+givenname: givenname474
-+description: description474
-+userPassword: password474
-+mail: uid474
-+uidnumber: 474
-+gidnumber: 474
-+homeDirectory: /home/uid474
-+
-+dn: cn=user475,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user475
-+sn: user475
-+uid: uid475
-+givenname: givenname475
-+description: description475
-+userPassword: password475
-+mail: uid475
-+uidnumber: 475
-+gidnumber: 475
-+homeDirectory: /home/uid475
-+
-+dn: cn=user476,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user476
-+sn: user476
-+uid: uid476
-+givenname: givenname476
-+description: description476
-+userPassword: password476
-+mail: uid476
-+uidnumber: 476
-+gidnumber: 476
-+homeDirectory: /home/uid476
-+
-+dn: cn=user477,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user477
-+sn: user477
-+uid: uid477
-+givenname: givenname477
-+description: description477
-+userPassword: password477
-+mail: uid477
-+uidnumber: 477
-+gidnumber: 477
-+homeDirectory: /home/uid477
-+
-+dn: cn=user478,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user478
-+sn: user478
-+uid: uid478
-+givenname: givenname478
-+description: description478
-+userPassword: password478
-+mail: uid478
-+uidnumber: 478
-+gidnumber: 478
-+homeDirectory: /home/uid478
-+
-+dn: cn=user479,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user479
-+sn: user479
-+uid: uid479
-+givenname: givenname479
-+description: description479
-+userPassword: password479
-+mail: uid479
-+uidnumber: 479
-+gidnumber: 479
-+homeDirectory: /home/uid479
-+
-+dn: cn=user480,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user480
-+sn: user480
-+uid: uid480
-+givenname: givenname480
-+description: description480
-+userPassword: password480
-+mail: uid480
-+uidnumber: 480
-+gidnumber: 480
-+homeDirectory: /home/uid480
-+
-+dn: cn=user481,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user481
-+sn: user481
-+uid: uid481
-+givenname: givenname481
-+description: description481
-+userPassword: password481
-+mail: uid481
-+uidnumber: 481
-+gidnumber: 481
-+homeDirectory: /home/uid481
-+
-+dn: cn=user482,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user482
-+sn: user482
-+uid: uid482
-+givenname: givenname482
-+description: description482
-+userPassword: password482
-+mail: uid482
-+uidnumber: 482
-+gidnumber: 482
-+homeDirectory: /home/uid482
-+
-+dn: cn=user483,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user483
-+sn: user483
-+uid: uid483
-+givenname: givenname483
-+description: description483
-+userPassword: password483
-+mail: uid483
-+uidnumber: 483
-+gidnumber: 483
-+homeDirectory: /home/uid483
-+
-+dn: cn=user484,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user484
-+sn: user484
-+uid: uid484
-+givenname: givenname484
-+description: description484
-+userPassword: password484
-+mail: uid484
-+uidnumber: 484
-+gidnumber: 484
-+homeDirectory: /home/uid484
-+
-+dn: cn=user485,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user485
-+sn: user485
-+uid: uid485
-+givenname: givenname485
-+description: description485
-+userPassword: password485
-+mail: uid485
-+uidnumber: 485
-+gidnumber: 485
-+homeDirectory: /home/uid485
-+
-+dn: cn=user486,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user486
-+sn: user486
-+uid: uid486
-+givenname: givenname486
-+description: description486
-+userPassword: password486
-+mail: uid486
-+uidnumber: 486
-+gidnumber: 486
-+homeDirectory: /home/uid486
-+
-+dn: cn=user487,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user487
-+sn: user487
-+uid: uid487
-+givenname: givenname487
-+description: description487
-+userPassword: password487
-+mail: uid487
-+uidnumber: 487
-+gidnumber: 487
-+homeDirectory: /home/uid487
-+
-+dn: cn=user488,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user488
-+sn: user488
-+uid: uid488
-+givenname: givenname488
-+description: description488
-+userPassword: password488
-+mail: uid488
-+uidnumber: 488
-+gidnumber: 488
-+homeDirectory: /home/uid488
-+
-+dn: cn=user489,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user489
-+sn: user489
-+uid: uid489
-+givenname: givenname489
-+description: description489
-+userPassword: password489
-+mail: uid489
-+uidnumber: 489
-+gidnumber: 489
-+homeDirectory: /home/uid489
-+
-+dn: cn=user490,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user490
-+sn: user490
-+uid: uid490
-+givenname: givenname490
-+description: description490
-+userPassword: password490
-+mail: uid490
-+uidnumber: 490
-+gidnumber: 490
-+homeDirectory: /home/uid490
-+
-+dn: cn=user491,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user491
-+sn: user491
-+uid: uid491
-+givenname: givenname491
-+description: description491
-+userPassword: password491
-+mail: uid491
-+uidnumber: 491
-+gidnumber: 491
-+homeDirectory: /home/uid491
-+
-+dn: cn=user492,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user492
-+sn: user492
-+uid: uid492
-+givenname: givenname492
-+description: description492
-+userPassword: password492
-+mail: uid492
-+uidnumber: 492
-+gidnumber: 492
-+homeDirectory: /home/uid492
-+
-+dn: cn=user493,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user493
-+sn: user493
-+uid: uid493
-+givenname: givenname493
-+description: description493
-+userPassword: password493
-+mail: uid493
-+uidnumber: 493
-+gidnumber: 493
-+homeDirectory: /home/uid493
-+
-+dn: cn=user494,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user494
-+sn: user494
-+uid: uid494
-+givenname: givenname494
-+description: description494
-+userPassword: password494
-+mail: uid494
-+uidnumber: 494
-+gidnumber: 494
-+homeDirectory: /home/uid494
-+
-+dn: cn=user495,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user495
-+sn: user495
-+uid: uid495
-+givenname: givenname495
-+description: description495
-+userPassword: password495
-+mail: uid495
-+uidnumber: 495
-+gidnumber: 495
-+homeDirectory: /home/uid495
-+
-+dn: cn=user496,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user496
-+sn: user496
-+uid: uid496
-+givenname: givenname496
-+description: description496
-+userPassword: password496
-+mail: uid496
-+uidnumber: 496
-+gidnumber: 496
-+homeDirectory: /home/uid496
-+
-+dn: cn=user497,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user497
-+sn: user497
-+uid: uid497
-+givenname: givenname497
-+description: description497
-+userPassword: password497
-+mail: uid497
-+uidnumber: 497
-+gidnumber: 497
-+homeDirectory: /home/uid497
-+
-+dn: cn=user498,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user498
-+sn: user498
-+uid: uid498
-+givenname: givenname498
-+description: description498
-+userPassword: password498
-+mail: uid498
-+uidnumber: 498
-+gidnumber: 498
-+homeDirectory: /home/uid498
-+
-+dn: cn=user499,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user499
-+sn: user499
-+uid: uid499
-+givenname: givenname499
-+description: description499
-+userPassword: password499
-+mail: uid499
-+uidnumber: 499
-+gidnumber: 499
-+homeDirectory: /home/uid499
-+
-+dn: cn=user500,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user500
-+sn: user500
-+uid: uid500
-+givenname: givenname500
-+description: description500
-+userPassword: password500
-+mail: uid500
-+uidnumber: 500
-+gidnumber: 500
-+homeDirectory: /home/uid500
-+
-+dn: cn=user501,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user501
-+sn: user501
-+uid: uid501
-+givenname: givenname501
-+description: description501
-+userPassword: password501
-+mail: uid501
-+uidnumber: 501
-+gidnumber: 501
-+homeDirectory: /home/uid501
-+
-+dn: cn=user502,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user502
-+sn: user502
-+uid: uid502
-+givenname: givenname502
-+description: description502
-+userPassword: password502
-+mail: uid502
-+uidnumber: 502
-+gidnumber: 502
-+homeDirectory: /home/uid502
-+
-+dn: cn=user503,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user503
-+sn: user503
-+uid: uid503
-+givenname: givenname503
-+description: description503
-+userPassword: password503
-+mail: uid503
-+uidnumber: 503
-+gidnumber: 503
-+homeDirectory: /home/uid503
-+
-+dn: cn=user504,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user504
-+sn: user504
-+uid: uid504
-+givenname: givenname504
-+description: description504
-+userPassword: password504
-+mail: uid504
-+uidnumber: 504
-+gidnumber: 504
-+homeDirectory: /home/uid504
-+
-+dn: cn=user505,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user505
-+sn: user505
-+uid: uid505
-+givenname: givenname505
-+description: description505
-+userPassword: password505
-+mail: uid505
-+uidnumber: 505
-+gidnumber: 505
-+homeDirectory: /home/uid505
-+
-+dn: cn=user506,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user506
-+sn: user506
-+uid: uid506
-+givenname: givenname506
-+description: description506
-+userPassword: password506
-+mail: uid506
-+uidnumber: 506
-+gidnumber: 506
-+homeDirectory: /home/uid506
-+
-+dn: cn=user507,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user507
-+sn: user507
-+uid: uid507
-+givenname: givenname507
-+description: description507
-+userPassword: password507
-+mail: uid507
-+uidnumber: 507
-+gidnumber: 507
-+homeDirectory: /home/uid507
-+
-+dn: cn=user508,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user508
-+sn: user508
-+uid: uid508
-+givenname: givenname508
-+description: description508
-+userPassword: password508
-+mail: uid508
-+uidnumber: 508
-+gidnumber: 508
-+homeDirectory: /home/uid508
-+
-+dn: cn=user509,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user509
-+sn: user509
-+uid: uid509
-+givenname: givenname509
-+description: description509
-+userPassword: password509
-+mail: uid509
-+uidnumber: 509
-+gidnumber: 509
-+homeDirectory: /home/uid509
-+
-+dn: cn=user510,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user510
-+sn: user510
-+uid: uid510
-+givenname: givenname510
-+description: description510
-+userPassword: password510
-+mail: uid510
-+uidnumber: 510
-+gidnumber: 510
-+homeDirectory: /home/uid510
-+
-+dn: cn=user511,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user511
-+sn: user511
-+uid: uid511
-+givenname: givenname511
-+description: description511
-+userPassword: password511
-+mail: uid511
-+uidnumber: 511
-+gidnumber: 511
-+homeDirectory: /home/uid511
-+
-+dn: cn=user512,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user512
-+sn: user512
-+uid: uid512
-+givenname: givenname512
-+description: description512
-+userPassword: password512
-+mail: uid512
-+uidnumber: 512
-+gidnumber: 512
-+homeDirectory: /home/uid512
-+
-+dn: cn=user513,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user513
-+sn: user513
-+uid: uid513
-+givenname: givenname513
-+description: description513
-+userPassword: password513
-+mail: uid513
-+uidnumber: 513
-+gidnumber: 513
-+homeDirectory: /home/uid513
-+
-+dn: cn=user514,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user514
-+sn: user514
-+uid: uid514
-+givenname: givenname514
-+description: description514
-+userPassword: password514
-+mail: uid514
-+uidnumber: 514
-+gidnumber: 514
-+homeDirectory: /home/uid514
-+
-+dn: cn=user515,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user515
-+sn: user515
-+uid: uid515
-+givenname: givenname515
-+description: description515
-+userPassword: password515
-+mail: uid515
-+uidnumber: 515
-+gidnumber: 515
-+homeDirectory: /home/uid515
-+
-+dn: cn=user516,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user516
-+sn: user516
-+uid: uid516
-+givenname: givenname516
-+description: description516
-+userPassword: password516
-+mail: uid516
-+uidnumber: 516
-+gidnumber: 516
-+homeDirectory: /home/uid516
-+
-+dn: cn=user517,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user517
-+sn: user517
-+uid: uid517
-+givenname: givenname517
-+description: description517
-+userPassword: password517
-+mail: uid517
-+uidnumber: 517
-+gidnumber: 517
-+homeDirectory: /home/uid517
-+
-+dn: cn=user518,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user518
-+sn: user518
-+uid: uid518
-+givenname: givenname518
-+description: description518
-+userPassword: password518
-+mail: uid518
-+uidnumber: 518
-+gidnumber: 518
-+homeDirectory: /home/uid518
-+
-+dn: cn=user519,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user519
-+sn: user519
-+uid: uid519
-+givenname: givenname519
-+description: description519
-+userPassword: password519
-+mail: uid519
-+uidnumber: 519
-+gidnumber: 519
-+homeDirectory: /home/uid519
-+
-+dn: cn=user520,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user520
-+sn: user520
-+uid: uid520
-+givenname: givenname520
-+description: description520
-+userPassword: password520
-+mail: uid520
-+uidnumber: 520
-+gidnumber: 520
-+homeDirectory: /home/uid520
-+
-+dn: cn=user521,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user521
-+sn: user521
-+uid: uid521
-+givenname: givenname521
-+description: description521
-+userPassword: password521
-+mail: uid521
-+uidnumber: 521
-+gidnumber: 521
-+homeDirectory: /home/uid521
-+
-+dn: cn=user522,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user522
-+sn: user522
-+uid: uid522
-+givenname: givenname522
-+description: description522
-+userPassword: password522
-+mail: uid522
-+uidnumber: 522
-+gidnumber: 522
-+homeDirectory: /home/uid522
-+
-+dn: cn=user523,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user523
-+sn: user523
-+uid: uid523
-+givenname: givenname523
-+description: description523
-+userPassword: password523
-+mail: uid523
-+uidnumber: 523
-+gidnumber: 523
-+homeDirectory: /home/uid523
-+
-+dn: cn=user524,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user524
-+sn: user524
-+uid: uid524
-+givenname: givenname524
-+description: description524
-+userPassword: password524
-+mail: uid524
-+uidnumber: 524
-+gidnumber: 524
-+homeDirectory: /home/uid524
-+
-+dn: cn=user525,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user525
-+sn: user525
-+uid: uid525
-+givenname: givenname525
-+description: description525
-+userPassword: password525
-+mail: uid525
-+uidnumber: 525
-+gidnumber: 525
-+homeDirectory: /home/uid525
-+
-+dn: cn=user526,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user526
-+sn: user526
-+uid: uid526
-+givenname: givenname526
-+description: description526
-+userPassword: password526
-+mail: uid526
-+uidnumber: 526
-+gidnumber: 526
-+homeDirectory: /home/uid526
-+
-+dn: cn=user527,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user527
-+sn: user527
-+uid: uid527
-+givenname: givenname527
-+description: description527
-+userPassword: password527
-+mail: uid527
-+uidnumber: 527
-+gidnumber: 527
-+homeDirectory: /home/uid527
-+
-+dn: cn=user528,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user528
-+sn: user528
-+uid: uid528
-+givenname: givenname528
-+description: description528
-+userPassword: password528
-+mail: uid528
-+uidnumber: 528
-+gidnumber: 528
-+homeDirectory: /home/uid528
-+
-+dn: cn=user529,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user529
-+sn: user529
-+uid: uid529
-+givenname: givenname529
-+description: description529
-+userPassword: password529
-+mail: uid529
-+uidnumber: 529
-+gidnumber: 529
-+homeDirectory: /home/uid529
-+
-+dn: cn=user530,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user530
-+sn: user530
-+uid: uid530
-+givenname: givenname530
-+description: description530
-+userPassword: password530
-+mail: uid530
-+uidnumber: 530
-+gidnumber: 530
-+homeDirectory: /home/uid530
-+
-+dn: cn=user531,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user531
-+sn: user531
-+uid: uid531
-+givenname: givenname531
-+description: description531
-+userPassword: password531
-+mail: uid531
-+uidnumber: 531
-+gidnumber: 531
-+homeDirectory: /home/uid531
-+
-+dn: cn=user532,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user532
-+sn: user532
-+uid: uid532
-+givenname: givenname532
-+description: description532
-+userPassword: password532
-+mail: uid532
-+uidnumber: 532
-+gidnumber: 532
-+homeDirectory: /home/uid532
-+
-+dn: cn=user533,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user533
-+sn: user533
-+uid: uid533
-+givenname: givenname533
-+description: description533
-+userPassword: password533
-+mail: uid533
-+uidnumber: 533
-+gidnumber: 533
-+homeDirectory: /home/uid533
-+
-+dn: cn=user534,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user534
-+sn: user534
-+uid: uid534
-+givenname: givenname534
-+description: description534
-+userPassword: password534
-+mail: uid534
-+uidnumber: 534
-+gidnumber: 534
-+homeDirectory: /home/uid534
-+
-+dn: cn=user535,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user535
-+sn: user535
-+uid: uid535
-+givenname: givenname535
-+description: description535
-+userPassword: password535
-+mail: uid535
-+uidnumber: 535
-+gidnumber: 535
-+homeDirectory: /home/uid535
-+
-+dn: cn=user536,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user536
-+sn: user536
-+uid: uid536
-+givenname: givenname536
-+description: description536
-+userPassword: password536
-+mail: uid536
-+uidnumber: 536
-+gidnumber: 536
-+homeDirectory: /home/uid536
-+
-+dn: cn=user537,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user537
-+sn: user537
-+uid: uid537
-+givenname: givenname537
-+description: description537
-+userPassword: password537
-+mail: uid537
-+uidnumber: 537
-+gidnumber: 537
-+homeDirectory: /home/uid537
-+
-+dn: cn=user538,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user538
-+sn: user538
-+uid: uid538
-+givenname: givenname538
-+description: description538
-+userPassword: password538
-+mail: uid538
-+uidnumber: 538
-+gidnumber: 538
-+homeDirectory: /home/uid538
-+
-+dn: cn=user539,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user539
-+sn: user539
-+uid: uid539
-+givenname: givenname539
-+description: description539
-+userPassword: password539
-+mail: uid539
-+uidnumber: 539
-+gidnumber: 539
-+homeDirectory: /home/uid539
-+
-+dn: cn=user540,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user540
-+sn: user540
-+uid: uid540
-+givenname: givenname540
-+description: description540
-+userPassword: password540
-+mail: uid540
-+uidnumber: 540
-+gidnumber: 540
-+homeDirectory: /home/uid540
-+
-+dn: cn=user541,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user541
-+sn: user541
-+uid: uid541
-+givenname: givenname541
-+description: description541
-+userPassword: password541
-+mail: uid541
-+uidnumber: 541
-+gidnumber: 541
-+homeDirectory: /home/uid541
-+
-+dn: cn=user542,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user542
-+sn: user542
-+uid: uid542
-+givenname: givenname542
-+description: description542
-+userPassword: password542
-+mail: uid542
-+uidnumber: 542
-+gidnumber: 542
-+homeDirectory: /home/uid542
-+
-+dn: cn=user543,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user543
-+sn: user543
-+uid: uid543
-+givenname: givenname543
-+description: description543
-+userPassword: password543
-+mail: uid543
-+uidnumber: 543
-+gidnumber: 543
-+homeDirectory: /home/uid543
-+
-+dn: cn=user544,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user544
-+sn: user544
-+uid: uid544
-+givenname: givenname544
-+description: description544
-+userPassword: password544
-+mail: uid544
-+uidnumber: 544
-+gidnumber: 544
-+homeDirectory: /home/uid544
-+
-+dn: cn=user545,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user545
-+sn: user545
-+uid: uid545
-+givenname: givenname545
-+description: description545
-+userPassword: password545
-+mail: uid545
-+uidnumber: 545
-+gidnumber: 545
-+homeDirectory: /home/uid545
-+
-+dn: cn=user546,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user546
-+sn: user546
-+uid: uid546
-+givenname: givenname546
-+description: description546
-+userPassword: password546
-+mail: uid546
-+uidnumber: 546
-+gidnumber: 546
-+homeDirectory: /home/uid546
-+
-+dn: cn=user547,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user547
-+sn: user547
-+uid: uid547
-+givenname: givenname547
-+description: description547
-+userPassword: password547
-+mail: uid547
-+uidnumber: 547
-+gidnumber: 547
-+homeDirectory: /home/uid547
-+
-+dn: cn=user548,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user548
-+sn: user548
-+uid: uid548
-+givenname: givenname548
-+description: description548
-+userPassword: password548
-+mail: uid548
-+uidnumber: 548
-+gidnumber: 548
-+homeDirectory: /home/uid548
-+
-+dn: cn=user549,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user549
-+sn: user549
-+uid: uid549
-+givenname: givenname549
-+description: description549
-+userPassword: password549
-+mail: uid549
-+uidnumber: 549
-+gidnumber: 549
-+homeDirectory: /home/uid549
-+
-+dn: cn=user550,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user550
-+sn: user550
-+uid: uid550
-+givenname: givenname550
-+description: description550
-+userPassword: password550
-+mail: uid550
-+uidnumber: 550
-+gidnumber: 550
-+homeDirectory: /home/uid550
-+
-+dn: cn=user551,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user551
-+sn: user551
-+uid: uid551
-+givenname: givenname551
-+description: description551
-+userPassword: password551
-+mail: uid551
-+uidnumber: 551
-+gidnumber: 551
-+homeDirectory: /home/uid551
-+
-+dn: cn=user552,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user552
-+sn: user552
-+uid: uid552
-+givenname: givenname552
-+description: description552
-+userPassword: password552
-+mail: uid552
-+uidnumber: 552
-+gidnumber: 552
-+homeDirectory: /home/uid552
-+
-+dn: cn=user553,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user553
-+sn: user553
-+uid: uid553
-+givenname: givenname553
-+description: description553
-+userPassword: password553
-+mail: uid553
-+uidnumber: 553
-+gidnumber: 553
-+homeDirectory: /home/uid553
-+
-+dn: cn=user554,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user554
-+sn: user554
-+uid: uid554
-+givenname: givenname554
-+description: description554
-+userPassword: password554
-+mail: uid554
-+uidnumber: 554
-+gidnumber: 554
-+homeDirectory: /home/uid554
-+
-+dn: cn=user555,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user555
-+sn: user555
-+uid: uid555
-+givenname: givenname555
-+description: description555
-+userPassword: password555
-+mail: uid555
-+uidnumber: 555
-+gidnumber: 555
-+homeDirectory: /home/uid555
-+
-+dn: cn=user556,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user556
-+sn: user556
-+uid: uid556
-+givenname: givenname556
-+description: description556
-+userPassword: password556
-+mail: uid556
-+uidnumber: 556
-+gidnumber: 556
-+homeDirectory: /home/uid556
-+
-+dn: cn=user557,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user557
-+sn: user557
-+uid: uid557
-+givenname: givenname557
-+description: description557
-+userPassword: password557
-+mail: uid557
-+uidnumber: 557
-+gidnumber: 557
-+homeDirectory: /home/uid557
-+
-+dn: cn=user558,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user558
-+sn: user558
-+uid: uid558
-+givenname: givenname558
-+description: description558
-+userPassword: password558
-+mail: uid558
-+uidnumber: 558
-+gidnumber: 558
-+homeDirectory: /home/uid558
-+
-+dn: cn=user559,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user559
-+sn: user559
-+uid: uid559
-+givenname: givenname559
-+description: description559
-+userPassword: password559
-+mail: uid559
-+uidnumber: 559
-+gidnumber: 559
-+homeDirectory: /home/uid559
-+
-+dn: cn=user560,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user560
-+sn: user560
-+uid: uid560
-+givenname: givenname560
-+description: description560
-+userPassword: password560
-+mail: uid560
-+uidnumber: 560
-+gidnumber: 560
-+homeDirectory: /home/uid560
-+
-+dn: cn=user561,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user561
-+sn: user561
-+uid: uid561
-+givenname: givenname561
-+description: description561
-+userPassword: password561
-+mail: uid561
-+uidnumber: 561
-+gidnumber: 561
-+homeDirectory: /home/uid561
-+
-+dn: cn=user562,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user562
-+sn: user562
-+uid: uid562
-+givenname: givenname562
-+description: description562
-+userPassword: password562
-+mail: uid562
-+uidnumber: 562
-+gidnumber: 562
-+homeDirectory: /home/uid562
-+
-+dn: cn=user563,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user563
-+sn: user563
-+uid: uid563
-+givenname: givenname563
-+description: description563
-+userPassword: password563
-+mail: uid563
-+uidnumber: 563
-+gidnumber: 563
-+homeDirectory: /home/uid563
-+
-+dn: cn=user564,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user564
-+sn: user564
-+uid: uid564
-+givenname: givenname564
-+description: description564
-+userPassword: password564
-+mail: uid564
-+uidnumber: 564
-+gidnumber: 564
-+homeDirectory: /home/uid564
-+
-+dn: cn=user565,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user565
-+sn: user565
-+uid: uid565
-+givenname: givenname565
-+description: description565
-+userPassword: password565
-+mail: uid565
-+uidnumber: 565
-+gidnumber: 565
-+homeDirectory: /home/uid565
-+
-+dn: cn=user566,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user566
-+sn: user566
-+uid: uid566
-+givenname: givenname566
-+description: description566
-+userPassword: password566
-+mail: uid566
-+uidnumber: 566
-+gidnumber: 566
-+homeDirectory: /home/uid566
-+
-+dn: cn=user567,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user567
-+sn: user567
-+uid: uid567
-+givenname: givenname567
-+description: description567
-+userPassword: password567
-+mail: uid567
-+uidnumber: 567
-+gidnumber: 567
-+homeDirectory: /home/uid567
-+
-+dn: cn=user568,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user568
-+sn: user568
-+uid: uid568
-+givenname: givenname568
-+description: description568
-+userPassword: password568
-+mail: uid568
-+uidnumber: 568
-+gidnumber: 568
-+homeDirectory: /home/uid568
-+
-+dn: cn=user569,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user569
-+sn: user569
-+uid: uid569
-+givenname: givenname569
-+description: description569
-+userPassword: password569
-+mail: uid569
-+uidnumber: 569
-+gidnumber: 569
-+homeDirectory: /home/uid569
-+
-+dn: cn=user570,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user570
-+sn: user570
-+uid: uid570
-+givenname: givenname570
-+description: description570
-+userPassword: password570
-+mail: uid570
-+uidnumber: 570
-+gidnumber: 570
-+homeDirectory: /home/uid570
-+
-+dn: cn=user571,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user571
-+sn: user571
-+uid: uid571
-+givenname: givenname571
-+description: description571
-+userPassword: password571
-+mail: uid571
-+uidnumber: 571
-+gidnumber: 571
-+homeDirectory: /home/uid571
-+
-+dn: cn=user572,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user572
-+sn: user572
-+uid: uid572
-+givenname: givenname572
-+description: description572
-+userPassword: password572
-+mail: uid572
-+uidnumber: 572
-+gidnumber: 572
-+homeDirectory: /home/uid572
-+
-+dn: cn=user573,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user573
-+sn: user573
-+uid: uid573
-+givenname: givenname573
-+description: description573
-+userPassword: password573
-+mail: uid573
-+uidnumber: 573
-+gidnumber: 573
-+homeDirectory: /home/uid573
-+
-+dn: cn=user574,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user574
-+sn: user574
-+uid: uid574
-+givenname: givenname574
-+description: description574
-+userPassword: password574
-+mail: uid574
-+uidnumber: 574
-+gidnumber: 574
-+homeDirectory: /home/uid574
-+
-+dn: cn=user575,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user575
-+sn: user575
-+uid: uid575
-+givenname: givenname575
-+description: description575
-+userPassword: password575
-+mail: uid575
-+uidnumber: 575
-+gidnumber: 575
-+homeDirectory: /home/uid575
-+
-+dn: cn=user576,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user576
-+sn: user576
-+uid: uid576
-+givenname: givenname576
-+description: description576
-+userPassword: password576
-+mail: uid576
-+uidnumber: 576
-+gidnumber: 576
-+homeDirectory: /home/uid576
-+
-+dn: cn=user577,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user577
-+sn: user577
-+uid: uid577
-+givenname: givenname577
-+description: description577
-+userPassword: password577
-+mail: uid577
-+uidnumber: 577
-+gidnumber: 577
-+homeDirectory: /home/uid577
-+
-+dn: cn=user578,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user578
-+sn: user578
-+uid: uid578
-+givenname: givenname578
-+description: description578
-+userPassword: password578
-+mail: uid578
-+uidnumber: 578
-+gidnumber: 578
-+homeDirectory: /home/uid578
-+
-+dn: cn=user579,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user579
-+sn: user579
-+uid: uid579
-+givenname: givenname579
-+description: description579
-+userPassword: password579
-+mail: uid579
-+uidnumber: 579
-+gidnumber: 579
-+homeDirectory: /home/uid579
-+
-+dn: cn=user580,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user580
-+sn: user580
-+uid: uid580
-+givenname: givenname580
-+description: description580
-+userPassword: password580
-+mail: uid580
-+uidnumber: 580
-+gidnumber: 580
-+homeDirectory: /home/uid580
-+
-+dn: cn=user581,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user581
-+sn: user581
-+uid: uid581
-+givenname: givenname581
-+description: description581
-+userPassword: password581
-+mail: uid581
-+uidnumber: 581
-+gidnumber: 581
-+homeDirectory: /home/uid581
-+
-+dn: cn=user582,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user582
-+sn: user582
-+uid: uid582
-+givenname: givenname582
-+description: description582
-+userPassword: password582
-+mail: uid582
-+uidnumber: 582
-+gidnumber: 582
-+homeDirectory: /home/uid582
-+
-+dn: cn=user583,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user583
-+sn: user583
-+uid: uid583
-+givenname: givenname583
-+description: description583
-+userPassword: password583
-+mail: uid583
-+uidnumber: 583
-+gidnumber: 583
-+homeDirectory: /home/uid583
-+
-+dn: cn=user584,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user584
-+sn: user584
-+uid: uid584
-+givenname: givenname584
-+description: description584
-+userPassword: password584
-+mail: uid584
-+uidnumber: 584
-+gidnumber: 584
-+homeDirectory: /home/uid584
-+
-+dn: cn=user585,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user585
-+sn: user585
-+uid: uid585
-+givenname: givenname585
-+description: description585
-+userPassword: password585
-+mail: uid585
-+uidnumber: 585
-+gidnumber: 585
-+homeDirectory: /home/uid585
-+
-+dn: cn=user586,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user586
-+sn: user586
-+uid: uid586
-+givenname: givenname586
-+description: description586
-+userPassword: password586
-+mail: uid586
-+uidnumber: 586
-+gidnumber: 586
-+homeDirectory: /home/uid586
-+
-+dn: cn=user587,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user587
-+sn: user587
-+uid: uid587
-+givenname: givenname587
-+description: description587
-+userPassword: password587
-+mail: uid587
-+uidnumber: 587
-+gidnumber: 587
-+homeDirectory: /home/uid587
-+
-+dn: cn=user588,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user588
-+sn: user588
-+uid: uid588
-+givenname: givenname588
-+description: description588
-+userPassword: password588
-+mail: uid588
-+uidnumber: 588
-+gidnumber: 588
-+homeDirectory: /home/uid588
-+
-+dn: cn=user589,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user589
-+sn: user589
-+uid: uid589
-+givenname: givenname589
-+description: description589
-+userPassword: password589
-+mail: uid589
-+uidnumber: 589
-+gidnumber: 589
-+homeDirectory: /home/uid589
-+
-+dn: cn=user590,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user590
-+sn: user590
-+uid: uid590
-+givenname: givenname590
-+description: description590
-+userPassword: password590
-+mail: uid590
-+uidnumber: 590
-+gidnumber: 590
-+homeDirectory: /home/uid590
-+
-+dn: cn=user591,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user591
-+sn: user591
-+uid: uid591
-+givenname: givenname591
-+description: description591
-+userPassword: password591
-+mail: uid591
-+uidnumber: 591
-+gidnumber: 591
-+homeDirectory: /home/uid591
-+
-+dn: cn=user592,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user592
-+sn: user592
-+uid: uid592
-+givenname: givenname592
-+description: description592
-+userPassword: password592
-+mail: uid592
-+uidnumber: 592
-+gidnumber: 592
-+homeDirectory: /home/uid592
-+
-+dn: cn=user593,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user593
-+sn: user593
-+uid: uid593
-+givenname: givenname593
-+description: description593
-+userPassword: password593
-+mail: uid593
-+uidnumber: 593
-+gidnumber: 593
-+homeDirectory: /home/uid593
-+
-+dn: cn=user594,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user594
-+sn: user594
-+uid: uid594
-+givenname: givenname594
-+description: description594
-+userPassword: password594
-+mail: uid594
-+uidnumber: 594
-+gidnumber: 594
-+homeDirectory: /home/uid594
-+
-+dn: cn=user595,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user595
-+sn: user595
-+uid: uid595
-+givenname: givenname595
-+description: description595
-+userPassword: password595
-+mail: uid595
-+uidnumber: 595
-+gidnumber: 595
-+homeDirectory: /home/uid595
-+
-+dn: cn=user596,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user596
-+sn: user596
-+uid: uid596
-+givenname: givenname596
-+description: description596
-+userPassword: password596
-+mail: uid596
-+uidnumber: 596
-+gidnumber: 596
-+homeDirectory: /home/uid596
-+
-+dn: cn=user597,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user597
-+sn: user597
-+uid: uid597
-+givenname: givenname597
-+description: description597
-+userPassword: password597
-+mail: uid597
-+uidnumber: 597
-+gidnumber: 597
-+homeDirectory: /home/uid597
-+
-+dn: cn=user598,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user598
-+sn: user598
-+uid: uid598
-+givenname: givenname598
-+description: description598
-+userPassword: password598
-+mail: uid598
-+uidnumber: 598
-+gidnumber: 598
-+homeDirectory: /home/uid598
-+
-+dn: cn=user599,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user599
-+sn: user599
-+uid: uid599
-+givenname: givenname599
-+description: description599
-+userPassword: password599
-+mail: uid599
-+uidnumber: 599
-+gidnumber: 599
-+homeDirectory: /home/uid599
-+
-+dn: cn=user600,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user600
-+sn: user600
-+uid: uid600
-+givenname: givenname600
-+description: description600
-+userPassword: password600
-+mail: uid600
-+uidnumber: 600
-+gidnumber: 600
-+homeDirectory: /home/uid600
-+
-+dn: cn=user601,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user601
-+sn: user601
-+uid: uid601
-+givenname: givenname601
-+description: description601
-+userPassword: password601
-+mail: uid601
-+uidnumber: 601
-+gidnumber: 601
-+homeDirectory: /home/uid601
-+
-+dn: cn=user602,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user602
-+sn: user602
-+uid: uid602
-+givenname: givenname602
-+description: description602
-+userPassword: password602
-+mail: uid602
-+uidnumber: 602
-+gidnumber: 602
-+homeDirectory: /home/uid602
-+
-+dn: cn=user603,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user603
-+sn: user603
-+uid: uid603
-+givenname: givenname603
-+description: description603
-+userPassword: password603
-+mail: uid603
-+uidnumber: 603
-+gidnumber: 603
-+homeDirectory: /home/uid603
-+
-+dn: cn=user604,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user604
-+sn: user604
-+uid: uid604
-+givenname: givenname604
-+description: description604
-+userPassword: password604
-+mail: uid604
-+uidnumber: 604
-+gidnumber: 604
-+homeDirectory: /home/uid604
-+
-+dn: cn=user605,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user605
-+sn: user605
-+uid: uid605
-+givenname: givenname605
-+description: description605
-+userPassword: password605
-+mail: uid605
-+uidnumber: 605
-+gidnumber: 605
-+homeDirectory: /home/uid605
-+
-+dn: cn=user606,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user606
-+sn: user606
-+uid: uid606
-+givenname: givenname606
-+description: description606
-+userPassword: password606
-+mail: uid606
-+uidnumber: 606
-+gidnumber: 606
-+homeDirectory: /home/uid606
-+
-+dn: cn=user607,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user607
-+sn: user607
-+uid: uid607
-+givenname: givenname607
-+description: description607
-+userPassword: password607
-+mail: uid607
-+uidnumber: 607
-+gidnumber: 607
-+homeDirectory: /home/uid607
-+
-+dn: cn=user608,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user608
-+sn: user608
-+uid: uid608
-+givenname: givenname608
-+description: description608
-+userPassword: password608
-+mail: uid608
-+uidnumber: 608
-+gidnumber: 608
-+homeDirectory: /home/uid608
-+
-+dn: cn=user609,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user609
-+sn: user609
-+uid: uid609
-+givenname: givenname609
-+description: description609
-+userPassword: password609
-+mail: uid609
-+uidnumber: 609
-+gidnumber: 609
-+homeDirectory: /home/uid609
-+
-+dn: cn=user610,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user610
-+sn: user610
-+uid: uid610
-+givenname: givenname610
-+description: description610
-+userPassword: password610
-+mail: uid610
-+uidnumber: 610
-+gidnumber: 610
-+homeDirectory: /home/uid610
-+
-+dn: cn=user611,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user611
-+sn: user611
-+uid: uid611
-+givenname: givenname611
-+description: description611
-+userPassword: password611
-+mail: uid611
-+uidnumber: 611
-+gidnumber: 611
-+homeDirectory: /home/uid611
-+
-+dn: cn=user612,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user612
-+sn: user612
-+uid: uid612
-+givenname: givenname612
-+description: description612
-+userPassword: password612
-+mail: uid612
-+uidnumber: 612
-+gidnumber: 612
-+homeDirectory: /home/uid612
-+
-+dn: cn=user613,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user613
-+sn: user613
-+uid: uid613
-+givenname: givenname613
-+description: description613
-+userPassword: password613
-+mail: uid613
-+uidnumber: 613
-+gidnumber: 613
-+homeDirectory: /home/uid613
-+
-+dn: cn=user614,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user614
-+sn: user614
-+uid: uid614
-+givenname: givenname614
-+description: description614
-+userPassword: password614
-+mail: uid614
-+uidnumber: 614
-+gidnumber: 614
-+homeDirectory: /home/uid614
-+
-+dn: cn=user615,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user615
-+sn: user615
-+uid: uid615
-+givenname: givenname615
-+description: description615
-+userPassword: password615
-+mail: uid615
-+uidnumber: 615
-+gidnumber: 615
-+homeDirectory: /home/uid615
-+
-+dn: cn=user616,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user616
-+sn: user616
-+uid: uid616
-+givenname: givenname616
-+description: description616
-+userPassword: password616
-+mail: uid616
-+uidnumber: 616
-+gidnumber: 616
-+homeDirectory: /home/uid616
-+
-+dn: cn=user617,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user617
-+sn: user617
-+uid: uid617
-+givenname: givenname617
-+description: description617
-+userPassword: password617
-+mail: uid617
-+uidnumber: 617
-+gidnumber: 617
-+homeDirectory: /home/uid617
-+
-+dn: cn=user618,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user618
-+sn: user618
-+uid: uid618
-+givenname: givenname618
-+description: description618
-+userPassword: password618
-+mail: uid618
-+uidnumber: 618
-+gidnumber: 618
-+homeDirectory: /home/uid618
-+
-+dn: cn=user619,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user619
-+sn: user619
-+uid: uid619
-+givenname: givenname619
-+description: description619
-+userPassword: password619
-+mail: uid619
-+uidnumber: 619
-+gidnumber: 619
-+homeDirectory: /home/uid619
-+
-+dn: cn=user620,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user620
-+sn: user620
-+uid: uid620
-+givenname: givenname620
-+description: description620
-+userPassword: password620
-+mail: uid620
-+uidnumber: 620
-+gidnumber: 620
-+homeDirectory: /home/uid620
-+
-+dn: cn=user621,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user621
-+sn: user621
-+uid: uid621
-+givenname: givenname621
-+description: description621
-+userPassword: password621
-+mail: uid621
-+uidnumber: 621
-+gidnumber: 621
-+homeDirectory: /home/uid621
-+
-+dn: cn=user622,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user622
-+sn: user622
-+uid: uid622
-+givenname: givenname622
-+description: description622
-+userPassword: password622
-+mail: uid622
-+uidnumber: 622
-+gidnumber: 622
-+homeDirectory: /home/uid622
-+
-+dn: cn=user623,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user623
-+sn: user623
-+uid: uid623
-+givenname: givenname623
-+description: description623
-+userPassword: password623
-+mail: uid623
-+uidnumber: 623
-+gidnumber: 623
-+homeDirectory: /home/uid623
-+
-+dn: cn=user624,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user624
-+sn: user624
-+uid: uid624
-+givenname: givenname624
-+description: description624
-+userPassword: password624
-+mail: uid624
-+uidnumber: 624
-+gidnumber: 624
-+homeDirectory: /home/uid624
-+
-+dn: cn=user625,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user625
-+sn: user625
-+uid: uid625
-+givenname: givenname625
-+description: description625
-+userPassword: password625
-+mail: uid625
-+uidnumber: 625
-+gidnumber: 625
-+homeDirectory: /home/uid625
-+
-+dn: cn=user626,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user626
-+sn: user626
-+uid: uid626
-+givenname: givenname626
-+description: description626
-+userPassword: password626
-+mail: uid626
-+uidnumber: 626
-+gidnumber: 626
-+homeDirectory: /home/uid626
-+
-+dn: cn=user627,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user627
-+sn: user627
-+uid: uid627
-+givenname: givenname627
-+description: description627
-+userPassword: password627
-+mail: uid627
-+uidnumber: 627
-+gidnumber: 627
-+homeDirectory: /home/uid627
-+
-+dn: cn=user628,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user628
-+sn: user628
-+uid: uid628
-+givenname: givenname628
-+description: description628
-+userPassword: password628
-+mail: uid628
-+uidnumber: 628
-+gidnumber: 628
-+homeDirectory: /home/uid628
-+
-+dn: cn=user629,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user629
-+sn: user629
-+uid: uid629
-+givenname: givenname629
-+description: description629
-+userPassword: password629
-+mail: uid629
-+uidnumber: 629
-+gidnumber: 629
-+homeDirectory: /home/uid629
-+
-+dn: cn=user630,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user630
-+sn: user630
-+uid: uid630
-+givenname: givenname630
-+description: description630
-+userPassword: password630
-+mail: uid630
-+uidnumber: 630
-+gidnumber: 630
-+homeDirectory: /home/uid630
-+
-+dn: cn=user631,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user631
-+sn: user631
-+uid: uid631
-+givenname: givenname631
-+description: description631
-+userPassword: password631
-+mail: uid631
-+uidnumber: 631
-+gidnumber: 631
-+homeDirectory: /home/uid631
-+
-+dn: cn=user632,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user632
-+sn: user632
-+uid: uid632
-+givenname: givenname632
-+description: description632
-+userPassword: password632
-+mail: uid632
-+uidnumber: 632
-+gidnumber: 632
-+homeDirectory: /home/uid632
-+
-+dn: cn=user633,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user633
-+sn: user633
-+uid: uid633
-+givenname: givenname633
-+description: description633
-+userPassword: password633
-+mail: uid633
-+uidnumber: 633
-+gidnumber: 633
-+homeDirectory: /home/uid633
-+
-+dn: cn=user634,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user634
-+sn: user634
-+uid: uid634
-+givenname: givenname634
-+description: description634
-+userPassword: password634
-+mail: uid634
-+uidnumber: 634
-+gidnumber: 634
-+homeDirectory: /home/uid634
-+
-+dn: cn=user635,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user635
-+sn: user635
-+uid: uid635
-+givenname: givenname635
-+description: description635
-+userPassword: password635
-+mail: uid635
-+uidnumber: 635
-+gidnumber: 635
-+homeDirectory: /home/uid635
-+
-+dn: cn=user636,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user636
-+sn: user636
-+uid: uid636
-+givenname: givenname636
-+description: description636
-+userPassword: password636
-+mail: uid636
-+uidnumber: 636
-+gidnumber: 636
-+homeDirectory: /home/uid636
-+
-+dn: cn=user637,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user637
-+sn: user637
-+uid: uid637
-+givenname: givenname637
-+description: description637
-+userPassword: password637
-+mail: uid637
-+uidnumber: 637
-+gidnumber: 637
-+homeDirectory: /home/uid637
-+
-+dn: cn=user638,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user638
-+sn: user638
-+uid: uid638
-+givenname: givenname638
-+description: description638
-+userPassword: password638
-+mail: uid638
-+uidnumber: 638
-+gidnumber: 638
-+homeDirectory: /home/uid638
-+
-+dn: cn=user639,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user639
-+sn: user639
-+uid: uid639
-+givenname: givenname639
-+description: description639
-+userPassword: password639
-+mail: uid639
-+uidnumber: 639
-+gidnumber: 639
-+homeDirectory: /home/uid639
-+
-+dn: cn=user640,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user640
-+sn: user640
-+uid: uid640
-+givenname: givenname640
-+description: description640
-+userPassword: password640
-+mail: uid640
-+uidnumber: 640
-+gidnumber: 640
-+homeDirectory: /home/uid640
-+
-+dn: cn=user641,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user641
-+sn: user641
-+uid: uid641
-+givenname: givenname641
-+description: description641
-+userPassword: password641
-+mail: uid641
-+uidnumber: 641
-+gidnumber: 641
-+homeDirectory: /home/uid641
-+
-+dn: cn=user642,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user642
-+sn: user642
-+uid: uid642
-+givenname: givenname642
-+description: description642
-+userPassword: password642
-+mail: uid642
-+uidnumber: 642
-+gidnumber: 642
-+homeDirectory: /home/uid642
-+
-+dn: cn=user643,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user643
-+sn: user643
-+uid: uid643
-+givenname: givenname643
-+description: description643
-+userPassword: password643
-+mail: uid643
-+uidnumber: 643
-+gidnumber: 643
-+homeDirectory: /home/uid643
-+
-+dn: cn=user644,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user644
-+sn: user644
-+uid: uid644
-+givenname: givenname644
-+description: description644
-+userPassword: password644
-+mail: uid644
-+uidnumber: 644
-+gidnumber: 644
-+homeDirectory: /home/uid644
-+
-+dn: cn=user645,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user645
-+sn: user645
-+uid: uid645
-+givenname: givenname645
-+description: description645
-+userPassword: password645
-+mail: uid645
-+uidnumber: 645
-+gidnumber: 645
-+homeDirectory: /home/uid645
-+
-+dn: cn=user646,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user646
-+sn: user646
-+uid: uid646
-+givenname: givenname646
-+description: description646
-+userPassword: password646
-+mail: uid646
-+uidnumber: 646
-+gidnumber: 646
-+homeDirectory: /home/uid646
-+
-+dn: cn=user647,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user647
-+sn: user647
-+uid: uid647
-+givenname: givenname647
-+description: description647
-+userPassword: password647
-+mail: uid647
-+uidnumber: 647
-+gidnumber: 647
-+homeDirectory: /home/uid647
-+
-+dn: cn=user648,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user648
-+sn: user648
-+uid: uid648
-+givenname: givenname648
-+description: description648
-+userPassword: password648
-+mail: uid648
-+uidnumber: 648
-+gidnumber: 648
-+homeDirectory: /home/uid648
-+
-+dn: cn=user649,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user649
-+sn: user649
-+uid: uid649
-+givenname: givenname649
-+description: description649
-+userPassword: password649
-+mail: uid649
-+uidnumber: 649
-+gidnumber: 649
-+homeDirectory: /home/uid649
-+
-+dn: cn=user650,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user650
-+sn: user650
-+uid: uid650
-+givenname: givenname650
-+description: description650
-+userPassword: password650
-+mail: uid650
-+uidnumber: 650
-+gidnumber: 650
-+homeDirectory: /home/uid650
-+
-+dn: cn=user651,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user651
-+sn: user651
-+uid: uid651
-+givenname: givenname651
-+description: description651
-+userPassword: password651
-+mail: uid651
-+uidnumber: 651
-+gidnumber: 651
-+homeDirectory: /home/uid651
-+
-+dn: cn=user652,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user652
-+sn: user652
-+uid: uid652
-+givenname: givenname652
-+description: description652
-+userPassword: password652
-+mail: uid652
-+uidnumber: 652
-+gidnumber: 652
-+homeDirectory: /home/uid652
-+
-+dn: cn=user653,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user653
-+sn: user653
-+uid: uid653
-+givenname: givenname653
-+description: description653
-+userPassword: password653
-+mail: uid653
-+uidnumber: 653
-+gidnumber: 653
-+homeDirectory: /home/uid653
-+
-+dn: cn=user654,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user654
-+sn: user654
-+uid: uid654
-+givenname: givenname654
-+description: description654
-+userPassword: password654
-+mail: uid654
-+uidnumber: 654
-+gidnumber: 654
-+homeDirectory: /home/uid654
-+
-+dn: cn=user655,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user655
-+sn: user655
-+uid: uid655
-+givenname: givenname655
-+description: description655
-+userPassword: password655
-+mail: uid655
-+uidnumber: 655
-+gidnumber: 655
-+homeDirectory: /home/uid655
-+
-+dn: cn=user656,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user656
-+sn: user656
-+uid: uid656
-+givenname: givenname656
-+description: description656
-+userPassword: password656
-+mail: uid656
-+uidnumber: 656
-+gidnumber: 656
-+homeDirectory: /home/uid656
-+
-+dn: cn=user657,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user657
-+sn: user657
-+uid: uid657
-+givenname: givenname657
-+description: description657
-+userPassword: password657
-+mail: uid657
-+uidnumber: 657
-+gidnumber: 657
-+homeDirectory: /home/uid657
-+
-+dn: cn=user658,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user658
-+sn: user658
-+uid: uid658
-+givenname: givenname658
-+description: description658
-+userPassword: password658
-+mail: uid658
-+uidnumber: 658
-+gidnumber: 658
-+homeDirectory: /home/uid658
-+
-+dn: cn=user659,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user659
-+sn: user659
-+uid: uid659
-+givenname: givenname659
-+description: description659
-+userPassword: password659
-+mail: uid659
-+uidnumber: 659
-+gidnumber: 659
-+homeDirectory: /home/uid659
-+
-+dn: cn=user660,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user660
-+sn: user660
-+uid: uid660
-+givenname: givenname660
-+description: description660
-+userPassword: password660
-+mail: uid660
-+uidnumber: 660
-+gidnumber: 660
-+homeDirectory: /home/uid660
-+
-+dn: cn=user661,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user661
-+sn: user661
-+uid: uid661
-+givenname: givenname661
-+description: description661
-+userPassword: password661
-+mail: uid661
-+uidnumber: 661
-+gidnumber: 661
-+homeDirectory: /home/uid661
-+
-+dn: cn=user662,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user662
-+sn: user662
-+uid: uid662
-+givenname: givenname662
-+description: description662
-+userPassword: password662
-+mail: uid662
-+uidnumber: 662
-+gidnumber: 662
-+homeDirectory: /home/uid662
-+
-+dn: cn=user663,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user663
-+sn: user663
-+uid: uid663
-+givenname: givenname663
-+description: description663
-+userPassword: password663
-+mail: uid663
-+uidnumber: 663
-+gidnumber: 663
-+homeDirectory: /home/uid663
-+
-+dn: cn=user664,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user664
-+sn: user664
-+uid: uid664
-+givenname: givenname664
-+description: description664
-+userPassword: password664
-+mail: uid664
-+uidnumber: 664
-+gidnumber: 664
-+homeDirectory: /home/uid664
-+
-+dn: cn=user665,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user665
-+sn: user665
-+uid: uid665
-+givenname: givenname665
-+description: description665
-+userPassword: password665
-+mail: uid665
-+uidnumber: 665
-+gidnumber: 665
-+homeDirectory: /home/uid665
-+
-+dn: cn=user666,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user666
-+sn: user666
-+uid: uid666
-+givenname: givenname666
-+description: description666
-+userPassword: password666
-+mail: uid666
-+uidnumber: 666
-+gidnumber: 666
-+homeDirectory: /home/uid666
-+
-+dn: cn=user667,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user667
-+sn: user667
-+uid: uid667
-+givenname: givenname667
-+description: description667
-+userPassword: password667
-+mail: uid667
-+uidnumber: 667
-+gidnumber: 667
-+homeDirectory: /home/uid667
-+
-+dn: cn=user668,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user668
-+sn: user668
-+uid: uid668
-+givenname: givenname668
-+description: description668
-+userPassword: password668
-+mail: uid668
-+uidnumber: 668
-+gidnumber: 668
-+homeDirectory: /home/uid668
-+
-+dn: cn=user669,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user669
-+sn: user669
-+uid: uid669
-+givenname: givenname669
-+description: description669
-+userPassword: password669
-+mail: uid669
-+uidnumber: 669
-+gidnumber: 669
-+homeDirectory: /home/uid669
-+
-+dn: cn=user670,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user670
-+sn: user670
-+uid: uid670
-+givenname: givenname670
-+description: description670
-+userPassword: password670
-+mail: uid670
-+uidnumber: 670
-+gidnumber: 670
-+homeDirectory: /home/uid670
-+
-+dn: cn=user671,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user671
-+sn: user671
-+uid: uid671
-+givenname: givenname671
-+description: description671
-+userPassword: password671
-+mail: uid671
-+uidnumber: 671
-+gidnumber: 671
-+homeDirectory: /home/uid671
-+
-+dn: cn=user672,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user672
-+sn: user672
-+uid: uid672
-+givenname: givenname672
-+description: description672
-+userPassword: password672
-+mail: uid672
-+uidnumber: 672
-+gidnumber: 672
-+homeDirectory: /home/uid672
-+
-+dn: cn=user673,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user673
-+sn: user673
-+uid: uid673
-+givenname: givenname673
-+description: description673
-+userPassword: password673
-+mail: uid673
-+uidnumber: 673
-+gidnumber: 673
-+homeDirectory: /home/uid673
-+
-+dn: cn=user674,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user674
-+sn: user674
-+uid: uid674
-+givenname: givenname674
-+description: description674
-+userPassword: password674
-+mail: uid674
-+uidnumber: 674
-+gidnumber: 674
-+homeDirectory: /home/uid674
-+
-+dn: cn=user675,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user675
-+sn: user675
-+uid: uid675
-+givenname: givenname675
-+description: description675
-+userPassword: password675
-+mail: uid675
-+uidnumber: 675
-+gidnumber: 675
-+homeDirectory: /home/uid675
-+
-+dn: cn=user676,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user676
-+sn: user676
-+uid: uid676
-+givenname: givenname676
-+description: description676
-+userPassword: password676
-+mail: uid676
-+uidnumber: 676
-+gidnumber: 676
-+homeDirectory: /home/uid676
-+
-+dn: cn=user677,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user677
-+sn: user677
-+uid: uid677
-+givenname: givenname677
-+description: description677
-+userPassword: password677
-+mail: uid677
-+uidnumber: 677
-+gidnumber: 677
-+homeDirectory: /home/uid677
-+
-+dn: cn=user678,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user678
-+sn: user678
-+uid: uid678
-+givenname: givenname678
-+description: description678
-+userPassword: password678
-+mail: uid678
-+uidnumber: 678
-+gidnumber: 678
-+homeDirectory: /home/uid678
-+
-+dn: cn=user679,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user679
-+sn: user679
-+uid: uid679
-+givenname: givenname679
-+description: description679
-+userPassword: password679
-+mail: uid679
-+uidnumber: 679
-+gidnumber: 679
-+homeDirectory: /home/uid679
-+
-+dn: cn=user680,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user680
-+sn: user680
-+uid: uid680
-+givenname: givenname680
-+description: description680
-+userPassword: password680
-+mail: uid680
-+uidnumber: 680
-+gidnumber: 680
-+homeDirectory: /home/uid680
-+
-+dn: cn=user681,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user681
-+sn: user681
-+uid: uid681
-+givenname: givenname681
-+description: description681
-+userPassword: password681
-+mail: uid681
-+uidnumber: 681
-+gidnumber: 681
-+homeDirectory: /home/uid681
-+
-+dn: cn=user682,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user682
-+sn: user682
-+uid: uid682
-+givenname: givenname682
-+description: description682
-+userPassword: password682
-+mail: uid682
-+uidnumber: 682
-+gidnumber: 682
-+homeDirectory: /home/uid682
-+
-+dn: cn=user683,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user683
-+sn: user683
-+uid: uid683
-+givenname: givenname683
-+description: description683
-+userPassword: password683
-+mail: uid683
-+uidnumber: 683
-+gidnumber: 683
-+homeDirectory: /home/uid683
-+
-+dn: cn=user684,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user684
-+sn: user684
-+uid: uid684
-+givenname: givenname684
-+description: description684
-+userPassword: password684
-+mail: uid684
-+uidnumber: 684
-+gidnumber: 684
-+homeDirectory: /home/uid684
-+
-+dn: cn=user685,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user685
-+sn: user685
-+uid: uid685
-+givenname: givenname685
-+description: description685
-+userPassword: password685
-+mail: uid685
-+uidnumber: 685
-+gidnumber: 685
-+homeDirectory: /home/uid685
-+
-+dn: cn=user686,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user686
-+sn: user686
-+uid: uid686
-+givenname: givenname686
-+description: description686
-+userPassword: password686
-+mail: uid686
-+uidnumber: 686
-+gidnumber: 686
-+homeDirectory: /home/uid686
-+
-+dn: cn=user687,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user687
-+sn: user687
-+uid: uid687
-+givenname: givenname687
-+description: description687
-+userPassword: password687
-+mail: uid687
-+uidnumber: 687
-+gidnumber: 687
-+homeDirectory: /home/uid687
-+
-+dn: cn=user688,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user688
-+sn: user688
-+uid: uid688
-+givenname: givenname688
-+description: description688
-+userPassword: password688
-+mail: uid688
-+uidnumber: 688
-+gidnumber: 688
-+homeDirectory: /home/uid688
-+
-+dn: cn=user689,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user689
-+sn: user689
-+uid: uid689
-+givenname: givenname689
-+description: description689
-+userPassword: password689
-+mail: uid689
-+uidnumber: 689
-+gidnumber: 689
-+homeDirectory: /home/uid689
-+
-+dn: cn=user690,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user690
-+sn: user690
-+uid: uid690
-+givenname: givenname690
-+description: description690
-+userPassword: password690
-+mail: uid690
-+uidnumber: 690
-+gidnumber: 690
-+homeDirectory: /home/uid690
-+
-+dn: cn=user691,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user691
-+sn: user691
-+uid: uid691
-+givenname: givenname691
-+description: description691
-+userPassword: password691
-+mail: uid691
-+uidnumber: 691
-+gidnumber: 691
-+homeDirectory: /home/uid691
-+
-+dn: cn=user692,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user692
-+sn: user692
-+uid: uid692
-+givenname: givenname692
-+description: description692
-+userPassword: password692
-+mail: uid692
-+uidnumber: 692
-+gidnumber: 692
-+homeDirectory: /home/uid692
-+
-+dn: cn=user693,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user693
-+sn: user693
-+uid: uid693
-+givenname: givenname693
-+description: description693
-+userPassword: password693
-+mail: uid693
-+uidnumber: 693
-+gidnumber: 693
-+homeDirectory: /home/uid693
-+
-+dn: cn=user694,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user694
-+sn: user694
-+uid: uid694
-+givenname: givenname694
-+description: description694
-+userPassword: password694
-+mail: uid694
-+uidnumber: 694
-+gidnumber: 694
-+homeDirectory: /home/uid694
-+
-+dn: cn=user695,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user695
-+sn: user695
-+uid: uid695
-+givenname: givenname695
-+description: description695
-+userPassword: password695
-+mail: uid695
-+uidnumber: 695
-+gidnumber: 695
-+homeDirectory: /home/uid695
-+
-+dn: cn=user696,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user696
-+sn: user696
-+uid: uid696
-+givenname: givenname696
-+description: description696
-+userPassword: password696
-+mail: uid696
-+uidnumber: 696
-+gidnumber: 696
-+homeDirectory: /home/uid696
-+
-+dn: cn=user697,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user697
-+sn: user697
-+uid: uid697
-+givenname: givenname697
-+description: description697
-+userPassword: password697
-+mail: uid697
-+uidnumber: 697
-+gidnumber: 697
-+homeDirectory: /home/uid697
-+
-+dn: cn=user698,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user698
-+sn: user698
-+uid: uid698
-+givenname: givenname698
-+description: description698
-+userPassword: password698
-+mail: uid698
-+uidnumber: 698
-+gidnumber: 698
-+homeDirectory: /home/uid698
-+
-+dn: cn=user699,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user699
-+sn: user699
-+uid: uid699
-+givenname: givenname699
-+description: description699
-+userPassword: password699
-+mail: uid699
-+uidnumber: 699
-+gidnumber: 699
-+homeDirectory: /home/uid699
-+
-+dn: cn=user700,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user700
-+sn: user700
-+uid: uid700
-+givenname: givenname700
-+description: description700
-+userPassword: password700
-+mail: uid700
-+uidnumber: 700
-+gidnumber: 700
-+homeDirectory: /home/uid700
-+
-+dn: cn=user701,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user701
-+sn: user701
-+uid: uid701
-+givenname: givenname701
-+description: description701
-+userPassword: password701
-+mail: uid701
-+uidnumber: 701
-+gidnumber: 701
-+homeDirectory: /home/uid701
-+
-+dn: cn=user702,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user702
-+sn: user702
-+uid: uid702
-+givenname: givenname702
-+description: description702
-+userPassword: password702
-+mail: uid702
-+uidnumber: 702
-+gidnumber: 702
-+homeDirectory: /home/uid702
-+
-+dn: cn=user703,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user703
-+sn: user703
-+uid: uid703
-+givenname: givenname703
-+description: description703
-+userPassword: password703
-+mail: uid703
-+uidnumber: 703
-+gidnumber: 703
-+homeDirectory: /home/uid703
-+
-+dn: cn=user704,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user704
-+sn: user704
-+uid: uid704
-+givenname: givenname704
-+description: description704
-+userPassword: password704
-+mail: uid704
-+uidnumber: 704
-+gidnumber: 704
-+homeDirectory: /home/uid704
-+
-+dn: cn=user705,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user705
-+sn: user705
-+uid: uid705
-+givenname: givenname705
-+description: description705
-+userPassword: password705
-+mail: uid705
-+uidnumber: 705
-+gidnumber: 705
-+homeDirectory: /home/uid705
-+
-+dn: cn=user706,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user706
-+sn: user706
-+uid: uid706
-+givenname: givenname706
-+description: description706
-+userPassword: password706
-+mail: uid706
-+uidnumber: 706
-+gidnumber: 706
-+homeDirectory: /home/uid706
-+
-+dn: cn=user707,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user707
-+sn: user707
-+uid: uid707
-+givenname: givenname707
-+description: description707
-+userPassword: password707
-+mail: uid707
-+uidnumber: 707
-+gidnumber: 707
-+homeDirectory: /home/uid707
-+
-+dn: cn=user708,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user708
-+sn: user708
-+uid: uid708
-+givenname: givenname708
-+description: description708
-+userPassword: password708
-+mail: uid708
-+uidnumber: 708
-+gidnumber: 708
-+homeDirectory: /home/uid708
-+
-+dn: cn=user709,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user709
-+sn: user709
-+uid: uid709
-+givenname: givenname709
-+description: description709
-+userPassword: password709
-+mail: uid709
-+uidnumber: 709
-+gidnumber: 709
-+homeDirectory: /home/uid709
-+
-+dn: cn=user710,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user710
-+sn: user710
-+uid: uid710
-+givenname: givenname710
-+description: description710
-+userPassword: password710
-+mail: uid710
-+uidnumber: 710
-+gidnumber: 710
-+homeDirectory: /home/uid710
-+
-+dn: cn=user711,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user711
-+sn: user711
-+uid: uid711
-+givenname: givenname711
-+description: description711
-+userPassword: password711
-+mail: uid711
-+uidnumber: 711
-+gidnumber: 711
-+homeDirectory: /home/uid711
-+
-+dn: cn=user712,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user712
-+sn: user712
-+uid: uid712
-+givenname: givenname712
-+description: description712
-+userPassword: password712
-+mail: uid712
-+uidnumber: 712
-+gidnumber: 712
-+homeDirectory: /home/uid712
-+
-+dn: cn=user713,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user713
-+sn: user713
-+uid: uid713
-+givenname: givenname713
-+description: description713
-+userPassword: password713
-+mail: uid713
-+uidnumber: 713
-+gidnumber: 713
-+homeDirectory: /home/uid713
-+
-+dn: cn=user714,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user714
-+sn: user714
-+uid: uid714
-+givenname: givenname714
-+description: description714
-+userPassword: password714
-+mail: uid714
-+uidnumber: 714
-+gidnumber: 714
-+homeDirectory: /home/uid714
-+
-+dn: cn=user715,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user715
-+sn: user715
-+uid: uid715
-+givenname: givenname715
-+description: description715
-+userPassword: password715
-+mail: uid715
-+uidnumber: 715
-+gidnumber: 715
-+homeDirectory: /home/uid715
-+
-+dn: cn=user716,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user716
-+sn: user716
-+uid: uid716
-+givenname: givenname716
-+description: description716
-+userPassword: password716
-+mail: uid716
-+uidnumber: 716
-+gidnumber: 716
-+homeDirectory: /home/uid716
-+
-+dn: cn=user717,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user717
-+sn: user717
-+uid: uid717
-+givenname: givenname717
-+description: description717
-+userPassword: password717
-+mail: uid717
-+uidnumber: 717
-+gidnumber: 717
-+homeDirectory: /home/uid717
-+
-+dn: cn=user718,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user718
-+sn: user718
-+uid: uid718
-+givenname: givenname718
-+description: description718
-+userPassword: password718
-+mail: uid718
-+uidnumber: 718
-+gidnumber: 718
-+homeDirectory: /home/uid718
-+
-+dn: cn=user719,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user719
-+sn: user719
-+uid: uid719
-+givenname: givenname719
-+description: description719
-+userPassword: password719
-+mail: uid719
-+uidnumber: 719
-+gidnumber: 719
-+homeDirectory: /home/uid719
-+
-+dn: cn=user720,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user720
-+sn: user720
-+uid: uid720
-+givenname: givenname720
-+description: description720
-+userPassword: password720
-+mail: uid720
-+uidnumber: 720
-+gidnumber: 720
-+homeDirectory: /home/uid720
-+
-+dn: cn=user721,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user721
-+sn: user721
-+uid: uid721
-+givenname: givenname721
-+description: description721
-+userPassword: password721
-+mail: uid721
-+uidnumber: 721
-+gidnumber: 721
-+homeDirectory: /home/uid721
-+
-+dn: cn=user722,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user722
-+sn: user722
-+uid: uid722
-+givenname: givenname722
-+description: description722
-+userPassword: password722
-+mail: uid722
-+uidnumber: 722
-+gidnumber: 722
-+homeDirectory: /home/uid722
-+
-+dn: cn=user723,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user723
-+sn: user723
-+uid: uid723
-+givenname: givenname723
-+description: description723
-+userPassword: password723
-+mail: uid723
-+uidnumber: 723
-+gidnumber: 723
-+homeDirectory: /home/uid723
-+
-+dn: cn=user724,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user724
-+sn: user724
-+uid: uid724
-+givenname: givenname724
-+description: description724
-+userPassword: password724
-+mail: uid724
-+uidnumber: 724
-+gidnumber: 724
-+homeDirectory: /home/uid724
-+
-+dn: cn=user725,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user725
-+sn: user725
-+uid: uid725
-+givenname: givenname725
-+description: description725
-+userPassword: password725
-+mail: uid725
-+uidnumber: 725
-+gidnumber: 725
-+homeDirectory: /home/uid725
-+
-+dn: cn=user726,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user726
-+sn: user726
-+uid: uid726
-+givenname: givenname726
-+description: description726
-+userPassword: password726
-+mail: uid726
-+uidnumber: 726
-+gidnumber: 726
-+homeDirectory: /home/uid726
-+
-+dn: cn=user727,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user727
-+sn: user727
-+uid: uid727
-+givenname: givenname727
-+description: description727
-+userPassword: password727
-+mail: uid727
-+uidnumber: 727
-+gidnumber: 727
-+homeDirectory: /home/uid727
-+
-+dn: cn=user728,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user728
-+sn: user728
-+uid: uid728
-+givenname: givenname728
-+description: description728
-+userPassword: password728
-+mail: uid728
-+uidnumber: 728
-+gidnumber: 728
-+homeDirectory: /home/uid728
-+
-+dn: cn=user729,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user729
-+sn: user729
-+uid: uid729
-+givenname: givenname729
-+description: description729
-+userPassword: password729
-+mail: uid729
-+uidnumber: 729
-+gidnumber: 729
-+homeDirectory: /home/uid729
-+
-+dn: cn=user730,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user730
-+sn: user730
-+uid: uid730
-+givenname: givenname730
-+description: description730
-+userPassword: password730
-+mail: uid730
-+uidnumber: 730
-+gidnumber: 730
-+homeDirectory: /home/uid730
-+
-+dn: cn=user731,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user731
-+sn: user731
-+uid: uid731
-+givenname: givenname731
-+description: description731
-+userPassword: password731
-+mail: uid731
-+uidnumber: 731
-+gidnumber: 731
-+homeDirectory: /home/uid731
-+
-+dn: cn=user732,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user732
-+sn: user732
-+uid: uid732
-+givenname: givenname732
-+description: description732
-+userPassword: password732
-+mail: uid732
-+uidnumber: 732
-+gidnumber: 732
-+homeDirectory: /home/uid732
-+
-+dn: cn=user733,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user733
-+sn: user733
-+uid: uid733
-+givenname: givenname733
-+description: description733
-+userPassword: password733
-+mail: uid733
-+uidnumber: 733
-+gidnumber: 733
-+homeDirectory: /home/uid733
-+
-+dn: cn=user734,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user734
-+sn: user734
-+uid: uid734
-+givenname: givenname734
-+description: description734
-+userPassword: password734
-+mail: uid734
-+uidnumber: 734
-+gidnumber: 734
-+homeDirectory: /home/uid734
-+
-+dn: cn=user735,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user735
-+sn: user735
-+uid: uid735
-+givenname: givenname735
-+description: description735
-+userPassword: password735
-+mail: uid735
-+uidnumber: 735
-+gidnumber: 735
-+homeDirectory: /home/uid735
-+
-+dn: cn=user736,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user736
-+sn: user736
-+uid: uid736
-+givenname: givenname736
-+description: description736
-+userPassword: password736
-+mail: uid736
-+uidnumber: 736
-+gidnumber: 736
-+homeDirectory: /home/uid736
-+
-+dn: cn=user737,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user737
-+sn: user737
-+uid: uid737
-+givenname: givenname737
-+description: description737
-+userPassword: password737
-+mail: uid737
-+uidnumber: 737
-+gidnumber: 737
-+homeDirectory: /home/uid737
-+
-+dn: cn=user738,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user738
-+sn: user738
-+uid: uid738
-+givenname: givenname738
-+description: description738
-+userPassword: password738
-+mail: uid738
-+uidnumber: 738
-+gidnumber: 738
-+homeDirectory: /home/uid738
-+
-+dn: cn=user739,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user739
-+sn: user739
-+uid: uid739
-+givenname: givenname739
-+description: description739
-+userPassword: password739
-+mail: uid739
-+uidnumber: 739
-+gidnumber: 739
-+homeDirectory: /home/uid739
-+
-+dn: cn=user740,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user740
-+sn: user740
-+uid: uid740
-+givenname: givenname740
-+description: description740
-+userPassword: password740
-+mail: uid740
-+uidnumber: 740
-+gidnumber: 740
-+homeDirectory: /home/uid740
-+
-+dn: cn=user741,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user741
-+sn: user741
-+uid: uid741
-+givenname: givenname741
-+description: description741
-+userPassword: password741
-+mail: uid741
-+uidnumber: 741
-+gidnumber: 741
-+homeDirectory: /home/uid741
-+
-+dn: cn=user742,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user742
-+sn: user742
-+uid: uid742
-+givenname: givenname742
-+description: description742
-+userPassword: password742
-+mail: uid742
-+uidnumber: 742
-+gidnumber: 742
-+homeDirectory: /home/uid742
-+
-+dn: cn=user743,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user743
-+sn: user743
-+uid: uid743
-+givenname: givenname743
-+description: description743
-+userPassword: password743
-+mail: uid743
-+uidnumber: 743
-+gidnumber: 743
-+homeDirectory: /home/uid743
-+
-+dn: cn=user744,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user744
-+sn: user744
-+uid: uid744
-+givenname: givenname744
-+description: description744
-+userPassword: password744
-+mail: uid744
-+uidnumber: 744
-+gidnumber: 744
-+homeDirectory: /home/uid744
-+
-+dn: cn=user745,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user745
-+sn: user745
-+uid: uid745
-+givenname: givenname745
-+description: description745
-+userPassword: password745
-+mail: uid745
-+uidnumber: 745
-+gidnumber: 745
-+homeDirectory: /home/uid745
-+
-+dn: cn=user746,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user746
-+sn: user746
-+uid: uid746
-+givenname: givenname746
-+description: description746
-+userPassword: password746
-+mail: uid746
-+uidnumber: 746
-+gidnumber: 746
-+homeDirectory: /home/uid746
-+
-+dn: cn=user747,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user747
-+sn: user747
-+uid: uid747
-+givenname: givenname747
-+description: description747
-+userPassword: password747
-+mail: uid747
-+uidnumber: 747
-+gidnumber: 747
-+homeDirectory: /home/uid747
-+
-+dn: cn=user748,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user748
-+sn: user748
-+uid: uid748
-+givenname: givenname748
-+description: description748
-+userPassword: password748
-+mail: uid748
-+uidnumber: 748
-+gidnumber: 748
-+homeDirectory: /home/uid748
-+
-+dn: cn=user749,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user749
-+sn: user749
-+uid: uid749
-+givenname: givenname749
-+description: description749
-+userPassword: password749
-+mail: uid749
-+uidnumber: 749
-+gidnumber: 749
-+homeDirectory: /home/uid749
-+
-+dn: cn=user750,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user750
-+sn: user750
-+uid: uid750
-+givenname: givenname750
-+description: description750
-+userPassword: password750
-+mail: uid750
-+uidnumber: 750
-+gidnumber: 750
-+homeDirectory: /home/uid750
-+
-+dn: cn=user751,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user751
-+sn: user751
-+uid: uid751
-+givenname: givenname751
-+description: description751
-+userPassword: password751
-+mail: uid751
-+uidnumber: 751
-+gidnumber: 751
-+homeDirectory: /home/uid751
-+
-+dn: cn=user752,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user752
-+sn: user752
-+uid: uid752
-+givenname: givenname752
-+description: description752
-+userPassword: password752
-+mail: uid752
-+uidnumber: 752
-+gidnumber: 752
-+homeDirectory: /home/uid752
-+
-+dn: cn=user753,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user753
-+sn: user753
-+uid: uid753
-+givenname: givenname753
-+description: description753
-+userPassword: password753
-+mail: uid753
-+uidnumber: 753
-+gidnumber: 753
-+homeDirectory: /home/uid753
-+
-+dn: cn=user754,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user754
-+sn: user754
-+uid: uid754
-+givenname: givenname754
-+description: description754
-+userPassword: password754
-+mail: uid754
-+uidnumber: 754
-+gidnumber: 754
-+homeDirectory: /home/uid754
-+
-+dn: cn=user755,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user755
-+sn: user755
-+uid: uid755
-+givenname: givenname755
-+description: description755
-+userPassword: password755
-+mail: uid755
-+uidnumber: 755
-+gidnumber: 755
-+homeDirectory: /home/uid755
-+
-+dn: cn=user756,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user756
-+sn: user756
-+uid: uid756
-+givenname: givenname756
-+description: description756
-+userPassword: password756
-+mail: uid756
-+uidnumber: 756
-+gidnumber: 756
-+homeDirectory: /home/uid756
-+
-+dn: cn=user757,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user757
-+sn: user757
-+uid: uid757
-+givenname: givenname757
-+description: description757
-+userPassword: password757
-+mail: uid757
-+uidnumber: 757
-+gidnumber: 757
-+homeDirectory: /home/uid757
-+
-+dn: cn=user758,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user758
-+sn: user758
-+uid: uid758
-+givenname: givenname758
-+description: description758
-+userPassword: password758
-+mail: uid758
-+uidnumber: 758
-+gidnumber: 758
-+homeDirectory: /home/uid758
-+
-+dn: cn=user759,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user759
-+sn: user759
-+uid: uid759
-+givenname: givenname759
-+description: description759
-+userPassword: password759
-+mail: uid759
-+uidnumber: 759
-+gidnumber: 759
-+homeDirectory: /home/uid759
-+
-+dn: cn=user760,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user760
-+sn: user760
-+uid: uid760
-+givenname: givenname760
-+description: description760
-+userPassword: password760
-+mail: uid760
-+uidnumber: 760
-+gidnumber: 760
-+homeDirectory: /home/uid760
-+
-+dn: cn=user761,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user761
-+sn: user761
-+uid: uid761
-+givenname: givenname761
-+description: description761
-+userPassword: password761
-+mail: uid761
-+uidnumber: 761
-+gidnumber: 761
-+homeDirectory: /home/uid761
-+
-+dn: cn=user762,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user762
-+sn: user762
-+uid: uid762
-+givenname: givenname762
-+description: description762
-+userPassword: password762
-+mail: uid762
-+uidnumber: 762
-+gidnumber: 762
-+homeDirectory: /home/uid762
-+
-+dn: cn=user763,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user763
-+sn: user763
-+uid: uid763
-+givenname: givenname763
-+description: description763
-+userPassword: password763
-+mail: uid763
-+uidnumber: 763
-+gidnumber: 763
-+homeDirectory: /home/uid763
-+
-+dn: cn=user764,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user764
-+sn: user764
-+uid: uid764
-+givenname: givenname764
-+description: description764
-+userPassword: password764
-+mail: uid764
-+uidnumber: 764
-+gidnumber: 764
-+homeDirectory: /home/uid764
-+
-+dn: cn=user765,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user765
-+sn: user765
-+uid: uid765
-+givenname: givenname765
-+description: description765
-+userPassword: password765
-+mail: uid765
-+uidnumber: 765
-+gidnumber: 765
-+homeDirectory: /home/uid765
-+
-+dn: cn=user766,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user766
-+sn: user766
-+uid: uid766
-+givenname: givenname766
-+description: description766
-+userPassword: password766
-+mail: uid766
-+uidnumber: 766
-+gidnumber: 766
-+homeDirectory: /home/uid766
-+
-+dn: cn=user767,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user767
-+sn: user767
-+uid: uid767
-+givenname: givenname767
-+description: description767
-+userPassword: password767
-+mail: uid767
-+uidnumber: 767
-+gidnumber: 767
-+homeDirectory: /home/uid767
-+
-+dn: cn=user768,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user768
-+sn: user768
-+uid: uid768
-+givenname: givenname768
-+description: description768
-+userPassword: password768
-+mail: uid768
-+uidnumber: 768
-+gidnumber: 768
-+homeDirectory: /home/uid768
-+
-+dn: cn=user769,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user769
-+sn: user769
-+uid: uid769
-+givenname: givenname769
-+description: description769
-+userPassword: password769
-+mail: uid769
-+uidnumber: 769
-+gidnumber: 769
-+homeDirectory: /home/uid769
-+
-+dn: cn=user770,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user770
-+sn: user770
-+uid: uid770
-+givenname: givenname770
-+description: description770
-+userPassword: password770
-+mail: uid770
-+uidnumber: 770
-+gidnumber: 770
-+homeDirectory: /home/uid770
-+
-+dn: cn=user771,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user771
-+sn: user771
-+uid: uid771
-+givenname: givenname771
-+description: description771
-+userPassword: password771
-+mail: uid771
-+uidnumber: 771
-+gidnumber: 771
-+homeDirectory: /home/uid771
-+
-+dn: cn=user772,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user772
-+sn: user772
-+uid: uid772
-+givenname: givenname772
-+description: description772
-+userPassword: password772
-+mail: uid772
-+uidnumber: 772
-+gidnumber: 772
-+homeDirectory: /home/uid772
-+
-+dn: cn=user773,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user773
-+sn: user773
-+uid: uid773
-+givenname: givenname773
-+description: description773
-+userPassword: password773
-+mail: uid773
-+uidnumber: 773
-+gidnumber: 773
-+homeDirectory: /home/uid773
-+
-+dn: cn=user774,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user774
-+sn: user774
-+uid: uid774
-+givenname: givenname774
-+description: description774
-+userPassword: password774
-+mail: uid774
-+uidnumber: 774
-+gidnumber: 774
-+homeDirectory: /home/uid774
-+
-+dn: cn=user775,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user775
-+sn: user775
-+uid: uid775
-+givenname: givenname775
-+description: description775
-+userPassword: password775
-+mail: uid775
-+uidnumber: 775
-+gidnumber: 775
-+homeDirectory: /home/uid775
-+
-+dn: cn=user776,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user776
-+sn: user776
-+uid: uid776
-+givenname: givenname776
-+description: description776
-+userPassword: password776
-+mail: uid776
-+uidnumber: 776
-+gidnumber: 776
-+homeDirectory: /home/uid776
-+
-+dn: cn=user777,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user777
-+sn: user777
-+uid: uid777
-+givenname: givenname777
-+description: description777
-+userPassword: password777
-+mail: uid777
-+uidnumber: 777
-+gidnumber: 777
-+homeDirectory: /home/uid777
-+
-+dn: cn=user778,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user778
-+sn: user778
-+uid: uid778
-+givenname: givenname778
-+description: description778
-+userPassword: password778
-+mail: uid778
-+uidnumber: 778
-+gidnumber: 778
-+homeDirectory: /home/uid778
-+
-+dn: cn=user779,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user779
-+sn: user779
-+uid: uid779
-+givenname: givenname779
-+description: description779
-+userPassword: password779
-+mail: uid779
-+uidnumber: 779
-+gidnumber: 779
-+homeDirectory: /home/uid779
-+
-+dn: cn=user780,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user780
-+sn: user780
-+uid: uid780
-+givenname: givenname780
-+description: description780
-+userPassword: password780
-+mail: uid780
-+uidnumber: 780
-+gidnumber: 780
-+homeDirectory: /home/uid780
-+
-+dn: cn=user781,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user781
-+sn: user781
-+uid: uid781
-+givenname: givenname781
-+description: description781
-+userPassword: password781
-+mail: uid781
-+uidnumber: 781
-+gidnumber: 781
-+homeDirectory: /home/uid781
-+
-+dn: cn=user782,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user782
-+sn: user782
-+uid: uid782
-+givenname: givenname782
-+description: description782
-+userPassword: password782
-+mail: uid782
-+uidnumber: 782
-+gidnumber: 782
-+homeDirectory: /home/uid782
-+
-+dn: cn=user783,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user783
-+sn: user783
-+uid: uid783
-+givenname: givenname783
-+description: description783
-+userPassword: password783
-+mail: uid783
-+uidnumber: 783
-+gidnumber: 783
-+homeDirectory: /home/uid783
-+
-+dn: cn=user784,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user784
-+sn: user784
-+uid: uid784
-+givenname: givenname784
-+description: description784
-+userPassword: password784
-+mail: uid784
-+uidnumber: 784
-+gidnumber: 784
-+homeDirectory: /home/uid784
-+
-+dn: cn=user785,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user785
-+sn: user785
-+uid: uid785
-+givenname: givenname785
-+description: description785
-+userPassword: password785
-+mail: uid785
-+uidnumber: 785
-+gidnumber: 785
-+homeDirectory: /home/uid785
-+
-+dn: cn=user786,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user786
-+sn: user786
-+uid: uid786
-+givenname: givenname786
-+description: description786
-+userPassword: password786
-+mail: uid786
-+uidnumber: 786
-+gidnumber: 786
-+homeDirectory: /home/uid786
-+
-+dn: cn=user787,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user787
-+sn: user787
-+uid: uid787
-+givenname: givenname787
-+description: description787
-+userPassword: password787
-+mail: uid787
-+uidnumber: 787
-+gidnumber: 787
-+homeDirectory: /home/uid787
-+
-+dn: cn=user788,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user788
-+sn: user788
-+uid: uid788
-+givenname: givenname788
-+description: description788
-+userPassword: password788
-+mail: uid788
-+uidnumber: 788
-+gidnumber: 788
-+homeDirectory: /home/uid788
-+
-+dn: cn=user789,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user789
-+sn: user789
-+uid: uid789
-+givenname: givenname789
-+description: description789
-+userPassword: password789
-+mail: uid789
-+uidnumber: 789
-+gidnumber: 789
-+homeDirectory: /home/uid789
-+
-+dn: cn=user790,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user790
-+sn: user790
-+uid: uid790
-+givenname: givenname790
-+description: description790
-+userPassword: password790
-+mail: uid790
-+uidnumber: 790
-+gidnumber: 790
-+homeDirectory: /home/uid790
-+
-+dn: cn=user791,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user791
-+sn: user791
-+uid: uid791
-+givenname: givenname791
-+description: description791
-+userPassword: password791
-+mail: uid791
-+uidnumber: 791
-+gidnumber: 791
-+homeDirectory: /home/uid791
-+
-+dn: cn=user792,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user792
-+sn: user792
-+uid: uid792
-+givenname: givenname792
-+description: description792
-+userPassword: password792
-+mail: uid792
-+uidnumber: 792
-+gidnumber: 792
-+homeDirectory: /home/uid792
-+
-+dn: cn=user793,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user793
-+sn: user793
-+uid: uid793
-+givenname: givenname793
-+description: description793
-+userPassword: password793
-+mail: uid793
-+uidnumber: 793
-+gidnumber: 793
-+homeDirectory: /home/uid793
-+
-+dn: cn=user794,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user794
-+sn: user794
-+uid: uid794
-+givenname: givenname794
-+description: description794
-+userPassword: password794
-+mail: uid794
-+uidnumber: 794
-+gidnumber: 794
-+homeDirectory: /home/uid794
-+
-+dn: cn=user795,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user795
-+sn: user795
-+uid: uid795
-+givenname: givenname795
-+description: description795
-+userPassword: password795
-+mail: uid795
-+uidnumber: 795
-+gidnumber: 795
-+homeDirectory: /home/uid795
-+
-+dn: cn=user796,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user796
-+sn: user796
-+uid: uid796
-+givenname: givenname796
-+description: description796
-+userPassword: password796
-+mail: uid796
-+uidnumber: 796
-+gidnumber: 796
-+homeDirectory: /home/uid796
-+
-+dn: cn=user797,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user797
-+sn: user797
-+uid: uid797
-+givenname: givenname797
-+description: description797
-+userPassword: password797
-+mail: uid797
-+uidnumber: 797
-+gidnumber: 797
-+homeDirectory: /home/uid797
-+
-+dn: cn=user798,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user798
-+sn: user798
-+uid: uid798
-+givenname: givenname798
-+description: description798
-+userPassword: password798
-+mail: uid798
-+uidnumber: 798
-+gidnumber: 798
-+homeDirectory: /home/uid798
-+
-+dn: cn=user799,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user799
-+sn: user799
-+uid: uid799
-+givenname: givenname799
-+description: description799
-+userPassword: password799
-+mail: uid799
-+uidnumber: 799
-+gidnumber: 799
-+homeDirectory: /home/uid799
-+
-+dn: cn=user800,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user800
-+sn: user800
-+uid: uid800
-+givenname: givenname800
-+description: description800
-+userPassword: password800
-+mail: uid800
-+uidnumber: 800
-+gidnumber: 800
-+homeDirectory: /home/uid800
-+
-+dn: cn=user801,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user801
-+sn: user801
-+uid: uid801
-+givenname: givenname801
-+description: description801
-+userPassword: password801
-+mail: uid801
-+uidnumber: 801
-+gidnumber: 801
-+homeDirectory: /home/uid801
-+
-+dn: cn=user802,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user802
-+sn: user802
-+uid: uid802
-+givenname: givenname802
-+description: description802
-+userPassword: password802
-+mail: uid802
-+uidnumber: 802
-+gidnumber: 802
-+homeDirectory: /home/uid802
-+
-+dn: cn=user803,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user803
-+sn: user803
-+uid: uid803
-+givenname: givenname803
-+description: description803
-+userPassword: password803
-+mail: uid803
-+uidnumber: 803
-+gidnumber: 803
-+homeDirectory: /home/uid803
-+
-+dn: cn=user804,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user804
-+sn: user804
-+uid: uid804
-+givenname: givenname804
-+description: description804
-+userPassword: password804
-+mail: uid804
-+uidnumber: 804
-+gidnumber: 804
-+homeDirectory: /home/uid804
-+
-+dn: cn=user805,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user805
-+sn: user805
-+uid: uid805
-+givenname: givenname805
-+description: description805
-+userPassword: password805
-+mail: uid805
-+uidnumber: 805
-+gidnumber: 805
-+homeDirectory: /home/uid805
-+
-+dn: cn=user806,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user806
-+sn: user806
-+uid: uid806
-+givenname: givenname806
-+description: description806
-+userPassword: password806
-+mail: uid806
-+uidnumber: 806
-+gidnumber: 806
-+homeDirectory: /home/uid806
-+
-+dn: cn=user807,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user807
-+sn: user807
-+uid: uid807
-+givenname: givenname807
-+description: description807
-+userPassword: password807
-+mail: uid807
-+uidnumber: 807
-+gidnumber: 807
-+homeDirectory: /home/uid807
-+
-+dn: cn=user808,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user808
-+sn: user808
-+uid: uid808
-+givenname: givenname808
-+description: description808
-+userPassword: password808
-+mail: uid808
-+uidnumber: 808
-+gidnumber: 808
-+homeDirectory: /home/uid808
-+
-+dn: cn=user809,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user809
-+sn: user809
-+uid: uid809
-+givenname: givenname809
-+description: description809
-+userPassword: password809
-+mail: uid809
-+uidnumber: 809
-+gidnumber: 809
-+homeDirectory: /home/uid809
-+
-+dn: cn=user810,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user810
-+sn: user810
-+uid: uid810
-+givenname: givenname810
-+description: description810
-+userPassword: password810
-+mail: uid810
-+uidnumber: 810
-+gidnumber: 810
-+homeDirectory: /home/uid810
-+
-+dn: cn=user811,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user811
-+sn: user811
-+uid: uid811
-+givenname: givenname811
-+description: description811
-+userPassword: password811
-+mail: uid811
-+uidnumber: 811
-+gidnumber: 811
-+homeDirectory: /home/uid811
-+
-+dn: cn=user812,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user812
-+sn: user812
-+uid: uid812
-+givenname: givenname812
-+description: description812
-+userPassword: password812
-+mail: uid812
-+uidnumber: 812
-+gidnumber: 812
-+homeDirectory: /home/uid812
-+
-+dn: cn=user813,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user813
-+sn: user813
-+uid: uid813
-+givenname: givenname813
-+description: description813
-+userPassword: password813
-+mail: uid813
-+uidnumber: 813
-+gidnumber: 813
-+homeDirectory: /home/uid813
-+
-+dn: cn=user814,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user814
-+sn: user814
-+uid: uid814
-+givenname: givenname814
-+description: description814
-+userPassword: password814
-+mail: uid814
-+uidnumber: 814
-+gidnumber: 814
-+homeDirectory: /home/uid814
-+
-+dn: cn=user815,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user815
-+sn: user815
-+uid: uid815
-+givenname: givenname815
-+description: description815
-+userPassword: password815
-+mail: uid815
-+uidnumber: 815
-+gidnumber: 815
-+homeDirectory: /home/uid815
-+
-+dn: cn=user816,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user816
-+sn: user816
-+uid: uid816
-+givenname: givenname816
-+description: description816
-+userPassword: password816
-+mail: uid816
-+uidnumber: 816
-+gidnumber: 816
-+homeDirectory: /home/uid816
-+
-+dn: cn=user817,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user817
-+sn: user817
-+uid: uid817
-+givenname: givenname817
-+description: description817
-+userPassword: password817
-+mail: uid817
-+uidnumber: 817
-+gidnumber: 817
-+homeDirectory: /home/uid817
-+
-+dn: cn=user818,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user818
-+sn: user818
-+uid: uid818
-+givenname: givenname818
-+description: description818
-+userPassword: password818
-+mail: uid818
-+uidnumber: 818
-+gidnumber: 818
-+homeDirectory: /home/uid818
-+
-+dn: cn=user819,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user819
-+sn: user819
-+uid: uid819
-+givenname: givenname819
-+description: description819
-+userPassword: password819
-+mail: uid819
-+uidnumber: 819
-+gidnumber: 819
-+homeDirectory: /home/uid819
-+
-+dn: cn=user820,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user820
-+sn: user820
-+uid: uid820
-+givenname: givenname820
-+description: description820
-+userPassword: password820
-+mail: uid820
-+uidnumber: 820
-+gidnumber: 820
-+homeDirectory: /home/uid820
-+
-+dn: cn=user821,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user821
-+sn: user821
-+uid: uid821
-+givenname: givenname821
-+description: description821
-+userPassword: password821
-+mail: uid821
-+uidnumber: 821
-+gidnumber: 821
-+homeDirectory: /home/uid821
-+
-+dn: cn=user822,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user822
-+sn: user822
-+uid: uid822
-+givenname: givenname822
-+description: description822
-+userPassword: password822
-+mail: uid822
-+uidnumber: 822
-+gidnumber: 822
-+homeDirectory: /home/uid822
-+
-+dn: cn=user823,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user823
-+sn: user823
-+uid: uid823
-+givenname: givenname823
-+description: description823
-+userPassword: password823
-+mail: uid823
-+uidnumber: 823
-+gidnumber: 823
-+homeDirectory: /home/uid823
-+
-+dn: cn=user824,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user824
-+sn: user824
-+uid: uid824
-+givenname: givenname824
-+description: description824
-+userPassword: password824
-+mail: uid824
-+uidnumber: 824
-+gidnumber: 824
-+homeDirectory: /home/uid824
-+
-+dn: cn=user825,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user825
-+sn: user825
-+uid: uid825
-+givenname: givenname825
-+description: description825
-+userPassword: password825
-+mail: uid825
-+uidnumber: 825
-+gidnumber: 825
-+homeDirectory: /home/uid825
-+
-+dn: cn=user826,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user826
-+sn: user826
-+uid: uid826
-+givenname: givenname826
-+description: description826
-+userPassword: password826
-+mail: uid826
-+uidnumber: 826
-+gidnumber: 826
-+homeDirectory: /home/uid826
-+
-+dn: cn=user827,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user827
-+sn: user827
-+uid: uid827
-+givenname: givenname827
-+description: description827
-+userPassword: password827
-+mail: uid827
-+uidnumber: 827
-+gidnumber: 827
-+homeDirectory: /home/uid827
-+
-+dn: cn=user828,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user828
-+sn: user828
-+uid: uid828
-+givenname: givenname828
-+description: description828
-+userPassword: password828
-+mail: uid828
-+uidnumber: 828
-+gidnumber: 828
-+homeDirectory: /home/uid828
-+
-+dn: cn=user829,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user829
-+sn: user829
-+uid: uid829
-+givenname: givenname829
-+description: description829
-+userPassword: password829
-+mail: uid829
-+uidnumber: 829
-+gidnumber: 829
-+homeDirectory: /home/uid829
-+
-+dn: cn=user830,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user830
-+sn: user830
-+uid: uid830
-+givenname: givenname830
-+description: description830
-+userPassword: password830
-+mail: uid830
-+uidnumber: 830
-+gidnumber: 830
-+homeDirectory: /home/uid830
-+
-+dn: cn=user831,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user831
-+sn: user831
-+uid: uid831
-+givenname: givenname831
-+description: description831
-+userPassword: password831
-+mail: uid831
-+uidnumber: 831
-+gidnumber: 831
-+homeDirectory: /home/uid831
-+
-+dn: cn=user832,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user832
-+sn: user832
-+uid: uid832
-+givenname: givenname832
-+description: description832
-+userPassword: password832
-+mail: uid832
-+uidnumber: 832
-+gidnumber: 832
-+homeDirectory: /home/uid832
-+
-+dn: cn=user833,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user833
-+sn: user833
-+uid: uid833
-+givenname: givenname833
-+description: description833
-+userPassword: password833
-+mail: uid833
-+uidnumber: 833
-+gidnumber: 833
-+homeDirectory: /home/uid833
-+
-+dn: cn=user834,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user834
-+sn: user834
-+uid: uid834
-+givenname: givenname834
-+description: description834
-+userPassword: password834
-+mail: uid834
-+uidnumber: 834
-+gidnumber: 834
-+homeDirectory: /home/uid834
-+
-+dn: cn=user835,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user835
-+sn: user835
-+uid: uid835
-+givenname: givenname835
-+description: description835
-+userPassword: password835
-+mail: uid835
-+uidnumber: 835
-+gidnumber: 835
-+homeDirectory: /home/uid835
-+
-+dn: cn=user836,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user836
-+sn: user836
-+uid: uid836
-+givenname: givenname836
-+description: description836
-+userPassword: password836
-+mail: uid836
-+uidnumber: 836
-+gidnumber: 836
-+homeDirectory: /home/uid836
-+
-+dn: cn=user837,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user837
-+sn: user837
-+uid: uid837
-+givenname: givenname837
-+description: description837
-+userPassword: password837
-+mail: uid837
-+uidnumber: 837
-+gidnumber: 837
-+homeDirectory: /home/uid837
-+
-+dn: cn=user838,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user838
-+sn: user838
-+uid: uid838
-+givenname: givenname838
-+description: description838
-+userPassword: password838
-+mail: uid838
-+uidnumber: 838
-+gidnumber: 838
-+homeDirectory: /home/uid838
-+
-+dn: cn=user839,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user839
-+sn: user839
-+uid: uid839
-+givenname: givenname839
-+description: description839
-+userPassword: password839
-+mail: uid839
-+uidnumber: 839
-+gidnumber: 839
-+homeDirectory: /home/uid839
-+
-+dn: cn=user840,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user840
-+sn: user840
-+uid: uid840
-+givenname: givenname840
-+description: description840
-+userPassword: password840
-+mail: uid840
-+uidnumber: 840
-+gidnumber: 840
-+homeDirectory: /home/uid840
-+
-+dn: cn=user841,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user841
-+sn: user841
-+uid: uid841
-+givenname: givenname841
-+description: description841
-+userPassword: password841
-+mail: uid841
-+uidnumber: 841
-+gidnumber: 841
-+homeDirectory: /home/uid841
-+
-+dn: cn=user842,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user842
-+sn: user842
-+uid: uid842
-+givenname: givenname842
-+description: description842
-+userPassword: password842
-+mail: uid842
-+uidnumber: 842
-+gidnumber: 842
-+homeDirectory: /home/uid842
-+
-+dn: cn=user843,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user843
-+sn: user843
-+uid: uid843
-+givenname: givenname843
-+description: description843
-+userPassword: password843
-+mail: uid843
-+uidnumber: 843
-+gidnumber: 843
-+homeDirectory: /home/uid843
-+
-+dn: cn=user844,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user844
-+sn: user844
-+uid: uid844
-+givenname: givenname844
-+description: description844
-+userPassword: password844
-+mail: uid844
-+uidnumber: 844
-+gidnumber: 844
-+homeDirectory: /home/uid844
-+
-+dn: cn=user845,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user845
-+sn: user845
-+uid: uid845
-+givenname: givenname845
-+description: description845
-+userPassword: password845
-+mail: uid845
-+uidnumber: 845
-+gidnumber: 845
-+homeDirectory: /home/uid845
-+
-+dn: cn=user846,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user846
-+sn: user846
-+uid: uid846
-+givenname: givenname846
-+description: description846
-+userPassword: password846
-+mail: uid846
-+uidnumber: 846
-+gidnumber: 846
-+homeDirectory: /home/uid846
-+
-+dn: cn=user847,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user847
-+sn: user847
-+uid: uid847
-+givenname: givenname847
-+description: description847
-+userPassword: password847
-+mail: uid847
-+uidnumber: 847
-+gidnumber: 847
-+homeDirectory: /home/uid847
-+
-+dn: cn=user848,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user848
-+sn: user848
-+uid: uid848
-+givenname: givenname848
-+description: description848
-+userPassword: password848
-+mail: uid848
-+uidnumber: 848
-+gidnumber: 848
-+homeDirectory: /home/uid848
-+
-+dn: cn=user849,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user849
-+sn: user849
-+uid: uid849
-+givenname: givenname849
-+description: description849
-+userPassword: password849
-+mail: uid849
-+uidnumber: 849
-+gidnumber: 849
-+homeDirectory: /home/uid849
-+
-+dn: cn=user850,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user850
-+sn: user850
-+uid: uid850
-+givenname: givenname850
-+description: description850
-+userPassword: password850
-+mail: uid850
-+uidnumber: 850
-+gidnumber: 850
-+homeDirectory: /home/uid850
-+
-+dn: cn=user851,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user851
-+sn: user851
-+uid: uid851
-+givenname: givenname851
-+description: description851
-+userPassword: password851
-+mail: uid851
-+uidnumber: 851
-+gidnumber: 851
-+homeDirectory: /home/uid851
-+
-+dn: cn=user852,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user852
-+sn: user852
-+uid: uid852
-+givenname: givenname852
-+description: description852
-+userPassword: password852
-+mail: uid852
-+uidnumber: 852
-+gidnumber: 852
-+homeDirectory: /home/uid852
-+
-+dn: cn=user853,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user853
-+sn: user853
-+uid: uid853
-+givenname: givenname853
-+description: description853
-+userPassword: password853
-+mail: uid853
-+uidnumber: 853
-+gidnumber: 853
-+homeDirectory: /home/uid853
-+
-+dn: cn=user854,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user854
-+sn: user854
-+uid: uid854
-+givenname: givenname854
-+description: description854
-+userPassword: password854
-+mail: uid854
-+uidnumber: 854
-+gidnumber: 854
-+homeDirectory: /home/uid854
-+
-+dn: cn=user855,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user855
-+sn: user855
-+uid: uid855
-+givenname: givenname855
-+description: description855
-+userPassword: password855
-+mail: uid855
-+uidnumber: 855
-+gidnumber: 855
-+homeDirectory: /home/uid855
-+
-+dn: cn=user856,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user856
-+sn: user856
-+uid: uid856
-+givenname: givenname856
-+description: description856
-+userPassword: password856
-+mail: uid856
-+uidnumber: 856
-+gidnumber: 856
-+homeDirectory: /home/uid856
-+
-+dn: cn=user857,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user857
-+sn: user857
-+uid: uid857
-+givenname: givenname857
-+description: description857
-+userPassword: password857
-+mail: uid857
-+uidnumber: 857
-+gidnumber: 857
-+homeDirectory: /home/uid857
-+
-+dn: cn=user858,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user858
-+sn: user858
-+uid: uid858
-+givenname: givenname858
-+description: description858
-+userPassword: password858
-+mail: uid858
-+uidnumber: 858
-+gidnumber: 858
-+homeDirectory: /home/uid858
-+
-+dn: cn=user859,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user859
-+sn: user859
-+uid: uid859
-+givenname: givenname859
-+description: description859
-+userPassword: password859
-+mail: uid859
-+uidnumber: 859
-+gidnumber: 859
-+homeDirectory: /home/uid859
-+
-+dn: cn=user860,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user860
-+sn: user860
-+uid: uid860
-+givenname: givenname860
-+description: description860
-+userPassword: password860
-+mail: uid860
-+uidnumber: 860
-+gidnumber: 860
-+homeDirectory: /home/uid860
-+
-+dn: cn=user861,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user861
-+sn: user861
-+uid: uid861
-+givenname: givenname861
-+description: description861
-+userPassword: password861
-+mail: uid861
-+uidnumber: 861
-+gidnumber: 861
-+homeDirectory: /home/uid861
-+
-+dn: cn=user862,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user862
-+sn: user862
-+uid: uid862
-+givenname: givenname862
-+description: description862
-+userPassword: password862
-+mail: uid862
-+uidnumber: 862
-+gidnumber: 862
-+homeDirectory: /home/uid862
-+
-+dn: cn=user863,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user863
-+sn: user863
-+uid: uid863
-+givenname: givenname863
-+description: description863
-+userPassword: password863
-+mail: uid863
-+uidnumber: 863
-+gidnumber: 863
-+homeDirectory: /home/uid863
-+
-+dn: cn=user864,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user864
-+sn: user864
-+uid: uid864
-+givenname: givenname864
-+description: description864
-+userPassword: password864
-+mail: uid864
-+uidnumber: 864
-+gidnumber: 864
-+homeDirectory: /home/uid864
-+
-+dn: cn=user865,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user865
-+sn: user865
-+uid: uid865
-+givenname: givenname865
-+description: description865
-+userPassword: password865
-+mail: uid865
-+uidnumber: 865
-+gidnumber: 865
-+homeDirectory: /home/uid865
-+
-+dn: cn=user866,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user866
-+sn: user866
-+uid: uid866
-+givenname: givenname866
-+description: description866
-+userPassword: password866
-+mail: uid866
-+uidnumber: 866
-+gidnumber: 866
-+homeDirectory: /home/uid866
-+
-+dn: cn=user867,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user867
-+sn: user867
-+uid: uid867
-+givenname: givenname867
-+description: description867
-+userPassword: password867
-+mail: uid867
-+uidnumber: 867
-+gidnumber: 867
-+homeDirectory: /home/uid867
-+
-+dn: cn=user868,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user868
-+sn: user868
-+uid: uid868
-+givenname: givenname868
-+description: description868
-+userPassword: password868
-+mail: uid868
-+uidnumber: 868
-+gidnumber: 868
-+homeDirectory: /home/uid868
-+
-+dn: cn=user869,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user869
-+sn: user869
-+uid: uid869
-+givenname: givenname869
-+description: description869
-+userPassword: password869
-+mail: uid869
-+uidnumber: 869
-+gidnumber: 869
-+homeDirectory: /home/uid869
-+
-+dn: cn=user870,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user870
-+sn: user870
-+uid: uid870
-+givenname: givenname870
-+description: description870
-+userPassword: password870
-+mail: uid870
-+uidnumber: 870
-+gidnumber: 870
-+homeDirectory: /home/uid870
-+
-+dn: cn=user871,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user871
-+sn: user871
-+uid: uid871
-+givenname: givenname871
-+description: description871
-+userPassword: password871
-+mail: uid871
-+uidnumber: 871
-+gidnumber: 871
-+homeDirectory: /home/uid871
-+
-+dn: cn=user872,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user872
-+sn: user872
-+uid: uid872
-+givenname: givenname872
-+description: description872
-+userPassword: password872
-+mail: uid872
-+uidnumber: 872
-+gidnumber: 872
-+homeDirectory: /home/uid872
-+
-+dn: cn=user873,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user873
-+sn: user873
-+uid: uid873
-+givenname: givenname873
-+description: description873
-+userPassword: password873
-+mail: uid873
-+uidnumber: 873
-+gidnumber: 873
-+homeDirectory: /home/uid873
-+
-+dn: cn=user874,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user874
-+sn: user874
-+uid: uid874
-+givenname: givenname874
-+description: description874
-+userPassword: password874
-+mail: uid874
-+uidnumber: 874
-+gidnumber: 874
-+homeDirectory: /home/uid874
-+
-+dn: cn=user875,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user875
-+sn: user875
-+uid: uid875
-+givenname: givenname875
-+description: description875
-+userPassword: password875
-+mail: uid875
-+uidnumber: 875
-+gidnumber: 875
-+homeDirectory: /home/uid875
-+
-+dn: cn=user876,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user876
-+sn: user876
-+uid: uid876
-+givenname: givenname876
-+description: description876
-+userPassword: password876
-+mail: uid876
-+uidnumber: 876
-+gidnumber: 876
-+homeDirectory: /home/uid876
-+
-+dn: cn=user877,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user877
-+sn: user877
-+uid: uid877
-+givenname: givenname877
-+description: description877
-+userPassword: password877
-+mail: uid877
-+uidnumber: 877
-+gidnumber: 877
-+homeDirectory: /home/uid877
-+
-+dn: cn=user878,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user878
-+sn: user878
-+uid: uid878
-+givenname: givenname878
-+description: description878
-+userPassword: password878
-+mail: uid878
-+uidnumber: 878
-+gidnumber: 878
-+homeDirectory: /home/uid878
-+
-+dn: cn=user879,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user879
-+sn: user879
-+uid: uid879
-+givenname: givenname879
-+description: description879
-+userPassword: password879
-+mail: uid879
-+uidnumber: 879
-+gidnumber: 879
-+homeDirectory: /home/uid879
-+
-+dn: cn=user880,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user880
-+sn: user880
-+uid: uid880
-+givenname: givenname880
-+description: description880
-+userPassword: password880
-+mail: uid880
-+uidnumber: 880
-+gidnumber: 880
-+homeDirectory: /home/uid880
-+
-+dn: cn=user881,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user881
-+sn: user881
-+uid: uid881
-+givenname: givenname881
-+description: description881
-+userPassword: password881
-+mail: uid881
-+uidnumber: 881
-+gidnumber: 881
-+homeDirectory: /home/uid881
-+
-+dn: cn=user882,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user882
-+sn: user882
-+uid: uid882
-+givenname: givenname882
-+description: description882
-+userPassword: password882
-+mail: uid882
-+uidnumber: 882
-+gidnumber: 882
-+homeDirectory: /home/uid882
-+
-+dn: cn=user883,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user883
-+sn: user883
-+uid: uid883
-+givenname: givenname883
-+description: description883
-+userPassword: password883
-+mail: uid883
-+uidnumber: 883
-+gidnumber: 883
-+homeDirectory: /home/uid883
-+
-+dn: cn=user884,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user884
-+sn: user884
-+uid: uid884
-+givenname: givenname884
-+description: description884
-+userPassword: password884
-+mail: uid884
-+uidnumber: 884
-+gidnumber: 884
-+homeDirectory: /home/uid884
-+
-+dn: cn=user885,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user885
-+sn: user885
-+uid: uid885
-+givenname: givenname885
-+description: description885
-+userPassword: password885
-+mail: uid885
-+uidnumber: 885
-+gidnumber: 885
-+homeDirectory: /home/uid885
-+
-+dn: cn=user886,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user886
-+sn: user886
-+uid: uid886
-+givenname: givenname886
-+description: description886
-+userPassword: password886
-+mail: uid886
-+uidnumber: 886
-+gidnumber: 886
-+homeDirectory: /home/uid886
-+
-+dn: cn=user887,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user887
-+sn: user887
-+uid: uid887
-+givenname: givenname887
-+description: description887
-+userPassword: password887
-+mail: uid887
-+uidnumber: 887
-+gidnumber: 887
-+homeDirectory: /home/uid887
-+
-+dn: cn=user888,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user888
-+sn: user888
-+uid: uid888
-+givenname: givenname888
-+description: description888
-+userPassword: password888
-+mail: uid888
-+uidnumber: 888
-+gidnumber: 888
-+homeDirectory: /home/uid888
-+
-+dn: cn=user889,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user889
-+sn: user889
-+uid: uid889
-+givenname: givenname889
-+description: description889
-+userPassword: password889
-+mail: uid889
-+uidnumber: 889
-+gidnumber: 889
-+homeDirectory: /home/uid889
-+
-+dn: cn=user890,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user890
-+sn: user890
-+uid: uid890
-+givenname: givenname890
-+description: description890
-+userPassword: password890
-+mail: uid890
-+uidnumber: 890
-+gidnumber: 890
-+homeDirectory: /home/uid890
-+
-+dn: cn=user891,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user891
-+sn: user891
-+uid: uid891
-+givenname: givenname891
-+description: description891
-+userPassword: password891
-+mail: uid891
-+uidnumber: 891
-+gidnumber: 891
-+homeDirectory: /home/uid891
-+
-+dn: cn=user892,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user892
-+sn: user892
-+uid: uid892
-+givenname: givenname892
-+description: description892
-+userPassword: password892
-+mail: uid892
-+uidnumber: 892
-+gidnumber: 892
-+homeDirectory: /home/uid892
-+
-+dn: cn=user893,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user893
-+sn: user893
-+uid: uid893
-+givenname: givenname893
-+description: description893
-+userPassword: password893
-+mail: uid893
-+uidnumber: 893
-+gidnumber: 893
-+homeDirectory: /home/uid893
-+
-+dn: cn=user894,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user894
-+sn: user894
-+uid: uid894
-+givenname: givenname894
-+description: description894
-+userPassword: password894
-+mail: uid894
-+uidnumber: 894
-+gidnumber: 894
-+homeDirectory: /home/uid894
-+
-+dn: cn=user895,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user895
-+sn: user895
-+uid: uid895
-+givenname: givenname895
-+description: description895
-+userPassword: password895
-+mail: uid895
-+uidnumber: 895
-+gidnumber: 895
-+homeDirectory: /home/uid895
-+
-+dn: cn=user896,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user896
-+sn: user896
-+uid: uid896
-+givenname: givenname896
-+description: description896
-+userPassword: password896
-+mail: uid896
-+uidnumber: 896
-+gidnumber: 896
-+homeDirectory: /home/uid896
-+
-+dn: cn=user897,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user897
-+sn: user897
-+uid: uid897
-+givenname: givenname897
-+description: description897
-+userPassword: password897
-+mail: uid897
-+uidnumber: 897
-+gidnumber: 897
-+homeDirectory: /home/uid897
-+
-+dn: cn=user898,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user898
-+sn: user898
-+uid: uid898
-+givenname: givenname898
-+description: description898
-+userPassword: password898
-+mail: uid898
-+uidnumber: 898
-+gidnumber: 898
-+homeDirectory: /home/uid898
-+
-+dn: cn=user899,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user899
-+sn: user899
-+uid: uid899
-+givenname: givenname899
-+description: description899
-+userPassword: password899
-+mail: uid899
-+uidnumber: 899
-+gidnumber: 899
-+homeDirectory: /home/uid899
-+
-+dn: cn=user900,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user900
-+sn: user900
-+uid: uid900
-+givenname: givenname900
-+description: description900
-+userPassword: password900
-+mail: uid900
-+uidnumber: 900
-+gidnumber: 900
-+homeDirectory: /home/uid900
-+
-+dn: cn=user901,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user901
-+sn: user901
-+uid: uid901
-+givenname: givenname901
-+description: description901
-+userPassword: password901
-+mail: uid901
-+uidnumber: 901
-+gidnumber: 901
-+homeDirectory: /home/uid901
-+
-+dn: cn=user902,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user902
-+sn: user902
-+uid: uid902
-+givenname: givenname902
-+description: description902
-+userPassword: password902
-+mail: uid902
-+uidnumber: 902
-+gidnumber: 902
-+homeDirectory: /home/uid902
-+
-+dn: cn=user903,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user903
-+sn: user903
-+uid: uid903
-+givenname: givenname903
-+description: description903
-+userPassword: password903
-+mail: uid903
-+uidnumber: 903
-+gidnumber: 903
-+homeDirectory: /home/uid903
-+
-+dn: cn=user904,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user904
-+sn: user904
-+uid: uid904
-+givenname: givenname904
-+description: description904
-+userPassword: password904
-+mail: uid904
-+uidnumber: 904
-+gidnumber: 904
-+homeDirectory: /home/uid904
-+
-+dn: cn=user905,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user905
-+sn: user905
-+uid: uid905
-+givenname: givenname905
-+description: description905
-+userPassword: password905
-+mail: uid905
-+uidnumber: 905
-+gidnumber: 905
-+homeDirectory: /home/uid905
-+
-+dn: cn=user906,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user906
-+sn: user906
-+uid: uid906
-+givenname: givenname906
-+description: description906
-+userPassword: password906
-+mail: uid906
-+uidnumber: 906
-+gidnumber: 906
-+homeDirectory: /home/uid906
-+
-+dn: cn=user907,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user907
-+sn: user907
-+uid: uid907
-+givenname: givenname907
-+description: description907
-+userPassword: password907
-+mail: uid907
-+uidnumber: 907
-+gidnumber: 907
-+homeDirectory: /home/uid907
-+
-+dn: cn=user908,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user908
-+sn: user908
-+uid: uid908
-+givenname: givenname908
-+description: description908
-+userPassword: password908
-+mail: uid908
-+uidnumber: 908
-+gidnumber: 908
-+homeDirectory: /home/uid908
-+
-+dn: cn=user909,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user909
-+sn: user909
-+uid: uid909
-+givenname: givenname909
-+description: description909
-+userPassword: password909
-+mail: uid909
-+uidnumber: 909
-+gidnumber: 909
-+homeDirectory: /home/uid909
-+
-+dn: cn=user910,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user910
-+sn: user910
-+uid: uid910
-+givenname: givenname910
-+description: description910
-+userPassword: password910
-+mail: uid910
-+uidnumber: 910
-+gidnumber: 910
-+homeDirectory: /home/uid910
-+
-+dn: cn=user911,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user911
-+sn: user911
-+uid: uid911
-+givenname: givenname911
-+description: description911
-+userPassword: password911
-+mail: uid911
-+uidnumber: 911
-+gidnumber: 911
-+homeDirectory: /home/uid911
-+
-+dn: cn=user912,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user912
-+sn: user912
-+uid: uid912
-+givenname: givenname912
-+description: description912
-+userPassword: password912
-+mail: uid912
-+uidnumber: 912
-+gidnumber: 912
-+homeDirectory: /home/uid912
-+
-+dn: cn=user913,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user913
-+sn: user913
-+uid: uid913
-+givenname: givenname913
-+description: description913
-+userPassword: password913
-+mail: uid913
-+uidnumber: 913
-+gidnumber: 913
-+homeDirectory: /home/uid913
-+
-+dn: cn=user914,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user914
-+sn: user914
-+uid: uid914
-+givenname: givenname914
-+description: description914
-+userPassword: password914
-+mail: uid914
-+uidnumber: 914
-+gidnumber: 914
-+homeDirectory: /home/uid914
-+
-+dn: cn=user915,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user915
-+sn: user915
-+uid: uid915
-+givenname: givenname915
-+description: description915
-+userPassword: password915
-+mail: uid915
-+uidnumber: 915
-+gidnumber: 915
-+homeDirectory: /home/uid915
-+
-+dn: cn=user916,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user916
-+sn: user916
-+uid: uid916
-+givenname: givenname916
-+description: description916
-+userPassword: password916
-+mail: uid916
-+uidnumber: 916
-+gidnumber: 916
-+homeDirectory: /home/uid916
-+
-+dn: cn=user917,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user917
-+sn: user917
-+uid: uid917
-+givenname: givenname917
-+description: description917
-+userPassword: password917
-+mail: uid917
-+uidnumber: 917
-+gidnumber: 917
-+homeDirectory: /home/uid917
-+
-+dn: cn=user918,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user918
-+sn: user918
-+uid: uid918
-+givenname: givenname918
-+description: description918
-+userPassword: password918
-+mail: uid918
-+uidnumber: 918
-+gidnumber: 918
-+homeDirectory: /home/uid918
-+
-+dn: cn=user919,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user919
-+sn: user919
-+uid: uid919
-+givenname: givenname919
-+description: description919
-+userPassword: password919
-+mail: uid919
-+uidnumber: 919
-+gidnumber: 919
-+homeDirectory: /home/uid919
-+
-+dn: cn=user920,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user920
-+sn: user920
-+uid: uid920
-+givenname: givenname920
-+description: description920
-+userPassword: password920
-+mail: uid920
-+uidnumber: 920
-+gidnumber: 920
-+homeDirectory: /home/uid920
-+
-+dn: cn=user921,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user921
-+sn: user921
-+uid: uid921
-+givenname: givenname921
-+description: description921
-+userPassword: password921
-+mail: uid921
-+uidnumber: 921
-+gidnumber: 921
-+homeDirectory: /home/uid921
-+
-+dn: cn=user922,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user922
-+sn: user922
-+uid: uid922
-+givenname: givenname922
-+description: description922
-+userPassword: password922
-+mail: uid922
-+uidnumber: 922
-+gidnumber: 922
-+homeDirectory: /home/uid922
-+
-+dn: cn=user923,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user923
-+sn: user923
-+uid: uid923
-+givenname: givenname923
-+description: description923
-+userPassword: password923
-+mail: uid923
-+uidnumber: 923
-+gidnumber: 923
-+homeDirectory: /home/uid923
-+
-+dn: cn=user924,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user924
-+sn: user924
-+uid: uid924
-+givenname: givenname924
-+description: description924
-+userPassword: password924
-+mail: uid924
-+uidnumber: 924
-+gidnumber: 924
-+homeDirectory: /home/uid924
-+
-+dn: cn=user925,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user925
-+sn: user925
-+uid: uid925
-+givenname: givenname925
-+description: description925
-+userPassword: password925
-+mail: uid925
-+uidnumber: 925
-+gidnumber: 925
-+homeDirectory: /home/uid925
-+
-+dn: cn=user926,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user926
-+sn: user926
-+uid: uid926
-+givenname: givenname926
-+description: description926
-+userPassword: password926
-+mail: uid926
-+uidnumber: 926
-+gidnumber: 926
-+homeDirectory: /home/uid926
-+
-+dn: cn=user927,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user927
-+sn: user927
-+uid: uid927
-+givenname: givenname927
-+description: description927
-+userPassword: password927
-+mail: uid927
-+uidnumber: 927
-+gidnumber: 927
-+homeDirectory: /home/uid927
-+
-+dn: cn=user928,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user928
-+sn: user928
-+uid: uid928
-+givenname: givenname928
-+description: description928
-+userPassword: password928
-+mail: uid928
-+uidnumber: 928
-+gidnumber: 928
-+homeDirectory: /home/uid928
-+
-+dn: cn=user929,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user929
-+sn: user929
-+uid: uid929
-+givenname: givenname929
-+description: description929
-+userPassword: password929
-+mail: uid929
-+uidnumber: 929
-+gidnumber: 929
-+homeDirectory: /home/uid929
-+
-+dn: cn=user930,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user930
-+sn: user930
-+uid: uid930
-+givenname: givenname930
-+description: description930
-+userPassword: password930
-+mail: uid930
-+uidnumber: 930
-+gidnumber: 930
-+homeDirectory: /home/uid930
-+
-+dn: cn=user931,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user931
-+sn: user931
-+uid: uid931
-+givenname: givenname931
-+description: description931
-+userPassword: password931
-+mail: uid931
-+uidnumber: 931
-+gidnumber: 931
-+homeDirectory: /home/uid931
-+
-+dn: cn=user932,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user932
-+sn: user932
-+uid: uid932
-+givenname: givenname932
-+description: description932
-+userPassword: password932
-+mail: uid932
-+uidnumber: 932
-+gidnumber: 932
-+homeDirectory: /home/uid932
-+
-+dn: cn=user933,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user933
-+sn: user933
-+uid: uid933
-+givenname: givenname933
-+description: description933
-+userPassword: password933
-+mail: uid933
-+uidnumber: 933
-+gidnumber: 933
-+homeDirectory: /home/uid933
-+
-+dn: cn=user934,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user934
-+sn: user934
-+uid: uid934
-+givenname: givenname934
-+description: description934
-+userPassword: password934
-+mail: uid934
-+uidnumber: 934
-+gidnumber: 934
-+homeDirectory: /home/uid934
-+
-+dn: cn=user935,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user935
-+sn: user935
-+uid: uid935
-+givenname: givenname935
-+description: description935
-+userPassword: password935
-+mail: uid935
-+uidnumber: 935
-+gidnumber: 935
-+homeDirectory: /home/uid935
-+
-+dn: cn=user936,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user936
-+sn: user936
-+uid: uid936
-+givenname: givenname936
-+description: description936
-+userPassword: password936
-+mail: uid936
-+uidnumber: 936
-+gidnumber: 936
-+homeDirectory: /home/uid936
-+
-+dn: cn=user937,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user937
-+sn: user937
-+uid: uid937
-+givenname: givenname937
-+description: description937
-+userPassword: password937
-+mail: uid937
-+uidnumber: 937
-+gidnumber: 937
-+homeDirectory: /home/uid937
-+
-+dn: cn=user938,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user938
-+sn: user938
-+uid: uid938
-+givenname: givenname938
-+description: description938
-+userPassword: password938
-+mail: uid938
-+uidnumber: 938
-+gidnumber: 938
-+homeDirectory: /home/uid938
-+
-+dn: cn=user939,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user939
-+sn: user939
-+uid: uid939
-+givenname: givenname939
-+description: description939
-+userPassword: password939
-+mail: uid939
-+uidnumber: 939
-+gidnumber: 939
-+homeDirectory: /home/uid939
-+
-+dn: cn=user940,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user940
-+sn: user940
-+uid: uid940
-+givenname: givenname940
-+description: description940
-+userPassword: password940
-+mail: uid940
-+uidnumber: 940
-+gidnumber: 940
-+homeDirectory: /home/uid940
-+
-+dn: cn=user941,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user941
-+sn: user941
-+uid: uid941
-+givenname: givenname941
-+description: description941
-+userPassword: password941
-+mail: uid941
-+uidnumber: 941
-+gidnumber: 941
-+homeDirectory: /home/uid941
-+
-+dn: cn=user942,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user942
-+sn: user942
-+uid: uid942
-+givenname: givenname942
-+description: description942
-+userPassword: password942
-+mail: uid942
-+uidnumber: 942
-+gidnumber: 942
-+homeDirectory: /home/uid942
-+
-+dn: cn=user943,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user943
-+sn: user943
-+uid: uid943
-+givenname: givenname943
-+description: description943
-+userPassword: password943
-+mail: uid943
-+uidnumber: 943
-+gidnumber: 943
-+homeDirectory: /home/uid943
-+
-+dn: cn=user944,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user944
-+sn: user944
-+uid: uid944
-+givenname: givenname944
-+description: description944
-+userPassword: password944
-+mail: uid944
-+uidnumber: 944
-+gidnumber: 944
-+homeDirectory: /home/uid944
-+
-+dn: cn=user945,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user945
-+sn: user945
-+uid: uid945
-+givenname: givenname945
-+description: description945
-+userPassword: password945
-+mail: uid945
-+uidnumber: 945
-+gidnumber: 945
-+homeDirectory: /home/uid945
-+
-+dn: cn=user946,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user946
-+sn: user946
-+uid: uid946
-+givenname: givenname946
-+description: description946
-+userPassword: password946
-+mail: uid946
-+uidnumber: 946
-+gidnumber: 946
-+homeDirectory: /home/uid946
-+
-+dn: cn=user947,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user947
-+sn: user947
-+uid: uid947
-+givenname: givenname947
-+description: description947
-+userPassword: password947
-+mail: uid947
-+uidnumber: 947
-+gidnumber: 947
-+homeDirectory: /home/uid947
-+
-+dn: cn=user948,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user948
-+sn: user948
-+uid: uid948
-+givenname: givenname948
-+description: description948
-+userPassword: password948
-+mail: uid948
-+uidnumber: 948
-+gidnumber: 948
-+homeDirectory: /home/uid948
-+
-+dn: cn=user949,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user949
-+sn: user949
-+uid: uid949
-+givenname: givenname949
-+description: description949
-+userPassword: password949
-+mail: uid949
-+uidnumber: 949
-+gidnumber: 949
-+homeDirectory: /home/uid949
-+
-+dn: cn=user950,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user950
-+sn: user950
-+uid: uid950
-+givenname: givenname950
-+description: description950
-+userPassword: password950
-+mail: uid950
-+uidnumber: 950
-+gidnumber: 950
-+homeDirectory: /home/uid950
-+
-+dn: cn=user951,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user951
-+sn: user951
-+uid: uid951
-+givenname: givenname951
-+description: description951
-+userPassword: password951
-+mail: uid951
-+uidnumber: 951
-+gidnumber: 951
-+homeDirectory: /home/uid951
-+
-+dn: cn=user952,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user952
-+sn: user952
-+uid: uid952
-+givenname: givenname952
-+description: description952
-+userPassword: password952
-+mail: uid952
-+uidnumber: 952
-+gidnumber: 952
-+homeDirectory: /home/uid952
-+
-+dn: cn=user953,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user953
-+sn: user953
-+uid: uid953
-+givenname: givenname953
-+description: description953
-+userPassword: password953
-+mail: uid953
-+uidnumber: 953
-+gidnumber: 953
-+homeDirectory: /home/uid953
-+
-+dn: cn=user954,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user954
-+sn: user954
-+uid: uid954
-+givenname: givenname954
-+description: description954
-+userPassword: password954
-+mail: uid954
-+uidnumber: 954
-+gidnumber: 954
-+homeDirectory: /home/uid954
-+
-+dn: cn=user955,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user955
-+sn: user955
-+uid: uid955
-+givenname: givenname955
-+description: description955
-+userPassword: password955
-+mail: uid955
-+uidnumber: 955
-+gidnumber: 955
-+homeDirectory: /home/uid955
-+
-+dn: cn=user956,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user956
-+sn: user956
-+uid: uid956
-+givenname: givenname956
-+description: description956
-+userPassword: password956
-+mail: uid956
-+uidnumber: 956
-+gidnumber: 956
-+homeDirectory: /home/uid956
-+
-+dn: cn=user957,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user957
-+sn: user957
-+uid: uid957
-+givenname: givenname957
-+description: description957
-+userPassword: password957
-+mail: uid957
-+uidnumber: 957
-+gidnumber: 957
-+homeDirectory: /home/uid957
-+
-+dn: cn=user958,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user958
-+sn: user958
-+uid: uid958
-+givenname: givenname958
-+description: description958
-+userPassword: password958
-+mail: uid958
-+uidnumber: 958
-+gidnumber: 958
-+homeDirectory: /home/uid958
-+
-+dn: cn=user959,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user959
-+sn: user959
-+uid: uid959
-+givenname: givenname959
-+description: description959
-+userPassword: password959
-+mail: uid959
-+uidnumber: 959
-+gidnumber: 959
-+homeDirectory: /home/uid959
-+
-+dn: cn=user960,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user960
-+sn: user960
-+uid: uid960
-+givenname: givenname960
-+description: description960
-+userPassword: password960
-+mail: uid960
-+uidnumber: 960
-+gidnumber: 960
-+homeDirectory: /home/uid960
-+
-+dn: cn=user961,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user961
-+sn: user961
-+uid: uid961
-+givenname: givenname961
-+description: description961
-+userPassword: password961
-+mail: uid961
-+uidnumber: 961
-+gidnumber: 961
-+homeDirectory: /home/uid961
-+
-+dn: cn=user962,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user962
-+sn: user962
-+uid: uid962
-+givenname: givenname962
-+description: description962
-+userPassword: password962
-+mail: uid962
-+uidnumber: 962
-+gidnumber: 962
-+homeDirectory: /home/uid962
-+
-+dn: cn=user963,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user963
-+sn: user963
-+uid: uid963
-+givenname: givenname963
-+description: description963
-+userPassword: password963
-+mail: uid963
-+uidnumber: 963
-+gidnumber: 963
-+homeDirectory: /home/uid963
-+
-+dn: cn=user964,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user964
-+sn: user964
-+uid: uid964
-+givenname: givenname964
-+description: description964
-+userPassword: password964
-+mail: uid964
-+uidnumber: 964
-+gidnumber: 964
-+homeDirectory: /home/uid964
-+
-+dn: cn=user965,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user965
-+sn: user965
-+uid: uid965
-+givenname: givenname965
-+description: description965
-+userPassword: password965
-+mail: uid965
-+uidnumber: 965
-+gidnumber: 965
-+homeDirectory: /home/uid965
-+
-+dn: cn=user966,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user966
-+sn: user966
-+uid: uid966
-+givenname: givenname966
-+description: description966
-+userPassword: password966
-+mail: uid966
-+uidnumber: 966
-+gidnumber: 966
-+homeDirectory: /home/uid966
-+
-+dn: cn=user967,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user967
-+sn: user967
-+uid: uid967
-+givenname: givenname967
-+description: description967
-+userPassword: password967
-+mail: uid967
-+uidnumber: 967
-+gidnumber: 967
-+homeDirectory: /home/uid967
-+
-+dn: cn=user968,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user968
-+sn: user968
-+uid: uid968
-+givenname: givenname968
-+description: description968
-+userPassword: password968
-+mail: uid968
-+uidnumber: 968
-+gidnumber: 968
-+homeDirectory: /home/uid968
-+
-+dn: cn=user969,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user969
-+sn: user969
-+uid: uid969
-+givenname: givenname969
-+description: description969
-+userPassword: password969
-+mail: uid969
-+uidnumber: 969
-+gidnumber: 969
-+homeDirectory: /home/uid969
-+
-+dn: cn=user970,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user970
-+sn: user970
-+uid: uid970
-+givenname: givenname970
-+description: description970
-+userPassword: password970
-+mail: uid970
-+uidnumber: 970
-+gidnumber: 970
-+homeDirectory: /home/uid970
-+
-+dn: cn=user971,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user971
-+sn: user971
-+uid: uid971
-+givenname: givenname971
-+description: description971
-+userPassword: password971
-+mail: uid971
-+uidnumber: 971
-+gidnumber: 971
-+homeDirectory: /home/uid971
-+
-+dn: cn=user972,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user972
-+sn: user972
-+uid: uid972
-+givenname: givenname972
-+description: description972
-+userPassword: password972
-+mail: uid972
-+uidnumber: 972
-+gidnumber: 972
-+homeDirectory: /home/uid972
-+
-+dn: cn=user973,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user973
-+sn: user973
-+uid: uid973
-+givenname: givenname973
-+description: description973
-+userPassword: password973
-+mail: uid973
-+uidnumber: 973
-+gidnumber: 973
-+homeDirectory: /home/uid973
-+
-+dn: cn=user974,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user974
-+sn: user974
-+uid: uid974
-+givenname: givenname974
-+description: description974
-+userPassword: password974
-+mail: uid974
-+uidnumber: 974
-+gidnumber: 974
-+homeDirectory: /home/uid974
-+
-+dn: cn=user975,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user975
-+sn: user975
-+uid: uid975
-+givenname: givenname975
-+description: description975
-+userPassword: password975
-+mail: uid975
-+uidnumber: 975
-+gidnumber: 975
-+homeDirectory: /home/uid975
-+
-+dn: cn=user976,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user976
-+sn: user976
-+uid: uid976
-+givenname: givenname976
-+description: description976
-+userPassword: password976
-+mail: uid976
-+uidnumber: 976
-+gidnumber: 976
-+homeDirectory: /home/uid976
-+
-+dn: cn=user977,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user977
-+sn: user977
-+uid: uid977
-+givenname: givenname977
-+description: description977
-+userPassword: password977
-+mail: uid977
-+uidnumber: 977
-+gidnumber: 977
-+homeDirectory: /home/uid977
-+
-+dn: cn=user978,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user978
-+sn: user978
-+uid: uid978
-+givenname: givenname978
-+description: description978
-+userPassword: password978
-+mail: uid978
-+uidnumber: 978
-+gidnumber: 978
-+homeDirectory: /home/uid978
-+
-+dn: cn=user979,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user979
-+sn: user979
-+uid: uid979
-+givenname: givenname979
-+description: description979
-+userPassword: password979
-+mail: uid979
-+uidnumber: 979
-+gidnumber: 979
-+homeDirectory: /home/uid979
-+
-+dn: cn=user980,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user980
-+sn: user980
-+uid: uid980
-+givenname: givenname980
-+description: description980
-+userPassword: password980
-+mail: uid980
-+uidnumber: 980
-+gidnumber: 980
-+homeDirectory: /home/uid980
-+
-+dn: cn=user981,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user981
-+sn: user981
-+uid: uid981
-+givenname: givenname981
-+description: description981
-+userPassword: password981
-+mail: uid981
-+uidnumber: 981
-+gidnumber: 981
-+homeDirectory: /home/uid981
-+
-+dn: cn=user982,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user982
-+sn: user982
-+uid: uid982
-+givenname: givenname982
-+description: description982
-+userPassword: password982
-+mail: uid982
-+uidnumber: 982
-+gidnumber: 982
-+homeDirectory: /home/uid982
-+
-+dn: cn=user983,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user983
-+sn: user983
-+uid: uid983
-+givenname: givenname983
-+description: description983
-+userPassword: password983
-+mail: uid983
-+uidnumber: 983
-+gidnumber: 983
-+homeDirectory: /home/uid983
-+
-+dn: cn=user984,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user984
-+sn: user984
-+uid: uid984
-+givenname: givenname984
-+description: description984
-+userPassword: password984
-+mail: uid984
-+uidnumber: 984
-+gidnumber: 984
-+homeDirectory: /home/uid984
-+
-+dn: cn=user985,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user985
-+sn: user985
-+uid: uid985
-+givenname: givenname985
-+description: description985
-+userPassword: password985
-+mail: uid985
-+uidnumber: 985
-+gidnumber: 985
-+homeDirectory: /home/uid985
-+
-+dn: cn=user986,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user986
-+sn: user986
-+uid: uid986
-+givenname: givenname986
-+description: description986
-+userPassword: password986
-+mail: uid986
-+uidnumber: 986
-+gidnumber: 986
-+homeDirectory: /home/uid986
-+
-+dn: cn=user987,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user987
-+sn: user987
-+uid: uid987
-+givenname: givenname987
-+description: description987
-+userPassword: password987
-+mail: uid987
-+uidnumber: 987
-+gidnumber: 987
-+homeDirectory: /home/uid987
-+
-+dn: cn=user988,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user988
-+sn: user988
-+uid: uid988
-+givenname: givenname988
-+description: description988
-+userPassword: password988
-+mail: uid988
-+uidnumber: 988
-+gidnumber: 988
-+homeDirectory: /home/uid988
-+
-+dn: cn=user989,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user989
-+sn: user989
-+uid: uid989
-+givenname: givenname989
-+description: description989
-+userPassword: password989
-+mail: uid989
-+uidnumber: 989
-+gidnumber: 989
-+homeDirectory: /home/uid989
-+
-+dn: cn=user990,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user990
-+sn: user990
-+uid: uid990
-+givenname: givenname990
-+description: description990
-+userPassword: password990
-+mail: uid990
-+uidnumber: 990
-+gidnumber: 990
-+homeDirectory: /home/uid990
-+
-+dn: cn=user991,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user991
-+sn: user991
-+uid: uid991
-+givenname: givenname991
-+description: description991
-+userPassword: password991
-+mail: uid991
-+uidnumber: 991
-+gidnumber: 991
-+homeDirectory: /home/uid991
-+
-+dn: cn=user992,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user992
-+sn: user992
-+uid: uid992
-+givenname: givenname992
-+description: description992
-+userPassword: password992
-+mail: uid992
-+uidnumber: 992
-+gidnumber: 992
-+homeDirectory: /home/uid992
-+
-+dn: cn=user993,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user993
-+sn: user993
-+uid: uid993
-+givenname: givenname993
-+description: description993
-+userPassword: password993
-+mail: uid993
-+uidnumber: 993
-+gidnumber: 993
-+homeDirectory: /home/uid993
-+
-+dn: cn=user994,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user994
-+sn: user994
-+uid: uid994
-+givenname: givenname994
-+description: description994
-+userPassword: password994
-+mail: uid994
-+uidnumber: 994
-+gidnumber: 994
-+homeDirectory: /home/uid994
-+
-+dn: cn=user995,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user995
-+sn: user995
-+uid: uid995
-+givenname: givenname995
-+description: description995
-+userPassword: password995
-+mail: uid995
-+uidnumber: 995
-+gidnumber: 995
-+homeDirectory: /home/uid995
-+
-+dn: cn=user996,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user996
-+sn: user996
-+uid: uid996
-+givenname: givenname996
-+description: description996
-+userPassword: password996
-+mail: uid996
-+uidnumber: 996
-+gidnumber: 996
-+homeDirectory: /home/uid996
-+
-+dn: cn=user997,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user997
-+sn: user997
-+uid: uid997
-+givenname: givenname997
-+description: description997
-+userPassword: password997
-+mail: uid997
-+uidnumber: 997
-+gidnumber: 997
-+homeDirectory: /home/uid997
-+
-+dn: cn=user998,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user998
-+sn: user998
-+uid: uid998
-+givenname: givenname998
-+description: description998
-+userPassword: password998
-+mail: uid998
-+uidnumber: 998
-+gidnumber: 998
-+homeDirectory: /home/uid998
-+
-+dn: cn=user999,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user999
-+sn: user999
-+uid: uid999
-+givenname: givenname999
-+description: description999
-+userPassword: password999
-+mail: uid999
-+uidnumber: 999
-+gidnumber: 999
-+homeDirectory: /home/uid999
-+
-diff --git a/dirsrvtests/tickets/ticket48212_test.py b/dirsrvtests/tickets/ticket48212_test.py
-new file mode 100644
-index 0000000..c3c8c8f
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48212_test.py
-@@ -0,0 +1,210 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from ldap.controls import SimplePagedResultsControl
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+MYSUFFIX = 'dc=example,dc=com'
-+MYSUFFIXBE = 'userRoot'
-+_MYLDIF = 'example1k_posix.ldif'
-+UIDNUMBERDN = "cn=uidnumber,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
-+
-+class TopologyStandalone(object):
-+    def __init__(self, standalone):
-+        standalone.open()
-+        self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    '''
-+        This fixture is used to standalone topology for the 'module'.
-+    '''
-+    global installation_prefix
-+
-+    if installation_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+    standalone = DirSrv(verbose=False)
-+
-+    # Args for the standalone instance
-+    args_instance[SER_HOST] = HOST_STANDALONE
-+    args_instance[SER_PORT] = PORT_STANDALONE
-+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+    args_standalone = args_instance.copy()
-+    standalone.allocate(args_standalone)
-+
-+    # Get the status of the instance and restart it if it exists
-+    instance_standalone = standalone.exists()
-+
-+    # Remove the instance
-+    if instance_standalone:
-+        standalone.delete()
-+
-+    # Create the instance
-+    standalone.create()
-+
-+    # Used to retrieve configuration information (dbdir, confdir...)
-+    standalone.open()
-+
-+    # clear the tmp directory
-+    standalone.clearTmpDir(__file__)
-+
-+    # Here we have standalone instance up and running
-+    return TopologyStandalone(standalone)
-+
-+def runDbVerify(topology):
-+    topology.standalone.log.info("\n\n	+++++ dbverify +++++\n")
-+    dbverifyCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/dbverify -V"
-+    dbverifyOUT = os.popen(dbverifyCMD, "r")
-+    topology.standalone.log.info("Running %s" % dbverifyCMD)
-+    running = True
-+    error = False
-+    while running:
-+        l = dbverifyOUT.readline()
-+        if l == "":
-+            running = False
-+        elif "libdb:" in l:
-+            running = False
-+            error = True
-+            topology.standalone.log.info("%s" % l)
-+        elif "verify failed" in l:
-+            error = True
-+            running = False
-+            topology.standalone.log.info("%s" % l)
-+
-+    if error:
-+        topology.standalone.log.fatal("dbverify failed")
-+        assert False
-+    else:
-+        topology.standalone.log.info("dbverify passed")
-+        
-+def reindexUidNumber(topology):
-+    topology.standalone.log.info("\n\n	+++++ reindex uidnumber +++++\n")
-+    indexCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/db2index.pl -D \"" + DN_DM + "\" -w \"" + PASSWORD + "\" -n " + MYSUFFIXBE + " -t uidnumber"
-+
-+    indexOUT = os.popen(indexCMD, "r")
-+    topology.standalone.log.info("Running %s" % indexCMD)
-+
-+    time.sleep(10)
-+
-+    tailCMD = "tail -n 3 " + topology.standalone.errlog
-+    tailOUT = os.popen(tailCMD, "r")
-+    running = True
-+    done = False
-+    while running:
-+        l = tailOUT.readline()
-+        if l == "":
-+            running = False
-+        elif "Finished indexing" in l:
-+            running = False
-+            done = True
-+            topology.standalone.log.info("%s" % l)
-+        
-+    if done:
-+        topology.standalone.log.info("%s done" % indexCMD)
-+    else:
-+        topology.standalone.log.fatal("%s did not finish" % indexCMD)
-+        assert False
-+        
-+def test_ticket48212_run(topology):
-+    """
-+    Import posixAccount entries.
-+    Index uidNumber
-+    add nsMatchingRule: integerOrderingMatch
-+    run dbverify to see if it reports the db corruption or not
-+    delete nsMatchingRule: integerOrderingMatch
-+    run dbverify to see if it reports the db corruption or not
-+    if no corruption is reported, the bug fix was verified.
-+    """
-+    log.info('Testing Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfo thus following reindexing, as well.')
-+
-+    # bind as directory manager
-+    topology.standalone.log.info("Bind as %s" % DN_DM)
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+
-+    data_dir_path = topology.standalone.getDir(__file__, DATA_DIR)
-+    ldif_file = data_dir_path + "ticket48212/" + _MYLDIF
-+    topology.standalone.log.info("\n\n######################### Import Test data (%s) ######################\n" % ldif_file)
-+    args = {TASK_WAIT: True}
-+    importTask = Tasks(topology.standalone)
-+    importTask.importLDIF(MYSUFFIX, MYSUFFIXBE, ldif_file, args)
-+    args = {TASK_WAIT: True}
-+
-+    runDbVerify(topology)
-+
-+    topology.standalone.log.info("\n\n######################### Add index by uidnumber ######################\n")
-+    try:
-+        topology.standalone.add_s(Entry((UIDNUMBERDN, {'objectclass': "top nsIndex".split(),
-+                                                       'cn': 'uidnumber',
-+                                                       'nsSystemIndex': 'false',
-+                                                       'nsIndexType': "pres eq".split()})))
-+    except ValueError:
-+        topology.standalone.log.fatal("add_s failed: %s", ValueError)
-+
-+    topology.standalone.log.info("\n\n######################### reindexing... ######################\n")
-+    reindexUidNumber(topology)
-+
-+    runDbVerify(topology)
-+
-+    topology.standalone.log.info("\n\n######################### Add nsMatchingRule ######################\n")
-+    try:
-+        topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_ADD, 'nsMatchingRule', 'integerOrderingMatch')])
-+    except ValueError:
-+        topology.standalone.log.fatal("modify_s failed: %s", ValueError)
-+
-+    topology.standalone.log.info("\n\n######################### reindexing... ######################\n")
-+    reindexUidNumber(topology)
-+
-+    runDbVerify(topology)
-+
-+    topology.standalone.log.info("\n\n######################### Delete nsMatchingRule ######################\n")
-+    try:
-+        topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_DELETE, 'nsMatchingRule', 'integerOrderingMatch')])
-+    except ValueError:
-+        topology.standalone.log.fatal("modify_s failed: %s", ValueError)
-+
-+    reindexUidNumber(topology)
-+
-+    runDbVerify(topology)
-+
-+    topology.standalone.log.info("ticket48212 was successfully verified.")
-+
-+
-+def test_ticket48212_final(topology):
-+    topology.standalone.delete()
-+    log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+    '''
-+        run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+        To run isolated without py.test, you need to
-+            - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+            - set the installation prefix
-+            - run this program
-+    '''
-+    global installation_prefix
-+    installation_prefix = None
-+
-+    topo = topology(True)
-+    test_ticket48212_run(topo)
-+
-+    test_ticket48212_final(topo)
-+
-+
-+if __name__ == '__main__':
-+    run_isolated()
-+
--- 
-1.9.3
-
diff --git a/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch b/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch
new file mode 100644
index 0000000..7ba20c3
--- /dev/null
+++ b/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch
@@ -0,0 +1,462 @@
+From 80e8d8fc8eb44d45af5285308cda37553611f688 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Sat, 9 Jul 2016 19:02:37 +1000
+Subject: [PATCH 04/15] Ticket 48916 - DNA Threshold set to 0 causes SIGFPE
+
+Bug Description:  If the DNA threshold was set to 0, a divide by zero would
+occur when requesting ranges.
+
+Fix Description:  Prevent the config from setting a value of 0 for dna threshold.
+
+If an existing site has a threshold of 0, we guard the divide operation, and
+return an operations error instead.
+
+https://fedorahosted.org/389/ticket/48916
+
+Author: wibrown
+
+Review by: nhosoi, mreynolds (Thank you!)
+
+(cherry picked from commit 05ebb6d10cf0ec8e03c59bade7f819ddb1fdcf78)
+---
+ .gitignore                                    |   1 +
+ dirsrvtests/tests/tickets/ticket48916_test.py | 253 ++++++++++++++++++++++++++
+ ldap/servers/plugins/dna/dna.c                |  40 +++-
+ 3 files changed, 289 insertions(+), 5 deletions(-)
+ create mode 100644 dirsrvtests/tests/tickets/ticket48916_test.py
+
+diff --git a/.gitignore b/.gitignore
+index f6583c2..f92bcd8 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -5,6 +5,7 @@ autom4te.cache
+ .cproject
+ .project
+ .settings
++.cache
+ *.a
+ *.dirstamp
+ *.la
+diff --git a/dirsrvtests/tests/tickets/ticket48916_test.py b/dirsrvtests/tests/tickets/ticket48916_test.py
+new file mode 100644
+index 0000000..44c96da
+--- /dev/null
++++ b/dirsrvtests/tests/tickets/ticket48916_test.py
+@@ -0,0 +1,253 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = False
++
++if DEBUGGING:
++    logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++    logging.getLogger(__name__).setLevel(logging.INFO)
++
++
++log = logging.getLogger(__name__)
++
++
++class TopologyReplication(object):
++    """The Replication Topology Class"""
++    def __init__(self, master1, master2):
++        """Init"""
++        master1.open()
++        self.master1 = master1
++        master2.open()
++        self.master2 = master2
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    """Create Replication Deployment"""
++
++    # Creating master 1...
++    if DEBUGGING:
++        master1 = DirSrv(verbose=True)
++    else:
++        master1 = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_MASTER_1
++    args_instance[SER_PORT] = PORT_MASTER_1
++    args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_master = args_instance.copy()
++    master1.allocate(args_master)
++    instance_master1 = master1.exists()
++    if instance_master1:
++        master1.delete()
++    master1.create()
++    master1.open()
++    master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1)
++
++    # Creating master 2...
++    if DEBUGGING:
++        master2 = DirSrv(verbose=True)
++    else:
++        master2 = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_MASTER_2
++    args_instance[SER_PORT] = PORT_MASTER_2
++    args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_master = args_instance.copy()
++    master2.allocate(args_master)
++    instance_master2 = master2.exists()
++    if instance_master2:
++        master2.delete()
++    master2.create()
++    master2.open()
++    master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2)
++
++    #
++    # Create all the agreements
++    #
++    # Creating agreement from master 1 to master 2
++    properties = {RA_NAME: 'meTo_' + master2.host + ':' + str(master2.port),
++                  RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
++                  RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
++                  RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
++                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
++    m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
++    if not m1_m2_agmt:
++        log.fatal("Fail to create a master -> master replica agreement")
++        sys.exit(1)
++    log.debug("%s created" % m1_m2_agmt)
++
++    # Creating agreement from master 2 to master 1
++    properties = {RA_NAME: 'meTo_' + master1.host + ':' + str(master1.port),
++                  RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
++                  RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
++                  RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
++                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
++    m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
++    if not m2_m1_agmt:
++        log.fatal("Fail to create a master -> master replica agreement")
++        sys.exit(1)
++    log.debug("%s created" % m2_m1_agmt)
++
++    # Allow the replicas to get situated with the new agreements...
++    time.sleep(5)
++
++    #
++    # Initialize all the agreements
++    #
++    master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2)
++    master1.waitForReplInit(m1_m2_agmt)
++
++    # Check replication is working...
++    if master1.testReplication(DEFAULT_SUFFIX, master2):
++        log.info('Replication is working.')
++    else:
++        log.fatal('Replication is not working.')
++        assert False
++
++    def fin():
++        """If we are debugging just stop the instances, otherwise remove
++        them
++        """
++        if DEBUGGING:
++            master1.stop()
++            master2.stop()
++        else:
++            master1.delete()
++            master2.delete()
++
++    request.addfinalizer(fin)
++
++    # Clear out the tmp dir
++    master1.clearTmpDir(__file__)
++
++    return TopologyReplication(master1, master2)
++
++
++def _create_user(inst, idnum):
++    inst.add_s(Entry(
++        ('uid=user%s,ou=People,%s' % (idnum, DEFAULT_SUFFIX), {
++            'objectClass' : 'top account posixAccount'.split(' '),
++            'cn' : 'user',
++            'uid' : 'user%s' % idnum,
++            'homeDirectory' : '/home/user%s' % idnum,
++            'loginShell' : '/bin/nologin',
++            'gidNumber' : '-1',
++            'uidNumber' : '-1',
++        })
++    ))
++
++def test_ticket48916(topology):
++    """
++    https://bugzilla.redhat.com/show_bug.cgi?id=1353629
++
++    This is an issue with ID exhaustion in DNA causing a crash.
++
++    To access each DirSrv instance use:  topology.master1, topology.master2,
++        ..., topology.hub1, ..., topology.consumer1,...
++
++
++    """
++
++    if DEBUGGING:
++        # Add debugging steps(if any)...
++        pass
++
++    # Enable the plugin on both servers
++
++    dna_m1 = topology.master1.plugins.get('Distributed Numeric Assignment Plugin')
++    dna_m2 = topology.master2.plugins.get('Distributed Numeric Assignment Plugin')
++
++    # Configure it
++    # Create the container for the ranges to go into.
++
++    topology.master1.add_s(Entry(
++        ('ou=Ranges,%s' % DEFAULT_SUFFIX, {
++            'objectClass' : 'top organizationalUnit'.split(' '),
++            'ou' : 'Ranges',
++        })
++    ))
++
++    # Create the dnaAdmin?
++
++    # For now we just pinch the dn from the dna_m* types, and add the relevant child config
++    # but in the future, this could be a better plugin template type from lib389
++
++    config_dn = dna_m1.dn
++
++    topology.master1.add_s(Entry(
++        ('cn=uids,%s' % config_dn, {
++            'objectClass' : 'top dnaPluginConfig'.split(' '),
++            'cn': 'uids',
++            'dnatype': 'uidNumber gidNumber'.split(' '),
++            'dnafilter': '(objectclass=posixAccount)',
++            'dnascope': '%s' % DEFAULT_SUFFIX,
++            'dnaNextValue': '1',
++            'dnaMaxValue': '50',
++            'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX,
++            'dnaThreshold': '0',
++            'dnaRangeRequestTimeout': '60',
++            'dnaMagicRegen': '-1',
++            'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX,
++            'dnaRemoteBindCred': 'secret123',
++            'dnaNextRange': '80-90'
++        })
++    ))
++
++    topology.master2.add_s(Entry(
++        ('cn=uids,%s' % config_dn, {
++            'objectClass' : 'top dnaPluginConfig'.split(' '),
++            'cn': 'uids',
++            'dnatype': 'uidNumber gidNumber'.split(' '),
++            'dnafilter': '(objectclass=posixAccount)',
++            'dnascope': '%s' % DEFAULT_SUFFIX,
++            'dnaNextValue': '61',
++            'dnaMaxValue': '70',
++            'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX,
++            'dnaThreshold': '2',
++            'dnaRangeRequestTimeout': '60',
++            'dnaMagicRegen': '-1',
++            'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX,
++            'dnaRemoteBindCred': 'secret123',
++        })
++    ))
++
++
++    # Enable the plugins
++    dna_m1.enable()
++    dna_m2.enable()
++    
++    # Restart the instances
++    topology.master1.restart(60)
++    topology.master2.restart(60)
++
++    # Wait for a replication .....
++    time.sleep(40)
++
++    # Allocate the 10 members to exhaust
++
++    for i in range(1,11):
++        _create_user(topology.master2, i)
++
++    # Allocate the 11th
++    _create_user(topology.master2, 11)
++
++    log.info('Test PASSED')
++
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
++
+diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
+index 2908443..cf640d8 100644
+--- a/ldap/servers/plugins/dna/dna.c
++++ b/ldap/servers/plugins/dna/dna.c
+@@ -1244,6 +1244,12 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry * e, int apply)
+         slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM,
+                         "----------> %s [%s]\n", DNA_THRESHOLD, value);
+ 
++        if (entry->threshold <= 0) {
++            entry->threshold = 1;
++            slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
++                            "----------> %s too low, setting to [%s]\n", DNA_THRESHOLD, value);
++        }
++
+         slapi_ch_free_string(&value);
+     } else {
+         entry->threshold = 1;
+@@ -2171,7 +2177,7 @@ static int dna_dn_is_config(char *dn)
+     int ret = 0;
+ 
+     slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+-                    "--> dna_is_config\n");
++                    "--> dna_is_config %s\n", dn);
+ 
+     if (slapi_dn_issuffix(dn, getPluginDN())) {
+         ret = 1;
+@@ -3404,18 +3410,21 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+ 
+             /* Did we already service all of these configured types? */
+             if (dna_list_contains_types(generated_types, config_entry->types)) {
++                slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    no types to act upon.\n");
+                 goto next;
+             }
+ 
+             /* is the entry in scope? */
+             if (config_entry->scope &&
+                 !slapi_dn_issuffix(dn, config_entry->scope)) {
++                slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    dn not in scope\n");
+                 goto next;
+             }
+ 
+             /* is this entry in an excluded scope? */
+             for (i = 0; config_entry->excludescope && config_entry->excludescope[i]; i++) {
+                 if (slapi_dn_issuffix(dn, slapi_sdn_get_dn(config_entry->excludescope[i]))) {
++                    slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    dn in excluded scope\n");
+                     goto next;
+                 }
+             }
+@@ -3424,7 +3433,8 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+             if (config_entry->slapi_filter) {
+                 ret = slapi_vattr_filter_test(pb, e, config_entry->slapi_filter, 0);
+                 if (LDAP_SUCCESS != ret) {
+-                        goto next;
++                    slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    dn does not match filter\n");
++                    goto next;
+                 }
+             }
+ 
+@@ -3454,6 +3464,8 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+             }
+ 
+             if (types_to_generate && types_to_generate[0]) {
++
++                slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    adding %s to %s as -2\n", types_to_generate[0], dn);
+                 /* add - add to entry */
+                 for (i = 0; types_to_generate && types_to_generate[i]; i++) {
+                     slapi_entry_attr_set_charptr(e, types_to_generate[i],
+@@ -3492,6 +3504,7 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+                 slapi_lock_mutex(config_entry->lock);
+ 
+                 ret = dna_first_free_value(config_entry, &setval);
++                slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    retrieved value %" PRIu64 " ret %d\n", setval, ret);
+                 if (LDAP_SUCCESS != ret) {
+                     /* check if we overflowed the configured range */
+                     if (setval > config_entry->maxval) {
+@@ -4022,18 +4035,22 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
+                     "--> dna_be_txn_pre_op\n");
+ 
+     if (!slapi_plugin_running(pb)) {
++        slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing, plugin not running\n");
+         goto bail;
+     }
+ 
+     if (0 == (dn = dna_get_dn(pb))) {
++        slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing, is dna dn\n");
+         goto bail;
+     }
+ 
+     if (dna_dn_is_config(dn)) {
++        slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing is dna config dn\n");
+         goto bail;
+     }
+ 
+     if (dna_isrepl(pb)) {
++        slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing replicated operation\n");
+         /* if repl, the dna values should be already in the entry. */
+         goto bail;
+     }
+@@ -4045,6 +4062,7 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
+     }
+ 
+     if (e == NULL) {
++        slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing entry is NULL\n");
+         goto bail;
+     } else if (LDAP_CHANGETYPE_MODIFY == modtype) {
+         slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
+@@ -4056,32 +4074,39 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
+ 
+     if (!PR_CLIST_IS_EMPTY(dna_global_config)) {
+         list = PR_LIST_HEAD(dna_global_config);
++        slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, "     using global config...\n");
+ 
+         while (list != dna_global_config && LDAP_SUCCESS == ret) {
+             config_entry = (struct configEntry *) list;
+ 
+             /* Did we already service all of these configured types? */
+             if (dna_list_contains_types(generated_types, config_entry->types)) {
++                slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, "    All types already serviced\n");
+                 goto next;
+             }
+ 
+             /* is the entry in scope? */
+             if (config_entry->scope) {
+-                if (!slapi_dn_issuffix(dn, config_entry->scope))
++                if (!slapi_dn_issuffix(dn, config_entry->scope)) {
++                    slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    Entry not in scope of dnaScope!\n");
+                     goto next;
++                }
+             }
+ 
+             /* is this entry in an excluded scope? */
+             for (i = 0; config_entry->excludescope && config_entry->excludescope[i]; i++) {
+                 if (slapi_dn_issuffix(dn, slapi_sdn_get_dn(config_entry->excludescope[i]))) {
++                    slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    Entry in excluded scope, next\n");
+                     goto next;
+                 }
+             }
+-            
++
+             /* does the entry match the filter? */
+             if (config_entry->slapi_filter) {
+-                if(LDAP_SUCCESS != slapi_vattr_filter_test(pb,e,config_entry->slapi_filter, 0))
++                if(LDAP_SUCCESS != slapi_vattr_filter_test(pb,e,config_entry->slapi_filter, 0)) {
++                    slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, "    Entry does not match filter\n");
+                     goto next;
++                }
+             }
+ 
+             if (LDAP_CHANGETYPE_ADD == modtype) {
+@@ -4526,6 +4551,11 @@ dna_release_range(char *range_dn, PRUint64 *lower, PRUint64 *upper)
+              * it instead of from the active range */
+             if (config_entry->next_range_lower != 0) {
+                 /* Release up to half of our values from the next range. */
++                if (config_entry->threshold == 0) {
++                    ret = LDAP_UNWILLING_TO_PERFORM;
++                    goto bail;
++                }
++
+                 release = (((config_entry->next_range_upper - config_entry->next_range_lower + 1) /
+                            2) / config_entry->threshold) * config_entry->threshold; 
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch b/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch
new file mode 100644
index 0000000..3999d39
--- /dev/null
+++ b/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch
@@ -0,0 +1,50 @@
+From 1de87b6fa85221c874bc4449d81655302540ec22 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 11 Jul 2016 19:09:24 -0700
+Subject: [PATCH 05/15] Ticket #48144 - Add /usr/sbin/status-dirsrv script to
+ get the status of the directory server instance.
+
+Description:
+Analysis by vashirov@redhat.com:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1209128#c11
+  The error comes from bash built-in `return`. bash version prior to
+  4.3 didn't support negative numbers as argument for `return`.
+  See for reference: http://wiki.bash-hackers.org/scripting/bashchanges
+
+As suggested in the comment, instead of -1, 255 should be returned in
+this error case:
+  > 255 is returned if the instance does not exist.
+
+https://fedorahosted.org/389/ticket/48144
+
+Viktor's proposal is reviewed by nhosoi@redhat.com.
+
+(cherry picked from commit a8b07cd2671c82421830ae94584b370436ef3434)
+---
+ ldap/admin/src/scripts/status-dirsrv.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/status-dirsrv.in b/ldap/admin/src/scripts/status-dirsrv.in
+index 0f01eaa..9042899 100755
+--- a/ldap/admin/src/scripts/status-dirsrv.in
++++ b/ldap/admin/src/scripts/status-dirsrv.in
+@@ -11,14 +11,14 @@ status_instance() {
+     SERV_ID=$1
+     shift
+ 
+-    initfile=`get_init_file $initconfig_dir $SERV_ID` || { echo Instance $SERV_ID not found. ; return -1 ; }
++    initfile=`get_init_file $initconfig_dir $SERV_ID` || { echo Instance $SERV_ID not found. ; return 255 ; }
+ 
+     # source env. for this instance
+     if [ -f $initfile ] ; then
+         . $initfile
+     else
+         echo Instance $SERV_ID not found.
+-        return -1
++        return 255
+     fi
+ 
+     prefix="$DS_ROOT"
+-- 
+2.4.11
+
diff --git a/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch b/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
deleted file mode 100644
index b40bdc3..0000000
--- a/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From e37431f50e8d4bfc7015d9a00b58a9b9e77f1c79 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 2 Jul 2015 16:44:09 -0700
-Subject: [PATCH 5/7] Ticket #48214 - ldapsearch on nsslapd-maxbersize returns
- 0 instead of current value
-
-Description: If nsslapd-maxbersize is not explicitely set in cn=config
-or the value is 0, the default value is assigned.  Internally, it was.
-But ldapsearch did not return the default value.
-
-https://fedorahosted.org/389/ticket/48214
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit 7d0689aaadfa66a8f8a481b0c1bb70b2465c4986)
-(cherry picked from commit b83c2554fad0bb2a08055c5105bcfa4c9d44af8f)
----
- ldap/servers/slapd/libglobs.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
-index 24de4f3..a3c4243 100644
---- a/ldap/servers/slapd/libglobs.c
-+++ b/ldap/servers/slapd/libglobs.c
-@@ -821,7 +821,7 @@ static struct config_get_and_set {
- 	{CONFIG_MAXBERSIZE_ATTRIBUTE, config_set_maxbersize,
- 		NULL, 0,
- 		(void**)&global_slapdFrontendConfig.maxbersize,
--		CONFIG_INT, NULL, DEFAULT_MAX_BERSIZE},
-+		CONFIG_INT, NULL, STRINGIFYDEFINE(DEFAULT_MAXBERSIZE)},
- 	{CONFIG_MAXSASLIOSIZE_ATTRIBUTE, config_set_maxsasliosize,
- 		NULL, 0,
- 		(void**)&global_slapdFrontendConfig.maxsasliosize,
-@@ -1540,6 +1540,7 @@ FrontendConfig_init () {
-   init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF;
-   init_global_backend_local = LDAP_OFF;
-   cfg->maxsimplepaged_per_conn = DEFAULT_MAXSIMPLEPAGED_PER_CONN;
-+  cfg->maxbersize = DEFAULT_MAXBERSIZE;
- #ifdef ENABLE_NUNC_STANS
-   init_enable_nunc_stans = cfg->enable_nunc_stans = LDAP_OFF;
- #endif
-@@ -5713,6 +5714,9 @@ config_set_maxbersize( const char *attrname, char *value, char *errorbuf, int ap
- 	return retVal;
-   }
- 
-+  if (size == 0) {
-+    size = DEFAULT_MAXBERSIZE;
-+  }
-   CFG_LOCK_WRITE(slapdFrontendConfig);
- 
-   slapdFrontendConfig->maxbersize = size;
-@@ -5728,8 +5732,9 @@ config_get_maxbersize()
-     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
- 
-     maxbersize = slapdFrontendConfig->maxbersize;
--    if(maxbersize==0)
-+    if (maxbersize == 0) {
-         maxbersize = DEFAULT_MAXBERSIZE;
-+    }
- 
-     return maxbersize;
- }
--- 
-1.9.3
-
diff --git a/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index a90e65d..0000000
--- a/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From b36cdf27f313bba70f03b687ceef5bb5b3edd78b Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 2 Jul 2015 16:07:14 -0700
-Subject: [PATCH 6/7] Ticket #48214 - CI test: added test cases for ticket
- 48213
-
-Description: ldapsearch on nsslapd-maxbersize returns 0 instead of
-             current value
-
-https://fedorahosted.org/389/ticket/48214
-(cherry picked from commit b7b663c0e20c2f9bf8885bd7633570dc8d34f394)
-(cherry picked from commit 7c73adc28c8877eb3b0d30a91f7fa8a964fb3fd2)
----
- dirsrvtests/tickets/ticket48214_test.py | 171 ++++++++++++++++++++++++++++++++
- 1 file changed, 171 insertions(+)
- create mode 100644 dirsrvtests/tickets/ticket48214_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48214_test.py b/dirsrvtests/tickets/ticket48214_test.py
-new file mode 100644
-index 0000000..afbef22
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48214_test.py
-@@ -0,0 +1,171 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from ldap.controls import SimplePagedResultsControl
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+MYSUFFIX = 'dc=example,dc=com'
-+MYSUFFIXBE = 'userRoot'
-+
-+class TopologyStandalone(object):
-+    def __init__(self, standalone):
-+        standalone.open()
-+        self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    '''
-+        This fixture is used to standalone topology for the 'module'.
-+    '''
-+    global installation_prefix
-+
-+    if installation_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+    standalone = DirSrv(verbose=False)
-+
-+    # Args for the standalone instance
-+    args_instance[SER_HOST] = HOST_STANDALONE
-+    args_instance[SER_PORT] = PORT_STANDALONE
-+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+    args_standalone = args_instance.copy()
-+    standalone.allocate(args_standalone)
-+
-+    # Get the status of the instance and restart it if it exists
-+    instance_standalone = standalone.exists()
-+
-+    # Remove the instance
-+    if instance_standalone:
-+        standalone.delete()
-+
-+    # Create the instance
-+    standalone.create()
-+
-+    # Used to retrieve configuration information (dbdir, confdir...)
-+    standalone.open()
-+
-+    # clear the tmp directory
-+    standalone.clearTmpDir(__file__)
-+
-+    # Here we have standalone instance up and running
-+    return TopologyStandalone(standalone)
-+
-+def getMaxBerSizeFromDseLdif(topology):
-+    topology.standalone.log.info("		+++++ Get maxbersize from dse.ldif +++++\n")
-+    dse_ldif = topology.standalone.confdir + '/dse.ldif'
-+    grepMaxBerCMD = "egrep nsslapd-maxbersize " + dse_ldif
-+    topology.standalone.log.info("		Run CMD: %s\n" % grepMaxBerCMD)
-+    grepMaxBerOUT = os.popen(grepMaxBerCMD, "r")
-+    running = True
-+    maxbersize = -1
-+    while running:
-+        l = grepMaxBerOUT.readline()
-+        if l == "":
-+            topology.standalone.log.info("		Empty: %s\n" % l)
-+            running = False
-+        elif "nsslapd-maxbersize:" in l.lower():
-+            running = False
-+            fields = l.split()
-+            if len(fields) >= 2:
-+                maxbersize = fields[1]
-+                topology.standalone.log.info("		Right format - %s %s\n" % (fields[0], fields[1]))
-+            else:
-+                topology.standalone.log.info("		Wrong format - %s\n" % l)
-+        else:
-+            topology.standalone.log.info("		Else?: %s\n" % l)
-+    return maxbersize
-+
-+def checkMaxBerSize(topology):
-+    topology.standalone.log.info("	+++++ Check Max Ber Size +++++\n")
-+    maxbersizestr = getMaxBerSizeFromDseLdif(topology)
-+    maxbersize = int(maxbersizestr)
-+    isdefault = True
-+    defaultvalue = 2097152
-+    if maxbersize < 0:
-+        topology.standalone.log.info("	No nsslapd-maxbersize found in dse.ldif\n")
-+    elif maxbersize == 0:
-+        topology.standalone.log.info("	nsslapd-maxbersize: %d\n" % maxbersize)
-+    else:
-+        isdefault = False
-+        topology.standalone.log.info("	nsslapd-maxbersize: %d\n" % maxbersize)
-+
-+    try:
-+        entry = topology.standalone.search_s('cn=config', ldap.SCOPE_BASE,
-+                                             "(cn=*)",
-+                                              ['nsslapd-maxbersize'])
-+        if entry:
-+            searchedsize = entry[0].getValue('nsslapd-maxbersize')
-+            topology.standalone.log.info("	ldapsearch returned nsslapd-maxbersize: %s\n" % searchedsize)
-+        else:
-+            topology.standalone.log.fatal('ERROR: cn=config is not found?')
-+            assert False
-+    except ldap.LDAPError, e:
-+        topology.standalone.log.error('ERROR: Failed to search for user entry: ' + e.message['desc'])
-+        assert False
-+
-+    if isdefault:
-+        topology.standalone.log.info("	Checking %d vs %d\n" % (int(searchedsize), defaultvalue))
-+        assert int(searchedsize) == defaultvalue
-+
-+
-+def test_ticket48214_run(topology):
-+    """
-+    Check ldapsearch returns the correct maxbersize when it is not explicitly set.
-+    """
-+    log.info('Testing Ticket 48214 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value')
-+
-+    # bind as directory manager
-+    topology.standalone.log.info("Bind as %s" % DN_DM)
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+    topology.standalone.log.info("\n\n######################### Out of Box ######################\n")
-+    checkMaxBerSize(topology)
-+
-+    topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 0 ######################\n")
-+    topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '0')])
-+    checkMaxBerSize(topology)
-+
-+    topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 10000 ######################\n")
-+    topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '10000')])
-+    checkMaxBerSize(topology)
-+
-+    topology.standalone.log.info("ticket48214 was successfully verified.")
-+
-+
-+def test_ticket48214_final(topology):
-+    topology.standalone.delete()
-+    log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+    '''
-+        run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+        To run isolated without py.test, you need to
-+            - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+            - set the installation prefix
-+            - run this program
-+    '''
-+    global installation_prefix
-+    installation_prefix = None
-+
-+    topo = topology(True)
-+    test_ticket48214_run(topo)
-+
-+    test_ticket48214_final(topo)
-+
-+
-+if __name__ == '__main__':
-+    run_isolated()
-+
--- 
-1.9.3
-
diff --git a/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch b/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch
new file mode 100644
index 0000000..bb6aa23
--- /dev/null
+++ b/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch
@@ -0,0 +1,44 @@
+From 05b04751367b628819d6f0a5a533d1af4eb423ba Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 11 Jul 2016 10:30:04 -0400
+Subject: [PATCH 06/15] Ticket 48767 - flow control in replication also blocks
+ receiving results
+
+Bug Description: In ticket 47942 a flow control was introduced to reduce
+                 the load of a replication consumer.  It adds some pauses
+                 in the asynch sending of updates.  Unfortunately while it
+                 pauses it holds the reader lock, so that the result reader
+                 thread is also paused.
+
+Fix Description: If we need to pause the sending of updates then also release
+                 the Result Data lock so the reader thread is not blocked.
+
+https://fedorahosted.org/389/ticket/48767
+
+Reviewed by: nhosi(Thanks!)
+
+(cherry picked from commit ba636587e77423c7773df60894344dea0377c36f)
+---
+ ldap/servers/plugins/replication/repl5_inc_protocol.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+index d6fb898..27bac5d 100644
+--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+@@ -479,9 +479,11 @@ repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd)
+     if ((rd->last_message_id_received <= rd->last_message_id_sent) &&
+         ((rd->last_message_id_sent - rd->last_message_id_received) >= agmt_get_flowcontrolwindow(agmt))) {
+         rd->flowcontrol_detection++;
++        PR_Unlock(rd->lock);
+         DS_Sleep(PR_MillisecondsToInterval(agmt_get_flowcontrolpause(agmt)));
++    } else {
++        PR_Unlock(rd->lock);
+     }
+-    PR_Unlock(rd->lock);
+ }
+ 
+ static int
+-- 
+2.4.11
+
diff --git a/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index 22f39e0..0000000
--- a/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-From 7b17c488de280f29264920b4e53dce862ed5b7e4 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 6 Jul 2015 14:06:11 -0700
-Subject: [PATCH 7/7] Ticket #48192 - Individual abandoned simple paged results
- request has no chance to be cleaned up
-
-Description: There was a small window that the search on the next page
-after the previous page abandoned referred the cleaned up simple paged
-object.
-
-This patch introduces a pagedresults_is_abandoned helper function to
-check the simple paged results was abandoned or not with some improvements
-based upon the comments by rmeggins@redhat.com (Thank you!!):
-1) adding locking when getting a simplepaged object in pagedresults_is_
-   abandoned_or_notavailable as well as in pagedresults_{un}lock.
-2) sending "Simple Paged Results Search abandoned" if the previous page
-   with the same cookie in the same connection was abandoned.
-
-https://fedorahosted.org/389/ticket/48192
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit e4d83c91fc88fcf9e6c823c608c629ac10e362f8)
-(cherry picked from commit b513a502250f93cfb43df000c2140b27c4ef0d39)
----
- ldap/servers/slapd/opshared.c     | 22 ++++++++++++++++------
- ldap/servers/slapd/pagedresults.c | 24 +++++++++++++++++++++++-
- ldap/servers/slapd/proto-slap.h   |  1 +
- 3 files changed, 40 insertions(+), 7 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 177daa6..dcdbb04 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -677,12 +677,20 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-        */
-       pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
-       if (pr_search_result) {
--        slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
--        rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
-+        if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+          pagedresults_unlock(pb->pb_conn, pr_idx);
-+          /* Previous operation was abandoned and the simplepaged object is not in use. */
-+          send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-+          rc = LDAP_SUCCESS;
-+          goto free_and_return;
-+        } else {
-+          slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-+          rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
- 
--        /* search result could be reset in the backend/dse */
--        slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
--        pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+          /* search result could be reset in the backend/dse */
-+          slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-+          pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+        }
-       } else {
-         pr_stat = PAGEDRESULTS_SEARCH_END;
-       }
-@@ -712,7 +720,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-       if (PAGEDRESULTS_SEARCH_END == pr_stat) {
-         pagedresults_lock(pb->pb_conn, pr_idx);
-         slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
--        pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-+        if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+          pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-+        }
-         pagedresults_unlock(pb->pb_conn, pr_idx);
-         if (next_be) {
-           /* no more entries, but at least another backend */
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index fdbfa41..d0c93cd 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -877,6 +877,8 @@ pagedresults_reset_processing(Connection *conn, int index)
-  * If there are multiple slots, the connection may be a permanent one.
-  * Do not return timed out here.  But let the next request take care the
-  * timedout slot(s).
-+ *
-+ * must be called within conn->c_mutex 
-  */
- int
- pagedresults_is_timedout_nolock(Connection *conn)
-@@ -905,7 +907,10 @@ pagedresults_is_timedout_nolock(Connection *conn)
-     return 0;
- }
- 
--/* reset all timeout */
-+/* 
-+ * reset all timeout
-+ * must be called within conn->c_mutex 
-+ */
- int
- pagedresults_reset_timedout_nolock(Connection *conn)
- {
-@@ -968,7 +973,9 @@ pagedresults_lock( Connection *conn, int index )
-     if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-         return;
-     }
-+    PR_Lock(conn->c_mutex);
-     prp = conn->c_pagedresults.prl_list + index;
-+    PR_Unlock(conn->c_mutex);
-     if (prp->pr_mutex) {
-         PR_Lock(prp->pr_mutex);
-     }
-@@ -982,9 +989,24 @@ pagedresults_unlock( Connection *conn, int index )
-     if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-         return;
-     }
-+    PR_Lock(conn->c_mutex);
-     prp = conn->c_pagedresults.prl_list + index;
-+    PR_Unlock(conn->c_mutex);
-     if (prp->pr_mutex) {
-         PR_Unlock(prp->pr_mutex);
-     }
-     return;
- }
-+
-+int
-+pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
-+{
-+    PagedResults *prp;
-+    if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-+        return 1; /* not abandoned, but do not want to proceed paged results op. */
-+    }
-+    PR_Lock(conn->c_mutex);
-+    prp = conn->c_pagedresults.prl_list + index;
-+    PR_Unlock(conn->c_mutex);
-+    return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
-+}
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index 57a2ce7..e8673e1 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1487,6 +1487,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock);
- void op_set_pagedresults(Operation *op);
- void pagedresults_lock(Connection *conn, int index);
- void pagedresults_unlock(Connection *conn, int index);
-+int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
- 
- /*
-  * sort.c
--- 
-1.9.3
-
diff --git a/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch b/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch
new file mode 100644
index 0000000..97f9316
--- /dev/null
+++ b/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch
@@ -0,0 +1,43 @@
+From 74df3c57e0de786f001285429501c518d70abb13 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 13 Jul 2016 16:24:19 -0400
+Subject: [PATCH 07/15] Ticket 48922 - Fix crash when deleting backend while
+ import is running
+
+Bug Description:  If you delete a backend from the config while an
+                  import is running the server can crash.
+
+Fix Description:  When deleting a backend from the config wait for the
+                  backend instance to not be busy before removing the
+                  indexes.  Otherwise the dbenv is not stable and this
+                  can cause the crash.
+
+https://fedorahosted.org/389/ticket/48922
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 6c77c37ae5ce847ffa2bd75287dbd157c2f2d6af)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+index 3e59e72..c5ceacf 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+@@ -151,6 +151,12 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
+     rc = SLAPI_DSE_CALLBACK_ERROR;
+     goto bail;
+   }
++
++  while(is_instance_busy(inst)){
++    /* Wait for import/indexing job to complete */
++    DS_Sleep(PR_SecondsToInterval(1));
++  }
++
+   *returncode = LDAP_SUCCESS;
+   
+   slapi_entry_attr_find(e, "cn", &attr);
+-- 
+2.4.11
+
diff --git a/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch b/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
deleted file mode 100644
index f0463b8..0000000
--- a/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 7f10ea89c30944fc60a95d53e544caa005c03e0e Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 6 Jul 2015 15:55:43 -0400
-Subject: [PATCH] Ticket 48119 - setup-ds.pl does not log invalid --file path
- errors the same way as other errors.
-
-Bug Description:  Errors occuring from Inf.pm are only written to STDERR
-
-Fix Description:  Write errors from Inf.pm using the debug function
-
-https://fedorahosted.org/389/ticket/48119
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 6306fc4e8eb2fb5973360f550c83e3c9b220df5c)
-(cherry picked from commit 5bd7119d8529e1c0b763c45e3ec7d1fb497da6c8)
----
- ldap/admin/src/scripts/Inf.pm | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm
-index 98649ac..ec433e2 100644
---- a/ldap/admin/src/scripts/Inf.pm
-+++ b/ldap/admin/src/scripts/Inf.pm
-@@ -12,6 +12,7 @@
- 
- package Inf;
- 
-+use DSUtil;
- use File::Temp qw(tempfile tempdir);
- 
- #require    Exporter;
-@@ -59,7 +60,7 @@ sub read {
-         $inffh = \*STDIN;
-     } else {
-         if (!open(INF, $filename)) {
--            print STDERR "Error: could not open inf file $filename: $!\n";
-+            debug(0, "Error: could not open inf file $filename: $!\n");
-             return;
-         }
-         $inffh = \*INF;
-@@ -124,7 +125,7 @@ sub section {
-     my $key = shift;
- 
-     if (!exists($self->{$key})) {
--        print "Error: unknown inf section $key\n";
-+        debug(0, "Error: unknown inf section $key\n");
-         return undef;
-     }
- 
-@@ -187,7 +188,7 @@ sub write {
-     my $savemask = umask(0077);
-     if (!$fh) {
-         if (!open(INF, ">$filename")) {
--            print STDERR "Error: could not write inf file $filename: $!\n";
-+            debug(0, "Error: could not write inf file $filename: $!\n");
-             umask($savemask);
-             return;
-         }
-@@ -232,7 +233,7 @@ sub updateFromArgs {
-                 $argsinf->{$sec}->{$parm} = $val;
-             }
-         } else { # error
--            print STDERR "Error: unknown command line option $arg\n";
-+            debug(0, "Error: unknown command line option $arg\n");
-             return;
-         }
-     }
--- 
-1.9.3
-
diff --git a/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch b/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
new file mode 100644
index 0000000..0ee4947
--- /dev/null
+++ b/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
@@ -0,0 +1,63 @@
+From 4c154182cd680f458b016abf60760328d0979b63 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 13 Jul 2016 15:51:56 -0400
+Subject: [PATCH 08/15] Ticket 48924 - Fixup tombstone task needs to set proper
+ flag when updating tombstones
+
+Bug Description:  The fixup tombstone task is not updating tombstones due to
+                  TOMBSTONE_INCLUDE not being set when looking up the entry to
+                  modify.
+
+Fix Description:  If fixing up tombstones called find_entry2modify_only_ext with
+                  the TOMBSTONE_INCLUDED flag.
+
+https://fedorahosted.org/389/ticket/48924
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 8cfb650170bbb4f6ce328b827dc294437ee38c4b)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_modify.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+index 37225cd..9b3062c 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+@@ -465,9 +465,14 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ 	 */
+ 	if ( MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ 		/* find and lock the entry we are about to modify */
+-		if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL ) {
++		if (fixup_tombstone) {
++			e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++		} else {
++			e = find_entry2modify( pb, be, addr, &txn );
++		}
++		if (e == NULL) {
+ 			ldap_result_code= -1;
+-			goto error_return;	  /* error result sent by find_entry2modify() */
++			goto error_return; /* error result sent by find_entry2modify() */
+ 		}
+ 	}
+ 
+@@ -545,9 +550,14 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ 		if (0 == retry_count) { /* just once */
+ 			if ( !MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ 				/* find and lock the entry we are about to modify */
+-				if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL ) {
++				if (fixup_tombstone) {
++					e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++				} else {
++					e = find_entry2modify( pb, be, addr, &txn );
++				}
++				if (e == NULL) {
+ 					ldap_result_code= -1;
+-					goto error_return;	  /* error result sent by find_entry2modify() */
++					goto error_return; /* error result sent by find_entry2modify() */
+ 				}
+ 			}
+ 		
+-- 
+2.4.11
+
diff --git a/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch b/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
deleted file mode 100644
index 18a0ca7..0000000
--- a/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 4b532c2fde59790981142e3245535a0176bb7e4f Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 7 Jul 2015 12:54:38 -0700
-Subject: [PATCH] Ticket #48203 - Fix coverity issues - 07/07/2015
-
-Description:
-1. Defect type: CLANG_WARNING
-   389-ds-base-1.3.4.0/ldap/servers/slapd/conntable.c:161:11: warning:
-   Access to field 'c_ct' results in a dereference of a null pointer
-   (loaded from variable 'c')
-
-Thanks to rmeggins@redhat.com for the advice:
-> PR_NewLock() returns NULL then the server is severely out of some
-> resource (like RAM, stack space, etc.) and probably should just exit.
-
-https://fedorahosted.org/389/ticket/48203#comment:8
-(cherry picked from commit bca0908b1e10ada69cdc051d4aaceda73a940597)
-(cherry picked from commit a741911c9a5090d78f7a81c475bea3f6593d72ad)
----
- ldap/servers/slapd/conntable.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/conntable.c b/ldap/servers/slapd/conntable.c
-index 0364d94..d5b9058 100644
---- a/ldap/servers/slapd/conntable.c
-+++ b/ldap/servers/slapd/conntable.c
-@@ -147,7 +147,7 @@ connection_table_get_connection(Connection_Table *ct, int sd)
- 				c->c_mutex = NULL;
- 				c->c_pdumutex = NULL;
- 				LDAPDebug( LDAP_DEBUG_ANY,"PR_NewLock failed\n",0, 0, 0 );
--				c= NULL;
-+				exit(1);
- 			}
- 		}
- 		/* Let's make sure there's no cruft left on there from the last time this connection was used. */
--- 
-1.9.3
-
diff --git a/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
new file mode 100644
index 0000000..bec769a
--- /dev/null
+++ b/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
@@ -0,0 +1,480 @@
+From 3fbe8ab77452998fd646bf26ee8162aab0ae8659 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 13 Jul 2016 18:59:01 -0700
+Subject: [PATCH 09/15] Ticket #48919 - Compiler warnings while building
+ 389-ds-base on RHEL7
+
+Description: Cleaned up warnings from gcc and clang.
+
+https://fedorahosted.org/389/ticket/48919
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 18c6029f64c48b330a101cbadceb8293d39bf5e2)
+---
+ ldap/servers/plugins/acl/acllas.c                  |  1 -
+ ldap/servers/slapd/agtmmap.c                       | 10 +++++++++-
+ ldap/servers/slapd/back-ldbm/idl_new.c             |  4 ++--
+ .../servers/slapd/back-ldbm/ldbm_instance_config.c |  5 +++++
+ ldap/servers/slapd/back-ldbm/ldif2ldbm.c           | 15 ++++++++++-----
+ ldap/servers/slapd/detach.c                        | 11 +++++++----
+ ldap/servers/slapd/localhost.c                     | 10 +++++++---
+ ldap/servers/slapd/protect_db.c                    | 22 +++++++++++++++-------
+ ldap/servers/slapd/protect_db.h                    |  3 +++
+ ldap/servers/slapd/saslbind.c                      |  3 +++
+ ldap/servers/slapd/tools/ldclt/ldapfct.c           |  5 ++++-
+ ldap/servers/slapd/tools/ldif.c                    |  5 ++++-
+ ldap/servers/slapd/tools/mmldif.c                  | 20 ++++++++++++--------
+ ldap/servers/slapd/util.c                          |  9 ++++++---
+ ldap/servers/snmp/main.c                           | 15 ++++++++++++---
+ lib/base/file.cpp                                  |  1 -
+ lib/base/fsmutex.cpp                               | 10 +++++++---
+ 17 files changed, 106 insertions(+), 43 deletions(-)
+
+diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
+index ff9b450..47ac0b8 100644
+--- a/ldap/servers/plugins/acl/acllas.c
++++ b/ldap/servers/plugins/acl/acllas.c
+@@ -190,7 +190,6 @@ extern int ldapu_member_certificate_match (void* cert, const char* desc);
+ /****************************************************************************/
+ /* Defines, Constants, ande Declarations                                    */
+ /****************************************************************************/
+-static char* const   	type_objectClass = "objectclass";
+ static char* const 	filter_groups = "(|(objectclass=groupOfNames) (objectclass=groupOfUniqueNames)(objectclass=groupOfCertificates)(objectclass=groupOfURLs))";
+ static char* const	type_member = "member";
+ static char* const	type_uniquemember = "uniquemember";
+diff --git a/ldap/servers/slapd/agtmmap.c b/ldap/servers/slapd/agtmmap.c
+index 6f72d57..629bc1b 100644
+--- a/ldap/servers/slapd/agtmmap.c
++++ b/ldap/servers/slapd/agtmmap.c
+@@ -160,7 +160,15 @@ agt_mopen_stats (char * statsfile, int mode, int *hdl)
+                {
+                    /* Without this we will get segv when we try to read/write later */
+                    buf = calloc (1, sz);
+-                   (void)write (fd, buf, sz);
++                   if (write(fd, buf, sz) < 0) {
++                       err = errno;
++#if (0)
++                       fprintf (stderr, "write failed errno=%d from %s(line: %d)\n", err, __FILE__, __LINE__);
++#endif
++                       rc = err;
++                       free (buf);
++                       goto bail;
++                   }
+                    free (buf);
+                }
+ 
+diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c
+index 63df49f..a8d76d8 100644
+--- a/ldap/servers/slapd/back-ldbm/idl_new.c
++++ b/ldap/servers/slapd/back-ldbm/idl_new.c
+@@ -403,8 +403,8 @@ idl_new_range_fetch(
+     time_t curtime;
+     void *saved_key = NULL;
+     int coreop = operator & SLAPI_OP_RANGE;
+-    ID key;
+-    ID suffix;
++    ID key = 0xff; /* random- to suppress compiler warning */
++    ID suffix = 0; /* random- to suppress compiler warning */
+     idl_range_id_pair *leftover = NULL;
+     size_t leftoverlen = 32;
+     int leftovercnt = 0;
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
+index 9302410..698be66 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
+@@ -1155,6 +1155,11 @@ ldbm_instance_post_delete_instance_entry_callback(Slapi_PBlock *pb, Slapi_Entry*
+                             rc = PR_Delete(dbp);
+                         }
+                         PR_ASSERT(rc == 0);
++                        if (rc != 0) {
++                            LDAPDebug1Arg(LDAP_DEBUG_ANY,
++                                "ldbm_instance_post_delete_instance_entry_callback:"
++                                " failed to delete %s\n", dbp);
++                        }
+                         PR_smprintf_free(dbp);
+                     }
+                     PR_CloseDir(dirhandle);                
+diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+index 0b2eab2..52338c2 100644
+--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
++++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+@@ -1009,7 +1009,6 @@ export_one_entry(struct ldbminfo *li,
+         }
+         slapi_ch_free_string(&pw);
+     }
+-    rc = 0;
+     data.data = slapi_entry2str_with_options(expargs->ep->ep_entry,
+                                              &len, expargs->options);
+     data.size = len + 1;
+@@ -1018,10 +1017,14 @@ export_one_entry(struct ldbminfo *li,
+         char idstr[32];
+         
+         sprintf(idstr, "# entry-id: %lu\n", (u_long)expargs->ep->ep_id);
+-        write(expargs->fd, idstr, strlen(idstr));
++        rc = write(expargs->fd, idstr, strlen(idstr));
++        PR_ASSERT(rc > 0);
+     }
+-    write(expargs->fd, data.data, len);
+-    write(expargs->fd, "\n", 1);
++    rc = write(expargs->fd, data.data, len);
++    PR_ASSERT(rc > 0);
++    rc = write(expargs->fd, "\n", 1);
++    PR_ASSERT(rc > 0);
++    rc = 0;
+     if ((*expargs->cnt) % 1000 == 0) {
+         int percent;
+ 
+@@ -1350,7 +1353,9 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
+                  */
+ 
+         sprintf(vstr, "version: %d\n\n", myversion);
+-        write(fd, vstr, strlen(vstr));
++        rc = write(fd, vstr, strlen(vstr));
++        PR_ASSERT(rc > 0);
++		rc = 0;
+     }
+ 
+     eargs.decrypt = decrypt;
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index b5af952..b055a5c 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -48,7 +48,7 @@ int
+ detach( int slapd_exemode, int importexport_encrypt,
+         int s_port, daemon_ports_t *ports_info )
+ {
+-	int		i, sd;
++	int i, sd, rc;
+ 	char *workingdir = 0;
+ 	char *errorlog = 0;
+ 	char *ptr = 0;
+@@ -84,13 +84,15 @@ detach( int slapd_exemode, int importexport_encrypt,
+ 		if ( NULL == workingdir ) {
+ 			errorlog = config_get_errorlog();
+ 			if ( NULL == errorlog ) {
+-				(void) chdir( "/" );
++				rc = chdir( "/" );
++				PR_ASSERT(rc == 0);
+ 			} else {
+ 				if ((ptr = strrchr(errorlog, '/')) ||
+ 					(ptr = strrchr(errorlog, '\\'))) {
+ 					*ptr = 0;
+ 				}
+-				(void) chdir( errorlog );
++				rc = chdir( errorlog );
++				PR_ASSERT(rc == 0);
+ 				config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, NULL, 1);
+ 				slapi_ch_free_string(&errorlog);
+ 			}
+@@ -99,7 +101,8 @@ detach( int slapd_exemode, int importexport_encrypt,
+ 			if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, NULL, 0) == LDAP_OPERATIONS_ERROR) {
+ 				return 1;
+ 			}
+-			(void) chdir( workingdir );
++			rc = chdir( workingdir );
++			PR_ASSERT(rc == 0);
+ 			slapi_ch_free_string(&workingdir);
+ 		}
+ 
+diff --git a/ldap/servers/slapd/localhost.c b/ldap/servers/slapd/localhost.c
+index 2c40493..7b4e903 100644
+--- a/ldap/servers/slapd/localhost.c
++++ b/ldap/servers/slapd/localhost.c
+@@ -118,9 +118,13 @@ find_localhost_DNS()
+ #ifndef NO_DOMAINNAME
+     if (domain == NULL) {
+         /* No domain found. Try getdomainname. */
+-        getdomainname (line, sizeof(line));
+-        LDAPDebug (LDAP_DEBUG_CONFIG, "getdomainname(%s)\n", line, 0, 0);
+-        if (line[0] != 0) {
++        line[0] = '\0';
++        if (getdomainname(line, sizeof(line)) < 0) { /* failure */
++            slapi_log_error(SLAPI_LOG_FATAL, "localhost_DNS", "getdomainname failed\n");
++        } else {
++            slapi_log_error(SLAPI_LOG_CONFIG, "localhost_DNS", "getdomainname(%s)\n", line);
++        }
++        if (line[0] != '\0') {
+             domain = &line[0];
+         }
+     }
+diff --git a/ldap/servers/slapd/protect_db.c b/ldap/servers/slapd/protect_db.c
+index b22daa1..4579852 100644
+--- a/ldap/servers/slapd/protect_db.c
++++ b/ldap/servers/slapd/protect_db.c
+@@ -42,7 +42,7 @@ grab_lockfile()
+ {
+     pid_t pid, owning_pid;
+     char lockfile[MAXPATHLEN];
+-    int fd, x;
++    int fd, x, rc;
+     int removed_lockfile = 0;
+     struct timeval t;
+     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+@@ -60,8 +60,12 @@ grab_lockfile()
+     /* Try to grab it */
+     if ((fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, 0644)) != -1) {
+         /* We got the lock, write our pid to the file */
+-        write(fd, (void *) &pid, sizeof(pid_t));
+-    close(fd);
++        rc = write(fd, (void *) &pid, sizeof(pid_t));
++        close(fd);
++        if (rc < 0) {
++            fprintf(stderr, ERROR_WRITING_LOCKFILE, lockfile);
++            return rc;
++        }
+         return 0;
+     }
+      
+@@ -74,13 +78,17 @@ grab_lockfile()
+ 
+     while(1) {
+         /* Try to grab the lockfile NUM_TRIES times waiting WAIT_TIME milliseconds after each try */
+-    t.tv_sec = 0;
+-    t.tv_usec = WAIT_TIME * 1000;
++        t.tv_sec = 0;
++        t.tv_usec = WAIT_TIME * 1000;
+         for(x = 0; x < NUM_TRIES; x++) {
+             if ((fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, 0644)) != -1) {
+                 /* Got the lock */
+-                write(fd, (void *) &pid, sizeof(pid_t));
+-        close(fd);
++                rc = write(fd, (void *) &pid, sizeof(pid_t));
++                close(fd);
++                if (rc < 0) {
++                    fprintf(stderr, ERROR_WRITING_LOCKFILE, lockfile);
++                    return rc;
++                }
+                 return 0;
+             }
+             select(0, NULL, NULL, NULL, &t);
+diff --git a/ldap/servers/slapd/protect_db.h b/ldap/servers/slapd/protect_db.h
+index 0f729a2..66adfb3 100644
+--- a/ldap/servers/slapd/protect_db.h
++++ b/ldap/servers/slapd/protect_db.h
+@@ -26,6 +26,9 @@ void remove_slapd_process();
+ #define ERROR_ACCESSING_LOCKFILE "Error - Problem accessing the lockfile %s\n" 
+   /* name of lockfile */
+ 
++#define ERROR_WRITING_LOCKFILE "Error - Problem writing the lockfile %s\n" 
++  /* name of lockfile */
++
+ #define LOCKFILE_DEAD_OWNER "Error - The lockfile, %s, is held by process %d,\nwhich no longer seems to be running.  If this is\nthe case, please remove the lockfile\n"
+   /* name of lockfile, pid of owning process */
+ 
+diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
+index eb68209..37175f4 100644
+--- a/ldap/servers/slapd/saslbind.c
++++ b/ldap/servers/slapd/saslbind.c
+@@ -547,6 +547,9 @@ int ids_sasl_init(void)
+     LDAPDebug( LDAP_DEBUG_TRACE, "=> ids_sasl_init\n", 0, 0, 0 );
+ 
+     PR_ASSERT(inited == 0);
++    if (inited != 0) {
++        LDAPDebug0Args(LDAP_DEBUG_ANY, "ids_sasl_init is called more than once.\n");
++    }
+     inited = 1;
+ 
+     serverfqdn = get_localhost_DNS();
+diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+index e13983d..f084cb4 100644
+--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
++++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+@@ -2552,7 +2552,10 @@ int	 ldclt_write_genldif_nb;
+ void
+ ldclt_flush_genldif (void)
+ {
+-  write (mctx.genldifFile, ldclt_write_genldif_buf, ldclt_write_genldif_nb);
++  if (write (mctx.genldifFile, ldclt_write_genldif_buf, ldclt_write_genldif_nb) < 0) {
++    printf("ldclt[%d]: ldclt_flush_genldif: Failed to write (%s) error=%d\n",
++           mctx.pid, ldclt_write_genldif_buf, errno);
++  }
+   ldclt_write_genldif_pt = ldclt_write_genldif_buf;
+   ldclt_write_genldif_nb = 0;
+ }
+diff --git a/ldap/servers/slapd/tools/ldif.c b/ldap/servers/slapd/tools/ldif.c
+index 1050fbd..5973c6b 100644
+--- a/ldap/servers/slapd/tools/ldif.c
++++ b/ldap/servers/slapd/tools/ldif.c
+@@ -132,7 +132,10 @@ int main( int argc, char **argv )
+ 					free( buf );
+ 					return( 1 );
+ 				}
+-				(void)fgets(buf+curlen, maxlen/2 + 1, stdin);
++				if (NULL == fgets(buf+curlen, maxlen/2 + 1, stdin)) {
++					/* no more input to read. */
++					break;
++				}
+ 			}
+ 			/* we have a full line, chop potential newline and turn into ldif */
+ 			if( buf[curlen-1] == '\n' )
+diff --git a/ldap/servers/slapd/tools/mmldif.c b/ldap/servers/slapd/tools/mmldif.c
+index 1f846d0..ddfaf6c 100644
+--- a/ldap/servers/slapd/tools/mmldif.c
++++ b/ldap/servers/slapd/tools/mmldif.c
+@@ -766,8 +766,7 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+             while (*vptr == ' ') vptr++; /* skip optional spaces */
+             b64 = initDec64((unsigned char *)att->value, 0x20000);
+             if (Dec64(b64, (unsigned char *) vptr)) {
+-                LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", 
+-			  line, 0, 0);
++                LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", line, 0, 0);
+                 continue;       /* invalid line, but we'll just skip it */
+             }
+             toolong = FALSE;
+@@ -775,7 +774,11 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+                 lookahead = fgetc(edf1->fp);
+                 if (lookahead != ' ')
+                     break;
+-                (void)fgets(line, sizeof(line), edf1->fp);
++                line[0] = '\0';
++                if (NULL == fgets(line, sizeof(line), edf1->fp)) {
++                    LDAPDebug0Args(LDAP_DEBUG_TRACE, "readrec: failed to read line\n");
++                    break;
++                }
+                 len = strlen(line);
+                 for (lptr = line+len-1; len; len--, lptr--) {
+                     if ((*lptr != '\n') && (*lptr != '\r'))
+@@ -785,16 +788,14 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+                 rc = Dec64(b64, (unsigned char *)line);
+                 if (rc == -1)
+                 {
+-                    LDAPDebug(LDAP_DEBUG_TRACE, 
+-			      "%s\n invalid input line\n", line, 0, 0);
++                    LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", line, 0, 0);
+                     continue;   /* invalid line, but we'll just skip it */
+                 }
+ 
+                 if (rc) {
+                     if (!toolong) {
+                         toolong = TRUE;
+-                        LDAPDebug(LDAP_DEBUG_TRACE, 
+-				  "%s\n line too long\n", line, 0, 0);
++                        LDAPDebug(LDAP_DEBUG_TRACE, "%s\n line too long\n", line, 0, 0);
+                     }
+                     continue;
+                 }
+@@ -813,7 +814,10 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+                 lookahead = fgetc(edf1->fp);
+                 if (lookahead != ' ')
+                     break;
+-                (void)fgets(line, sizeof(line), edf1->fp);
++                if (NULL == fgets(line, sizeof(line), edf1->fp)) {
++                    LDAPDebug0Args(LDAP_DEBUG_TRACE, "readrec: failed to read line\n");
++                    break;
++                }
+                 len = strlen(line);
+                 for (lptr = line+len-1; len; len--, lptr--) {
+                     if ((*lptr != '\n') && (*lptr != '\r'))
+diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
+index a5327d1..1ebdf2e 100644
+--- a/ldap/servers/slapd/util.c
++++ b/ldap/servers/slapd/util.c
+@@ -1592,7 +1592,9 @@ int util_info_sys_pages(size_t *pagesize, size_t *pages, size_t *procpages, size
+             return 1;
+         }
+         while (! feof(f)) {
+-            fgets(s, 79, f);
++            if (!fgets(s, 79, f)) {
++                break; /* error or eof */
++            }
+             if (feof(f)) {
+                 break;
+             }
+@@ -1614,8 +1616,9 @@ int util_info_sys_pages(size_t *pagesize, size_t *pages, size_t *procpages, size
+             return 1;
+         }
+         while (! feof(fm)) {
+-            fgets(s, 79, fm);
+-            /* Is this really needed? */
++            if (!fgets(s, 79, fm)) {
++                break; /* error or eof */
++            }
+             if (feof(fm)) {
+                 break;
+             }
+diff --git a/ldap/servers/snmp/main.c b/ldap/servers/snmp/main.c
+index 3f96627..ea5050b 100644
+--- a/ldap/servers/snmp/main.c
++++ b/ldap/servers/snmp/main.c
+@@ -44,7 +44,7 @@ main (int argc, char *argv[]) {
+     netsnmp_log_handler *log_hdl = NULL;
+     int                 c, log_level = LOG_WARNING;
+     struct stat         logdir_s;
+-    pid_t               child_pid;
++    pid_t               child_pid = 0;
+     FILE                *pid_fp;
+ 
+     /* Load options */
+@@ -74,7 +74,11 @@ main (int argc, char *argv[]) {
+ 
+     /* check if we're already running as another process */
+     if ((pid_fp = fopen(pidfile, "r")) != NULL) {
+-        fscanf(pid_fp, "%d", &child_pid);
++        int rc = fscanf(pid_fp, "%d", &child_pid);
++        if ((rc == 0) || (rc == EOF)) {
++            printf("ldap-agent: Failed to get pid from %s\n", pidfile);
++            exit(1);
++        }
+         fclose(pid_fp);
+         if (kill(child_pid, SIGUSR1) == 0) {
+             printf("ldap-agent: Already running as pid %d!\n", child_pid);
+@@ -145,6 +149,7 @@ main (int argc, char *argv[]) {
+     /* run as a daemon */
+     if (netsnmp_daemonize(0, 0)) {
+         int i;
++        int rc;
+ 
+         /* sleep to allow pidfile to be created by child */
+         for (i=0; i < 3; i++) {
+@@ -159,7 +164,11 @@ main (int argc, char *argv[]) {
+             exit(1);
+         }
+ 
+-        fscanf(pid_fp, "%d", &child_pid);
++        rc = fscanf(pid_fp, "%d", &child_pid);
++        if ((rc == 0) || (rc == EOF)) {
++            printf("ldap-agent: Failed to get pid from %s\n", pidfile);
++            exit(1);
++        }
+         fclose(pid_fp);
+         printf("ldap-agent: Started as pid %d\n", child_pid);
+         exit(0);
+diff --git a/lib/base/file.cpp b/lib/base/file.cpp
+index 8c9274a..ad4333e 100644
+--- a/lib/base/file.cpp
++++ b/lib/base/file.cpp
+@@ -38,7 +38,6 @@ extern "C" char *nscperror_lookup(int err);
+ /* PRFileDesc * SYS_ERROR_FD = NULL; */
+ 
+ const int errbuf_size = 256;
+-const unsigned int LOCKFILERANGE=0x7FFFFFFF;
+ PRLock *_atomic_write_lock = NULL;
+ 
+ /* --------------------------------- stat --------------------------------- */
+diff --git a/lib/base/fsmutex.cpp b/lib/base/fsmutex.cpp
+index e8f2aff..a0e30fd 100644
+--- a/lib/base/fsmutex.cpp
++++ b/lib/base/fsmutex.cpp
+@@ -85,11 +85,15 @@ fsmutex_init(char *name, int number, int flags)
+ NSAPI_PUBLIC void 
+ fsmutex_setowner(FSMUTEX fsm, uid_t uid, gid_t gid)
+ {
+-    if(!geteuid())
+-        (void) chown( ((fsmutex_s *)fsm)->id, uid, gid);
++    if(!geteuid()) {
++        int rc = chown( ((fsmutex_s *)fsm)->id, uid, gid);
++        PR_ASSERT(rc == 0);
++        if (rc != 0 ) {
++            return; /* just to suppress compiler warning... */
++        }
++    }
+ }
+ 
+-
+ /* -------------------------- fsmutex_terminate --------------------------- */
+ 
+ static void 
+-- 
+2.4.11
+
diff --git a/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..4f6a8b6
--- /dev/null
+++ b/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,1000 @@
+From ef8228ad564f31992386bfc61553df8387d9e306 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 13 Jul 2016 14:49:18 -0700
+Subject: [PATCH 10/15] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description: If a bind user has no rights, it should not disclose
+any information including the existence of the entry.
+
+Fix description:
+1) ALREADY_EXISTS in add -- If to be added entry is found existing
+   in ldbm_back_add, it checks the ACI and if there is no rights,
+   it returns INSUFFICIENT_ACCESS instead of ALREADY_EXISTS.
+2) NO_SUCH_OBJECT in other update operations -- If the target entry
+   is found not existing, it checks the ancestor entry's access
+   rights in find_entry.  If it is not allowed to access the subtree,
+   it returns INSUFFICIENT_ACCESS instead of NO_SUC_OBJECT.  Plus,
+   it supresses the "Matched" ancestor message.
+3) NO_SUCH_OBJECT in search -- If a bind entry has no rights to read
+   a subtree, it returns no search results with SUCCESS.  It should
+   be applied to the no existing subtree if the bind entry has no
+   rights to the super tree.
+4) If bind fails because of the non-existence of the bind user or
+   the parent nodes, the bind returns LDAP_INVALID_CREDENTIALS to
+   the client with no other information.
+   The detailed cause is logged in the access log as follows:
+	 RESULT err=49 .. etime=0 - No such suffix (<given suffix>)
+	 RESULT err=49 .. etime=0 - Invalid credentials
+	 RESULT err=49 .. etime=0 - No such entry
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1347760
+
+Reviewed by lkrispen@redhat.com, mreynolds@redhat.com, and tbordaz@redhat.com.
+Thank you!!!
+
+(cherry picked from commit 0b932d4b926d46ac5060f02617330dc444e06da1)
+---
+ ldap/servers/slapd/back-ldbm/dn2entry.c        |  17 ++-
+ ldap/servers/slapd/back-ldbm/findentry.c       | 139 +++++++++++++++++++------
+ ldap/servers/slapd/back-ldbm/ldbm_add.c        |  21 +++-
+ ldap/servers/slapd/back-ldbm/ldbm_bind.c       |  11 +-
+ ldap/servers/slapd/back-ldbm/ldbm_compare.c    |   2 +-
+ ldap/servers/slapd/back-ldbm/ldbm_delete.c     |   9 +-
+ ldap/servers/slapd/back-ldbm/ldbm_modify.c     |  18 ++--
+ ldap/servers/slapd/back-ldbm/ldbm_modrdn.c     |  15 +--
+ ldap/servers/slapd/back-ldbm/ldbm_search.c     |   2 +-
+ ldap/servers/slapd/back-ldbm/misc.c            |   2 +-
+ ldap/servers/slapd/back-ldbm/proto-back-ldbm.h |  14 +--
+ ldap/servers/slapd/back-ldbm/vlv_srch.c        |   2 +-
+ ldap/servers/slapd/bind.c                      |  75 ++++++-------
+ ldap/servers/slapd/defbackend.c                |  82 ++++++++++++++-
+ ldap/servers/slapd/result.c                    |  16 ++-
+ 15 files changed, 311 insertions(+), 114 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/dn2entry.c b/ldap/servers/slapd/back-ldbm/dn2entry.c
+index 6d1d92f..7656688 100644
+--- a/ldap/servers/slapd/back-ldbm/dn2entry.c
++++ b/ldap/servers/slapd/back-ldbm/dn2entry.c
+@@ -151,14 +151,15 @@ struct backentry *
+ dn2ancestor(
+     Slapi_Backend *be,
+     const Slapi_DN	*sdn,
+-	Slapi_DN *ancestordn,
++    Slapi_DN *ancestordn,
+     back_txn		*txn,
+-    int			*err
++    int			*err,
++    int allow_suffix
+ )
+ {
+-	struct backentry *e = NULL;
++    struct backentry *e = NULL;
+ 
+-	LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
++    LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
+ 
+     /* first, check to see if the given sdn is empty or a root suffix of the
+        given backend - if so, it has no parent */
+@@ -190,7 +191,13 @@ dn2ancestor(
+         */
+ 
+         /* stop when we get to "", or a backend suffix point */
+-        while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) {
++        while (!e && !slapi_sdn_isempty(&ancestorndn)) {
++            if (!allow_suffix) {
++                /* Original behavior. */
++                if (slapi_be_issuffix(be, &ancestorndn)) {
++                    break;
++                }
++            }
+             /* find the entry - it uses the ndn, so no further conversion is necessary */
+             e= dn2entry(be,&ancestorndn,txn,err);
+             if (!e) {
+diff --git a/ldap/servers/slapd/back-ldbm/findentry.c b/ldap/servers/slapd/back-ldbm/findentry.c
+index 4a574bf..8b842e3 100644
+--- a/ldap/servers/slapd/back-ldbm/findentry.c
++++ b/ldap/servers/slapd/back-ldbm/findentry.c
+@@ -16,8 +16,8 @@
+ #include "back-ldbm.h"
+ 
+ 
+-static struct backentry *find_entry_internal_dn(Slapi_PBlock *pb, backend *be, const Slapi_DN *sdn, int lock, back_txn *txn, int flags);
+-static struct backentry * find_entry_internal(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int lock, back_txn *txn, int flags);
++static struct backentry *find_entry_internal_dn(Slapi_PBlock *pb, backend *be, const Slapi_DN *sdn, int lock, back_txn *txn, int flags, int *rc);
++static struct backentry * find_entry_internal(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int lock, back_txn *txn, int flags, int *rc);
+ /* The flags take these values */
+ #define FE_TOMBSTONE_INCLUDED TOMBSTONE_INCLUDED /* :1 defined in back-ldbm.h */
+ #define FE_REALLY_INTERNAL 0x2
+@@ -27,7 +27,7 @@ check_entry_for_referral(Slapi_PBlock *pb, Slapi_Entry *entry, char *matched, co
+ {
+ 	int rc=0, i=0, numValues=0;
+ 	Slapi_Attr *attr;
+-	Slapi_Value *val=NULL;	
++	Slapi_Value *val=NULL;
+ 	struct berval **refscopy=NULL;
+ 	struct berval **url=NULL;
+ 
+@@ -80,12 +80,13 @@ out:
+ 
+ static struct backentry *
+ find_entry_internal_dn(
+-	Slapi_PBlock	*pb,
++    Slapi_PBlock	*pb,
+     backend			*be,
+     const Slapi_DN *sdn,
+     int				lock,
+-	back_txn		*txn,
+-	int				flags
++    back_txn		*txn,
++    int				flags,
++    int				*rc /* return code */
+ )
+ { 
+ 	struct backentry *e;
+@@ -93,9 +94,14 @@ find_entry_internal_dn(
+ 	int	err;
+ 	ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
+ 	size_t tries = 0;
++	int isroot = 0;
++	int op_type;
++	char *errbuf = NULL;
+ 
+ 	/* get the managedsait ldap message control */
+-	slapi_pblock_get( pb, SLAPI_MANAGEDSAIT, &managedsait );
++	slapi_pblock_get(pb, SLAPI_MANAGEDSAIT, &managedsait);
++	slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot);
++	slapi_pblock_get(pb, SLAPI_OPERATION_TYPE, &op_type);
+ 
+ 	while ( (tries < LDBM_CACHE_RETRY_COUNT) && 
+ 	        (e = dn2entry_ext( be, sdn, txn, flags & TOMBSTONE_INCLUDED, &err ))
+@@ -113,6 +119,9 @@ find_entry_internal_dn(
+ 			if(check_entry_for_referral(pb, e->ep_entry, NULL, "find_entry_internal_dn"))
+ 			{
+ 				CACHE_RETURN( &inst->inst_cache, &e );
++				if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */
++					*rc = FE_RC_SENT_RESULT;
++				}
+ 				return( NULL );
+ 			}
+ 		}
+@@ -151,27 +160,89 @@ find_entry_internal_dn(
+ 		struct backentry *me;
+ 		Slapi_DN ancestorsdn;
+ 		slapi_sdn_init(&ancestorsdn);
+-		me= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,txn,&err);
++		me = dn2ancestor(pb->pb_backend, sdn, &ancestorsdn, txn, &err, 1 /* allow_suffix */);
+ 		if ( !managedsait && me != NULL ) {
+ 			/* if the entry is a referral send the referral */
+ 			if(check_entry_for_referral(pb, me->ep_entry, (char*)slapi_sdn_get_dn(&ancestorsdn), "find_entry_internal_dn"))
+ 			{
+ 				CACHE_RETURN( &inst->inst_cache, &me );
+ 				slapi_sdn_done(&ancestorsdn);
++				if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */
++					*rc = FE_RC_SENT_RESULT;
++				}
+ 				return( NULL );
+ 			}
+ 			/* else fall through to no such object */
+ 		}
+ 
+ 		/* entry not found */
+-		slapi_send_ldap_result( pb, ( 0 == err || DB_NOTFOUND == err ) ?
+-			LDAP_NO_SUCH_OBJECT : ( LDAP_INVALID_DN_SYNTAX == err ) ?
+-			LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR,
+-			(char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL );
++		if ((0 == err) || (DB_NOTFOUND == err)) {
++			if (me && !isroot) {
++				/* If not root, you may not want to reveal it. */
++				int acl_type = -1;
++				int return_err = LDAP_NO_SUCH_OBJECT;
++				err = LDAP_SUCCESS;
++				switch (op_type) {
++				case SLAPI_OPERATION_ADD:
++					acl_type = SLAPI_ACL_ADD;
++					return_err = LDAP_INSUFFICIENT_ACCESS;
++					break;
++				case SLAPI_OPERATION_DELETE:
++					acl_type = SLAPI_ACL_DELETE;
++					return_err = LDAP_INSUFFICIENT_ACCESS;
++					break;
++				case SLAPI_OPERATION_MODDN:
++					acl_type = SLAPI_ACL_MODDN;
++					return_err = LDAP_INSUFFICIENT_ACCESS;
++					break;
++				case SLAPI_OPERATION_MODIFY:
++					acl_type = SLAPI_ACL_WRITE;
++					return_err = LDAP_INSUFFICIENT_ACCESS;
++					break;
++				case SLAPI_OPERATION_SEARCH:
++				case SLAPI_OPERATION_COMPARE:
++					return_err = LDAP_SUCCESS;
++					acl_type = SLAPI_ACL_READ;
++					break;
++				case SLAPI_OPERATION_BIND:
++					acl_type = -1; /* skip acl check. acl is not set up for bind. */
++					return_err = LDAP_INVALID_CREDENTIALS;
++					slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry");
++					break;
++				}
++				if (acl_type > 0) {
++					err = plugin_call_acl_plugin(pb, me->ep_entry, NULL, NULL, acl_type,
++					                             ACLPLUGIN_ACCESS_DEFAULT, &errbuf);
++				}
++				if (((acl_type > 0) && err) || (op_type == SLAPI_OPERATION_BIND)) {
++					/*
++					 * Operations to be checked && ACL returns disallow.
++					 * Not to disclose the info about the entry's existence,
++					 * do not return the "matched" DN.
++					 * Plus, the bind case returns LDAP_INAPPROPRIATE_AUTH.
++					 */
++					slapi_send_ldap_result(pb, return_err, NULL, NULL, 0, NULL);
++				} else {
++					slapi_send_ldap_result(pb, LDAP_NO_SUCH_OBJECT,
++						(char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
++				}
++			} else {
++				slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT,
++					(char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
++			}
++		} else {
++			slapi_send_ldap_result( pb, ( LDAP_INVALID_DN_SYNTAX == err ) ?
++				LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR,
++				(char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL );
++		}
++		if (rc) {
++			*rc = FE_RC_SENT_RESULT;
++		}
+ 		slapi_sdn_done(&ancestorsdn);
+ 		CACHE_RETURN( &inst->inst_cache, &me );
+ 	}
+ 
++	slapi_ch_free_string(&errbuf);
+ 	LDAPDebug( LDAP_DEBUG_TRACE, "<= find_entry_internal_dn not found (%s)\n",
+ 	    slapi_sdn_get_dn(sdn), 0, 0 );
+ 	return( NULL );
+@@ -183,11 +254,11 @@ find_entry_internal_dn(
+  */
+ static struct backentry *
+ find_entry_internal_uniqueid(
+-	Slapi_PBlock	*pb,
++    Slapi_PBlock	*pb,
+     backend *be,
+-	const char 			*uniqueid,
++    const char 			*uniqueid,
+     int				lock,
+-	back_txn		*txn
++    back_txn		*txn
+ )
+ {
+ 	ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
+@@ -243,8 +314,9 @@ find_entry_internal(
+     Slapi_Backend *be,
+     const entry_address *addr,
+     int			lock,
+-	back_txn *txn,
+-	int flags
++    back_txn *txn,
++    int flags,
++    int *rc
+ )
+ {
+ 	/* check if we should search based on uniqueid or dn */
+@@ -261,11 +333,9 @@ find_entry_internal(
+ 		LDAPDebug( LDAP_DEBUG_TRACE, "=> find_entry_internal (dn=%s) lock %d\n",
+ 		           slapi_sdn_get_dn(addr->sdn), lock, 0 );
+ 		if (addr->sdn) {
+-			entry = find_entry_internal_dn (pb, be, addr->sdn, 
+-			                                lock, txn, flags);
++			entry = find_entry_internal_dn (pb, be, addr->sdn, lock, txn, flags, rc);
+ 		} else {
+-			LDAPDebug0Args( LDAP_DEBUG_ANY,
+-			                "find_entry_internal: Null target dn\n" );
++			LDAPDebug0Args( LDAP_DEBUG_ANY, "find_entry_internal: Null target dn\n" );
+ 		}
+ 
+ 		LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= find_entry_internal\n" );
+@@ -278,10 +348,11 @@ find_entry(
+     Slapi_PBlock		*pb,
+     Slapi_Backend *be,
+     const entry_address *addr,
+-	back_txn *txn
++    back_txn *txn,
++    int *rc
+ )
+ {
+-	return( find_entry_internal( pb, be, addr, 0/*!lock*/, txn, 0/*flags*/ ) );
++	return(find_entry_internal(pb, be, addr, 0/*!lock*/, txn, 0/*flags*/, rc));
+ }
+ 
+ struct backentry *
+@@ -289,10 +360,11 @@ find_entry2modify(
+     Slapi_PBlock		*pb,
+     Slapi_Backend *be,
+     const entry_address *addr,
+-	back_txn *txn
++    back_txn *txn,
++    int *rc
+ )
+ {
+-	return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, 0/*flags*/ ) );
++	return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, 0/*flags*/, rc));
+ }
+ 
+ /* New routines which do not do any referral stuff.
+@@ -304,10 +376,11 @@ find_entry_only(
+     Slapi_PBlock		*pb,
+     Slapi_Backend *be,
+     const entry_address *addr,
+-	back_txn *txn
++    back_txn *txn,
++    int *rc
+ )
+ {
+-	return( find_entry_internal( pb, be, addr, 0/*!lock*/, txn, FE_REALLY_INTERNAL ) );
++	return(find_entry_internal(pb, be, addr, 0/*!lock*/, txn, FE_REALLY_INTERNAL, rc));
+ }
+ 
+ struct backentry *
+@@ -315,10 +388,11 @@ find_entry2modify_only(
+     Slapi_PBlock		*pb,
+     Slapi_Backend *be,
+     const entry_address *addr,
+-    back_txn *txn
++    back_txn *txn,
++    int *rc
+ )
+ {
+-	return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, FE_REALLY_INTERNAL ) );
++	return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, 0 /* to check aci, disable INTERNAL */, rc));
+ }
+ 
+ struct backentry *
+@@ -327,10 +401,9 @@ find_entry2modify_only_ext(
+     Slapi_Backend *be,
+     const entry_address *addr,
+     int flags,
+-    back_txn *txn
+-
++    back_txn *txn,
++    int *rc
+ )
+ {
+-	return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, 
+-		                         FE_REALLY_INTERNAL | flags ));
++	return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, FE_REALLY_INTERNAL | flags, rc));
+ }
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
+index 7eb8fe9..f462376 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
+@@ -93,6 +93,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ 	int myrc = 0;
+ 	PRUint64 conn_id;
+ 	int op_id;
++	int result_sent = 0;
+ 	if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) {
+ 		conn_id = 0; /* connection is NULL */
+ 	}
+@@ -379,7 +380,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ 				addr.sdn = &parentsdn;
+ 				addr.udn = NULL;
+ 				addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
+-				parententry = find_entry2modify_only(pb,be,&addr,&txn);
++				parententry = find_entry2modify_only(pb, be, &addr, &txn, &result_sent);
+ 				if (parententry && parententry->ep_entry) {
+ 					if (!operation->o_params.p.p_add.parentuniqueid){
+ 						/* Set the parentuniqueid now */
+@@ -431,6 +432,14 @@ ldbm_back_add( Slapi_PBlock *pb )
+ 						/* The entry already exists */ 
+ 						ldap_result_code = LDAP_ALREADY_EXISTS;
+ 					}
++					if ((LDAP_ALREADY_EXISTS == ldap_result_code) && !isroot && !is_replicated_operation) {
++						myrc = plugin_call_acl_plugin(pb, e, NULL, NULL, SLAPI_ACL_ADD,
++						                              ACLPLUGIN_ACCESS_DEFAULT, &errbuf);
++						if (myrc) {
++							ldap_result_code = myrc;
++							ldap_result_message = errbuf;
++						}
++					}
+ 					goto error_return;
+ 				} 
+ 				else 
+@@ -447,7 +456,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ 						Slapi_DN ancestorsdn;
+ 						struct backentry *ancestorentry;
+ 						slapi_sdn_init(&ancestorsdn);
+-						ancestorentry= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,&txn,&err);
++						ancestorentry = dn2ancestor(pb->pb_backend, sdn, &ancestorsdn, &txn, &err, 0);
+ 						slapi_sdn_done(&ancestorsdn);
+ 						if ( ancestorentry != NULL )
+ 						{
+@@ -495,7 +504,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ 				addr.udn = NULL;
+ 				addr.sdn = NULL;
+ 				addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */
+-				tombstoneentry = find_entry2modify( pb, be, &addr, &txn );
++				tombstoneentry = find_entry2modify(pb, be, &addr, &txn, &result_sent);
+ 				if ( tombstoneentry==NULL )
+ 				{
+ 					ldap_result_code= -1;
+@@ -712,7 +721,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ 					LDAPDebug1Arg(LDAP_DEBUG_BACKLDBM, "ldbm_add: Parent \"%s\" does not exist. "
+ 					              "It might be a conflict entry.\n", slapi_sdn_get_dn(&parentsdn));
+ 					slapi_sdn_init(&ancestorsdn);
+-					ancestorentry = dn2ancestor(be, &parentsdn, &ancestorsdn, &txn, &err );
++					ancestorentry = dn2ancestor(be, &parentsdn, &ancestorsdn, &txn, &err, 1);
+ 					CACHE_RETURN( &inst->inst_cache, &ancestorentry );
+ 
+ 					ldap_result_code= LDAP_NO_SUCH_OBJECT;
+@@ -1349,7 +1358,9 @@ common_return:
+ 			 * And we don't want the supplier to halt sending the updates. */
+ 			ldap_result_code = LDAP_SUCCESS;
+ 		}
+-		slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn, ldap_result_message, 0, NULL );
++		if (!result_sent) {
++			slapi_send_ldap_result(pb, ldap_result_code, ldap_result_matcheddn, ldap_result_message, 0, NULL);
++		}
+ 	}
+ 	backentry_free(&originalentry);
+ 	backentry_free(&tmpentry);
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_bind.c b/ldap/servers/slapd/back-ldbm/ldbm_bind.c
+index ea0df33..99a0818 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_bind.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_bind.c
+@@ -29,6 +29,7 @@ ldbm_back_bind( Slapi_PBlock *pb )
+ 	entry_address *addr;
+ 	back_txn txn = {NULL};
+ 	int rc = SLAPI_BIND_SUCCESS;
++	int result_sent = 0;
+ 
+ 	/* get parameters */
+ 	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+@@ -63,8 +64,12 @@ ldbm_back_bind( Slapi_PBlock *pb )
+ 	 * find the target entry.  find_entry() takes care of referrals
+ 	 *   and sending errors if the entry does not exist.
+ 	 */
+-	if (( e = find_entry( pb, be, addr, &txn )) == NULL ) {
++	if ((e = find_entry( pb, be, addr, &txn, &result_sent)) == NULL) {
+ 		rc = SLAPI_BIND_FAIL;
++		/* In the failure case, the result is supposed to be sent in the backend. */
++		if (!result_sent) {
++			slapi_send_ldap_result(pb, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, 0, NULL);
++		}
+ 		goto bail;
+ 	}
+ 
+@@ -82,8 +87,8 @@ ldbm_back_bind( Slapi_PBlock *pb )
+ 		bvals= attr_get_present_values(attr);
+ 		slapi_value_init_berval(&cv,cred);
+ 		if ( slapi_pw_find_sv( bvals, &cv ) != 0 ) {
+-			slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL,
+-			    NULL, 0, NULL );
++			slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Invalid credentials");
++			slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL );
+ 			CACHE_RETURN( &inst->inst_cache, &e );
+ 			value_done(&cv);
+ 			rc = SLAPI_BIND_FAIL;
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_compare.c b/ldap/servers/slapd/back-ldbm/ldbm_compare.c
+index e52cd6c..e9973a9 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_compare.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_compare.c
+@@ -56,7 +56,7 @@ ldbm_back_compare( Slapi_PBlock *pb )
+ 	/* get the namespace dn */
+ 	namespace_dn = (Slapi_DN*)slapi_be_getsuffix(be, 0);
+ 
+-	if ( (e = find_entry( pb, be, addr, &txn )) == NULL ) {
++	if ((e = find_entry(pb, be, addr, &txn, NULL)) == NULL) {
+ 		ret = -1;	/* error result sent by find_entry() */
+ 		goto bail;
+ 	}
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+index 5b24af2..f801e01 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+@@ -77,6 +77,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
+ 	int op_id;
+ 	ID ep_id = 0;
+ 	ID tomb_ep_id = 0;
++	int result_sent = 0;
+ 
+ 	if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) {
+ 		conn_id = 0; /* connection is NULL */
+@@ -266,7 +267,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
+ 			 * deleted.  That is, the entry 'e' found with "addr" is a tomb-
+ 			 * stone.  If it is the case, we need to back off.
+ 			 */
+-			if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL )
++			if ((e = find_entry2modify(pb, be, addr, &txn, &result_sent)) == NULL)
+ 			{
+ 				ldap_result_code= LDAP_NO_SUCH_OBJECT; 
+ 				retval = -1;
+@@ -507,7 +508,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
+ 						parent_addr.uniqueid = NULL;
+ 					}
+ 					parent_addr.sdn = &parentsdn;
+-					parent = find_entry2modify_only_ext(pb, be, &parent_addr, TOMBSTONE_INCLUDED, &txn);
++					parent = find_entry2modify_only_ext(pb, be, &parent_addr, TOMBSTONE_INCLUDED, &txn, &result_sent);
+ 				}
+ 				if (parent) {
+ 					int isglue;
+@@ -1466,7 +1467,9 @@ diskfull_return:
+ 			 * And we don't want the supplier to halt sending the updates. */
+ 			ldap_result_code = LDAP_SUCCESS;
+ 		}
+-		slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++		if (!result_sent) {
++			slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++		}
+ 	}
+ 	slapi_log_error(SLAPI_LOG_BACKLDBM, "ldbm_back_delete",
+ 	                "conn=%lu op=%d modify_term: old_entry=0x%p, new_entry=0x%p, in_cache=%d\n",
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+index 9b3062c..34d9861 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+@@ -392,6 +392,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ 	int not_an_error = 0;
+ 	int fixup_tombstone = 0;
+ 	int ec_locked = 0;
++	int result_sent = 0;
+ 
+ 	slapi_pblock_get( pb, SLAPI_BACKEND, &be);
+ 	slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
+@@ -466,12 +467,12 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ 	if ( MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ 		/* find and lock the entry we are about to modify */
+ 		if (fixup_tombstone) {
+-			e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++			e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent );
+ 		} else {
+-			e = find_entry2modify( pb, be, addr, &txn );
++			e = find_entry2modify( pb, be, addr, &txn, &result_sent );
+ 		}
+ 		if (e == NULL) {
+-			ldap_result_code= -1;
++			ldap_result_code = -1;
+ 			goto error_return; /* error result sent by find_entry2modify() */
+ 		}
+ 	}
+@@ -551,12 +552,12 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ 			if ( !MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ 				/* find and lock the entry we are about to modify */
+ 				if (fixup_tombstone) {
+-					e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++					e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent );
+ 				} else {
+-					e = find_entry2modify( pb, be, addr, &txn );
++					e = find_entry2modify( pb, be, addr, &txn, &result_sent );
+ 				}
+ 				if (e == NULL) {
+-					ldap_result_code= -1;
++					ldap_result_code = -1;
+ 					goto error_return; /* error result sent by find_entry2modify() */
+ 				}
+ 			}
+@@ -966,7 +967,10 @@ common_return:
+ 			 * And we don't want the supplier to halt sending the updates. */
+ 			ldap_result_code = LDAP_SUCCESS;
+ 		}
+-		slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++		if (!result_sent) {
++			/* result is already sent in find_entry. */
++			slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++		}
+ 	}
+ 
+ 	/* free our backups */
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+index c0cd2ab..f934305 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+@@ -95,6 +95,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+     int myrc = 0;
+     PRUint64 conn_id;
+     int op_id;
++    int result_sent = 0;
+     if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) {
+         conn_id = 0; /* connection is NULL */
+     }
+@@ -474,7 +475,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+             /* find and lock the entry we are about to modify */
+             /* JCMREPL - Argh, what happens about the stinking referrals? */
+             slapi_pblock_get (pb, SLAPI_TARGET_ADDRESS, &old_addr);
+-            e = find_entry2modify( pb, be, old_addr, &txn );
++            e = find_entry2modify(pb, be, old_addr, &txn, &result_sent);
+             if ( e == NULL )
+             {
+                 ldap_result_code= -1;
+@@ -510,7 +511,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+             } else {
+                 oldparent_addr.uniqueid = NULL;            
+             }
+-            parententry = find_entry2modify_only( pb, be, &oldparent_addr, &txn );
++            parententry = find_entry2modify_only(pb, be, &oldparent_addr, &txn, &result_sent);
+             modify_init(&parent_modify_context,parententry);
+         
+             /* Fetch and lock the new parent of the entry that is moving */            
+@@ -520,7 +521,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+                 if (is_resurect_operation) {
+                     newsuperior_addr->uniqueid = slapi_entry_attr_get_charptr(e->ep_entry, SLAPI_ATTR_VALUE_PARENT_UNIQUEID);
+                 }
+-                newparententry = find_entry2modify_only( pb, be, newsuperior_addr, &txn );
++                newparententry = find_entry2modify_only(pb, be, newsuperior_addr, &txn, &result_sent);
+                 slapi_ch_free_string(&newsuperior_addr->uniqueid);
+                 modify_init(&newparent_modify_context,newparententry);
+             }
+@@ -581,7 +582,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+                         Slapi_DN ancestorsdn;
+                         struct backentry *ancestorentry;
+                         slapi_sdn_init(&ancestorsdn);
+-                        ancestorentry= dn2ancestor(be,&dn_newdn,&ancestorsdn,&txn,&err);
++                        ancestorentry = dn2ancestor(be, &dn_newdn, &ancestorsdn, &txn, &err, 0);
+                         CACHE_RETURN( &inst->inst_cache, &ancestorentry );
+                         ldap_result_matcheddn= slapi_ch_strdup((char *) slapi_sdn_get_dn(&ancestorsdn));
+                         ldap_result_code= LDAP_NO_SUCH_OBJECT;
+@@ -1486,8 +1487,10 @@ common_return:
+              * And we don't want the supplier to halt sending the updates. */
+             ldap_result_code = LDAP_SUCCESS;
+         }
+-        slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn,
+-                    ldap_result_message, 0,NULL );
++        if (!result_sent) {
++            slapi_send_ldap_result(pb, ldap_result_code, ldap_result_matcheddn,
++                                   ldap_result_message, 0, NULL);
++        }
+     }
+     slapi_mods_done(&smods_operation_wsi);
+     slapi_mods_done(&smods_generated);
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c
+index 535529c..cda1714 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
+@@ -584,7 +584,7 @@ ldbm_back_search( Slapi_PBlock *pb )
+     }
+     else
+     {
+-        if ( ( e = find_entry( pb, be, addr, &txn )) == NULL )
++        if ((e = find_entry(pb, be, addr, &txn, NULL)) == NULL)
+         {
+             /* error or referral sent by find_entry */
+             return ldbm_back_search_cleanup(pb, li, sort_control, 
+diff --git a/ldap/servers/slapd/back-ldbm/misc.c b/ldap/servers/slapd/back-ldbm/misc.c
+index 77c1e70..516b32d 100644
+--- a/ldap/servers/slapd/back-ldbm/misc.c
++++ b/ldap/servers/slapd/back-ldbm/misc.c
+@@ -412,7 +412,7 @@ ldbm_txn_ruv_modify_context( Slapi_PBlock *pb, modify_context *mc )
+ 
+     /* Note: if we find the bentry, it will stay locked until someone calls
+      * modify_term on the mc we'll be associating the bentry with */
+-    bentry = find_entry2modify_only( pb, be, &bentry_addr, &txn );
++    bentry = find_entry2modify_only(pb, be, &bentry_addr, &txn, NULL);
+ 
+     if (NULL == bentry) {
+         /* Uh oh, we couldn't find and lock the RUV entry! */
+diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+index 86e2237..8c813dd 100644
+--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
++++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+@@ -174,7 +174,7 @@ int ldbm_back_ctrl_info(Slapi_Backend *be, int cmd, void *info);
+ struct backentry *dn2entry(Slapi_Backend *be, const Slapi_DN *sdn, back_txn *txn, int    *err);
+ struct backentry *dn2entry_ext(Slapi_Backend *be, const Slapi_DN *sdn, back_txn *txn, int flags, int *err);
+ struct backentry *dn2entry_or_ancestor(Slapi_Backend *be, const Slapi_DN *sdn, Slapi_DN *ancestor, back_txn *txn, int *err);
+-struct backentry *dn2ancestor(Slapi_Backend *be,const Slapi_DN *sdn,Slapi_DN *ancestordn,back_txn *txn,int *err);
++struct backentry *dn2ancestor(Slapi_Backend *be,const Slapi_DN *sdn,Slapi_DN *ancestordn,back_txn *txn,int *err, int allow_suffix);
+ int get_copy_of_entry(Slapi_PBlock *pb, const entry_address *addr, back_txn *txn, int plock_parameter, int must_exist);
+ int get_copy_of_entry_ext(Slapi_PBlock *pb, ID id, const entry_address *addr, back_txn *txn, int plock_parameter, int must_exist);
+ void done_with_pblock_entry(Slapi_PBlock *pb, int plock_parameter);
+@@ -194,11 +194,13 @@ IDList * filter_candidates_ext( Slapi_PBlock *pb, backend *be, const char *base,
+ /*
+  * findentry.c
+  */
+-struct backentry * find_entry2modify( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn );
+-struct backentry * find_entry( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn );
+-struct backentry * find_entry2modify_only( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn);
+-struct backentry * find_entry2modify_only_ext( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int flags, back_txn *txn);
+-struct backentry * find_entry_only( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn);
++/* Return code */
++#define FE_RC_SENT_RESULT 1
++struct backentry *find_entry2modify(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
++struct backentry *find_entry(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
++struct backentry *find_entry2modify_only(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
++struct backentry *find_entry2modify_only_ext(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int flags, back_txn *txn, int *rc);
++struct backentry *find_entry_only(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
+ int check_entry_for_referral(Slapi_PBlock *pb, Slapi_Entry *entry, char *matched, const char *callingfn);
+ 
+ /*
+diff --git a/ldap/servers/slapd/back-ldbm/vlv_srch.c b/ldap/servers/slapd/back-ldbm/vlv_srch.c
+index fcd0c2d..df378211 100644
+--- a/ldap/servers/slapd/back-ldbm/vlv_srch.c
++++ b/ldap/servers/slapd/back-ldbm/vlv_srch.c
+@@ -162,7 +162,7 @@ vlvSearch_init(struct vlvSearch* p, Slapi_PBlock *pb, const Slapi_Entry *e, ldbm
+ 
+             addr.sdn = p->vlv_base;
+             addr.uniqueid = NULL;
+-            e = find_entry( pb, inst->inst_be, &addr, &txn );
++            e = find_entry(pb, inst->inst_be, &addr, &txn, NULL);
+             /* Check to see if the entry is absent. If it is, mark this search
+              * as not initialized */
+             if (NULL == e) {
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index 1ffec4e..b441615 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -438,8 +438,8 @@ do_bind( Slapi_PBlock *pb )
+              * to an LDAP DN, fail and return an invalidCredentials error.
+              */
+             if ( NULL == pb->pb_conn->c_external_dn ) {
+-                send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL,
+-                                  "client certificate mapping failed", 0, NULL );
++                slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Client certificate mapping failed");
++                send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
+                 /* call postop plugins */
+                 plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN );
+                 goto free_and_return;
+@@ -556,33 +556,32 @@ do_bind( Slapi_PBlock *pb )
+         /* Check if simple binds are allowed over an insecure channel.  We only check
+          * this for authenticated binds. */
+         } else if (config_get_require_secure_binds() == 1) {
+-                Connection *conn = NULL;
+-                int sasl_ssf = 0;
+-                int local_ssf = 0;
+-
+-                /* Allow simple binds only for SSL/TLS established connections
+-                 * or connections using SASL privacy layers */
+-                conn = pb->pb_conn;
+-                if ( slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) {
+-                    slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
+-                                     "Could not get SASL SSF from connection\n" );
+-                    sasl_ssf = 0;
+-                }
++            Connection *conn = NULL;
++            int sasl_ssf = 0;
++            int local_ssf = 0;
++
++            /* Allow simple binds only for SSL/TLS established connections
++             * or connections using SASL privacy layers */
++            conn = pb->pb_conn;
++            if ( slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) {
++                slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
++                                 "Could not get SASL SSF from connection\n" );
++                sasl_ssf = 0;
++            }
+ 
+-                if ( slapi_pblock_get(pb, SLAPI_CONN_LOCAL_SSF, &local_ssf) != 0) {
+-                    slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
+-                                     "Could not get local SSF from connection\n" );
+-                    local_ssf = 0;
+-                }
++            if ( slapi_pblock_get(pb, SLAPI_CONN_LOCAL_SSF, &local_ssf) != 0) {
++                slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
++                                 "Could not get local SSF from connection\n" );
++                local_ssf = 0;
++            }
+ 
+-                if (((conn->c_flags & CONN_FLAG_SSL) != CONN_FLAG_SSL) &&
+-                    (sasl_ssf <= 1) && (local_ssf <= 1)) {
+-                        send_ldap_result(pb, LDAP_CONFIDENTIALITY_REQUIRED, NULL,
+-                                         "Operation requires a secure connection",
+-                                         0, NULL);
+-                        slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors);
+-                        goto free_and_return;
+-                }
++            if (((conn->c_flags & CONN_FLAG_SSL) != CONN_FLAG_SSL) &&
++                (sasl_ssf <= 1) && (local_ssf <= 1)) {
++                send_ldap_result(pb, LDAP_CONFIDENTIALITY_REQUIRED, NULL,
++                                 "Operation requires a secure connection", 0, NULL);
++                slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors);
++                goto free_and_return;
++            }
+         }
+         break;
+     default:
+@@ -627,6 +626,7 @@ do_bind( Slapi_PBlock *pb )
+                 /*
+                  *  right dn, wrong passwd - reject with invalid credentials
+                  */
++                slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Invalid credentials");
+                 send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL );
+                 /* increment BindSecurityErrorcount */
+                 slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors);
+@@ -686,7 +686,8 @@ do_bind( Slapi_PBlock *pb )
+             slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
+             if (!pb_sdn) {
+                 slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
+-                send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++                slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
++                send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+                 goto free_and_return;
+             } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
+                 /*
+@@ -696,8 +697,10 @@ do_bind( Slapi_PBlock *pb )
+                 sdn = pb_sdn;
+                 dn = slapi_sdn_get_dn(sdn);
+                 if (!dn) {
+-                    slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
+-                    send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++                    char *udn = slapi_sdn_get_udn(sdn);
++                    slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn %s\n", udn?udn:"");
++                    slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
++                    send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+                     goto free_and_return;
+                 }
+                 if (!sdn_updated) { /* pb_sdn != sdn; need to compare the dn's. */
+@@ -711,7 +714,8 @@ do_bind( Slapi_PBlock *pb )
+                         slapi_pblock_set( pb, SLAPI_BACKEND, be );
+                     } else {
+                         slapi_create_errormsg(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
+-                        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++                        slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
++                        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+                         goto free_and_return;
+                     }
+                 }
+@@ -790,7 +794,8 @@ do_bind( Slapi_PBlock *pb )
+                                     goto account_locked;
+                                 }
+                             } else {
+-                                send_ldap_result(pb, LDAP_NO_SUCH_OBJECT, NULL, "", 0, NULL);
++                                slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry");
++                                send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
+                                 goto free_and_return;
+                             }
+                         }
+@@ -850,8 +855,7 @@ account_locked:
+              * the front end.
+              */
+             if ( rc == SLAPI_BIND_SUCCESS || rc == SLAPI_BIND_ANONYMOUS) {
+-                send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL,
+-                                  0, NULL );
++                send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL, 0, NULL );
+             }
+ 
+             slapi_pblock_set( pb, SLAPI_PLUGIN_OPRETURN, &rc );
+@@ -876,8 +880,7 @@ free_and_return:;
+     slapi_sdn_free(&sdn);
+     slapi_ch_free_string( &saslmech );
+     slapi_ch_free( (void **)&cred.bv_val );
+-    if ( bind_target_entry != NULL )
+-        slapi_entry_free(bind_target_entry);
++    slapi_entry_free(bind_target_entry);
+ }
+ 
+ 
+diff --git a/ldap/servers/slapd/defbackend.c b/ldap/servers/slapd/defbackend.c
+index 7d73501..da4a701 100644
+--- a/ldap/servers/slapd/defbackend.c
++++ b/ldap/servers/slapd/defbackend.c
+@@ -171,6 +171,51 @@ defbackend_abandon( Slapi_PBlock *pb )
+ }
+ 
+ 
++#define DEFBE_NO_SUCH_SUFFIX "No such suffix"
++/*
++ * Generate a "No such suffix" return text
++ * Example:
++ *   cn=X,dc=bogus,dc=com ==> "No such suffix (dc=bogus,dc=com)" 
++ *     if the last rdn starts with "dc=", print all last dc= rdn's.
++ *   cn=X,cn=bogus ==> "No such suffix (cn=bogus)"
++ *     otherwise, print the very last rdn.
++ *   cn=X,z=bogus ==> "No such suffix (x=bogus)"
++ *     it is true even if it is an invalid rdn.
++ *   cn=X,bogus ==> "No such suffix (bogus)"
++ *     another example of invalid rdn.
++ */
++static void
++_defbackend_gen_returntext(char *buffer, size_t buflen, char **dns)
++{
++    int dnidx;
++    int sidx;
++    struct suffix_repeat {
++        char *suffix;
++        int size;
++    } candidates[] = {
++        {"dc=", 3}, /* dc could be repeated.  otherwise the last rdn is used. */
++        {NULL, 0}
++    };
++    PR_snprintf(buffer, buflen, "%s (", DEFBE_NO_SUCH_SUFFIX);
++    for (dnidx = 0; dns[dnidx]; dnidx++) ; /* finding the last */
++    dnidx--; /* last rdn */
++    for (sidx = 0; candidates[sidx].suffix; sidx++) {
++        if (!PL_strncasecmp(dns[dnidx], candidates[sidx].suffix, candidates[sidx].size)) {
++            while (!PL_strncasecmp(dns[--dnidx], candidates[sidx].suffix, candidates[sidx].size)) ;
++            PL_strcat(buffer, dns[++dnidx]); /* the first "dn=", e.g. */
++            for (++dnidx; dns[dnidx]; dnidx++) {
++                PL_strcat(buffer, ",");
++                PL_strcat(buffer, dns[dnidx]);
++            }
++            PL_strcat(buffer, ")");
++            return; /* finished the task */
++        }
++    }
++    PL_strcat(buffer, dns[dnidx]);
++    PL_strcat(buffer, ")");
++    return;
++}
++
+ static int
+ defbackend_bind( Slapi_PBlock *pb )
+ {
+@@ -188,11 +233,40 @@ defbackend_bind( Slapi_PBlock *pb )
+     slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method );
+     slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &cred );
+     if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
+-	slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsAnonymousBinds);
+-	rc = SLAPI_BIND_ANONYMOUS;
++        slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsAnonymousBinds);
++        rc = SLAPI_BIND_ANONYMOUS;
+     } else {
+-	send_nobackend_ldap_result( pb );
+-	rc = SLAPI_BIND_FAIL;
++        Slapi_DN *sdn = NULL;
++        char *suffix = NULL;
++        char **dns = NULL;
++        
++        if (pb->pb_op) {
++            sdn = operation_get_target_spec(pb->pb_op);
++            if (sdn) {
++                dns = slapi_ldap_explode_dn(slapi_sdn_get_dn(sdn), 0);
++                if (dns) {
++                    size_t dnlen = slapi_sdn_get_ndn_len(sdn);
++                    size_t len = dnlen + sizeof(DEFBE_NO_SUCH_SUFFIX) + 4;
++                    suffix = slapi_ch_malloc(len);
++                    if (dnlen) {
++                        _defbackend_gen_returntext(suffix, len, dns);
++                    } else {
++                        PR_snprintf(suffix, len, "%s", DEFBE_NO_SUCH_SUFFIX);
++                    }
++                }
++            }
++        }
++        if (suffix) {
++            slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, suffix);
++        } else {
++            slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, DEFBE_NO_SUCH_SUFFIX);
++        }
++        send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
++        if (dns) {
++            slapi_ldap_value_free(dns);
++        }
++        slapi_ch_free_string(&suffix);
++        rc = SLAPI_BIND_FAIL;
+     }
+ 
+     return( rc );
+diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
+index 506da92..c2a0206 100644
+--- a/ldap/servers/slapd/result.c
++++ b/ldap/servers/slapd/result.c
+@@ -2067,14 +2067,26 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
+ 		}
+ 		else if ( !internal_op )
+ 		{
++			char *pbtxt = NULL;
++			char *ext_str = NULL;
++			slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &pbtxt);
++			if (pbtxt) {
++				ext_str = slapi_ch_smprintf(" - %s", pbtxt);
++			} else {
++				ext_str = "";
++			}
+ 			slapi_log_access( LDAP_DEBUG_STATS,
+ 							  "conn=%" NSPRIu64 " op=%d RESULT err=%d"
+-							  " tag=%" BERTAG_T " nentries=%d etime=%s%s%s\n",
++							  " tag=%" BERTAG_T " nentries=%d etime=%s%s%s%s\n",
+ 							  op->o_connid,
+ 							  op->o_opid,
+ 							  err, tag, nentries,
+ 							  etime,
+-							  notes_str, csn_str );
++							  notes_str, csn_str, ext_str);
++			if (pbtxt) {
++				/* if !pbtxt ==> ext_str == "".  Don't free ext_str. */
++				slapi_ch_free_string(&ext_str);
++			}
+ 		}
+ 		else
+ 		{
+-- 
+2.4.11
+
diff --git a/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch b/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
deleted file mode 100644
index c025f60..0000000
--- a/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
+++ /dev/null
@@ -1,808 +0,0 @@
-From 46cd28db8402517febf0c5db4f2f869c491c41c0 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 8 Jul 2015 11:48:27 -0400
-Subject: [PATCH 10/20] Ticket 48208 - CleanAllRUV should completely purge
- changelog
-
-Bug Description:  After cleanAllRUV finishes, the changelog still
-                  contains entries from the cleaned rid.  Under certain
-                  conditions this can allow the RUV to get polluted
-                  again, and the ruv element will be missing the replica
-                  url.
-
-Fix Description:  At the end of the cleaning task, fire of a thread to
-                  to completely purge the changelog of all entries
-                  containing the cleaned rid.
-
-                  Also, improved the cleanAllRUV task when dealing
-                  with a server shutdown - previously if the timing is
-                  right the task can "delay/hang" the shutdown process.
-
-https://fedorahosted.org/389/ticket/48208
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit ff1c34538b0600259dba4801da2b2f0993fa5404)
-(cherry picked from commit 9e4cf12cfbfde0761325b75c3fd5a8b39223760a)
----
- ldap/servers/plugins/replication/cl5_api.c         | 447 ++++++++++++++++++---
- ldap/servers/plugins/replication/cl5_api.h         |   5 +-
- .../plugins/replication/repl5_replica_config.c     |  44 +-
- 3 files changed, 430 insertions(+), 66 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
-index a10c3ac..ae23353 100644
---- a/ldap/servers/plugins/replication/cl5_api.c
-+++ b/ldap/servers/plugins/replication/cl5_api.c
-@@ -319,14 +319,17 @@ static void _cl5TrimCleanup ();
- static int _cl5TrimMain (void *param);
- static void _cl5DoTrimming (ReplicaId rid);
- static void _cl5CompactDBs();
--static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid);
-+static void _cl5PurgeRID(Object *obj,  ReplicaId cleaned_rid);
-+static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key);
-+static int _cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key);
-+static void _cl5TrimFile (Object *obj, long *numToTrim);
- static PRBool _cl5CanTrim (time_t time, long *numToTrim);
- static int  _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge);
- static int  _cl5WriteRUV (CL5DBFile *file, PRBool purge);
- static int  _cl5ConstructRUV (const char *replGen, Object *obj, PRBool purge);
- static int  _cl5UpdateRUV (Object *obj, CSN *csn, PRBool newReplica, PRBool purge);
- static int  _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv);
--void trigger_cl_trimming_thread(void *rid);
-+void trigger_cl_purging_thread(void *rid);
- 
- /* bakup/recovery, import/export */
- static int _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op,
-@@ -3470,9 +3473,17 @@ static void _cl5DoTrimming (ReplicaId rid)
- 	   trimmed more often than other. We might have to fix that by, for 
- 	   example, randomizing starting point */
- 	obj = objset_first_obj (s_cl5Desc.dbFiles);
--	while (obj && _cl5CanTrim ((time_t)0, &numToTrim))
-+	while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid))
- 	{
--		_cl5TrimFile (obj, &numToTrim, rid);
-+		if (rid){
-+			/*
-+			 * We are cleaning an invalid rid, and need to strip it
-+			 * from the changelog.
-+			 */
-+			_cl5PurgeRID (obj, rid);
-+		} else {
-+			_cl5TrimFile (obj, &numToTrim);
-+		}
- 		obj = objset_next_obj (s_cl5Desc.dbFiles, obj);
- 	}
- 
-@@ -3549,12 +3560,351 @@ bail:
- 	return;
- }
- 
-+/*
-+ * If the rid is not set it is the very first iteration of the changelog.
-+ * If the rid is set, we are doing another pass, and we have a key as our
-+ * starting point.
-+ */
-+static int
-+_cl5PurgeGetFirstEntry(Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key)
-+{
-+	DBC *cursor = NULL;
-+	DBT	data = {0};
-+	CL5Iterator *it;
-+	CL5DBFile *file;
-+	int rc;
-+
-+	file = (CL5DBFile*)object_get_data (obj);
-+
-+	/* create cursor */
-+	rc = file->db->cursor(file->db, txnid, &cursor, 0);
-+	if (rc != 0)
-+	{
-+		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+			"_cl5PurgeGetFirstEntry: failed to create cursor; db error - %d %s\n", rc, db_strerror(rc));
-+		rc = CL5_DB_ERROR;
-+		goto done;
-+	}
-+
-+	key->flags = DB_DBT_MALLOC;
-+	data.flags = DB_DBT_MALLOC;
-+	while ((rc = cursor->c_get(cursor, key, &data, rid?DB_SET:DB_NEXT)) == 0)
-+	{
-+		/* skip service entries on the first pass (rid == 0)*/
-+		if (!rid && cl5HelperEntry ((char*)key->data, NULL))
-+		{
-+			slapi_ch_free(&key->data);
-+			slapi_ch_free(&(data.data));
-+			continue;
-+		}
-+
-+		/* format entry */
-+		rc = cl5DBData2Entry(data.data, data.size, entry);
-+		slapi_ch_free(&(data.data));
-+		if (rc != 0)
-+		{
-+			slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+				"_cl5PurgeGetFirstEntry: failed to format entry: %d\n", rc);
-+			goto done;
-+		}
-+
-+		it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
-+		it->cursor  = cursor;
-+		object_acquire (obj);
-+		it->file = obj;
-+		*(CL5Iterator**)iterator = it;
-+
-+		return CL5_SUCCESS;
-+	}
-+
-+	slapi_ch_free(&key->data);
-+	slapi_ch_free(&(data.data));
-+
-+	/* walked of the end of the file */
-+	if (rc == DB_NOTFOUND)
-+	{
-+		rc = CL5_NOTFOUND;
-+		goto done;
-+	}
-+
-+	/* db error occured while iterating */
-+	slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+				"_cl5PurgeGetFirstEntry: failed to get entry; db error - %d %s\n",
-+				rc, db_strerror(rc));
-+	rc = CL5_DB_ERROR;
-+
-+done:
-+	/*
-+	 * We didn't success in assigning this cursor to the iterator,
-+	 * so we need to free the cursor here.
-+	 */
-+	if (cursor)
-+		cursor->c_close(cursor);
-+
-+	return rc;
-+}
-+
-+/*
-+ * Get the next entry.  If we get a lock error we will restart the process
-+ * starting at the current key.
-+ */
-+static int
-+_cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key)
-+{
-+	CL5Iterator *it;
-+	DBT data={0};
-+	int rc;
-+
-+	it = (CL5Iterator*) iterator;
-+
-+	key->flags = DB_DBT_MALLOC;
-+	data.flags = DB_DBT_MALLOC;
-+	while ((rc = it->cursor->c_get(it->cursor, key, &data, DB_NEXT)) == 0)
-+	{
-+		if (cl5HelperEntry ((char*)key->data, NULL))
-+		{
-+			slapi_ch_free(&key->data);
-+			slapi_ch_free(&(data.data));
-+			continue;
-+		}
-+
-+		/* format entry */
-+		rc = cl5DBData2Entry (data.data, data.size, entry);
-+		slapi_ch_free (&(data.data));
-+		if (rc != 0)
-+		{
-+			if (rc != CL5_DB_LOCK_ERROR){
-+				/* Not a lock error, free the key */
-+				slapi_ch_free(&key->data);
-+			}
-+			slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+				repl_plugin_name_cl,
-+				"_cl5PurgeGetNextEntry: failed to format entry: %d\n",
-+				rc);
-+
-+		}
-+
-+		return rc;
-+	}
-+	slapi_ch_free(&(data.data));
-+
-+	/* walked of the end of the file or entry is out of range */
-+	if (rc == 0 || rc == DB_NOTFOUND){
-+		slapi_ch_free(&key->data);
-+		return CL5_NOTFOUND;
-+	}
-+	if (rc != CL5_DB_LOCK_ERROR){
-+		/* Not a lock error, free the key */
-+		slapi_ch_free(&key->data);
-+	}
-+
-+	/* cursor operation failed */
-+	slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+		repl_plugin_name_cl,
-+		"_cl5PurgeGetNextEntry: failed to get entry; db error - %d %s\n",
-+		rc, db_strerror(rc));
-+
-+	return rc;
-+}
-+
-+#define MAX_RETRIES 10
-+/*
-+ *  _cl5PurgeRID(Object *obj,  ReplicaId cleaned_rid)
-+ *
-+ *  Clean the entire changelog of updates from the "cleaned rid" via CLEANALLRUV
-+ *  Delete entries in batches so we don't consume too many db locks, and we don't
-+ *  lockup the changelog during the entire purging process using one transaction.
-+ *  We save the key from the last iteration so we don't have to start from the
-+ *  beginning for each new iteration.
-+ */
-+static void
-+_cl5PurgeRID(Object *obj,  ReplicaId cleaned_rid)
-+{
-+	slapi_operation_parameters op = {0};
-+	ReplicaId csn_rid;
-+	CL5Entry entry;
-+	DB_TXN *txnid = NULL;
-+	DBT key = {0};
-+	void *iterator = NULL;
-+	long totalTrimmed = 0;
-+	long trimmed = 0;
-+	char *starting_key = NULL;
-+	int batch_count = 0;
-+	int db_lock_retry_count = 0;
-+	int first_pass = 1;
-+	int finished = 0;
-+	int rc = 0;
-+
-+	PR_ASSERT (obj);
-+	entry.op = &op;
-+
-+	/*
-+	 * Keep processing the changelog until we are done, shutting down, or we
-+	 * maxed out on the db lock retries.
-+	 */
-+	while (!finished && db_lock_retry_count < MAX_RETRIES && !slapi_is_shutting_down()){
-+		trimmed = 0;
-+
-+		/*
-+		 * Sleep a bit to allow others to use the changelog - we can't hog the
-+		 * changelog for the entire purge.
-+		 */
-+		DS_Sleep(PR_MillisecondsToInterval(100));
-+
-+		rc = TXN_BEGIN(s_cl5Desc.dbEnv, NULL, &txnid, 0);
-+		if (rc != 0){
-+			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+				"_cl5PurgeRID: failed to begin transaction; db error - %d %s.  "
-+				"Changelog was not purged of rid(%d)\n",
-+				rc, db_strerror(rc), cleaned_rid);
-+			return;
-+		}
-+
-+		/*
-+		 * Check every changelog entry for the cleaned rid
-+		 */
-+		rc = _cl5PurgeGetFirstEntry(obj, &entry, &iterator, txnid, first_pass?0:cleaned_rid, &key);
-+		first_pass = 0;
-+		while (rc == CL5_SUCCESS && !slapi_is_shutting_down()) {
-+			/*
-+			 * Store the new starting key - we need this starting key in case
-+			 * we run out of locks and have to start the transaction over.
-+			 */
-+			slapi_ch_free_string(&starting_key);
-+			starting_key = slapi_ch_strdup((char*)key.data);
-+
-+			if(trimmed == 10000 || (batch_count && trimmed == batch_count)){
-+				/*
-+				 * Break out, and commit these deletes.  Do not free the key,
-+				 * we need it for the next pass.
-+				 */
-+				cl5_operation_parameters_done (&op);
-+				db_lock_retry_count = 0; /* reset the retry count */
-+				break;
-+			}
-+			if(op.csn){
-+				csn_rid = csn_get_replicaid (op.csn);
-+				if (csn_rid == cleaned_rid){
-+					rc = _cl5CurrentDeleteEntry (iterator);
-+					if (rc != CL5_SUCCESS){
-+						/* log error */
-+						cl5_operation_parameters_done (&op);
-+						if (rc == CL5_DB_LOCK_ERROR){
-+							/*
-+							 * Ran out of locks, need to restart the transaction.
-+							 * Reduce the the batch count and reset the key to
-+							 * the starting point
-+							 */
-+							slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+								"_cl5PurgeRID: Ran out of db locks deleting entry.  "
-+								"Reduce the batch value and restart.\n");
-+							batch_count = trimmed - 10;
-+							if (batch_count < 10){
-+								batch_count = 10;
-+							}
-+							trimmed = 0;
-+							slapi_ch_free(&(key.data));
-+							key.data = starting_key;
-+							starting_key = NULL;
-+							db_lock_retry_count++;
-+							break;
-+						} else {
-+							/* fatal error */
-+							slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+								"_cl5PurgeRID: fatal error (%d)\n", rc);
-+							slapi_ch_free(&(key.data));
-+							finished = 1;
-+							break;
-+						}
-+					}
-+					trimmed++;
-+				}
-+			}
-+			slapi_ch_free(&(key.data));
-+			cl5_operation_parameters_done (&op);
-+
-+			rc = _cl5PurgeGetNextEntry (&entry, iterator, &key);
-+			if (rc == CL5_DB_LOCK_ERROR){
-+				/*
-+				 * Ran out of locks, need to restart the transaction.
-+				 * Reduce the the batch count and reset the key to the starting
-+				 * point.
-+				 */
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+					"_cl5PurgeRID: Ran out of db locks getting the next entry.  "
-+					"Reduce the batch value and restart.\n");
-+				batch_count = trimmed - 10;
-+				if (batch_count < 10){
-+					batch_count = 10;
-+				}
-+				trimmed = 0;
-+				cl5_operation_parameters_done (&op);
-+				slapi_ch_free(&(key.data));
-+				key.data = starting_key;
-+				starting_key = NULL;
-+				db_lock_retry_count++;
-+				break;
-+			}
-+		}
-+
-+		if (rc == CL5_NOTFOUND){
-+			/* Scanned the entire changelog, we're done */
-+			finished = 1;
-+		}
-+
-+		/* Destroy the iterator before we finish with the txn */
-+		cl5DestroyIterator (iterator);
-+
-+		/*
-+		 * Commit or abort the txn
-+		 */
-+		if (rc == CL5_SUCCESS || rc == CL5_NOTFOUND){
-+			rc = TXN_COMMIT (txnid, 0);
-+			if (rc != 0){
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+					"_cl5PurgeRID: failed to commit transaction; db error - %d %s.  "
-+					"Changelog was not completely purged of rid (%d)\n",
-+					rc, db_strerror(rc), cleaned_rid);
-+				break;
-+			} else if (finished){
-+				/* We're done  */
-+				totalTrimmed += trimmed;
-+				break;
-+			} else {
-+				/* Not done yet */
-+				totalTrimmed += trimmed;
-+				trimmed = 0;
-+			}
-+		} else {
-+			rc = TXN_ABORT (txnid);
-+			if (rc != 0){
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+					"_cl5PurgeRID: failed to abort transaction; db error - %d %s.  "
-+					"Changelog was not completely purged of rid (%d)\n",
-+					rc, db_strerror(rc), cleaned_rid);
-+			}
-+			if (batch_count == 0){
-+				/* This was not a retry.  Fatal error, break out */
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+					"_cl5PurgeRID: Changelog was not purged of rid (%d)\n",
-+					cleaned_rid);
-+				break;
-+			}
-+		}
-+	}
-+	slapi_ch_free_string(&starting_key);
-+
-+	slapi_log_error (SLAPI_LOG_REPL, repl_plugin_name_cl,
-+		"_cl5PurgeRID: Removed (%ld entries) that originated from rid (%d)\n",
-+		totalTrimmed, cleaned_rid);
-+}
-+
- /* Note that each file contains changes for a single replicated area.
-    trimming algorithm:
- */
- #define CL5_TRIM_MAX_PER_TRANSACTION 10
- 
--static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
-+static void _cl5TrimFile (Object *obj, long *numToTrim)
- {
- 	DB_TXN *txnid;
- 	RUV *ruv = NULL;
-@@ -3577,7 +3927,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- 	}
- 
- 	entry.op = &op;
--
- 	while ( !finished && !slapi_is_shutting_down() )
- 	{
- 		it = NULL;
-@@ -3598,7 +3947,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- 		}
- 
- 		finished = _cl5GetFirstEntry (obj, &entry, &it, txnid);
--		while ( !finished )
-+		while ( !finished && !slapi_is_shutting_down())
- 		{
-         	/*
- 			 * This change can be trimmed if it exceeds purge
-@@ -3612,11 +3961,12 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- 				continue;
- 			}
- 			csn_rid = csn_get_replicaid (op.csn);
-+
- 			if ( (*numToTrim > 0 || _cl5CanTrim (entry.time, numToTrim)) &&
- 				 ruv_covers_csn_strict (ruv, op.csn) )
- 			{
- 				rc = _cl5CurrentDeleteEntry (it);
--				if ( rc == CL5_SUCCESS && cleaned_rid != csn_rid)
-+				if ( rc == CL5_SUCCESS)
- 				{
- 					rc = _cl5UpdateRUV (obj, op.csn, PR_FALSE, PR_TRUE);				
- 				}
-@@ -3630,7 +3980,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- 					/* The above two functions have logged the error */
- 					abort = PR_TRUE;
- 				}
--
- 			}
- 			else
- 			{
-@@ -3687,7 +4036,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- 			rc = TXN_ABORT (txnid);
- 			if (rc != 0)
- 			{
--				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- 					"_cl5TrimFile: failed to abort transaction; db error - %d %s\n",
- 					rc, db_strerror(rc));	
- 			}
-@@ -3698,7 +4047,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- 			if (rc != 0)
- 			{
- 				finished = 1;
--				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- 					"_cl5TrimFile: failed to commit transaction; db error - %d %s\n",
- 					rc, db_strerror(rc));
- 			}
-@@ -4722,9 +5071,9 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- 				goto done;
- 			}
- #endif
--			/* back off */			
-+			/* back off */
-     		interval = PR_MillisecondsToInterval(slapi_rand() % 100);
--    		DS_Sleep(interval);		
-+    		DS_Sleep(interval);
- 		}
- #if USE_DB_TXN
- 		/* begin transaction */
-@@ -4770,19 +5119,19 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- 		}
- 		cnt ++;
- 	}
--    
-+
- 	if (rc == 0) /* we successfully added entry */
- 	{
- #if USE_DB_TXN
- 		rc = TXN_COMMIT (txnid, 0);
- #endif
- 	}
--	else	
-+	else
- 	{
--		char s[CSN_STRSIZE];		
--		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
-+		char s[CSN_STRSIZE];
-+		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- 						"_cl5WriteOperationTxn: failed to write entry with csn (%s); "
--						"db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s), 
-+						"db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s),
- 						rc, db_strerror(rc));
- #if USE_DB_TXN
- 		rc = TXN_ABORT (txnid);
-@@ -4803,7 +5152,7 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
-     /* update purge vector if we have not seen any changes from this replica before */
-     _cl5UpdateRUV (file_obj, op->csn, PR_TRUE, PR_TRUE);
- 
--	slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl, 
-+	slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl,
- 			"cl5WriteOperationTxn: successfully written entry with csn (%s)\n", csnStr);
- 	rc = CL5_SUCCESS;
- done:
-@@ -4817,7 +5166,7 @@ done:
- 	return rc;
- }
- 
--static int _cl5WriteOperation(const char *replName, const char *replGen, 
-+static int _cl5WriteOperation(const char *replName, const char *replGen,
-                               const slapi_operation_parameters *op, PRBool local)
- {
-     return _cl5WriteOperationTxn(replName, replGen, op, local, NULL);
-@@ -4868,7 +5217,7 @@ static int _cl5GetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_
- 			goto done;
- 		}
- 
--		it = (CL5Iterator*)slapi_ch_malloc (sizeof (CL5Iterator));
-+		it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
- 		it->cursor  = cursor;
- 		object_acquire (obj);
- 		it->file = obj;
-@@ -4943,7 +5292,7 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
- 		slapi_ch_free (&(data.data));
- 		if (rc != 0)
- 		{
--			slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, 
-+			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- 				"_cl5GetNextEntry: failed to format entry: %d\n", rc);
- 		}
- 
-@@ -4972,38 +5321,42 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
- 	}
- 
- 	/* cursor operation failed */
--	slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
--			"_cl5GetNextEntry: failed to get entry; db error - %d %s\n", 
--			rc, db_strerror(rc));
-+	slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+		repl_plugin_name_cl,
-+		"_cl5GetNextEntry: failed to get entry; db error - %d %s\n",
-+		rc, db_strerror(rc));
- 
--	return CL5_DB_ERROR;
-+	return rc;
- }
- 
- static int _cl5CurrentDeleteEntry (void *iterator)
- {
- 	int rc;
- 	CL5Iterator *it;
--    CL5DBFile *file;
-+	CL5DBFile *file;
- 
--    PR_ASSERT (iterator);
-+	PR_ASSERT (iterator);
- 
- 	it = (CL5Iterator*)iterator;
- 
- 	rc = it->cursor->c_del (it->cursor, 0);
- 
- 	if (rc == 0) {        
--            /* decrement entry count */
--            file = (CL5DBFile*)object_get_data (it->file);
--            PR_AtomicDecrement (&file->entryCount);
--            return CL5_SUCCESS;
--        } else {
--            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
--                            "_cl5CurrentDeleteEntry failed, err=%d %s\n", 
--                            rc, db_strerror(rc));
--	    /* We don't free(close) the cursor here, as the caller will free it by a call to cl5DestroyIterator */
--	    /* Freeing it here is a potential bug, as the cursor can't be referenced later once freed */
--            return CL5_DB_ERROR;
--        }
-+		/* decrement entry count */
-+		file = (CL5DBFile*)object_get_data (it->file);
-+		PR_AtomicDecrement (&file->entryCount);
-+		return CL5_SUCCESS;
-+	} else {
-+		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+			"_cl5CurrentDeleteEntry failed, err=%d %s\n",
-+			rc, db_strerror(rc));
-+		/*
-+		 * We don't free(close) the cursor here, as the caller will free it by
-+		 * a call to cl5DestroyIterator.  Freeing it here is a potential bug,
-+		 * as the cursor can't be referenced later once freed.
-+		 */
-+		return rc;
-+	}
- }
- 
- static PRBool _cl5IsValidIterator (const CL5Iterator *iterator)
-@@ -6275,7 +6628,7 @@ static int _cl5ExportFile (PRFileDesc *prFile, Object *obj)
- 	slapi_write_buffer (prFile, "\n", strlen("\n"));
- 
- 	entry.op = &op;
--	rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL); 
-+	rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL);
- 	while (rc == CL5_SUCCESS)
- 	{
- 		rc = _cl5Operation2LDIF (&op, file->replGen, &buff, &len);
-@@ -6696,16 +7049,16 @@ cl5CleanRUV(ReplicaId rid){
-     slapi_rwlock_unlock (s_cl5Desc.stLock);
- }
- 
--void trigger_cl_trimming(ReplicaId rid){
-+void trigger_cl_purging(ReplicaId rid){
-     PRThread *trim_tid = NULL;
- 
--    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_trimming: rid (%d)\n",(int)rid);
--    trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_trimming_thread,
-+    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid);
-+    trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread,
-                    (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-                    PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE);
-     if (NULL == trim_tid){
-         slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
--            "trigger_cl_trimming: failed to create trimming "
-+            "trigger_cl_purging: failed to create trimming "
-             "thread; NSPR error - %d\n", PR_GetError ());
-     } else {
-         /* need a little time for the thread to get started */
-@@ -6714,7 +7067,7 @@ void trigger_cl_trimming(ReplicaId rid){
- }
- 
- void
--trigger_cl_trimming_thread(void *arg){
-+trigger_cl_purging_thread(void *arg){
-     ReplicaId rid = *(ReplicaId *)arg;
- 
-     /* make sure we have a change log, and we aren't closing it */
-@@ -6723,7 +7076,7 @@ trigger_cl_trimming_thread(void *arg){
-     }
-     if (CL5_SUCCESS != _cl5AddThread()) {
-         slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
--            "trigger_cl_trimming: failed to increment thread count "
-+            "trigger_cl_purging: failed to increment thread count "
-             "NSPR error - %d\n", PR_GetError ());
-     }
-     _cl5DoTrimming(rid);
-diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h
-index 5809570..4c3b8e8 100644
---- a/ldap/servers/plugins/replication/cl5_api.h
-+++ b/ldap/servers/plugins/replication/cl5_api.h
-@@ -117,6 +117,9 @@ enum
- 	CL5_CSN_ERROR,		/* CSN API failed */
- 	CL5_RUV_ERROR,		/* RUV API failed */
- 	CL5_OBJSET_ERROR,	/* namedobjset api failed */
-+	CL5_DB_LOCK_ERROR,  /* bdb returns error 12 when the db runs out of locks,
-+	                       this var needs to be in slot 12 of the list.
-+	                       Do not re-order enum above! */
- 	CL5_PURGED_DATA,    /* requested data has been purged */
- 	CL5_MISSING_DATA,   /* data should be in the changelog, but is missing */
- 	CL5_UNKNOWN_ERROR,	/* unclassified error */
-@@ -464,6 +467,6 @@ int cl5WriteRUV();
- int cl5DeleteRUV();
- void cl5CleanRUV(ReplicaId rid);
- void cl5NotifyCleanup(int rid);
--void trigger_cl_trimming(ReplicaId rid);
-+void trigger_cl_purging(ReplicaId rid);
- 
- #endif
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 660b134..faa86b8 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1439,6 +1439,11 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not
- 	 */
- 	cl5CleanRUV(rid);
- 
-+	/*
-+	 * Now purge the changelog
-+	 */
-+	trigger_cl_purging(rid);
-+
- 	if (rc != RUV_SUCCESS){
- 		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc);
- 		return LDAP_OPERATIONS_ERROR;
-@@ -1837,7 +1842,7 @@ replica_cleanallruv_thread(void *arg)
-             /* no agmts, just clean this replica */
-             break;
-         }
--        while (agmt_obj){
-+        while (agmt_obj && !slapi_is_shutting_down()){
-             agmt = (Repl_Agmt*)object_get_data (agmt_obj);
-             if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
-                 agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -1919,13 +1924,15 @@ replica_cleanallruv_thread(void *arg)
-             break;
-         }
-         /*
--         *  need to sleep between passes
-+         * Need to sleep between passes unless we are shutting down
-          */
--        cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
--            "retrying in %d seconds", interval);
--        PR_Lock( notify_lock );
--        PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
--        PR_Unlock( notify_lock );
-+        if (!slapi_is_shutting_down()){
-+            cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
-+                "retrying in %d seconds", interval);
-+            PR_Lock( notify_lock );
-+            PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+            PR_Unlock( notify_lock );
-+        }
- 
-         if(interval < 14400){ /* 4 hour max */
-             interval = interval * 2;
-@@ -1936,10 +1943,9 @@ replica_cleanallruv_thread(void *arg)
- 
- done:
-     /*
--     *  If the replicas are cleaned, release the rid, and trim the changelog
-+     *  If the replicas are cleaned, release the rid
-      */
-     if(!aborted){
--        trigger_cl_trimming(data->rid);
-         delete_cleaned_rid_config(data);
-         /* make sure all the replicas have been "pre_cleaned" before finishing */
-         check_replicas_are_done_cleaning(data);
-@@ -1949,7 +1955,7 @@ done:
-         /*
-          *  Shutdown or abort
-          */
--        if(!is_task_aborted(data->rid)){
-+        if(!is_task_aborted(data->rid) || slapi_is_shutting_down()){
-             cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Server shutting down.  Process will resume at server startup");
-         } else {
-             cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Task aborted for rid(%d).",data->rid);
-@@ -2184,7 +2190,7 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn)
-             not_all_caughtup = 0;
-             break;
-         }
--        while (agmt_obj){
-+        while (agmt_obj && !slapi_is_shutting_down()){
-             agmt = (Repl_Agmt*)object_get_data (agmt_obj);
-             if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
-                 agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -2242,7 +2248,7 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task)
-             not_all_alive = 0;
-             break;
-         }
--        while (agmt_obj){
-+        while (agmt_obj && !slapi_is_shutting_down()){
-             agmt = (Repl_Agmt*)object_get_data (agmt_obj);
-             if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
-                 agmt_obj = agmtlist_get_next_agreement_for_replica (replica, agmt_obj);
-@@ -3022,12 +3028,14 @@ replica_abort_task_thread(void *arg)
-             break;
-         }
-         /*
--         *  need to sleep between passes
-+         *  Need to sleep between passes. unless we are shutting down
-          */
--        cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
--        PR_Lock( notify_lock );
--        PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
--        PR_Unlock( notify_lock );
-+        if (!slapi_is_shutting_down()){
-+            cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
-+            PR_Lock( notify_lock );
-+            PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+            PR_Unlock( notify_lock );
-+        }
- 
-         if(interval < 14400){ /* 4 hour max */
-             interval = interval * 2;
-@@ -3045,7 +3053,7 @@ done:
-          *  Wait for this server to stop its cleanallruv task(which removes the rid from the cleaned list)
-          */
-         cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Waiting for CleanAllRUV task to abort...");
--        while(is_cleaned_rid(data->rid)){
-+        while(is_cleaned_rid(data->rid) && !slapi_is_shutting_down()){
-             DS_Sleep(PR_SecondsToInterval(1));
-             count++;
-             if(count == 60){ /* it should not take this long */
--- 
-1.9.3
-
diff --git a/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..30adc8e
--- /dev/null
+++ b/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,28 @@
+From b6fd1033881ce21513ba95b533fd35942e5b66f1 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 10:33:15 -0700
+Subject: [PATCH 11/15] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description: Fixing a compiler warning.
+(cherry picked from commit 590e2fb86ee2e1d6f169169c83917d18872a95d0)
+---
+ ldap/servers/slapd/bind.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index b441615..702d4c2 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -697,7 +697,7 @@ do_bind( Slapi_PBlock *pb )
+                 sdn = pb_sdn;
+                 dn = slapi_sdn_get_dn(sdn);
+                 if (!dn) {
+-                    char *udn = slapi_sdn_get_udn(sdn);
++                    const char *udn = slapi_sdn_get_udn(sdn);
+                     slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn %s\n", udn?udn:"");
+                     slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
+                     send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+-- 
+2.4.11
+
diff --git a/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch b/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
deleted file mode 100644
index 19dc5da..0000000
--- a/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-From 3c2165deb45571a0ff0547e5c8c2c970095cca04 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 8 Jul 2015 10:19:15 -0700
-Subject: [PATCH 11/20] Ticket #47799 - Any negative LDAP error code number
- reported as Illegal error by ldclt.
-
-Description: ldclt was implemented with mozldap, which did not expect
-negative erorr codes, but openldap does.  E.g., LDAP_FILTER_ERROR (-7)
-This patch prepares a negativeError array for the negative error codes.
-Example:
-  $ ldclt [...] -e esearch -e random -b "<basedn>" -f "<bad filter>" -v
-  Filter             = "<bad filter>"
-   ...
-  ldclt[16030]: T000: Cannot ldap_search(), error=-7 (Bad search filter) -- NULL result
-   ...
-  ldclt[16030]: Global error -7 (Bad search filter) occurs  1001 times
-  ldclt[16030]: Exit status 3 - Max errors reached.
-
-https://fedorahosted.org/389/ticket/47799
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 71be5faaa478593bb056887410ca8e48e05b2fe4)
-(cherry picked from commit 0680a45773ab4b0e92ec26caa3acbb6bab379103)
----
- ldap/servers/slapd/tools/ldclt/ldapfct.c    |  4 +++
- ldap/servers/slapd/tools/ldclt/ldclt.c      | 35 ++++++++++++++++-----
- ldap/servers/slapd/tools/ldclt/ldclt.h      | 11 ++++++-
- ldap/servers/slapd/tools/ldclt/threadMain.c | 48 +++++++++++++++++++----------
- 4 files changed, 73 insertions(+), 25 deletions(-)
-
-diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-index f906c5a..13e66b8 100644
---- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
-+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-@@ -1382,6 +1382,10 @@ printErrorFromLdap (
-   printf ("ldclt[%d]: T%03d: %s, error=%d (%s",
- 		mctx.pid, tttctx->thrdNum, errmsg,
- 		errcode, my_ldap_err2string (errcode));
-+  if (!res) {
-+    printf (") -- NULL result\n");
-+    return -1;
-+  }
- 
-   /*
-    * See if there is an additional error message...
-diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c
-index edb687f..9e573a5 100644
---- a/ldap/servers/slapd/tools/ldclt/ldclt.c
-+++ b/ldap/servers/slapd/tools/ldclt/ldclt.c
-@@ -716,19 +716,35 @@ printGlobalStatistics (void)
-    * Note:	Maybe implement a way to stop the running threads ?
-    */
-   found = 0;
--  for (i=0 ; i<MAX_ERROR_NB ; i++)
--    if (mctx.errors[i] > 0)
--    {
-+  for (i = 0; i < MAX_ERROR_NB; i++) {
-+    if (mctx.errors[i] > 0) {
-       found = 1;
-       sprintf (buf, "(%s)", my_ldap_err2string (i));
-       printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n",
-           mctx.pid, i, buf, mctx.errors[i]);
-     }
-+  }
-+#if defined(USE_OPENLDAP)
-+  for (i = 0; i < ABS(NEGATIVE_MAX_ERROR_NB); i++) {
-+    if (mctx.negativeErrors[i] > 0) {
-+      found = 1;
-+      sprintf (buf, "(%s)", my_ldap_err2string (-i));
-+      printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n",
-+          mctx.pid, -i, buf, mctx.negativeErrors[i]);
-+    }
-+  }
-+#endif
-   if (mctx.errorsBad > 0)
-   {
-     found = 1;
--    printf ("ldclt[%d]: Global illegal errors (codes not in [0, %d]) occurs %5d times\n",
--	mctx.pid, MAX_ERROR_NB-1, mctx.errorsBad);
-+    printf("ldclt[%d]: Global illegal errors (codes not in [%d, %d]) occurs %5d times\n",
-+            mctx.pid, 
-+#if defined(USE_OPENLDAP)
-+			NEGATIVE_MAX_ERROR_NB, 
-+#else
-+			0,
-+#endif
-+			MAX_ERROR_NB-1, mctx.errorsBad);
-   }
-   if (!found)
-     printf ("ldclt[%d]: Global no error occurs during this session.\n", mctx.pid);
-@@ -1293,9 +1309,14 @@ basicInit (void)
-   mctx.totNbOpers   = 0;
-   mctx.totNbSamples = 0;
-   mctx.errorsBad    = 0;
--  for (i=0 ; i<MAX_ERROR_NB ; i++)
-+  for (i = 0; i < MAX_ERROR_NB; i++) {
-     mctx.errors[i] = 0;
--
-+  }
-+#if defined(USE_OPENLDAP)
-+  for (i = 0; i < ABS(NEGATIVE_MAX_ERROR_NB); i++) {
-+    mctx.negativeErrors[i] = 0;
-+  }
-+#endif
-   /*
-    * Initiate the mutex that protect the errors statistics
-    */
-diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.h b/ldap/servers/slapd/tools/ldclt/ldclt.h
-index a48ab79..4f8f485 100644
---- a/ldap/servers/slapd/tools/ldclt/ldclt.h
-+++ b/ldap/servers/slapd/tools/ldclt/ldclt.h
-@@ -169,6 +169,9 @@ dd/mm/yy | Author	| Comments
- #ifndef LDCLT_H
- #define LDCLT_H
- 
-+#if defined(USE_OPENLDAP)
-+#define ABS(x) ((x > 0) ? (x) : (-x))
-+#endif
- /*
-  * Misc constant definitions
-  */
-@@ -183,7 +186,10 @@ dd/mm/yy | Author	| Comments
- #define DEF_PORT_CHECK	  16000 /* Port used for check processing */
- #define MAX_ATTRIBS	     40 /* Max number of attributes */	/*JLS 28-03-01*/
- #define MAX_DN_LENGTH	   1024 /* Max length for a DN */
--#define MAX_ERROR_NB	   0x62 /* Max ldap err number + 1 */
-+#define MAX_ERROR_NB	   0x7b /* Max ldap err number + 1 */
-+#if defined(USE_OPENLDAP)
-+#define NEGATIVE_MAX_ERROR_NB	   (LDAP_X_CONNECTING - 1) /* Mininum ldap err number */
-+#endif
- #define MAX_IGN_ERRORS	     20 /* Max errors ignored */
- #define MAX_FILTER	    512 /* Max filters length */
- #define MAX_THREADS	   1000 /* Max number of threads */	/*JLS 21-11-00*/
-@@ -504,6 +510,9 @@ typedef struct main_context {
-         char            *certfile;      /* certificate file */ /* BK 11-10-00 */
-         char            *cltcertname;   /* client cert name */ /* BK 23 11-00 */
- 	data_list_file	*dlf;		/* Data list files */	/*JLS 23-03-01*/
-+#if defined(USE_OPENLDAP)
-+	int		 negativeErrors[ABS(NEGATIVE_MAX_ERROR_NB)]; /* Err stats */
-+#endif
- 	int		 errors[MAX_ERROR_NB]; /* Err stats */
- 	int		 errorsBad;	/* Bad errors */
- 	ldclt_mutex_t	 errors_mutex;	/* Protect errors */	/*JLS 28-11-00*/
-diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
-index be41186..5d915fd 100644
---- a/ldap/servers/slapd/tools/ldclt/threadMain.c
-+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
-@@ -430,14 +430,26 @@ addErrorStat (
-   /*
-    * Update the counters
-    */
-+#if defined(USE_OPENLDAP)
-+  if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB))
-+#else
-   if ((err <= 0) || (err >= MAX_ERROR_NB))
-+#endif
-   {
-     fprintf (stderr, "ldclt[%d]: Illegal error number %d\n", mctx.pid, err);
-     fflush (stderr);
-     mctx.errorsBad++;
-   }
-+#if defined(USE_OPENLDAP)
-+  else if (err < 0)
-+  {
-+    mctx.negativeErrors[abs(err)]++;
-+  }
-+#endif
-   else
-+  {
-     mctx.errors[err]++;
-+  }
- 
-   /*
-    * Release the mutex
-@@ -460,26 +472,28 @@ addErrorStat (
-      * Ok, we should not ignore this error...
-      * Maybe the limit is reached ?
-      */
-+#if defined(USE_OPENLDAP)
-+    if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB))
-+#else
-     if ((err <= 0) || (err >= MAX_ERROR_NB))
--    {
--      if (mctx.errorsBad > mctx.maxErrors)
--      {
--	printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
--	(void) printGlobalStatistics();				/*JLS 25-08-00*/
--	fflush (stdout);
--	ldclt_sleep (5);
--	ldcltExit (EXIT_MAX_ERRORS);				/*JLS 25-08-00*/
-+#endif
-+	{
-+      if (mctx.errorsBad > mctx.maxErrors) {
-+        printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-+        (void) printGlobalStatistics();				/*JLS 25-08-00*/
-+        fflush (stdout);
-+        ldclt_sleep (5);
-+        ldcltExit (EXIT_MAX_ERRORS);				/*JLS 25-08-00*/
-       }
--    }
--    else
--      if (mctx.errors[err] > mctx.maxErrors)
--      {
--	printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
--	(void) printGlobalStatistics();				/*JLS 25-08-00*/
--	fflush (stdout);
--	ldclt_sleep (5);
--	ldcltExit (EXIT_MAX_ERRORS);				/*JLS 25-08-00*/
-+    } else {
-+      if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
-+        printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-+        (void) printGlobalStatistics();				/*JLS 25-08-00*/
-+        fflush (stdout);
-+        ldclt_sleep (5);
-+        ldcltExit (EXIT_MAX_ERRORS);				/*JLS 25-08-00*/
-       }
-+    }
-   }
- 
-   /*
--- 
-1.9.3
-
diff --git a/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch b/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch
new file mode 100644
index 0000000..0b18c51
--- /dev/null
+++ b/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch
@@ -0,0 +1,461 @@
+From 845915e82846c3e84a9c7585ff584da32c1c5f38 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 12 Jul 2016 14:33:17 -0700
+Subject: [PATCH 12/15] Bug 1347760 - CI test: test case for bug 1347760
+
+Description: Information disclosure via repeated use of LDAP ADD operation, etc.
+(cherry picked from commit 27b8987108d875e3e9ee0d844548f8d94db350d1)
+---
+ dirsrvtests/tests/tickets/ticket1347760_test.py | 440 ++++++++++++++++++++++++
+ 1 file changed, 440 insertions(+)
+ create mode 100644 dirsrvtests/tests/tickets/ticket1347760_test.py
+
+diff --git a/dirsrvtests/tests/tickets/ticket1347760_test.py b/dirsrvtests/tests/tickets/ticket1347760_test.py
+new file mode 100644
+index 0000000..d2e9e37
+--- /dev/null
++++ b/dirsrvtests/tests/tickets/ticket1347760_test.py
+@@ -0,0 +1,440 @@
++# --- BEGIN COPYRIGHT BLOCK ---
++# Copyright (C) 2016 Red Hat, Inc.
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details.
++# --- END COPYRIGHT BLOCK ---
++#
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++installation1_prefix = None
++
++CONFIG_DN = 'cn=config'
++BOU = 'BOU'
++BINDOU = 'ou=%s,%s' % (BOU, DEFAULT_SUFFIX)
++BUID = 'buser123'
++TUID = 'tuser0'
++BINDDN = 'uid=%s,%s' % (BUID, BINDOU)
++BINDPW = BUID
++TESTDN = 'uid=%s,ou=people,%s' % (TUID, DEFAULT_SUFFIX)
++TESTPW = TUID
++BOGUSDN = 'uid=bogus,%s' % DEFAULT_SUFFIX
++BOGUSDN2 = 'uid=bogus,ou=people,%s' % DEFAULT_SUFFIX
++BOGUSSUFFIX = 'uid=bogus,ou=people,dc=bogus'
++GROUPOU = 'ou=groups,%s' % DEFAULT_SUFFIX
++BOGUSOU = 'ou=OU,%s' % DEFAULT_SUFFIX
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++installation1_prefix = None
++
++class TopologyStandalone(object):
++    def __init__(self, standalone):
++        standalone.open()
++        self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    global installation1_prefix
++    if installation1_prefix:
++        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
++
++    # Creating standalone instance ...
++    standalone = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_STANDALONE
++    args_instance[SER_PORT] = PORT_STANDALONE
++    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_standalone = args_instance.copy()
++    standalone.allocate(args_standalone)
++    instance_standalone = standalone.exists()
++    if instance_standalone:
++        standalone.delete()
++    standalone.create()
++    standalone.open()
++
++    # Delete each instance in the end
++#    def fin():
++#        standalone.delete()
++#    request.addfinalizer(fin)
++
++    # Clear out the tmp dir
++    standalone.clearTmpDir(__file__)
++
++    return TopologyStandalone(standalone)
++
++def pattern_accesslog(file, log_pattern):
++    try:
++        pattern_accesslog.last_pos += 1
++    except AttributeError:
++        pattern_accesslog.last_pos = 0
++
++    found = None
++    file.seek(pattern_accesslog.last_pos)
++
++    # Use a while true iteration because 'for line in file: hit a
++    # python bug that break file.tell()
++    while True:
++        line = file.readline()
++        found = log_pattern.search(line)
++        if ((line == '') or (found)):
++            break
++
++    pattern_accesslog.last_pos = file.tell()
++    if found:
++        return line
++    else:
++        return None
++
++def check_op_result(server, op, dn, superior, exists, rc):
++    targetdn = dn
++    if op == 'search':
++        if exists:
++            opstr = 'Searching existing entry'
++        else:
++            opstr = 'Searching non-existing entry'
++    elif op == 'add':
++        if exists:
++            opstr = 'Adding existing entry'
++        else:
++            opstr = 'Adding non-existing entry'
++    elif op == 'modify':
++        if exists:
++            opstr = 'Modifying existing entry'
++        else:
++            opstr = 'Modifying non-existing entry'
++    elif op == 'modrdn':
++        if superior != None:
++            targetdn = superior
++            if exists:
++                opstr = 'Moving to existing superior'
++            else:
++                opstr = 'Moving to non-existing superior'
++        else:
++            if exists:
++                opstr = 'Renaming existing entry'
++            else:
++                opstr = 'Renaming non-existing entry'
++    elif op == 'delete':
++        if exists:
++            opstr = 'Deleting existing entry'
++        else:
++            opstr = 'Deleting non-existing entry'
++
++    if ldap.SUCCESS == rc:
++        expstr = 'be ok'
++    else:
++        expstr = 'fail with %s' % rc.__name__
++
++    log.info('%s %s, which should %s.' % (opstr, targetdn, expstr))
++    hit = 0
++    try:
++        if op == 'search':
++            centry = server.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*')
++        elif op == 'add':
++            server.add_s(Entry((dn, {'objectclass': 'top extensibleObject'.split(),
++                                     'cn': 'test entry'})))
++        elif op == 'modify':
++            server.modify_s(dn, [(ldap.MOD_REPLACE, 'description', 'test')])
++        elif op == 'modrdn':
++            if superior != None:
++                server.rename_s(dn, 'uid=new', newsuperior=superior, delold=1)
++            else:
++                server.rename_s(dn, 'uid=new', delold=1)
++        elif op == 'delete':
++            server.delete_s(dn)
++        else:
++            log.fatal('Unknown operation %s' % op)
++            assert False
++    except ldap.LDAPError as e:
++        hit = 1
++        log.info("Exception (expected): %s" % type(e).__name__)
++        log.info('Desc ' + e.message['desc'])
++        assert isinstance(e, rc)
++        if e.message.has_key('matched'):
++            log.info('Matched is returned: ' + e.message['matched'])
++            if rc != ldap.NO_SUCH_OBJECT:
++                assert False
++
++    if ldap.SUCCESS == rc:
++        if op == 'search':
++            log.info('Search should return none')
++            assert len(centry) == 0
++    else:
++        if 0 == hit:
++            log.info('Expected to fail with %s, but passed' % rc.__name__)
++            assert False
++
++    log.info('PASSED\n')
++
++def test_ticket1347760(topology):
++    """
++    Prevent revealing the entry info to whom has no access rights.
++    """
++    log.info('Testing Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc.')
++
++    log.info('Disabling accesslog logbuffering')
++    topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-accesslog-logbuffering', 'off')])
++
++    log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD))
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++    log.info('Adding ou=%s a bind user belongs to.' % BOU)
++    topology.standalone.add_s(Entry((BINDOU, {
++                              'objectclass': 'top organizationalunit'.split(),
++                              'ou': BOU})))
++
++    log.info('Adding a bind user.')
++    topology.standalone.add_s(Entry((BINDDN,
++                                     {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++                                      'cn': 'bind user',
++                                      'sn': 'user',
++                                      'userPassword': BINDPW})))
++
++    log.info('Adding a test user.')
++    topology.standalone.add_s(Entry((TESTDN,
++                                     {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++                                      'cn': 'test user',
++                                      'sn': 'user',
++                                      'userPassword': TESTPW})))
++
++    log.info('Deleting aci in %s.' % DEFAULT_SUFFIX)
++    topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_DELETE, 'aci', None)])
++
++    log.info('Bind case 1. the bind user has no rights to read the entry itself, bind should be successful.')
++    log.info('Bind as {%s,%s} who has no access rights.' % (BINDDN, BINDPW))
++    try:
++        topology.standalone.simple_bind_s(BINDDN, BINDPW)
++    except ldap.LDAPError as e:
++        log.info('Desc ' + e.message['desc'])
++        assert False
++
++    file_path = os.path.join(topology.standalone.prefix, 'var/log/dirsrv/slapd-%s/access' % topology.standalone.serverid)
++    file_obj = open(file_path, "r")
++    log.info('Access log path: %s' % file_path)
++
++    log.info('Bind case 2-1. the bind user does not exist, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__)
++    log.info('Bind as {%s,%s} who does not exist.' % (BOGUSDN, 'bogus'))
++    try:
++        topology.standalone.simple_bind_s(BOGUSDN, 'bogus')
++    except ldap.LDAPError as e:
++        log.info("Exception (expected): %s" % type(e).__name__)
++        log.info('Desc ' + e.message['desc'])
++        assert isinstance(e, ldap.INVALID_CREDENTIALS)
++        regex = re.compile('No such entry')
++        cause = pattern_accesslog(file_obj, regex)
++        if cause == None:
++            log.fatal('Cause not found - %s' % cause)
++            assert False
++        else:
++            log.info('Cause found - %s' % cause)
++
++    log.info('Bind case 2-2. the bind user\'s suffix does not exist, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__)
++    log.info('Bind as {%s,%s} who does not exist.' % (BOGUSSUFFIX, 'bogus'))
++    try:
++        topology.standalone.simple_bind_s(BOGUSSUFFIX, 'bogus')
++    except ldap.LDAPError as e:
++        log.info("Exception (expected): %s" % type(e).__name__)
++        log.info('Desc ' + e.message['desc'])
++        assert isinstance(e, ldap.INVALID_CREDENTIALS)
++        regex = re.compile('No such suffix')
++        cause = pattern_accesslog(file_obj, regex)
++        if cause == None:
++            log.fatal('Cause not found - %s' % cause)
++            assert False
++        else:
++            log.info('Cause found - %s' % cause)
++
++    log.info('Bind case 2-3. the bind user\'s password is wrong, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__)
++    log.info('Bind as {%s,%s} who does not exist.' % (BINDDN, 'bogus'))
++    try:
++        topology.standalone.simple_bind_s(BINDDN, 'bogus')
++    except ldap.LDAPError as e:
++        log.info("Exception (expected): %s" % type(e).__name__)
++        log.info('Desc ' + e.message['desc'])
++        assert isinstance(e, ldap.INVALID_CREDENTIALS)
++        regex = re.compile('Invalid credentials')
++        cause = pattern_accesslog(file_obj, regex)
++        if cause == None:
++            log.fatal('Cause not found - %s' % cause)
++            assert False
++        else:
++            log.info('Cause found - %s' % cause)
++
++    log.info('Adding aci for %s to %s.' % (BINDDN, BINDOU))
++    acival = '(targetattr="*")(version 3.0; acl "%s"; allow(all) userdn = "ldap:///%s";)' % (BUID, BINDDN)
++    log.info('aci: %s' % acival)
++    log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD))
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++    topology.standalone.modify_s(BINDOU, [(ldap.MOD_ADD, 'aci', acival)])
++
++    log.info('Bind case 3. the bind user has the right to read the entry itself, bind should be successful.')
++    log.info('Bind as {%s,%s} which should be ok.\n' % (BINDDN, BINDPW))
++    topology.standalone.simple_bind_s(BINDDN, BINDPW)
++
++    log.info('The following operations are against the subtree the bind user %s has no rights.' % BINDDN)
++    # Search
++    exists = True
++    rc = ldap.SUCCESS
++    log.info('Search case 1. the bind user has no rights to read the search entry, it should return no search results with %s' % rc)
++    check_op_result(topology.standalone, 'search', TESTDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.SUCCESS
++    log.info('Search case 2-1. the search entry does not exist, the search should return no search results with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'search', BOGUSDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.SUCCESS
++    log.info('Search case 2-2. the search entry does not exist, the search should return no search results with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'search', BOGUSDN2, None, exists, rc)
++
++    # Add
++    exists = True
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Add case 1. the bind user has no rights AND the adding entry exists, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'add', TESTDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Add case 2-1. the bind user has no rights AND the adding entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'add', BOGUSDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Add case 2-2. the bind user has no rights AND the adding entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'add', BOGUSDN2, None, exists, rc)
++
++    # Modify
++    exists = True
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modify case 1. the bind user has no rights AND the modifying entry exists, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modify', TESTDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modify case 2-1. the bind user has no rights AND the modifying entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modify', BOGUSDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modify case 2-2. the bind user has no rights AND the modifying entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modify', BOGUSDN2, None, exists, rc)
++
++    # Modrdn
++    exists = True
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modrdn case 1. the bind user has no rights AND the renaming entry exists, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', TESTDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modrdn case 2-1. the bind user has no rights AND the renaming entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', BOGUSDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modrdn case 2-2. the bind user has no rights AND the renaming entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', BOGUSDN2, None, exists, rc)
++
++    exists = True
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modrdn case 3. the bind user has no rights AND the node moving an entry to exists, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', TESTDN, GROUPOU, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modrdn case 4-1. the bind user has no rights AND the node moving an entry to does not, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Modrdn case 4-2. the bind user has no rights AND the node moving an entry to does not, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc)
++
++    # Delete
++    exists = True
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Delete case 1. the bind user has no rights AND the deleting entry exists, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'delete', TESTDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Delete case 2-1. the bind user has no rights AND the deleting entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'delete', BOGUSDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.INSUFFICIENT_ACCESS
++    log.info('Delete case 2-2. the bind user has no rights AND the deleting entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'delete', BOGUSDN2, None, exists, rc)
++
++    log.info('EXTRA: Check no regressions')
++    log.info('Adding aci for %s to %s.' % (BINDDN, DEFAULT_SUFFIX))
++    acival = '(targetattr="*")(version 3.0; acl "%s-all"; allow(all) userdn = "ldap:///%s";)' % (BUID, BINDDN)
++    log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD))
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++    topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', acival)])
++
++    log.info('Bind as {%s,%s}.' % (BINDDN, BINDPW))
++    try:
++        topology.standalone.simple_bind_s(BINDDN, BINDPW)
++    except ldap.LDAPError as e:
++        log.info('Desc ' + e.message['desc'])
++        assert False
++
++    exists = False
++    rc = ldap.NO_SUCH_OBJECT
++    log.info('Search case. the search entry does not exist, the search should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'search', BOGUSDN2, None, exists, rc)
++    file_obj.close()
++
++    exists = True
++    rc = ldap.ALREADY_EXISTS
++    log.info('Add case. the adding entry already exists, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'add', TESTDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.NO_SUCH_OBJECT
++    log.info('Modify case. the modifying entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modify', BOGUSDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.NO_SUCH_OBJECT
++    log.info('Modrdn case 1. the renaming entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', BOGUSDN, None, exists, rc)
++
++    exists = False
++    rc = ldap.NO_SUCH_OBJECT
++    log.info('Modrdn case 2. the node moving an entry to does not, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc)
++
++    exists = False
++    rc = ldap.NO_SUCH_OBJECT
++    log.info('Delete case. the deleting entry does not exist, it should fail with %s' % rc.__name__)
++    check_op_result(topology.standalone, 'delete', BOGUSDN, None, exists, rc)
++
++    log.info('SUCCESS')
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
+-- 
+2.4.11
+
diff --git a/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch b/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
deleted file mode 100644
index f850942..0000000
--- a/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-From a8e885d2d69381adc483d1a506b9f1e739a507f5 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 8 Jul 2015 17:21:57 -0400
-Subject: [PATCH 12/20] Ticket 48013 - Inconsistent behaviour of DS when LDAP
- Sync is used with an invalid cookie
-
-Bug Description:  Some invalid cookies are treated as errors, while others are not.
-
-Fix Description:  Perform the cookie parsing and validation in the same step. This
-                  gives consistent results.
-
-https://fedorahosted.org/389/ticket/48013
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit fdf46817fcc3b334bd477316d253bc18f243c0f6)
-(cherry picked from commit 41dff5ba7a6368bfb2d8a2057dd5ba5b6a91d175)
----
- dirsrvtests/tickets/ticket48013_test.py  | 134 +++++++++++++++++++++++++++++++
- ldap/servers/plugins/sync/sync_refresh.c |   7 +-
- 2 files changed, 138 insertions(+), 3 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket48013_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48013_test.py b/dirsrvtests/tickets/ticket48013_test.py
-new file mode 100644
-index 0000000..0ccdeba
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48013_test.py
-@@ -0,0 +1,134 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+import pyasn1
-+import pyasn1_modules
-+import ldap,ldapurl
-+from ldap.ldapobject import SimpleLDAPObject
-+from ldap.syncrepl import SyncreplConsumer
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+    def __init__(self, standalone):
-+        standalone.open()
-+        self.standalone = standalone
-+
-+
-+class SyncObject(SimpleLDAPObject, SyncreplConsumer):
-+    def __init__(self, uri):
-+        # Init the ldap connection
-+        SimpleLDAPObject.__init__(self, uri)
-+
-+    def sync_search(self, test_cookie):
-+        self.syncrepl_search('dc=example,dc=com', ldap.SCOPE_SUBTREE,
-+                             filterstr='(objectclass=*)', mode='refreshOnly',
-+                             cookie=test_cookie)
-+
-+    def poll(self):
-+        self.syncrepl_poll(all=1)
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    global installation1_prefix
-+    if installation1_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+    # Creating standalone instance ...
-+    standalone = DirSrv(verbose=False)
-+    args_instance[SER_HOST] = HOST_STANDALONE
-+    args_instance[SER_PORT] = PORT_STANDALONE
-+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+    args_standalone = args_instance.copy()
-+    standalone.allocate(args_standalone)
-+    instance_standalone = standalone.exists()
-+    if instance_standalone:
-+        standalone.delete()
-+    standalone.create()
-+    standalone.open()
-+
-+    # Clear out the tmp dir
-+    standalone.clearTmpDir(__file__)
-+
-+    return TopologyStandalone(standalone)
-+
-+
-+def test_ticket48013(topology):
-+    '''
-+    Content Synchonization: Test that invalid cookies are caught
-+    '''
-+
-+    cookies = ('#', '##', 'a#a#a', 'a#a#1')
-+
-+    # Enable dynamic plugins
-+    try:
-+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', 'on')])
-+    except ldap.LDAPError as e:
-+        ldap.error('Failed to enable dynamic plugin!' + e.message['desc'])
-+        assert False
-+
-+    # Enable retro changelog
-+    topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
-+
-+    # Enbale content sync plugin
-+    topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)
-+
-+    # Set everything up
-+    ldap_url = ldapurl.LDAPUrl('ldap://localhost:31389')
-+    ldap_connection = SyncObject(ldap_url.initializeUrl())
-+
-+    # Authenticate
-+    try:
-+        ldap_connection.simple_bind_s(DN_DM, PASSWORD)
-+    except ldap.LDAPError as e:
-+        print('Login to LDAP server failed: %s' % e.message['desc'])
-+        assert False
-+
-+    # Test invalid cookies
-+    for invalid_cookie in cookies:
-+        log.info('Testing cookie: %s' % invalid_cookie)
-+        try:
-+            ldap_connection.sync_search(invalid_cookie)
-+            ldap_connection.poll()
-+            log.fatal('Invalid cookie accepted!')
-+            assert False
-+        except Exception as e:
-+            log.info('Invalid cookie correctly rejected: %s' % e.message['info'])
-+            pass
-+
-+    # Success
-+    log.info('Test complete')
-+
-+
-+def test_ticket48013_final(topology):
-+    topology.standalone.delete()
-+    log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+    global installation1_prefix
-+    installation1_prefix = None
-+
-+    topo = topology(True)
-+    test_ticket48013(topo)
-+    test_ticket48013_final(topo)
-+
-+
-+if __name__ == '__main__':
-+    run_isolated()
-+
-diff --git a/ldap/servers/plugins/sync/sync_refresh.c b/ldap/servers/plugins/sync/sync_refresh.c
-index 1ae2604..beb87ab 100644
---- a/ldap/servers/plugins/sync/sync_refresh.c
-+++ b/ldap/servers/plugins/sync/sync_refresh.c
-@@ -113,9 +113,10 @@ int sync_srch_refresh_pre_search(Slapi_PBlock *pb)
- 			 * 	-- return e-syncRefreshRequired if the data referenced in the cookie are no
- 			 * 		longer in the history
- 			*/
--			if (cookie && 
--				( client_cookie = sync_cookie_parse (cookie))) {
--				if (sync_cookie_isvalid(client_cookie, session_cookie)) {
-+			if (cookie) {
-+				if ((client_cookie = sync_cookie_parse (cookie)) &&
-+				    sync_cookie_isvalid(client_cookie, session_cookie))
-+				{
- 					rc = sync_refresh_update_content(pb, client_cookie, session_cookie);
- 					if (rc == 0) 
- 						entries_sent = 1;
--- 
-1.9.3
-
diff --git a/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch b/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
deleted file mode 100644
index 3fe4c40..0000000
--- a/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-From cb54fa78fdd5e94f890c3fa1c03481358e3c82ce Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 9 Jul 2015 09:59:46 -0400
-Subject: [PATCH 13/20] Ticket 48217 - cleanAllRUV hangs shutdown if not all of
- the  replicas are online
-
-Bug Description:  There are race conditions where we might not notify the
-                  clean task when a shutdown is occuring.  This casues the
-                  task refcount to be not decremented, which hangs the
-                  destructor function.
-
-Fix Description:  Check that the server is not shutting down before going
-                  to sleep, and notify the clean/abort tasks to stop in
-                  the destructor functions(instead of in the mmr plugin stop
-                  function).
-
-https://fedorahosted.org/389/ticket/48217
-
-Reviewed by: lkrispen(Thanks!)
-
-(cherry picked from commit d6269f2e6898a187d43e3368860b13cdbd39ec55)
-(cherry picked from commit 0bb881aea92d64e509cf7604e86559779e4f9b77)
----
- .../plugins/replication/repl5_replica_config.c     | 49 ++++++++++++++--------
- 1 file changed, 31 insertions(+), 18 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index faa86b8..446da3f 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1738,7 +1738,9 @@ replica_cleanallruv_thread(void *arg)
-     }
-     if (data->task) {
-         slapi_task_inc_refcount(data->task);
--        slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_cleanallruv_thread --> refcount incremented.\n");
-+        slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name,
-+            "replica_cleanallruv_thread --> refcount incremented (%d).\n",
-+            data->task->task_refcount);
-     }
-     /*
-      *  Initialize our settings
-@@ -1871,10 +1873,11 @@ replica_cleanallruv_thread(void *arg)
-          */
-         cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas have received the "
-             "cleanallruv extended op, retrying in %d seconds",interval);
--        PR_Lock( notify_lock );
--        PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
--        PR_Unlock( notify_lock );
--
-+        if(!slapi_is_shutting_down()){
-+            PR_Lock( notify_lock );
-+            PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+            PR_Unlock( notify_lock );
-+        }
-         if(interval < 14400){ /* 4 hour max */
-             interval = interval * 2;
-         } else {
-@@ -1974,6 +1977,7 @@ done:
-     if(data->repl_obj && free_obj){
-         object_release(data->repl_obj);
-     }
-+
-     csn_free(&data->maxcsn);
-     slapi_sdn_free(&data->sdn);
-     slapi_ch_free_string(&data->repl_root);
-@@ -1987,6 +1991,7 @@ replica_cleanall_ruv_destructor(Slapi_Task *task)
- {
- 	slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
- 		"replica_cleanall_ruv_destructor -->\n" );
-+	stop_ruv_cleaning();
- 	if (task) {
- 		while (slapi_task_get_refcount(task) > 0) {
- 			/* Yield to wait for the fixup task finishes. */
-@@ -2002,6 +2007,7 @@ replica_cleanall_ruv_abort_destructor(Slapi_Task *task)
- {
- 	slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
- 		"replica_cleanall_ruv_abort_destructor -->\n" );
-+	stop_ruv_cleaning();
- 	if (task) {
- 		while (slapi_task_get_refcount(task) > 0) {
- 			/* Yield to wait for the fixup task finishes. */
-@@ -2055,9 +2061,11 @@ check_replicas_are_done_cleaning(cleanruv_data *data )
-             break;
-         }
-         cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas finished cleaning, retrying in %d seconds",interval);
--        PR_Lock( notify_lock );
--        PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
--        PR_Unlock( notify_lock );
-+        if(!slapi_is_shutting_down()){
-+            PR_Lock( notify_lock );
-+            PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+            PR_Unlock( notify_lock );
-+        }
-         if(interval < 14400){ /* 4 hour max */
-             interval = interval * 2;
-         } else {
-@@ -2158,9 +2166,11 @@ check_replicas_are_done_aborting(cleanruv_data *data )
-             break;
-         }
-         cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Not all replicas finished aborting, retrying in %d seconds",interval);
--        PR_Lock( notify_lock );
--        PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
--        PR_Unlock( notify_lock );
-+        if(!slapi_is_shutting_down()){
-+            PR_Lock( notify_lock );
-+            PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+            PR_Unlock( notify_lock );
-+        }
-         if(interval < 14400){ /* 4 hour max */
-             interval = interval * 2;
-         } else {
-@@ -2212,10 +2222,11 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn)
-         }
-         cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,
-                 "Not all replicas caught up, retrying in %d seconds",interval);
--        PR_Lock( notify_lock );
--        PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
--        PR_Unlock( notify_lock );
--
-+        if(!slapi_is_shutting_down()){
-+            PR_Lock( notify_lock );
-+            PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+            PR_Unlock( notify_lock );
-+        }
-         if(interval < 14400){ /* 4 hour max */
-             interval = interval * 2;
-         } else {
-@@ -2271,10 +2282,12 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task)
-         }
-         cleanruv_log(task, rid, CLEANALLRUV_ID, "Not all replicas online, retrying in %d seconds...",
-                 interval);
--        PR_Lock( notify_lock );
--        PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
--        PR_Unlock( notify_lock );
- 
-+        if(!slapi_is_shutting_down()){
-+            PR_Lock( notify_lock );
-+            PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+            PR_Unlock( notify_lock );
-+        }
-         if(interval < 14400){ /* 4 hour max */
-             interval = interval * 2;
-         } else {
--- 
-1.9.3
-
diff --git a/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch b/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
new file mode 100644
index 0000000..c5e693a
--- /dev/null
+++ b/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
@@ -0,0 +1,107 @@
+From 9f8d3fc5bd7cb1e00b6bd48669b8074849f4c5da Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Thu, 14 Jul 2016 13:47:11 +1000
+Subject: [PATCH 13/15] Ticket 48925 - slapd crash with SIGILL: Dsktune should
+ detect lack of CMPXCHG16B
+
+Bug Description:  On older AMD the CMPXCHG16B is not present. This is critical
+to the correct operation of lfds. Without out it we are unable to use nunc-stans
+
+Fix Description:  dsktune should warn if CMPXCHG16B (flag cx16) is not present.
+In a future release we will NOT allow installation upon a platform that lacks
+this instruction.
+
+https://fedorahosted.org/389/ticket/48925
+
+Author: wibrown
+
+Review by: nhosoi (Thank you!)
+
+(cherry picked from commit 5eb19778f7939967e8ca714c4d4cb03ffa11064d)
+---
+ ldap/systools/idsktune.c | 40 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 39 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index c7e76e7..b6c352a 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -11,11 +11,12 @@
+ #  include <config.h>
+ #endif
+ 
++#define _GNU_SOURCE
+ 
+ /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+  *    Don't forget to update build_date when the patch sets are updated. 
+  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+-static char *build_date = "23-FEBRUARY-2012";
++static char *build_date = "14-JULY-2016";
+ 
+ #if defined(linux) || defined(__linux) || defined(__linux__)
+ #define IDDS_LINUX_INCLUDE 1
+@@ -32,10 +33,12 @@ static char *build_date = "23-FEBRUARY-2012";
+ #include <sys/resource.h>
+ #include <unistd.h>
+ #endif
++
+ #include <stdlib.h>
+ #include <string.h>
+ #include <errno.h>
+ #include <ctype.h>
++
+ #if !defined(__VMS) && !defined(IDDS_LINUX_INCLUDE)
+ #if defined(__hpux) && defined(f_type)
+ #undef f_type
+@@ -864,6 +867,39 @@ done:
+         free(cmd);
+     }
+ }
++
++
++static void
++linux_check_cpu_features(void)
++{
++    FILE *cpuinfo = fopen("/proc/cpuinfo", "rb");
++    char *arg = 0;
++    char *token = NULL;
++    size_t size = 0;
++    int found = 0;
++    while(getline(&arg, &size, cpuinfo) != -1)
++    {
++        if (strncmp("flags", arg, 5) == 0) {
++            token = strtok(arg, " ");
++            while (token != NULL) {
++                if (strncmp(token, "cx16", 4) == 0) {
++                    found += 1;
++                }
++                token = strtok(NULL, " ");
++            }
++        }
++    }
++    free(arg);
++    fclose(cpuinfo);
++
++    if (found == 0) {
++        flag_os_bad = 1;
++        printf("ERROR: This system does not support CMPXCHG16B instruction (cpuflag cx16).\n");
++        printf("       nsslapd-enable-nunc-stans must be set to "off" on this system. \n");
++        printf("       In a future release of Directory Server this platform will NOT be supported.\n\n");
++    }
++
++}
+ #endif /* IDDS_LINUX_INCLUDE */
+ 
+ 
+@@ -976,6 +1012,8 @@ static void gen_tests (void)
+ 
+ #if defined(IDDS_LINUX_INCLUDE)
+     linux_check_release();
++
++    linux_check_cpu_features();
+ #endif
+ 
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch b/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
deleted file mode 100644
index f1e78fb..0000000
--- a/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 4fe9f07d50f383e3765ba97294f8b641f7feefa3 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 9 Jul 2015 17:23:57 -0700
-Subject: [PATCH 14/20] Ticket #48216 - crash in ns-slapd when deleting
- winSyncSubtreePair from sync agreement
-
-Description: In free_subtree_pairs, the condition for stopping the
-loop to clean up the AD and DS subtree dn was incomplete.
-
-This patch checks the AD and DS subtree dn and if any of the pair
-is NULL, it stops the clean up.  Related to the issue, more checks
-for the validation of the winSyncSubtreePair is added so that any
-single valued cases are ignored with an error log.
-[single valued case examples]
-  winSyncSubtreePair: ou=People,dc=anytree
-  winSyncSubtreePair: ou=People,dc=anytree:
-  winSyncSubtreePair: :ou=People,dc=anytree
-
-https://fedorahosted.org/389/ticket/48216
-
-Reviewed by rmeggins@redht.com (Thank you, Rich!!)
-
-(cherry picked from commit 6dce81e77a47dc23e0b825952c97112039f45201)
-(cherry picked from commit 6d177bf359c022f1e46d575c6fe3ad3d97f1cfeb)
----
- ldap/servers/plugins/replication/windows_private.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c
-index 36015c2..f5cb44e 100644
---- a/ldap/servers/plugins/replication/windows_private.c
-+++ b/ldap/servers/plugins/replication/windows_private.c
-@@ -885,7 +885,7 @@ windows_private_get_subtreepairs(const Repl_Agmt *ra)
- 	return dp->subtree_pairs;
- }
- 
--/* parray is NOT passed in */
-+/* parray is NOT passed in; caller frees it. */
- void
- windows_private_set_subtreepairs(const Repl_Agmt *ra, char **parray)
- {
-@@ -930,6 +930,12 @@ create_subtree_pairs(char **pairs)
- 	for (ptr = pairs; ptr && *ptr; ptr++) {
- 		p0 = ldap_utf8strtok_r(*ptr, ":", &saveptr);
- 		p1 = ldap_utf8strtok_r(NULL, ":", &saveptr);
-+		if ((NULL == p0) || (NULL == p1)) {
-+			LDAPDebug1Arg(LDAP_DEBUG_ANY, 
-+			              "create_subtree_pairs: "
-+			              "Ignoring invalid subtree pairs \"%s\".\n", *ptr);
-+			continue;
-+		}
- 		spp->DSsubtree = slapi_sdn_new_dn_byval(p0);
- 		if (NULL == spp->DSsubtree) {
- 			LDAPDebug1Arg(LDAP_DEBUG_ANY, 
-@@ -960,7 +966,11 @@ free_subtree_pairs(subtreePair **pairs)
- 	if (NULL == pairs) {
- 		return;
- 	}
--	for (p = *pairs; p; p++) {
-+	/*
-+	 * If exists, the subtree pair is both non-NULL or NULL.
-+	 * Both NULL is the condition to stop the loop.
-+	 */
-+	for (p = *pairs; p && p->ADsubtree && p->DSsubtree; p++) {
- 		slapi_sdn_free(&(p->ADsubtree));
- 		slapi_sdn_free(&(p->DSsubtree));
- 	}
--- 
-1.9.3
-
diff --git a/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch b/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
new file mode 100644
index 0000000..d9c3309
--- /dev/null
+++ b/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
@@ -0,0 +1,31 @@
+From 8464ea4aa20182d3f56c06287cbb8a2ff71e2837 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 15:36:03 -0700
+Subject: [PATCH 14/15] Ticket 48925 - slapd crash with SIGILL: Dsktune should
+ detect lack of CMPXCHG16B
+
+Description: escaping '"' in the ERROR message.
+
+Reviewed by: one-line rule
+
+(cherry picked from commit 975e0fae044a08d2755b2394bac09d722bd1bae0)
+---
+ ldap/systools/idsktune.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index b6c352a..ad6a39e 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -895,7 +895,7 @@ linux_check_cpu_features(void)
+     if (found == 0) {
+         flag_os_bad = 1;
+         printf("ERROR: This system does not support CMPXCHG16B instruction (cpuflag cx16).\n");
+-        printf("       nsslapd-enable-nunc-stans must be set to "off" on this system. \n");
++        printf("       nsslapd-enable-nunc-stans must be set to \"off\" on this system. \n");
+         printf("       In a future release of Directory Server this platform will NOT be supported.\n\n");
+     }
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch b/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
deleted file mode 100644
index a2c2fe1..0000000
--- a/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 8f298b2241bb1dc1342b3f7435806af0c22c9f69 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 13 Jul 2015 12:24:19 -0400
-Subject: [PATCH 15/20] Ticket 48119 - Silent install needs to properly exit
- when INF file is missing
-
-Bug Description:  If the INF file is not present, we don't log the error to the
-                  setup log file.  We also don't properly check for the suitespot
-                  user, which also does not properly exit if the calling user is root.
-
-Fix Description:  Properly exit if the INF file is missing, or the suitespot user
-                  is not set(and we are running the script as root).
-
-https://fedorahosted.org/389/ticket/48119
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 5363898b122b1a7e7ad07fdc0ad074e91cd1510f)
-(cherry picked from commit eeddc9f03b6131f5c8ba715a0a05bb1280a4f9ef)
----
- ldap/admin/src/scripts/DSCreate.pm.in  | 3 ++-
- ldap/admin/src/scripts/Inf.pm          | 8 ++++++--
- ldap/admin/src/scripts/Setup.pm.in     | 3 +++
- ldap/admin/src/scripts/setup-ds.res.in | 1 +
- 4 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
-index f44afbb..e4a4ed0 100644
---- a/ldap/admin/src/scripts/DSCreate.pm.in
-+++ b/ldap/admin/src/scripts/DSCreate.pm.in
-@@ -797,8 +797,9 @@ sub setDefaults {
-     if (!$inf->{General}->{SuiteSpotUserID}) {
-         if ($> != 0) { # if not root, use the user's uid
-             $inf->{General}->{SuiteSpotUserID} = getLogin;
-+        } else {
-+            return('error_missing_userid');
-         }
--        # otherwise, the uid must be specified
-     }
- 
-     if (!$inf->{General}->{SuiteSpotGroup}) {
-diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm
-index ec433e2..d4c55f1 100644
---- a/ldap/admin/src/scripts/Inf.pm
-+++ b/ldap/admin/src/scripts/Inf.pm
-@@ -31,7 +31,9 @@ sub new {
-     $self = bless $self, $type;
- 
-     if ($self->{filename}) {
--        $self->read();
-+        if($self->read() != 0){
-+            undef $self;
-+        }
-     }
- 
-     return $self;
-@@ -61,7 +63,7 @@ sub read {
-     } else {
-         if (!open(INF, $filename)) {
-             debug(0, "Error: could not open inf file $filename: $!\n");
--            return;
-+            return -1;
-         }
-         $inffh = \*INF;
-     }
-@@ -118,6 +120,8 @@ sub read {
-     if ($inffh ne \*STDIN) {
-         close $inffh;
-     }
-+
-+    return 0;
- }
- 
- sub section {
-diff --git a/ldap/admin/src/scripts/Setup.pm.in b/ldap/admin/src/scripts/Setup.pm.in
-index cd49d95..99025ab 100644
---- a/ldap/admin/src/scripts/Setup.pm.in
-+++ b/ldap/admin/src/scripts/Setup.pm.in
-@@ -117,6 +117,9 @@ sub init {
-     # if user supplied inf file, use that to initialize
-     if (defined($inffile)) {
-         $self->{inf} = new Inf($inffile);
-+        if(!$self->{inf}){
-+            $self->doExit(1);
-+        }
-     } else {
-         $self->{inf} = new Inf;
-     }
-diff --git a/ldap/admin/src/scripts/setup-ds.res.in b/ldap/admin/src/scripts/setup-ds.res.in
-index 011bf36..7134e25 100644
---- a/ldap/admin/src/scripts/setup-ds.res.in
-+++ b/ldap/admin/src/scripts/setup-ds.res.in
-@@ -118,6 +118,7 @@ error_enabling_feature = Could not enable the directory server feature '%s'.  Er
- error_importing_ldif = Could not import LDIF file '%s'.  Error: %s.  Output: %s\n
- error_starting_server = Could not start the directory server using command '%s'.  The last line from the error log was '%s'.  Error: %s\n
- error_stopping_server = Could not stop the directory server '%s'.  Error: %s\n
-+error_missing_userid = The SuiteSpotUserID is missing.  This must be set to valid user\n
- error_missing_port_and_ldapi = Either ServerPort or ldapifilepath must be specified.  The server must listen to something.\n
- error_missing_port = No ServerPort specified.  The server must have a port number to listen to (default 389).\n
- error_server_already_exists = Error: the server already exists at '%s'\
--- 
-1.9.3
-
diff --git a/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
new file mode 100644
index 0000000..3998c3a
--- /dev/null
+++ b/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
@@ -0,0 +1,74 @@
+From bd07b274a2bdbb1accf0d808c1c6a774c95d10db Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 16:35:38 -0700
+Subject: [PATCH 15/15] Ticket #48919 - Compiler warnings while building
+ 389-ds-base on RHEL7
+
+Description: Fixing additional complier warnings.
+1. ldap/servers/slapd/attrsyntax.c
+   attr_syntax_force_to_delete(struct asyntaxinfo *asip, void *arg)
+   This function does not care the attr_syntax_enum_flaginfo.
+2. ldap/servers/slapd/detach.c
+   Let detach use the rc which must be 0 (success).
+3. ldap/systools/idsktune.c
+   Removing #define _GNU_SOURCE from idsktune.c.
+   The macro is defined in config.h generated by configure.
+     $ egrep _GNU_SOURCE config.h
+     #define _GNU_SOURCE 1
+
+https://fedorahosted.org/389/ticket/48919
+
+Reviewed by wibrown@redhat.com (Thanks, William!)
+
+(cherry picked from commit 7c9853e07a85db3b46cd1eb6eacdacf3f17c39a0)
+---
+ ldap/servers/slapd/attrsyntax.c | 4 ----
+ ldap/servers/slapd/detach.c     | 2 +-
+ ldap/systools/idsktune.c        | 2 --
+ 3 files changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
+index 8b2a77a..aec6d21 100644
+--- a/ldap/servers/slapd/attrsyntax.c
++++ b/ldap/servers/slapd/attrsyntax.c
+@@ -1390,11 +1390,7 @@ attr_syntax_delete_if_not_flagged(struct asyntaxinfo *asip, void *arg)
+ static int
+ attr_syntax_force_to_delete(struct asyntaxinfo *asip, void *arg)
+ {
+-	struct attr_syntax_enum_flaginfo	*fi;
+-
+ 	PR_ASSERT( asip != NULL );
+-	fi = (struct attr_syntax_enum_flaginfo *)arg;
+-	PR_ASSERT( fi != NULL );
+ 
+ 	attr_syntax_delete_no_lock( asip, PR_FALSE, 0 );
+ 	return ATTR_SYNTAX_ENUM_REMOVE;
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index b055a5c..54c6028 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -133,7 +133,7 @@ detach( int slapd_exemode, int importexport_encrypt,
+ 	}
+ 
+ 	(void) SIGNAL( SIGPIPE, SIG_IGN );
+-	return 0;
++	return rc;
+ }
+ 
+ /*
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index ad6a39e..4c96529 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -11,8 +11,6 @@
+ #  include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+-
+ /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+  *    Don't forget to update build_date when the patch sets are updated. 
+  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+-- 
+2.4.11
+
diff --git a/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch b/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
deleted file mode 100644
index 3d68e2b..0000000
--- a/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e0ceac7c48a4cc616f1602d4cc3430a306740021 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 13 Jul 2015 13:12:12 -0400
-Subject: [PATCH 16/20] Ticket 47878 - Remove warning suppression in 1.3.4
-
-Description:  Perl 5.16 does not support the warning suppression of
-              "smartmatch", but 5.18 does.  RHEL 7 is currently only
-              using 5.16, so it needs to be removed from 1.3.4 for now.
-
-https://fedorahosted.org/389/ticket/47878
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit d8b7a3c93692eae229c74ef67f6f608f95eb2eef)
----
- ldap/admin/src/scripts/52updateAESplugin.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/admin/src/scripts/52updateAESplugin.pl b/ldap/admin/src/scripts/52updateAESplugin.pl
-index ae258b6..4225770 100644
---- a/ldap/admin/src/scripts/52updateAESplugin.pl
-+++ b/ldap/admin/src/scripts/52updateAESplugin.pl
-@@ -6,7 +6,7 @@ use File::Basename;
- use File::Copy;
- use DSUtil qw(debug serverIsRunning);
- 
--no warnings 'experimental::smartmatch';
-+# no warnings 'experimental::smartmatch';   warning supression available in perl 5.18
- 
- #
- # Check if there is a DES plugin and make sure the AES plugin contains the same attributes
--- 
-1.9.3
-
diff --git a/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
new file mode 100644
index 0000000..57e4f2e
--- /dev/null
+++ b/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
@@ -0,0 +1,97 @@
+From 6f55a77b49ecdec56817039308f7c07da820fb62 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 19:09:21 -0700
+Subject: [PATCH] Ticket #48919 - Compiler warnings while building 389-ds-base
+ on RHEL7
+
+Description: Fixing additional covscan errors.
+1. RESOURCE_LEAK
+   ldap/servers/slapd/agtmmap.c
+   agt_mopen_stats - leaked_handle: Handle variable "fd" going out of scope leaks the handle.
+2. CHECKED_RETURN
+   ldap/servers/slapd/back-ldbm/cache.c
+   entrycache_return - check_return: Calling "remove_hash" without checking return value
+3. NULL_RETURNS
+   ldap/systools/idsktune.c
+   linux_check_cpu_features - dereference: Dereferencing a pointer that might be null "cpuinfo" when calling "fclose".
+4. UNINIT
+   ldap/servers/slapd/detach.c
+   detach - uninit_use: Using uninitialized value "rc".
+
+https://fedorahosted.org/389/ticket/48919
+(cherry picked from commit 381caf52a06ad8cefa9daa99586878249a4aa4f2)
+---
+ ldap/servers/slapd/agtmmap.c         | 1 +
+ ldap/servers/slapd/back-ldbm/cache.c | 6 ++++--
+ ldap/servers/slapd/detach.c          | 3 ++-
+ ldap/systools/idsktune.c             | 4 ++++
+ 4 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/servers/slapd/agtmmap.c b/ldap/servers/slapd/agtmmap.c
+index 629bc1b..b9d66d9 100644
+--- a/ldap/servers/slapd/agtmmap.c
++++ b/ldap/servers/slapd/agtmmap.c
+@@ -167,6 +167,7 @@ agt_mopen_stats (char * statsfile, int mode, int *hdl)
+ #endif
+                        rc = err;
+                        free (buf);
++                       close(fd);
+                        goto bail;
+                    }
+                    free (buf);
+diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c
+index bb4e55e..015cd48 100644
+--- a/ldap/servers/slapd/back-ldbm/cache.c
++++ b/ldap/servers/slapd/back-ldbm/cache.c
+@@ -1142,7 +1142,9 @@ entrycache_return(struct cache *cache, struct backentry **bep)
+                      * so we need to remove the entry from the DN cache because
+                      * we don't/can't always call cache_remove().
+                      */
+-                    remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn));
++                    if (remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn)) == 0) {
++                        LOG("entrycache_return: failed to remove %s from dn table\n", ndn, 0, 0);
++                    }
+                 }
+                 backentry_free(bep);
+             } else {
+@@ -1392,7 +1394,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state,
+                 return 0;
+             }
+             if(remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn)) == 0){
+-                LOG("entrycache_add_int: failed to remove %s from dn table\n", 0, 0, 0);
++                LOG("entrycache_add_int: failed to remove %s from dn table\n", ndn, 0, 0);
+             }
+             e->ep_state |= ENTRY_STATE_NOTINCACHE;
+             cache_unlock(cache);
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index 54c6028..84a9eef 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -48,7 +48,8 @@ int
+ detach( int slapd_exemode, int importexport_encrypt,
+         int s_port, daemon_ports_t *ports_info )
+ {
+-	int i, sd, rc;
++	int i, sd;
++	int rc = 0;
+ 	char *workingdir = 0;
+ 	char *errorlog = 0;
+ 	char *ptr = 0;
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index 4c96529..08b7f12 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -875,6 +875,10 @@ linux_check_cpu_features(void)
+     char *token = NULL;
+     size_t size = 0;
+     int found = 0;
++    if (NULL == cpuinfo) {
++        printf("ERROR: Unable to check cpu features since opening \"/proc/cpuinfo\" failed.\n");
++        return;
++    }
+     while(getline(&arg, &size, cpuinfo) != -1)
+     {
+         if (strncmp("flags", arg, 5) == 0) {
+-- 
+2.4.11
+
diff --git a/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch b/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
deleted file mode 100644
index 9a1049b..0000000
--- a/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 8622b69a733a6126414876f11ab627211cb3bd06 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 13 Jul 2015 17:51:01 -0700
-Subject: [PATCH 17/20] Ticket #48223 - Winsync fails when AD users have
- multiple spaces (two)inside the value of the rdn attribute
-
-Description: When the dirsync search returns a remote entry, winsync
-search the entry with DN to retrieve the whole attribute value pairs.
-The DN used for the search was normalized which replaced multiple white-
-spaces with one in the DN.  This patch does not used the normalized DN,
-but the same DN given by AD.
-
-The DN normalization behaviour was introduced to fix a ticket #529 -
-dn normalization must handle multiple space characters in attributes.
-
-Added additional debugging to get the info which entry failed to sync.
-
-https://fedorahosted.org/389/ticket/48223
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 2c484cc6e89e473bced0e9b25dd6e68d53024bb3)
-(cherry picked from commit 69fd1f188105b2c3ca1bee04b05909e53c980b34)
----
- ldap/servers/plugins/posix-winsync/posix-group-func.c    |  2 +-
- ldap/servers/plugins/replication/windows_protocol_util.c | 11 +++++++----
- 2 files changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
-index 5f841e5..a497f3f 100644
---- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
-+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
-@@ -95,7 +95,7 @@ getEntry(const char *udn, char **attrs)
-     }
-     else {
-         slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
--                        "getEntry: error searching for uid: %d\n", rc);
-+                        "getEntry: error searching for uid %s: %d\n", udn, rc);
-     }
- 
-     return NULL;
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 4607251..6bf20b7 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -3226,7 +3226,7 @@ windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,
- 	const char *searchbase = NULL;
- 	Slapi_Entry *found_entry = NULL;
- 
--	searchbase = slapi_sdn_get_dn(remote_dn);
-+	searchbase = slapi_sdn_get_udn(remote_dn);
- 	cres = windows_search_entry_ext(prp->conn, (char*)searchbase, filter, &found_entry, NULL, LDAP_SCOPE_BASE);
- 	if (cres)
- 	{
-@@ -5886,13 +5886,16 @@ retry:
- 						remote_entry = NULL;
- 					} else 
- 					{
--						slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to fetch inbound entry.\n",agmt_get_long_name(prp->agmt));
-+						slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
-+						                "%s: windows_process_dirsync_entry: failed to fetch inbound entry %s.\n",
-+						                agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
- 					}
- 					slapi_entry_free(local_entry);
- 					if (rc) {
- 						/* Something bad happened */
--						slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",agmt_get_long_name(prp->agmt),
--							slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
-+						slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
-+						                "%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",
-+						                agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
- 					}
- 				} else 
- 				{
--- 
-1.9.3
-
diff --git a/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch b/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch
new file mode 100644
index 0000000..01bd08c
--- /dev/null
+++ b/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch
@@ -0,0 +1,48 @@
+From f6f6340afaea6f26d188f875b15f966e03cb7f50 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Mon, 18 Jul 2016 18:30:28 +0200
+Subject: [PATCH 17/29] Ticket 48928 log of page result cookie should log empty
+ cookie with a different value than 0
+
+Bug Description:
+    With the ticket https://fedorahosted.org/389/ticket/48752, the cookie value
+    is logged with each page result RESULT.
+    When the page result is completed (no more entry to return), the returned cookie is 'pr_cookie=0'.
+    Else the cookie value is logged 'pr_cookie=<internal index>'. Unfortunately the index ranges [0..N].
+
+    So when the value pr_cookie=0 is logged, it is not possible to know if it is an empty cookie or a valid cookie with the value 0.
+
+Fix Description:
+    Log the empty cookie with a value '-1'
+
+https://fedorahosted.org/389/ticket/48928
+
+Reviewed by: Noriko Hosoi, Simon Pichugin (thanks !!!!)
+
+Platforms tested: F23
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit 73ff835f29514e33433de9f2be74f73efe6943ce)
+---
+ ldap/servers/slapd/pagedresults.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
+index 07a7b69..6fec344 100644
+--- a/ldap/servers/slapd/pagedresults.c
++++ b/ldap/servers/slapd/pagedresults.c
+@@ -247,7 +247,7 @@ pagedresults_set_response_control( Slapi_PBlock *pb, int iscritical,
+ 
+     /* begin sequence, payload, end sequence */
+     if (current_search_count < 0) {
+-        cookie = 0;
++        cookie = -1;
+         cookie_str = slapi_ch_strdup("");
+     } else {
+         cookie = index;
+-- 
+2.4.11
+
diff --git a/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch b/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
deleted file mode 100644
index a147d49..0000000
--- a/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 5f0aab1fccab4c191b2083aea88e28856caf1a4c Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 14 Jul 2015 10:09:00 -0400
-Subject: [PATCH 18/20] Ticket 47910 - logconv.pl - validate start and end time
- args
-
-Description:  Add validatation checks for the startTime/endTime configuration
-              arguments(-S, -E)
-
-https://fedorahosted.org/389/ticket/47910
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 8495afa57ad837e3a51871a4f6da2a9978c8e711)
-(cherry picked from commit 3bf1daaadd7e7c7b0f99d1f7a93d78598730269d)
----
- ldap/admin/src/logconv.pl | 65 +++++++++++++++++++++++++++++++++++------------
- 1 file changed, 49 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index ce4114e..7ca9084 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -24,6 +24,7 @@ use DB_File;
- use sigtrap qw(die normal-signals);
- use Archive::Tar;
- use IO::Uncompress::AnyUncompress qw($AnyUncompressError);
-+use Scalar::Util qw(looks_like_number);
- 
- Getopt::Long::Configure ("bundling");
- Getopt::Long::Configure ("permute");
-@@ -341,18 +342,18 @@ $connmsg{"P2"} = "Poll";
- $connmsg{"U1"} = "Cleanly Closed Connections";
- 
- my %monthname = (
--	"Jan" => 0,
--	"Feb" => 1,
--	"Mar" => 2,
--	"Apr" => 3,
--	"May" => 4,
--	"Jun" => 5,
--	"Jul" => 6,
--	"Aug" => 7,
--	"Sep" => 8,
--	"Oct" => 9,
--	"Nov" => 10,
--	"Dec" => 11,
-+	"jan" => 0,
-+	"feb" => 1,
-+	"mar" => 2,
-+	"apr" => 3,
-+	"may" => 4,
-+	"jun" => 5,
-+	"jul" => 6,
-+	"aug" => 7,
-+	"sep" => 8,
-+	"oct" => 9,
-+	"nov" => 10,
-+	"dec" => 11,
- 
- );
- 
-@@ -411,11 +412,27 @@ sub convertTimeToSeconds {
- 	my $logDate;
- 	my @dateComps;
- 	my ($timeMonth, $timeDay, $timeYear, $dateTotal);
-+	$dateTotal = 0;
- 	if ($log_line =~ / *([0-9A-Z\/]+)/i ){
- 		$logDate = $1;
- 		@dateComps = split /\//, $logDate;
--
--		$timeMonth = 1 + $monthname{$dateComps[1]};
-+		if ($#dateComps < 2) {
-+			print "The date string ($log_line) is invalid, exiting...\n";
-+			exit(1);
-+		}
-+		if (!looks_like_number($dateComps[0]) || length $dateComps[0] != 2) {
-+			print "The date string ($log_line) has invalid day ($dateComps[0]), exiting...\n";
-+			exit(1);
-+		}
-+		if ($monthname{lc $dateComps[1]} eq "") {
-+			print "The date string ($log_line) has invalid month ($dateComps[1]), exiting...\n";
-+			exit(1);
-+		}
-+		if (!looks_like_number($dateComps[2]) || length $dateComps[2] != 4 ) {
-+			print "The date string ($log_line) has invalid year ($dateComps[2]), exiting...\n";
-+			exit(1);
-+		}
-+		$timeMonth = 1 + $monthname{lc $dateComps[1]};
- 		$timeMonth = $timeMonth * 3600 * 24 * 30;
- 		$timeDay= $dateComps[0] * 3600 * 24;
- 		$timeYear = $dateComps[2] * 365 * 3600 * 24;
-@@ -425,10 +442,26 @@ sub convertTimeToSeconds {
- 	my $logTime;
- 	my @timeComps;
- 	my ($timeHour, $timeMinute, $timeSecond, $timeTotal);
-+	$timeTotal = 0;
- 	if ($log_line =~ / *(:[0-9:]+)/i ){
- 		$logTime = $1;
- 		@timeComps = split /:/, $logTime;
--
-+		if ($#timeComps < 3) {
-+			print "The time string ($log_line) is invalid, exiting...\n";
-+			exit(1);
-+		}
-+		if (!looks_like_number($timeComps[1]) || length $timeComps[1] != 2){
-+			print "The time string ($log_line) has invalid hour ($timeComps[1]), exiting...\n";
-+			exit(1);
-+		}
-+		if (!looks_like_number($timeComps[2]) || length $timeComps[2] != 2){
-+			print "The time string ($log_line) has invalid minute ($timeComps[2]), exiting...\n";
-+			exit(1);
-+		}
-+		if (!looks_like_number($timeComps[3]) || length $timeComps[3] != 2){
-+			print "The time string ($log_line) has invalid second ($timeComps[3]), exiting...\n";
-+			exit(1);
-+		}
- 		$timeHour = $timeComps[1] * 3600;
- 		$timeMinute = $timeComps[2] * 60;
- 		$timeSecond = $timeComps[3];
-@@ -1796,7 +1829,7 @@ sub parseLineNormal
- 		}
- 		my ($date, $hr, $min, $sec) = split (':', $time);
- 		my ($day, $mon, $yr) = split ('/', $date);
--		my $newmin = timegm(0, $min, $hr, $day, $monthname{$mon}, $yr) - $tzoff;
-+		my $newmin = timegm(0, $min, $hr, $day, $monthname{lc $mon}, $yr) - $tzoff;
- 		$gmtime = $newmin + $sec;
- 		print_stats_block( $s_stats );
- 		reset_stats_block( $s_stats, $gmtime, $time.' '.$tzone );
--- 
-1.9.3
-
diff --git a/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch b/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
new file mode 100644
index 0000000..2907565
--- /dev/null
+++ b/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
@@ -0,0 +1,141 @@
+From c78cee0747aaa7f3ba7ad77d683d382308992952 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 26 Jul 2016 16:51:41 -0700
+Subject: [PATCH 18/29] Ticket #48939 - nsslapd-workingdir is empty when
+ ns-slapd is started by systemd
+
+Description: If the Type of the service is notify in systemd, the server
+process does not fork.  Setting nsslapd-workingdir was missing in the not-
+fork path.  This patch adds it.
+
+https://fedorahosted.org/389/ticket/48939
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit a06cb4269613224e1454ed8c1ad6f702cc247b2b)
+---
+ ldap/servers/slapd/detach.c | 81 ++++++++++++++++++++++++++-------------------
+ 1 file changed, 47 insertions(+), 34 deletions(-)
+
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index 84a9eef..cd13a99 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -44,16 +44,50 @@
+ #include <unistd.h>
+ #endif /* USE_SYSCONF */
+ 
+-int
+-detach( int slapd_exemode, int importexport_encrypt,
+-        int s_port, daemon_ports_t *ports_info )
++static int
++set_workingdir()
+ {
+-	int i, sd;
+ 	int rc = 0;
+-	char *workingdir = 0;
++	char *workingdir = config_get_workingdir();
+ 	char *errorlog = 0;
+ 	char *ptr = 0;
+ 	extern char *config_get_errorlog(void);
++	extern int config_set_workingdir(const char *attrname, char *value, char *errorbuf, int apply);
++	char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
++
++	if ( NULL == workingdir ) {
++		errorlog = config_get_errorlog();
++		if (NULL == errorlog) {
++			rc = chdir("/");
++		} else {
++			ptr = strrchr(errorlog, '/');
++			if (ptr) {
++				*ptr = '\0';
++			}
++			rc = chdir(errorlog);
++			if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++				LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++			}
++			slapi_ch_free_string(&errorlog);
++		}
++	} else {
++		/* calling config_set_workingdir to check for validity of directory, don't apply */
++		if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) {
++			LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++			rc = chdir("/");
++		} else {
++			rc = chdir(workingdir);
++		}
++		slapi_ch_free_string(&workingdir);
++	}
++	return rc;
++}
++
++int
++detach( int slapd_exemode, int importexport_encrypt,
++        int s_port, daemon_ports_t *ports_info )
++{
++	int i, sd;
+ 
+ 	if ( should_detach ) {
+ 		for ( i = 0; i < 5; i++ ) {
+@@ -76,35 +110,12 @@ detach( int slapd_exemode, int importexport_encrypt,
+ 		}
+ 
+ 		/* call this right after the fork, but before closing stdin */
+-		if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt,
+-									  s_port, ports_info)) {
++		if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) {
+ 			return 1;
+ 		}
+ 
+-		workingdir = config_get_workingdir();
+-		if ( NULL == workingdir ) {
+-			errorlog = config_get_errorlog();
+-			if ( NULL == errorlog ) {
+-				rc = chdir( "/" );
+-				PR_ASSERT(rc == 0);
+-			} else {
+-				if ((ptr = strrchr(errorlog, '/')) ||
+-					(ptr = strrchr(errorlog, '\\'))) {
+-					*ptr = 0;
+-				}
+-				rc = chdir( errorlog );
+-				PR_ASSERT(rc == 0);
+-				config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, NULL, 1);
+-				slapi_ch_free_string(&errorlog);
+-			}
+-		} else {
+-			/* calling config_set_workingdir to check for validity of directory, don't apply */
+-			if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, NULL, 0) == LDAP_OPERATIONS_ERROR) {
+-				return 1;
+-			}
+-			rc = chdir( workingdir );
+-			PR_ASSERT(rc == 0);
+-			slapi_ch_free_string(&workingdir);
++		if (set_workingdir()) {
++			LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
+ 		}
+ 
+ 		if ( (sd = open( "/dev/null", O_RDWR )) == -1 ) {
+@@ -127,14 +138,16 @@ detach( int slapd_exemode, int importexport_encrypt,
+ 
+ 		g_set_detached(1);
+ 	} else { /* not detaching - call nss/ssl init */
+-		if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt,
+-									  s_port, ports_info)) {
++		if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) {
+ 			return 1;
+ 		}
++		if (set_workingdir()) {
++			LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
++		}
+ 	}
+ 
+ 	(void) SIGNAL( SIGPIPE, SIG_IGN );
+-	return rc;
++	return 0;
+ }
+ 
+ /*
+-- 
+2.4.11
+
diff --git a/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch b/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
deleted file mode 100644
index 7771109..0000000
--- a/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 5d2f818d33801b1ae6c7d3c19ab67e52a4944251 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 13 Jul 2015 18:27:50 -0600
-Subject: [PATCH 19/20] Ticket #48224 - logconv.pl should handle *.tar.xz,
- *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by: ???
-Branch: 389-ds-base-1.3.4
-Fix Description: There is no xz support by default, the perl module
-IO::Uncompress::UnXz is required for that.  Also, Tar::Archive can't
-handle xz files by default, so they have to be uncompressed first.
-This will also need a spec file change:
-Requires: perl-IO-Compress
-Requires: perl-IO-Compress-Lzma
-Platforms tested: Fedora 21
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit d1b0acd12faa620774c66044f91e509ae175e4a1)
-(cherry picked from commit 4f3b802fac46adfa8fd5cf49443b875f136fb19c)
----
- ldap/admin/src/logconv.pl | 20 +++++++++++++++++++-
- rpm/389-ds-base.spec.in   |  3 +++
- 2 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index 7ca9084..a6bd6c2 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -398,14 +398,26 @@ my $totalLineCount = 0;
- 
- sub isTarArchive {
- 	local $_ = shift;
-+	if (/\.txz$/ || /\.tar.xz$/) {
-+		use IO::Uncompress::UnXz;
-+	}
- 	return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/;
- }
- 
- sub isCompressed {
- 	local $_ = shift;
-+	if (/\.xz$/) {
-+		use IO::Uncompress::UnXz;
-+	}
- 	return /\.gz$/ || /\.bz2$/ || /\.xz$/;
- }
- 
-+# Tar::Archive can't grok xz, so have to uncompress first
-+sub tarNeedsUncompress {
-+	local $_ = shift;
-+	return /\.tar.xz$/ || /\.txz$/;
-+}
-+
- sub convertTimeToSeconds {
- 	my $log_line = shift;
- 
-@@ -503,7 +515,13 @@ for (my $count=0; $count < $file_count; $count++){
- 	my $comp = 0;
- 	if (isTarArchive($logname)) {
- 		$tar = Archive::Tar->new();
--		$tariter = Archive::Tar->iter($logname);
-+		if (tarNeedsUncompress($logname)) {
-+			my $TARFH = new IO::Uncompress::AnyUncompress $logname or
-+				do { openFailed($AnyUncompressError, $logname); next };
-+			$tariter = Archive::Tar->iter($TARFH);
-+		} else {
-+			$tariter = Archive::Tar->iter($logname);
-+		}
- 		if (!$tariter) {
- 			print "$logname is not a valid tar archive, or compression is unrecognized: $!\n";
- 			next;
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index d0bbb7a..3405ccd 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -116,6 +116,9 @@ Requires:         perl-Socket6
- Requires:         perl-Socket
- %endif
- Requires:         perl-NetAddr-IP
-+# for logconv compressed file support
-+Requires:         perl-IO-Compress
-+Requires:         perl-IO-Compress-Lzma
- 
- Source0:          http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
- # 389-ds-git.sh should be used to generate the source tarball from git
--- 
-1.9.3
-
diff --git a/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch b/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
new file mode 100644
index 0000000..06e3ccb
--- /dev/null
+++ b/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
@@ -0,0 +1,107 @@
+From 6b5c8ba040fa482c1817c044716bb994f173d373 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 27 Jul 2016 11:23:17 -0700
+Subject: [PATCH 19/29] Ticket #48939 - nsslapd-workingdir is empty when
+ ns-slapd is started by systemd
+
+Description: Thanks to tbordaz@redhat.com for suggesting to reset the
+working dir in the error cases.  I've added more error checks and
+resetting the nsslapd-workingdir values.
+
+https://fedorahosted.org/389/ticket/48939
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 70d06dab96468e0c6712482186f22de8e2c33e17)
+---
+ ldap/servers/slapd/detach.c | 45 +++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 41 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index cd13a99..2f5667f 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -59,14 +59,41 @@ set_workingdir()
+ 		errorlog = config_get_errorlog();
+ 		if (NULL == errorlog) {
+ 			rc = chdir("/");
++			if (0 == rc) {
++				if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++					LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++				}
++			} else {
++				LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++			}
+ 		} else {
+ 			ptr = strrchr(errorlog, '/');
+ 			if (ptr) {
+ 				*ptr = '\0';
+ 			}
+ 			rc = chdir(errorlog);
+-			if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
+-				LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++			if (0 == rc) {
++				if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++					LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++					rc = chdir("/");
++					if (0 == rc) {
++						if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++							LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++						}
++					} else {
++						LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++					}
++				}
++			} else {
++				LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", errorlog);
++				rc = chdir("/");
++				if (0 == rc) {
++					if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++						LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++					}
++				} else {
++					LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++				}
+ 			}
+ 			slapi_ch_free_string(&errorlog);
+ 		}
+@@ -75,8 +102,18 @@ set_workingdir()
+ 		if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) {
+ 			LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
+ 			rc = chdir("/");
++			if (0 == rc) {
++				if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++					LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++				}
++			} else {
++				LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++			}
+ 		} else {
+ 			rc = chdir(workingdir);
++			if (rc) {
++				LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", workingdir);
++			}
+ 		}
+ 		slapi_ch_free_string(&workingdir);
+ 	}
+@@ -115,7 +152,7 @@ detach( int slapd_exemode, int importexport_encrypt,
+ 		}
+ 
+ 		if (set_workingdir()) {
+-			LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
++			LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: set_workingdir failed.\n");
+ 		}
+ 
+ 		if ( (sd = open( "/dev/null", O_RDWR )) == -1 ) {
+@@ -142,7 +179,7 @@ detach( int slapd_exemode, int importexport_encrypt,
+ 			return 1;
+ 		}
+ 		if (set_workingdir()) {
+-			LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
++			LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: set_workingdir failed.\n");
+ 		}
+ 	}
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch b/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
deleted file mode 100644
index df10002..0000000
--- a/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 5dda81412db1609f67035957ab65a6c726228e00 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 14 Jul 2015 11:12:56 -0700
-Subject: [PATCH 20/20] Ticket #48194 - CI test: fixing test cases for ticket
- 48194
-
-Description: nsSSL3Ciphers preference not enforced server side
-. Test Case 6 - wrong expectation for RC4-SHA
-. Test Case 7 - removing a extra space in nsSSL3Ciphers
-
-(cherry picked from commit f69ce333052f7f33350fd4038b8f598f650a743f)
-(cherry picked from commit ca9e6f9292289a7b6b7f57602555bf9aeb9ba9de)
----
- dirsrvtests/tickets/ticket48194_test.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/dirsrvtests/tickets/ticket48194_test.py b/dirsrvtests/tickets/ticket48194_test.py
-index 18739ca..17e179a 100644
---- a/dirsrvtests/tickets/ticket48194_test.py
-+++ b/dirsrvtests/tickets/ticket48194_test.py
-@@ -295,7 +295,7 @@ def test_ticket48194_run_4(topology):
-     Default ciphers are enabled.
-     default allowWeakCipher
-     """
--    _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (default setting) with default allowWeakCipher')
-+    _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher')
- 
-     topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-     topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', '-all')])
-@@ -326,7 +326,7 @@ def test_ticket48194_run_5(topology):
-     os.system('touch %s' % (topology.standalone.errlog))
-     topology.standalone.start(timeout=120)
- 
--    connectWithOpenssl(topology, 'RC4-SHA', True)
-+    connectWithOpenssl(topology, 'RC4-SHA', False)
-     connectWithOpenssl(topology, 'AES256-SHA256', True)
- 
- def test_ticket48194_run_6(topology):
-@@ -338,7 +338,7 @@ def test_ticket48194_run_6(topology):
-     _header(topology, 'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256  with default allowWeakCipher')
- 
-     topology.standalone.simple_bind_s(DN_DM, PASSWORD)
--    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256 ')])
-+    topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')])
- 
-     log.info("\n######################### Restarting the server ######################\n")
-     topology.standalone.stop(timeout=10)
--- 
-1.9.3
-
diff --git a/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch b/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch
new file mode 100644
index 0000000..643f3b7
--- /dev/null
+++ b/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch
@@ -0,0 +1,38 @@
+From 8f761940cb93fc8e64ed9022c3a6f21e90c281aa Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 27 Jul 2016 12:40:25 -0700
+Subject: [PATCH 20/29] Ticket #48934 - remove-ds.pl deletes an instance even
+ if wrong prefix was specified
+
+Description: remove-ds.pl skipped to check "slapd" part of "slapd-instance".
+This patch adds the check and if it is not "slapd", it quits with the error
+message.  For example:
+Error: Invalid instance name "bogus-test"
+
+https://fedorahosted.org/389/ticket/48934
+
+Reviewed by mreynolds@redhat.com (Thanks, Mark!!)
+
+(cherry picked from commit 2b341922a42f305122fbd6eb97e96e0612f8e5d2)
+---
+ ldap/admin/src/scripts/remove-ds.pl.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in
+index b35ae32..252f3f9 100755
+--- a/ldap/admin/src/scripts/remove-ds.pl.in
++++ b/ldap/admin/src/scripts/remove-ds.pl.in
+@@ -52,6 +52,10 @@ unless ($inst) {
+     print STDERR "Full instance name must be specified (e.g. - slapd-example)\n";
+     exit 1;
+ }
++unless ($slapd eq "slapd") {
++    print STDERR "Error: Invalid instance name \"$instname\"\n";
++    exit 1;
++}
+ 
+ my @errs = removeDSInstance($inst, $force, $all, $initconfig_dir);
+ if (@errs) {
+-- 
+2.4.11
+
diff --git a/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch b/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
deleted file mode 100644
index d721123..0000000
--- a/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From e88ffac24b49acb01fb7d460ff4282abe85d3799 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 14 Jul 2015 16:00:03 -0700
-Subject: [PATCH 21/22] Ticket #48203 - Fix coverity issues - 07/14/2015
-
-Description: Overrunning array "mctx.negativeErrors" of 19 4-byte
-elements at element index 122 (byte offset 488) using index "abs(err)"
-(which evaluates to 122).
-
-Commit 71be5faaa478593bb056887410ca8e48e05b2fe4 to fix Ticket #47799
-introduced this problem.  The error count checking has to be done per
-error.
-
-https://fedorahosted.org/389/ticket/48203
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit cc435b8c382f7da662b5c27339d23fd33a8f4117)
-(cherry picked from commit 6ec1001e507908ba60f8c52568d24b5c7c727855)
----
- ldap/servers/slapd/tools/ldclt/threadMain.c | 20 +++++++++++++++++---
- 1 file changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
-index 5d915fd..88353c6 100644
---- a/ldap/servers/slapd/tools/ldclt/threadMain.c
-+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
-@@ -477,7 +477,7 @@ addErrorStat (
- #else
-     if ((err <= 0) || (err >= MAX_ERROR_NB))
- #endif
--	{
-+    {
-       if (mctx.errorsBad > mctx.maxErrors) {
-         printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-         (void) printGlobalStatistics();				/*JLS 25-08-00*/
-@@ -485,8 +485,22 @@ addErrorStat (
-         ldclt_sleep (5);
-         ldcltExit (EXIT_MAX_ERRORS);				/*JLS 25-08-00*/
-       }
--    } else {
--      if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
-+    }
-+#if defined(USE_OPENLDAP)
-+    else if (err < 0)
-+    {
-+      if (mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
-+        printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-+        (void) printGlobalStatistics();				/*JLS 25-08-00*/
-+        fflush (stdout);
-+        ldclt_sleep (5);
-+        ldcltExit (EXIT_MAX_ERRORS);				/*JLS 25-08-00*/
-+      }
-+    }
-+#endif
-+    else
-+    {
-+      if (mctx.errors[err] > mctx.maxErrors) {
-         printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-         (void) printGlobalStatistics();				/*JLS 25-08-00*/
-         fflush (stdout);
--- 
-1.9.3
-
diff --git a/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch b/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch
new file mode 100644
index 0000000..868a653
--- /dev/null
+++ b/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch
@@ -0,0 +1,50 @@
+From 9cffd76c95e679042861881182ab8567915b4ad8 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 27 Jul 2016 14:37:13 -0700
+Subject: [PATCH 21/29] Ticket #48940 - DS logs have warning:ancestorid not
+ indexed
+
+Description: When reindexing, the subtree to be reindexed is empty,
+a cryptic warning message is logged in the error log:
+  warning: ancestorid not indexed on 10; possibly, the entry id ##
+  has no descendants yet.
+This message is benign and not to be logged as DEBUG_ANY/FATAL.
+
+The message is logged when the log level is set to BACKLDBM = 0x080000
+  # vlvindex -Z test -n userRoot -T testIndex -d 524288
+as follows:
+  Info: Entry id ### has no descendants according to ancestorid. Index
+  file created by this reindex will be empty.
+
+https://fedorahosted.org/389/ticket/48940
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 17dc978c84e6099e4abe884a535067147b618c37)
+---
+ ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+index 52338c2..5898361 100644
+--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
++++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+@@ -903,11 +903,10 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
+         slapi_sdn_done(&sdn);
+         if (idl == NULL) {
+             if (DB_NOTFOUND == *err) {
+-                LDAPDebug(LDAP_DEBUG_ANY,
+-                    "warning: %s not indexed on %lu; "
+-                    "possibly, the entry id %lu has no descendants yet.\n",
+-                    entryrdn_get_noancestorid()?"entryrdn":"ancestorid",
+-                    id, id);
++                LDAPDebug2Args(LDAP_DEBUG_BACKLDBM, 
++                    "Info: Entry id %lu has no descendants according to %s. "
++                    "Index file created by this reindex will be empty.\n",
++                    id, entryrdn_get_noancestorid()?"entryrdn":"ancestorid");
+                 *err = 0; /* not a problem */
+             } else {
+                 LDAPDebug(LDAP_DEBUG_ANY,
+-- 
+2.4.11
+
diff --git a/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
deleted file mode 100644
index 657c214..0000000
--- a/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From abfd367015c9d0dfa0b97b8473923c97eab0dab5 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Wed, 15 Jul 2015 14:09:24 -0600
-Subject: [PATCH 22/22] Ticket #48224 - redux - logconv.pl should handle
- *.tar.xz, *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by: nhosoi, mreynolds (Thanks!)
-Branch: 389-ds-base-1.3.4
-Fix Description: Some platforms have no IO::Uncompress::UnXz, so have
-to pipe out to the 'xz' command for uncompression.
-Doing the 'xz' pipe will not work with compressed xz files in tar
-archives, so issue an appropriate error.
-The tar archive file handling was wrong - have to wrap the data in a
-filehandle before passing to uncompress.
-Added a lot of error checking - trying to uncompress plain text files,
-trying to untar non-tar archives, trying to untar and uncompress a
-tar file that is not compressed, other weird stuff like specifying a
-.bz2 extension on a file compressed with .xz.
-This will also need a spec file change:
-Requires: perl-IO-Compress
-Requires: perl-DB_File
-Requires: perl-Archive-Tar
-Requires: xz
-Platforms tested: Fedora 21, RHEL 7.2 candidate
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit ae5b62f53557c8ce2d174999c4b561ebc4ccde55)
-(cherry picked from commit 8473ae0c49492dd7931dbdd3a8377119f53ce49b)
----
- ldap/admin/src/logconv.pl | 73 ++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 57 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index a6bd6c2..d26e91e 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -398,17 +398,11 @@ my $totalLineCount = 0;
- 
- sub isTarArchive {
- 	local $_ = shift;
--	if (/\.txz$/ || /\.tar.xz$/) {
--		use IO::Uncompress::UnXz;
--	}
- 	return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/;
- }
- 
- sub isCompressed {
- 	local $_ = shift;
--	if (/\.xz$/) {
--		use IO::Uncompress::UnXz;
--	}
- 	return /\.gz$/ || /\.bz2$/ || /\.xz$/;
- }
- 
-@@ -418,6 +412,43 @@ sub tarNeedsUncompress {
- 	return /\.tar.xz$/ || /\.txz$/;
- }
- 
-+# rhel7 can't grok xz
-+sub doUncompress {
-+	local $_ = shift;
-+	my $data = shift;
-+	my $TARFH;
-+	# some platforms don't have xz support in IO::Uncompress::AnyUncompress
-+	if (/\.tar.xz$/ || /\.txz$/ || /\.xz$/) {
-+		if ($data) {
-+			openFailed("Cannot read from compressed xz file in tar archive.\nPlease un-tar the tar file first, then pass individual .xz files to this program.\n", $_);
-+		}
-+		# so use the xz command directly
-+		# NOTE: This doesn't work if the argument is a file handle e.g. from
-+		# Archive::Tar
-+		$! = 0; # clear
-+		if (!open($TARFH, "xz -dc $_ |") or $!) {
-+			openFailed($!, $_);
-+			return;
-+		}
-+	} else {
-+		my $uncompressthing;
-+		if ($data) {
-+			# make a filehandle object from data
-+			open($uncompressthing, "<", \$data) or openFailed($!, $_);
-+		} else {
-+			# just read from the file
-+			$uncompressthing = $_;
-+		}
-+		$TARFH = new IO::Uncompress::AnyUncompress $uncompressthing or
-+			do { openFailed($AnyUncompressError, $_); return; };
-+		if (*$TARFH->{Plain}) {
-+			openFailed("Unknown compression", $_);
-+			return;
-+		}
-+	}
-+	return $TARFH;
-+}
-+
- sub convertTimeToSeconds {
- 	my $log_line = shift;
- 
-@@ -497,6 +528,10 @@ for (my $count=0; $count < $file_count; $count++){
- 	if($logCount > 1 && $count == 0 && $skipFirstFile == 1){
- 		next;
- 	}
-+	if (! -r $logname) {
-+		print "File not found: $logname\n";
-+		next;
-+	}
- 	$linesProcessed = 0; $lineBlockCount = 0;
- 	my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$atime,$mtime,$ctime,$blksize,$blocks);
- 	($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$cursize,
-@@ -513,11 +548,12 @@ for (my $count=0; $count < $file_count; $count++){
- 	my $tariter = 0;
- 	my $tarfile = 0;
- 	my $comp = 0;
-+	$LOGFH = undef;
- 	if (isTarArchive($logname)) {
- 		$tar = Archive::Tar->new();
- 		if (tarNeedsUncompress($logname)) {
--			my $TARFH = new IO::Uncompress::AnyUncompress $logname or
--				do { openFailed($AnyUncompressError, $logname); next };
-+			my $TARFH = doUncompress($logname);
-+			next if (!$TARFH);
- 			$tariter = Archive::Tar->iter($TARFH);
- 		} else {
- 			$tariter = Archive::Tar->iter($logname);
-@@ -540,24 +576,21 @@ for (my $count=0; $count < $file_count; $count++){
- 				next;
- 			}
- 			if (isCompressed($tarfile->name)) {
--				$LOGFH = new IO::Uncompress::AnyUncompress \$tarfile->name or
--					do { openFailed($AnyUncompressError, $logname); next };
-+				$LOGFH = doUncompress($tarfile->name, $tarfile->get_content);
-+				next if (!$LOGFH);
- 				# no way in general to know how big the uncompressed file is - so
- 				# assume a factor of 10 inflation - only used for progress reporting
- 				$cursize *= 10;
- 			} else {
--				open(LOG,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next };
--				$LOGFH = \*LOG;
-+				open($LOGFH,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next };
- 			}
- 		} elsif ($comp) {
--			$LOGFH = new IO::Uncompress::AnyUncompress $logname or
--				do { openFailed($AnyUncompressError, $logname); next };
-+			$LOGFH = doUncompress($logname);
- 			# no way in general to know how big the uncompressed file is - so
- 			# assume a factor of 10 inflation - only used for progress reporting
- 			$cursize *= 10;
- 		} else {
--			open(LOG,$logname) or do { openFailed($!, $logname); next };
--			$LOGFH = \*LOG;
-+			open($LOGFH,$logname) or do { openFailed($!, $logname); next };
- 		}
- 		my $firstline = "yes";
- 		while(<$LOGFH>){
-@@ -588,6 +621,14 @@ for (my $count=0; $count < $file_count; $count++){
- 		}
- 		last if (!$tariter);
- 	}
-+	if ($tar) {
-+		if ($tar->error()) {
-+			openFailed($tar->error(), $logname);
-+		}
-+		if ($Archive::Tar::error) {
-+			openFailed($Archive::Tar::error, $logname);
-+		}
-+	}
- }
- 
- if ($totalLineCount eq "0"){
--- 
-1.9.3
-
diff --git a/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch b/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch
new file mode 100644
index 0000000..79a896d
--- /dev/null
+++ b/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch
@@ -0,0 +1,115 @@
+From f993a9b5a1ac95728baae201543cad5993a28da1 Mon Sep 17 00:00:00 2001
+From: Ludwig Krispenz <lkrispen@redhat.com>
+Date: Mon, 1 Aug 2016 10:47:31 +0200
+Subject: [PATCH 22/29] Ticket 48882 - server can hang in connection list
+ processing
+
+Bug Description: if a thread holding the connection monitor
+		 is stuck in polling and the client doesn't
+		 respond, the main thread can be blocked on
+		 this connection when iterating the connection
+		 table.
+
+Fix Description: Implement a test and enter function for the connection
+		 monitor, so the main thread will never wait for a
+		 connection monitor already owned by an other thread
+
+https://fedorahosted.org/389/ticket/48882
+
+Reviewed by: Noriko, Thanks
+
+(cherry picked from commit 7110db91e75f392f1c83643d9aa88895992d9c01)
+---
+ ldap/servers/slapd/daemon.c | 69 ++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
+index 81a54cf..23c30c3 100644
+--- a/ldap/servers/slapd/daemon.c
++++ b/ldap/servers/slapd/daemon.c
+@@ -164,6 +164,67 @@ static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDes
+ static int write_pid_file();
+ static int init_shutdown_detect();
+ 
++/*
++ * NSPR has different implementations for PRMonitor, depending
++ * on the availble threading model
++ * The PR_TestAndEnterMonitor is not available for pthreads
++ * so this is a implementation based on the code in
++ * prmon.c adapted to resemble the implementation in ptsynch.c
++ *
++ * The function needs access to the elements of the PRMonitor struct.
++ * Therfor the pthread variant of PRMonitor is copied here.
++ */
++typedef struct MY_PRMonitor {
++    const char* name;
++    pthread_mutex_t lock;
++    pthread_t owner;
++    pthread_cond_t entryCV;
++    pthread_cond_t waitCV;
++    PRInt32 refCount;
++    PRUint32 entryCount;
++    PRIntn notifyTimes;
++} MY_PRMonitor;
++
++static PRBool MY_TestAndEnterMonitor(MY_PRMonitor *mon)
++{
++    pthread_t self = pthread_self();
++    PRStatus rv;
++    PRBool rc = PR_FALSE;
++
++    PR_ASSERT(mon != NULL);
++    rv = pthread_mutex_lock(&mon->lock);
++    if (rv != 0) {
++	slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
++                        "Failed to acquire monitor mutex, error (%d)\n", rv);
++	return rc;
++    }
++    if (mon->entryCount != 0) {
++        if (pthread_equal(mon->owner, self))
++            goto done;
++        rv = pthread_mutex_unlock(&mon->lock);
++	if (rv != 0) {
++	    slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
++                        "Failed to release monitor mutex, error (%d)\n", rv);
++	}
++        return PR_FALSE;
++    }
++    /* and now I have the monitor */
++    PR_ASSERT(mon->notifyTimes == 0);
++    PR_ASSERT((mon->owner) == 0);
++    mon->owner = self;
++
++done:
++    mon->entryCount += 1;
++    rv = pthread_mutex_unlock(&mon->lock);
++    if (rv == PR_SUCCESS) {
++	rc = PR_TRUE;
++    } else {
++	slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
++                        "Failed to release monitor mutex, error (%d)\n", rv);
++	rc = PR_FALSE;
++    }
++    return rc;
++}
+ /* Globals which are used to store the sockets between
+  * calls to daemon_pre_setuid_init() and the daemon thread
+  * creation. */
+@@ -1552,7 +1613,13 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps
+ 		}
+ 		else
+ 		{
+-			PR_EnterMonitor(c->c_mutex);
++			/* we try to acquire the connection mutex, if it is already
++			 * acquired by another thread, don't wait
++			 */
++			if (PR_FALSE == MY_TestAndEnterMonitor((MY_PRMonitor *)c->c_mutex)) {
++				c = next;
++				continue;
++			}
+ 			if (c->c_flags & CONN_FLAG_CLOSING)
+ 			{
+ 				/* A worker thread has marked that this connection
+-- 
+2.4.11
+
diff --git a/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
deleted file mode 100644
index cf76685..0000000
--- a/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 23c9a297b240d1538125721fb0f93abb876ce9c1 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Thu, 16 Jul 2015 09:06:45 -0600
-Subject: [PATCH 23/30] Ticket #48224 - redux - logconv.pl should handle
- *.tar.xz, *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by:
-Branch: master
-Fix Description: Fix Requires: in spec file
-Platforms tested: Fedora 21, RHEL 7.2 candidate
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit 193d79d4a459b709c5a55cea88794105fa60c453)
-(cherry picked from commit 9109a570edd3ddb58434b19a9fca2f7c021b18ca)
----
- rpm/389-ds-base.spec.in | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index 3405ccd..d0bbb7a 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -116,9 +116,6 @@ Requires:         perl-Socket6
- Requires:         perl-Socket
- %endif
- Requires:         perl-NetAddr-IP
--# for logconv compressed file support
--Requires:         perl-IO-Compress
--Requires:         perl-IO-Compress-Lzma
- 
- Source0:          http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
- # 389-ds-git.sh should be used to generate the source tarball from git
--- 
-1.9.3
-
diff --git a/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
new file mode 100644
index 0000000..911a66b
--- /dev/null
+++ b/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
@@ -0,0 +1,369 @@
+From f0e03b5a51972a125fe78f448d1f68e288782d1e Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Thu, 21 Jul 2016 13:22:30 +1000
+Subject: [PATCH 23/29] Ticket bz1358565 -  clear and unsalted password types
+ are vulnerable to timing attack
+
+Bug Description:  Clear and unsalted password types were vulnerable to a timing
+attack. This is due to the use of memcmp and strcmp in their comparison.
+
+Fix Description:  Add a constant time memcmp function, that does not shortcircuit.
+Change all password comparison to use the constant time check. For the clear
+scheme, alter the way we do the check to prevent length disclosure timing
+attacks.
+
+This resolves CVE-2016-5405
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1358565
+
+https://access.redhat.com/security/cve/CVE-2016-5405
+
+Author: wibrown
+
+Review by: nhosoi (Thanks!)
+
+(cherry picked from commit 9dcaa4a0c866d8696e0a2616ccf962af2833f0b8)
+---
+ dirsrvtests/tests/suites/password/pwd_algo_test.py | 143 +++++++++++++++++++++
+ ldap/servers/plugins/pwdstorage/clear_pwd.c        |  33 ++++-
+ ldap/servers/plugins/pwdstorage/crypt_pwd.c        |   2 +-
+ ldap/servers/plugins/pwdstorage/md5_pwd.c          |   2 +-
+ ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c   |   1 +
+ ldap/servers/plugins/pwdstorage/sha_pwd.c          |  15 ++-
+ ldap/servers/plugins/pwdstorage/smd5_pwd.c         |   2 +-
+ ldap/servers/slapd/ch_malloc.c                     |  22 ++++
+ ldap/servers/slapd/slapi-plugin.h                  |  16 +++
+ 9 files changed, 226 insertions(+), 10 deletions(-)
+ create mode 100644 dirsrvtests/tests/suites/password/pwd_algo_test.py
+
+diff --git a/dirsrvtests/tests/suites/password/pwd_algo_test.py b/dirsrvtests/tests/suites/password/pwd_algo_test.py
+new file mode 100644
+index 0000000..aa8cbf5
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwd_algo_test.py
+@@ -0,0 +1,143 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = True
++USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX
++
++if DEBUGGING:
++    logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++    logging.getLogger(__name__).setLevel(logging.INFO)
++
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++    """The DS Topology Class"""
++    def __init__(self, standalone):
++        """Init"""
++        standalone.open()
++        self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    """Create DS Deployment"""
++
++    # Creating standalone instance ...
++    if DEBUGGING:
++        standalone = DirSrv(verbose=True)
++    else:
++        standalone = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_STANDALONE
++    args_instance[SER_PORT] = PORT_STANDALONE
++    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_standalone = args_instance.copy()
++    standalone.allocate(args_standalone)
++    instance_standalone = standalone.exists()
++    if instance_standalone:
++        standalone.delete()
++    standalone.create()
++    standalone.open()
++
++    def fin():
++        """If we are debugging just stop the instances, otherwise remove
++        them
++        """
++        if DEBUGGING:
++            standalone.stop()
++        else:
++            standalone.delete()
++
++    request.addfinalizer(fin)
++
++    # Clear out the tmp dir
++    standalone.clearTmpDir(__file__)
++
++    return TopologyStandalone(standalone)
++
++def _test_bind(inst, password):
++    result = True
++    userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
++    try:
++        userconn.simple_bind_s(USER_DN, password)
++        userconn.unbind_s()
++    except ldap.INVALID_CREDENTIALS:
++        result = False
++    return result
++
++def _test_algo(inst, algo_name):
++    inst.config.set('passwordStorageScheme', algo_name)
++
++    if DEBUGGING:
++        print('Testing %s', algo_name)
++
++    # Create the user with a password
++    inst.add_s(Entry((
++                USER_DN, {
++                    'objectClass': 'top account simplesecurityobject'.split(),
++                     'uid': 'user',
++                     'userpassword': 'Secret123'
++                })))
++
++    # Make sure when we read the userPassword field, it is the correct ALGO
++    pw_field = inst.search_s(USER_DN, ldap.SCOPE_BASE, '(objectClass=*)', ['userPassword']  )[0]
++
++    if DEBUGGING:
++        print(pw_field.getValue('userPassword'))
++
++    if algo_name != 'CLEAR':
++        assert(algo_name.lower() in pw_field.getValue('userPassword').lower())
++    # Now make sure a bind works
++    assert(_test_bind(inst, 'Secret123'))
++    # Bind with a wrong shorter password, should fail
++    assert(not _test_bind(inst, 'Wrong'))
++    # Bind with a wrong longer password, should fail
++    assert(not _test_bind(inst, 'This is even more wrong'))
++    # Bind with a wrong exact length password.
++    assert(not _test_bind(inst, 'Alsowrong'))
++    # Bind with a subset password, should fail
++    assert(not _test_bind(inst, 'Secret'))
++    if algo_name != 'CRYPT':
++        # Bind with a subset password that is 1 char shorter, to detect off by 1 in clear
++        assert(not _test_bind(inst, 'Secret12'))
++        # Bind with a superset password, should fail
++        assert(not _test_bind(inst, 'Secret123456'))
++    # Delete the user
++    inst.delete_s(USER_DN)
++    # done!
++
++def test_pwd_algo_test(topology):
++    """
++    Assert that all of our password algorithms correctly PASS and FAIL varying
++    password conditions.
++
++    """
++    if DEBUGGING:
++        # Add debugging steps(if any)...
++        pass
++
++    for algo in ('CLEAR', 'CRYPT', 'MD5', 'SHA', 'SHA256', 'SHA384', 'SHA512', 'SMD5', 'SSHA', 'SSHA256', 'SSHA384', 'SSHA512'):
++        _test_algo(topology.standalone, algo)
++
++    log.info('Test PASSED')
++
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
++
+diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+index 84dac2a..2afe16e 100644
+--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+@@ -25,7 +25,38 @@
+ int
+ clear_pw_cmp( const char *userpwd, const char *dbpwd )
+ {
+-    return( strcmp( userpwd, dbpwd ));
++    int result = 0;
++    int len = 0;
++    int len_user = strlen(userpwd);
++    int len_dbp = strlen(dbpwd);
++    if ( len_user != len_dbp ) {
++        result = 1;
++    }
++    /* We have to do this comparison ANYWAY else we have a length timing attack. */
++    if ( len_user >= len_dbp ) {
++        /* 
++         * If they are the same length, result will be 0 here, and if we pass
++         * the check, we don't update result either. IE we pass.
++         * However, even if the first part of userpw matches dbpwd, but len !=, we
++         * have already failed anyawy. This prevents substring matching.
++         */
++        if (slapi_ct_memcmp(userpwd, dbpwd, len_dbp) != 0) {
++            result = 1;
++        }
++    } else {
++        /* 
++         * If we stretched the userPassword, we'll allow a new timing attack, where
++         * if we see a delay on a short pw, we know we are stretching.
++         * when the delay goes away, it means we've found the length.
++         * Instead, because we don't want to use the short pw for comp, we just compare
++         * dbpwd to itself. We have already got result == 1 if we are here, so we are
++         * just trying to take up time!
++         */
++        if (slapi_ct_memcmp(dbpwd, dbpwd, len_dbp)) {
++            /* Do nothing, we have the if to fix a coverity check. */
++        }
++    }
++    return result;
+ }
+ 
+ char *
+diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
+index 29355a2..93b54b2 100644
+--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
+@@ -54,7 +54,7 @@ crypt_pw_cmp( const char *userpwd, const char *dbpwd )
+     /* we use salt (first 2 chars) of encoded password in call to crypt() */
+     cp = crypt( userpwd, dbpwd );
+     if (cp) {
+-       rc= strcmp( dbpwd, cp);
++       rc= slapi_ct_memcmp( dbpwd, cp, strlen(dbpwd));
+     } else {
+        rc = -1;
+     }
+diff --git a/ldap/servers/plugins/pwdstorage/md5_pwd.c b/ldap/servers/plugins/pwdstorage/md5_pwd.c
+index 0bc8f3c..181661a 100644
+--- a/ldap/servers/plugins/pwdstorage/md5_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/md5_pwd.c
+@@ -57,7 +57,7 @@ md5_pw_cmp( const char *userpwd, const char *dbpwd )
+    bver = NSSBase64_EncodeItem(NULL, (char *)b2a_out, sizeof b2a_out, &binary_item);
+    /* bver points to b2a_out upon success */
+    if (bver) {
+-	   rc = strcmp(bver,dbpwd);
++	   rc = slapi_ct_memcmp(bver,dbpwd, strlen(dbpwd));
+    } else {
+ 	   slapi_log_error(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME,
+ 					   "Could not base64 encode hashed value for password compare");
+diff --git a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c
+index 2fed61f..ae1f7b8 100644
+--- a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c
+@@ -84,6 +84,7 @@ ns_mta_md5_pw_cmp(const char * clear, const char *mangled)
+ 
+   mta_hash[32] = mta_salt[32] = 0;
+ 
++  /* This is salted, so we don't need to change it for constant time */
+   return( strcmp(mta_hash,ns_mta_hash_alg(buffer,mta_salt,clear)));
+ }
+ 
+diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c
+index 9594ac9..2e4973b 100644
+--- a/ldap/servers/plugins/pwdstorage/sha_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c
+@@ -120,13 +120,16 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen )
+     }
+ 
+     /* the proof is in the comparison... */
+-    result = ( hash_len >= shaLen ) ?
+-        ( memcmp( userhash, dbhash, shaLen ) ) : /* include salt */
+-        ( memcmp( userhash, dbhash + OLD_SALT_LENGTH,
+-                  hash_len - OLD_SALT_LENGTH ) ); /* exclude salt */
++    if ( hash_len >= shaLen ) {
++        result = slapi_ct_memcmp( userhash, dbhash, shaLen );
++    } else {
++        result = slapi_ct_memcmp( userhash, dbhash + OLD_SALT_LENGTH, hash_len - OLD_SALT_LENGTH );
++    }
+ 
+-    loser:
+-    if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( &dbhash );
++loser:
++    if ( dbhash && dbhash != quick_dbhash ) {
++        slapi_ch_free_string( &dbhash );
++    }
+     return result;
+ }
+ 
+diff --git a/ldap/servers/plugins/pwdstorage/smd5_pwd.c b/ldap/servers/plugins/pwdstorage/smd5_pwd.c
+index f4c92f1..79c2846 100644
+--- a/ldap/servers/plugins/pwdstorage/smd5_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/smd5_pwd.c
+@@ -80,7 +80,7 @@ smd5_pw_cmp( const char *userpwd, const char *dbpwd )
+    PK11_DestroyContext(ctx, 1);
+ 
+    /* Compare everything up to the salt. */
+-   rc = memcmp( userhash, dbhash, MD5_LENGTH );
++   rc = slapi_ct_memcmp( userhash, dbhash, MD5_LENGTH );
+ 
+ loser:
+    if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( (char **)&dbhash );
+diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c
+index 10870df..a38268c 100644
+--- a/ldap/servers/slapd/ch_malloc.c
++++ b/ldap/servers/slapd/ch_malloc.c
+@@ -365,3 +365,25 @@ slapi_ch_smprintf(const char *fmt, ...)
+ 	return p;
+ }
+ #endif
++
++/* Constant time memcmp. Does not shortcircuit on failure! */
++/* This relies on p1 and p2 both being size at least n! */
++int
++slapi_ct_memcmp( const void *p1, const void *p2, size_t n)
++{
++    int result = 0;
++    const unsigned char *_p1 = (const unsigned char *)p1;
++    const unsigned char *_p2 = (const unsigned char *)p2;
++
++    if (_p1 == NULL || _p2 == NULL) {
++        return 2;
++    }
++
++    for (size_t i = 0; i < n; i++) {
++        if (_p1[i] ^ _p2[i]) {
++            result = 1;
++        }
++    }
++    return result;
++}
++
+diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
+index a7e544a..165fb05 100644
+--- a/ldap/servers/slapd/slapi-plugin.h
++++ b/ldap/servers/slapd/slapi-plugin.h
+@@ -5825,6 +5825,22 @@ char * slapi_ch_smprintf(const char *fmt, ...)
+ #else
+         ;
+ #endif
++/**
++ * slapi_ct_memcmp is a constant time memory comparison function. This is for
++ * use with password hashes and other locations which could lead to a timing
++ * attack due to early shortcut returns. This function *does not* shortcircuit
++ * during the comparison, always checking every byte regardless if it has already
++ * found that the memory does not match.
++ *
++ * WARNING! p1 and p2 must both reference content that is at least of size 'n'.
++ * Else this function may over-run (And will certainly fail).
++ *
++ * \param p1 pointer to first value to check.
++ * \param p2 pointer to second value to check.
++ * \param n length in bytes of the content of p1 AND p2.
++ * \return 0 on match. 1 on non-match. 2 on presence of NULL pointer in p1 or p2.
++ */
++int slapi_ct_memcmp( const void *p1, const void *p2, size_t n);
+ 
+ /*
+  * syntax plugin routines
+-- 
+2.4.11
+
diff --git a/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
deleted file mode 100644
index 21a99ea..0000000
--- a/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 413414c98313a076111d8e40a7a10fa369433e6e Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 16 Jul 2015 10:34:47 -0700
-Subject: [PATCH 24/30] Ticket #48226 - In MMR, double free coould occur under
- some special condition
-
-Bug description:
-  In a replicated topology, a authenticated user that have write access
-  on an entry can send a series of operations that crash the server.
-  The crash is due to an access to a already freed buffer.
-Fix description:
-  To avoid the double free, duplicate a CSNSet and assign it to the
-  Slapi_Value.
-
-https://fedorahosted.org/389/ticket/48226
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit a0f8e0f981a046882db299a7a6d6d1c01bc19571)
-(cherry picked from commit bdbc81e62eb8d7b8dfb298c7ba983cf86353fe66)
----
- ldap/servers/slapd/valueset.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 0cf3ded..7eabb82 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1415,8 +1415,9 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- 			if(v)
- 			{
- 				value_update_csn(v,t,csn);
--				if (csnref_updated)
--					valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
-+				if (csnref_updated) {
-+					valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
-+				}
- 				valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
- 				valuestoupdate[i]= NULL;
- 				del_count++;
--- 
-1.9.3
-
diff --git a/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch b/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch
new file mode 100644
index 0000000..ddaf136
--- /dev/null
+++ b/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch
@@ -0,0 +1,48 @@
+From c9561cbb81fe1504a5741df44dd8c1103134c065 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Sat, 30 Jul 2016 16:56:57 -0700
+Subject: [PATCH 24/29] Ticket #48943 - When fine-grained policy is applied, a
+ sub-tree has a priority over a user while changing password
+
+Description: If the user entry has a pwdpolicysubentry, the configuration
+in the pwpolicy should be the strongest and respected.  If the entry does
+not have it, it retrieves the pwpolicy from the CoS Cache, which is the
+current behaviour.
+
+https://fedorahosted.org/389/ticket/48943
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 802224f2846900c870a780fe7608782792806d85)
+---
+ ldap/servers/slapd/pw.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 498afd4..6b865ec 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -1777,9 +1777,17 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
+ 			attribute in the target entry itself. */
+ 		} else {
+ 			if ( (e = get_entry( pb, dn )) != NULL ) {
+-				rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values,
+-					&type_name_disposition, &actual_type_name, 
+-					SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags);
++				Slapi_Attr* attr = NULL;
++				rc = slapi_entry_attr_find(e, "pwdpolicysubentry", &attr);
++				if (attr && (0 == rc)) {
++					/* If the entry has pwdpolicysubentry, use the PwPolicy. */
++					values = valueset_dup(&attr->a_present_values);
++				} else {
++					/* Otherwise, retrieve the policy from CoS Cache */
++					rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values,
++						&type_name_disposition, &actual_type_name,
++						SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags);
++				}
+ 				if (rc) {
+ 					values = NULL;
+ 				}
+-- 
+2.4.11
+
diff --git a/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index 3db39ae..0000000
--- a/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From e6b20ffcc995b2ac190b96850073c0569bc6d294 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 16 Jul 2015 10:41:53 -0700
-Subject: [PATCH 25/30] Ticket #48226 - CI test: added test cases for ticket
- 48226
-
-Description: In MMR, double free coould occur under some special condition
-
-This test script was written by thierry bordaz <tbordaz@redhat.com>.
-A small modification to check the memory leak was added.
-
-(cherry picked from commit f5d24450477f8341261c3e5cb5c54ec1ab83328f)
-(cherry picked from commit 8600a5eabc78848ad1bf0a9c2014823d0cd6cedc)
----
- dirsrvtests/tickets/ticket48226_test.py | 239 ++++++++++++++++++++++++++++++++
- 1 file changed, 239 insertions(+)
- create mode 100644 dirsrvtests/tickets/ticket48226_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48226_test.py b/dirsrvtests/tickets/ticket48226_test.py
-new file mode 100644
-index 0000000..87814e7
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48226_test.py
-@@ -0,0 +1,239 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2015 Red Hat, Inc.
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details. 
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyReplication(object):
-+    def __init__(self, master1, master2):
-+        master1.open()
-+        self.master1 = master1
-+        master2.open()
-+        self.master2 = master2
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    global installation1_prefix
-+    os.environ['USE_VALGRIND'] = '1'
-+    if installation1_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+    # Creating master 1...
-+    master1 = DirSrv(verbose=False)
-+    if installation1_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+    args_instance[SER_HOST] = HOST_MASTER_1
-+    args_instance[SER_PORT] = PORT_MASTER_1
-+    args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
-+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+    args_master = args_instance.copy()
-+    master1.allocate(args_master)
-+    instance_master1 = master1.exists()
-+    if instance_master1:
-+        master1.delete()
-+    master1.create()
-+    master1.open()
-+    master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1)
-+
-+    # Creating master 2...
-+    master2 = DirSrv(verbose=False)
-+    if installation1_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+    args_instance[SER_HOST] = HOST_MASTER_2
-+    args_instance[SER_PORT] = PORT_MASTER_2
-+    args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2
-+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+    args_master = args_instance.copy()
-+    master2.allocate(args_master)
-+    instance_master2 = master2.exists()
-+    if instance_master2:
-+        master2.delete()
-+    master2.create()
-+    master2.open()
-+    master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2)
-+
-+    #
-+    # Create all the agreements
-+    #
-+    # Creating agreement from master 1 to master 2
-+    properties = {RA_NAME:      r'meTo_$host:$port',
-+                  RA_BINDDN:    defaultProperties[REPLICATION_BIND_DN],
-+                  RA_BINDPW:    defaultProperties[REPLICATION_BIND_PW],
-+                  RA_METHOD:    defaultProperties[REPLICATION_BIND_METHOD],
-+                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
-+    m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
-+    if not m1_m2_agmt:
-+        log.fatal("Fail to create a master -> master replica agreement")
-+        sys.exit(1)
-+    log.debug("%s created" % m1_m2_agmt)
-+
-+    # Creating agreement from master 2 to master 1
-+    properties = {RA_NAME:      r'meTo_$host:$port',
-+                  RA_BINDDN:    defaultProperties[REPLICATION_BIND_DN],
-+                  RA_BINDPW:    defaultProperties[REPLICATION_BIND_PW],
-+                  RA_METHOD:    defaultProperties[REPLICATION_BIND_METHOD],
-+                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
-+    m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
-+    if not m2_m1_agmt:
-+        log.fatal("Fail to create a master -> master replica agreement")
-+        sys.exit(1)
-+    log.debug("%s created" % m2_m1_agmt)
-+
-+    # Allow the replicas to get situated with the new agreements...
-+    time.sleep(5)
-+
-+    #
-+    # Initialize all the agreements
-+    #
-+    master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2)
-+    master1.waitForReplInit(m1_m2_agmt)
-+
-+    # Check replication is working...
-+    if master1.testReplication(DEFAULT_SUFFIX, master2):
-+        log.info('Replication is working.')
-+    else:
-+        log.fatal('Replication is not working.')
-+        assert False
-+
-+    # Clear out the tmp dir
-+    master1.clearTmpDir(__file__)
-+
-+    return TopologyReplication(master1, master2)
-+
-+def test_ticket11111_set_purgedelay(topology):
-+    args = {REPLICA_PURGE_DELAY: '5',
-+            REPLICA_PURGE_INTERVAL: '5'}
-+    try:
-+        topology.master1.replica.setProperties(DEFAULT_SUFFIX, None, None, args)
-+    except:
-+        log.fatal('Failed to configure replica')
-+        assert False
-+    try:
-+        topology.master2.replica.setProperties(DEFAULT_SUFFIX, None, None, args)
-+    except:
-+        log.fatal('Failed to configure replica')
-+        assert False
-+    topology.master1.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')])
-+    topology.master2.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')])
-+    topology.master1.restart(10)
-+    topology.master2.restart(10)
-+    
-+
-+def test_ticket11111_1(topology):
-+    name = 'test_entry'
-+    dn = "cn=%s,%s" % (name, SUFFIX)
-+    
-+    topology.master1.add_s(Entry((dn , {
-+                                            'objectclass': "top person".split(),
-+                                            'sn': name,
-+                                            'cn': name})))
-+                                            
-+    # First do an update that is replicated
-+    mods = [(ldap.MOD_ADD, 'description', '5')]
-+    topology.master1.modify_s(dn, mods)
-+    
-+    nbtry = 0
-+    while (nbtry <= 10):
-+        try:
-+            ent = topology.master2.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", ['description'])
-+            if ent.hasAttr('description') and ent.getValue('description') == '5':
-+                break
-+        except ldap.NO_SUCH_OBJECT:
-+            pass
-+        nbtry = nbtry + 1
-+        time.sleep(1)
-+    assert nbtry <= 10
-+    
-+    # Stop M2 so that it will not receive the next update
-+    topology.master2.stop(10)
-+    
-+    # ADD a new value that is not replicated
-+    mods = [(ldap.MOD_DELETE, 'description', '5')]
-+    topology.master1.modify_s(dn, mods)
-+    
-+    # Stop M1 so that it will keep del '5' that is unknown from master2
-+    topology.master1.stop(10)
-+    
-+    # Get the sbin directory so we know where to replace 'ns-slapd'
-+    sbin_dir = get_sbin_dir(prefix=topology.master2.prefix)
-+
-+    # Enable valgrind
-+    valgrind_enable(sbin_dir)
-+
-+    # start M2 to do the next updates
-+    topology.master2.start(10)
-+    
-+    # ADD 'description' by '5' 
-+    mods = [(ldap.MOD_DELETE, 'description', '5')]
-+    topology.master2.modify_s(dn, mods)
-+    
-+    # DEL 'description' by '5'
-+    mods = [(ldap.MOD_ADD, 'description', '5')]
-+    topology.master2.modify_s(dn, mods)
-+    
-+    # sleep of purgedelay so that the next update will purge the CSN_7
-+    time.sleep(6)
-+    
-+    # ADD 'description' by '8' that purge the state info
-+    mods = [(ldap.MOD_ADD, 'description', '6')]
-+    topology.master2.modify_s(dn, mods)
-+
-+    if valgrind_check_leak(topology.master2, 'csnset_dup'):
-+        log.error('test_csnset_dup: Memory leak is present!')
-+    else:
-+        log.info('test_csnset_dup: No leak is present!')
-+    
-+    if valgrind_check_leak(topology.master2, 'Invalid'):
-+        log.info('Valgrind reported invalid!')
-+    else:
-+        log.info('Valgrind is happy!')
-+    
-+    #log.info("You can attach yourself")
-+    #time.sleep(60)
-+    
-+    # Enable valgrind
-+    valgrind_disable(sbin_dir)
-+
-+    topology.master1.start(10)
-+
-+    
-+def test_ticket11111_final(topology):
-+    topology.master1.delete()
-+    topology.master2.delete()
-+    log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+    global installation1_prefix
-+    installation1_prefix = None
-+
-+    topo = topology(True)
-+    test_ticket11111_set_purgedelay(topo)
-+    test_ticket11111_1(topo)
-+    
-+
-+if __name__ == '__main__':
-+    run_isolated()
-+
--- 
-1.9.3
-
diff --git a/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch b/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch
new file mode 100644
index 0000000..048a4f4
--- /dev/null
+++ b/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch
@@ -0,0 +1,268 @@
+From c8c5237c0dc6b5b1a0dc0b040bf2ca5058222141 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <spichugi@redhat.com>
+Date: Thu, 28 Jul 2016 11:53:47 +0200
+Subject: [PATCH 25/29] Ticket 48943 - Add CI Test for the password test suite
+
+Description: Test that fine-grained pwdpolicy on the entry has a
+priority over fine-grained pwdpolicy on the subtree the entry belongs
+to. Use passwordChange attribute to verify that.
+
+https://fedorahosted.org/389/ticket/48943
+
+Reviewed by: mreynolds (Thanks!)
+
+(cherry picked from commit a20538f482089615ceff1947a3e237a87f31a781)
+---
+ .../tests/suites/password/pwd_change_policytest.py | 240 +++++++++++++++++++++
+ 1 file changed, 240 insertions(+)
+ create mode 100644 dirsrvtests/tests/suites/password/pwd_change_policytest.py
+
+diff --git a/dirsrvtests/tests/suites/password/pwd_change_policytest.py b/dirsrvtests/tests/suites/password/pwd_change_policytest.py
+new file mode 100644
+index 0000000..1d48c65
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwd_change_policytest.py
+@@ -0,0 +1,240 @@
++import os
++import sys
++import time
++import subprocess
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = False
++OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX)
++TEST_USER_NAME = 'simplepaged_test'
++TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE)
++TEST_USER_PWD = 'simplepaged_test'
++PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\
++                      'ou=people,dc=example,dc=com",'\
++                      'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\
++                        'ou=people,dc=example,dc=com",'\
++                        'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++
++if DEBUGGING:
++    logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++    logging.getLogger(__name__).setLevel(logging.INFO)
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++    """The DS Topology Class"""
++    def __init__(self, standalone):
++        """Init"""
++        standalone.open()
++        self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    """Create DS Deployment"""
++
++    # Creating standalone instance ...
++    if DEBUGGING:
++        standalone = DirSrv(verbose=True)
++    else:
++        standalone = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_STANDALONE
++    args_instance[SER_PORT] = PORT_STANDALONE
++    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_standalone = args_instance.copy()
++    standalone.allocate(args_standalone)
++    instance_standalone = standalone.exists()
++    if instance_standalone:
++        standalone.delete()
++    standalone.create()
++    standalone.open()
++
++    def fin():
++        """If we are debugging just stop the instances, otherwise remove
++        them
++        """
++        if DEBUGGING:
++            standalone.stop()
++        else:
++            standalone.delete()
++
++    request.addfinalizer(fin)
++
++
++    return TopologyStandalone(standalone)
++
++
++@pytest.fixture(scope="module")
++def test_user(topology, request):
++    """User for binding operation"""
++
++    log.info('Adding user {}'.format(TEST_USER_DN))
++    try:
++        topology.standalone.add_s(Entry((TEST_USER_DN, {
++                                        'objectclass': 'top person'.split(),
++                                        'objectclass': 'organizationalPerson',
++                                        'objectclass': 'inetorgperson',
++                                        'cn': TEST_USER_NAME,
++                                        'sn': TEST_USER_NAME,
++                                        'userpassword': TEST_USER_PWD,
++                                        'mail': '%s@redhat.com' % TEST_USER_NAME,
++                                        'uid': TEST_USER_NAME
++                                        })))
++    except ldap.LDAPError as e:
++        log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
++                                                           e.message['desc']))
++        raise e
++
++    def fin():
++        log.info('Deleting user {}'.format(TEST_USER_DN))
++        topology.standalone.delete_s(TEST_USER_DN)
++    request.addfinalizer(fin)
++
++
++@pytest.fixture(scope="module")
++def password_policy(topology, test_user):
++    """Set up password policy for subtree and user"""
++
++    log.info('Enable fine-grained policy')
++    try:
++        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
++                                                  'nsslapd-pwpolicy-local',
++                                                  'on')])
++    except ldap.LDAPError as e:
++        log.error('Failed to set fine-grained policy: error {}'.format(
++            e.message['desc']))
++        raise e
++
++    log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
++    try:
++        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++                         '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++                         '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
++    except subprocess.CalledProcessError as e:
++        log.error('Failed to create pw policy policy for {}: error {}'.format(
++            OU_PEOPLE, e.message['desc']))
++        raise e
++
++    log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE))
++    try:
++        topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE,
++                                                  'pwdpolicysubentry',
++                                                  PW_POLICY_CONT_PEOPLE)])
++    except ldap.LDAPError as e:
++        log.error('Failed to pwdpolicysubentry pw policy '\
++                  'policy for {}: error {}'.format(OU_PEOPLE,
++                                                   e.message['desc']))
++        raise e
++
++    log.info('Create password policy for subtree {}'.format(TEST_USER_DN))
++    try:
++        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++                         '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++                         '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE])
++    except subprocess.CalledProcessError as e:
++        log.error('Failed to create pw policy policy for {}: error {}'.format(
++            TEST_USER_DN, e.message['desc']))
++        raise e
++
++    log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN))
++    try:
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'pwdpolicysubentry',
++                                                     PW_POLICY_CONT_USER)])
++    except ldap.LDAPError as e:
++        log.error('Failed to pwdpolicysubentry pw policy '\
++                  'policy for {}: error {}'.format(TEST_USER_DN,
++                                                   e.message['desc']))
++        raise e
++
++
++@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',
++                         [('off', 'on', None), ('on', 'on', None),
++                          ('on', 'off', ldap.UNWILLING_TO_PERFORM),
++                          ('off', 'off', ldap.UNWILLING_TO_PERFORM)])
++def test_change_pwd(topology, test_user, password_policy,
++                    subtree_pwchange, user_pwchange, exception):
++    """Verify that 'passwordChange' attr works as expected
++    User should have a priority over a subtree.
++
++    :Feature: Password policy
++
++    :Setup: Standalone instance, test user,
++            password policy entries for a user and a subtree
++
++    :Steps: 1. Set passwordChange on the user and the subtree
++               to various combinations
++            2. Bind as test user
++            3. Try to change password
++
++    :Assert: Subtree/User passwordChange - result
++             off/on, on/on - success
++             on/off, off/off - UNWILLING_TO_PERFORM
++    """
++
++    log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange,
++                                                      PW_POLICY_CONT_PEOPLE))
++    try:
++        topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
++                                                             'passwordChange',
++                                                             subtree_pwchange)])
++    except ldap.LDAPError as e:
++        log.error('Failed to set passwordChange '\
++                  'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
++                                                   e.message['desc']))
++        raise e
++
++
++    log.info('Set passwordChange to "{}" - {}'.format(user_pwchange,
++                                                      PW_POLICY_CONT_USER))
++    try:
++        topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
++                                                            'passwordChange',
++                                                            user_pwchange)])
++    except ldap.LDAPError as e:
++        log.error('Failed to set passwordChange '\
++                  'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
++                                                   e.message['desc']))
++        raise e
++
++    try:
++        log.info('Bind as user and modify userPassword')
++        topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++        if exception:
++            with pytest.raises(exception):
++                topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                            'userPassword',
++                                                            'new_pass')])
++        else:
++            topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                        'userPassword',
++                                                        'new_pass')])
++    except ldap.LDAPError as e:
++        log.error('Failed to change userpassword for {}: error {}'.format(
++            TEST_USER_DN, e.message['info']))
++        raise e
++    finally:
++        log.info('Bind as DM')
++        topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'userPassword',
++                                                     TEST_USER_PWD)])
++
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
+-- 
+2.4.11
+
diff --git a/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch b/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
deleted file mode 100644
index 275a95c..0000000
--- a/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
+++ /dev/null
@@ -1,293 +0,0 @@
-From 1acfdbb4428c70f7f6058da4374ecb29f9bb3149 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 17 Jul 2015 15:08:00 -0400
-Subject: [PATCH 26/30] Ticket 48179 - Starting a replica agreement can lead to
-  deadlock
-
-Bug Description:  When starting a replica agreement and setting the agmt maxcsn
-                  a deadlock can occur with another op updating nsuniqueid index.
-                  When setting the agmt maxcsn the server searches for the tombstone
-                  ruv which uses the nsuniqueid index, and it does this while holding
-                  the repl agmt lock.  If another thread is doing a delete and
-                  writing to the change log, it can also grab a write lock on the
-                  nsuniqueid index, before it attempts to grab the agmt lock.  This
-                  can lead to a deadlock if the timing is right.
-
-Fix Description:  When starting the agmt and setting the agmt maxcsn, search/get
-                  the tombstone ruv before we take the repl agmt lock.
-
-https://fedorahosted.org/389/ticket/48179
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit eb3086dcb0c56a23d6cee00a12f38b2584fe59a2)
-(cherry picked from commit 23a3ff6082cba3eb749401eff44942b16dc30538)
----
- ldap/servers/plugins/replication/repl5.h      |   1 -
- ldap/servers/plugins/replication/repl5_agmt.c | 211 ++++++++++++--------------
- 2 files changed, 101 insertions(+), 111 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 4a5d859..0b0f26b 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -380,7 +380,6 @@ PRUint64 agmt_get_protocol_timeout(Repl_Agmt *agmt);
- void agmt_set_protocol_timeout(Repl_Agmt *agmt, PRUint64 timeout);
- void agmt_update_maxcsn(Replica *r, Slapi_DN *sdn, int op, LDAPMod **mods, CSN *csn);
- void add_agmt_maxcsns(Slapi_Entry *e, Replica *r);
--void agmt_set_maxcsn(Repl_Agmt *ra);
- void agmt_remove_maxcsn(Repl_Agmt *ra);
- int agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod);
- int agmt_set_WaitForAsyncResults(Repl_Agmt *ra, const Slapi_Entry *e);
-diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
-index 9d1a8f2..f84eacb 100644
---- a/ldap/servers/plugins/replication/repl5_agmt.c
-+++ b/ldap/servers/plugins/replication/repl5_agmt.c
-@@ -668,43 +668,127 @@ int
- agmt_start(Repl_Agmt *ra)
- {
-     Repl_Protocol *prot = NULL;
-+    Slapi_PBlock *pb = NULL;
-+    Slapi_Entry **entries = NULL;
-+    Slapi_DN *repl_sdn = NULL;
-+    char *attrs[2];
-+    int protocol_state;
-+    int found_ruv = 0;
-+    int rc = 0;
- 
--	int protocol_state;
--
--	/*	To Allow Consumer Initialisation when adding an agreement: */	
--	if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE)
--	{
--		protocol_state = STATE_PERFORMING_TOTAL_UPDATE;
--	}
--	else
--	{
--		protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE;
--	}
-+    /*	To Allow Consumer Initialisation when adding an agreement: */
-+    if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE){
-+        protocol_state = STATE_PERFORMING_TOTAL_UPDATE;
-+    } else {
-+        protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE;
-+    }
- 
-     /* First, create a new protocol object */
-     if ((prot = prot_new(ra, protocol_state)) == NULL) {
-         return -1;
-     }
- 
--    /* Now it is safe to own the agreement lock */
-+    /*
-+     * Set the agmt maxcsn
-+     *
-+     * We need to get the replica ruv before we take the
-+     * agmt lock to avoid potential deadlocks on the nsuniqueid
-+     * index.
-+     */
-+    repl_sdn = agmt_get_replarea(ra);
-+
-+    pb = slapi_pblock_new();
-+    attrs[0] = (char*)type_agmtMaxCSN;
-+    attrs[1] = NULL;
-+    slapi_search_internal_set_pb_ext(
-+        pb,
-+        repl_sdn,
-+        LDAP_SCOPE_BASE,
-+        "objectclass=*",
-+        attrs,
-+        0,
-+        NULL,
-+        RUV_STORAGE_ENTRY_UNIQUEID,
-+        repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION),
-+        OP_FLAG_REPLICATED);
-+    slapi_search_internal_pb (pb);
-+
-+    slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
-+    if (rc == LDAP_SUCCESS){
-+        slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+        if (NULL == entries || NULL == entries[0]){
-+            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+                "agmt_start: replica ruv tombstone entry for "
-+                "replica %s not found\n",
-+            slapi_sdn_get_dn(ra->replarea));
-+        } else {
-+            found_ruv = 1;
-+        }
-+    }
-+
-+    /*
-+     * Now it is safe to own the agreement lock
-+     */
-     PR_Lock(ra->lock);
- 
-     /* Check that replication is not already started */
-     if (ra->protocol != NULL) {
-         slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "replication already started for agreement \"%s\"\n", agmt_get_long_name(ra));
--        PR_Unlock(ra->lock);
-         prot_free(&prot);
--        return 0;
-+        goto done;
-     }
- 
-+    /* Set and start the protocol */
-     ra->protocol = prot;
--
--    /* Start the protocol thread */
-     prot_start(ra->protocol);
- 
--    agmt_set_maxcsn(ra);
-+    /*
-+     * If we found the repl ruv, set the agmt maxcsn...
-+     */
-+    if (found_ruv){
-+        Replica *r;
-+        Object *repl_obj;
-+        char **maxcsns = NULL;
-+        int i;
- 
-+        maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN);
-+        repl_obj = prot_get_replica_object(ra->protocol);
-+        if(repl_obj && maxcsns){
-+            r = (Replica *)object_get_data(repl_obj);
-+            if(r){
-+                /*
-+                 * Loop over all the agmt maxcsns and find ours...
-+                 */
-+                for(i = 0; maxcsns[i]; i++){
-+                    char buf[BUFSIZ];
-+                    char unavail_buf[BUFSIZ];
-+
-+                    PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(repl_sdn),
-+                                slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
-+                                ra->hostname, ra->port);
-+                    PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(repl_sdn),
-+                                slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
-+                                ra->hostname, ra->port);
-+                    if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
-+                    	/* Set the maxcsn */
-+                        slapi_ch_free_string(&ra->maxcsn);
-+                        ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
-+                        ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
-+                        ra->tmpConsumerRID = 1;
-+                        break;
-+                    }
-+                }
-+            }
-+        }
-+        slapi_ch_array_free(maxcsns);
-+    }
-+
-+done:
-     PR_Unlock(ra->lock);
-+    slapi_free_search_results_internal(pb);
-+    slapi_pblock_destroy (pb);
-+    slapi_sdn_free(&repl_sdn);
-+
-     return 0;
- }
- 
-@@ -3052,99 +3136,6 @@ agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod)
- }
- 
- /*
-- *  Called when we start a repl agmt
-- */
--void
--agmt_set_maxcsn(Repl_Agmt *ra)
--{
--    Slapi_PBlock *pb = NULL;
--    Slapi_Entry **entries = NULL;
--    Replica *r = NULL;
--    Object *repl_obj;
--    const Slapi_DN *tombstone_sdn = NULL;
--    char *attrs[2];
--    int rc;
--
--    /* read ruv state from the ruv tombstone entry */
--    pb = slapi_pblock_new();
--    if (!pb) {
--        slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmt_set_maxcsn: Out of memory\n");
--        goto done;
--    }
--    repl_obj = prot_get_replica_object(ra->protocol);
--    if(repl_obj){
--        r = (Replica *)object_get_data(repl_obj);
--        tombstone_sdn = replica_get_root(r);
--    }
--    ra->maxcsn = NULL;
--    attrs[0] = (char*)type_agmtMaxCSN;
--    attrs[1] = NULL;
--    slapi_search_internal_set_pb_ext(
--        pb,
--        (Slapi_DN *)tombstone_sdn,
--        LDAP_SCOPE_BASE,
--        "objectclass=*",
--        attrs,
--        0, /* attrsonly */
--        NULL, /* controls */
--        RUV_STORAGE_ENTRY_UNIQUEID,
--        repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION),
--        OP_FLAG_REPLICATED);  /* flags */
--    slapi_search_internal_pb (pb);
--
--    slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
--    if (rc == LDAP_SUCCESS){
--        Replica *r;
--        Object *repl_obj;
--        char **maxcsns;
--        int i;
--
--        slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
--        if (NULL == entries || NULL == entries[0]){
--            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
--                "agmt_set_maxcsn: replica ruv tombstone entry for "
--                "replica %s not found\n",
--            slapi_sdn_get_dn(ra->replarea));
--            goto done;
--        }
--        maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN);
--        repl_obj = prot_get_replica_object(ra->protocol);
--        if(repl_obj && maxcsns){
--            r = (Replica *)object_get_data(repl_obj);
--            if(r){
--                /*
--                 * Loop over all the agmt maxcsns and find ours
--                 */
--                for(i = 0; maxcsns[i]; i++){
--                    char buf[BUFSIZ];
--                    char unavail_buf[BUFSIZ];
--
--                    PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(ra->replarea),
--                    		slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
--                    		ra->hostname, ra->port);
--                    PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(ra->replarea),
--                    		slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
--                    		ra->hostname, ra->port);
--                    if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
--                        slapi_ch_free_string(&ra->maxcsn);
--                        ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
--                        ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
--                        ra->tmpConsumerRID = 1;
--                        break;
--                    }
--                }
--            }
--        }
--        slapi_ch_array_free(maxcsns);
--    }
--done:
--    if (NULL != pb){
--        slapi_free_search_results_internal(pb);
--        slapi_pblock_destroy (pb);
--    }
--}
--
--/*
-  * Parse out the consumer replicaID from the agmt maxcsn
-  *
-  *  "repl area;agmt_rdn;hostname;port;consumer_rid;maxcsn"
--- 
-1.9.3
-
diff --git a/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch b/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch
new file mode 100644
index 0000000..c7bda39
--- /dev/null
+++ b/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch
@@ -0,0 +1,66 @@
+From f6f3f89e723d26cdad16e0d70d21e2361b9ac8bb Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 28 Jul 2016 22:23:20 -0700
+Subject: [PATCH 26/29] Ticket #48936 - Duplicate collation entries
+
+Description: In the fix for "Ticket #53 - Need to update supported locales",
+some locales were not set country and variant codes correctly, which caused
+the duplicate matchintRules.  Also, ig-NG was mapped to a wrong locale.
+
+An example of the broken matchingRules.
+Before the fix>
+  matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+  matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+After the fix>
+  matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+  matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch-sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+https://fedorahosted.org/389/ticket/48936
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit 3e3dff89c29afdf52a32e4d44f01bddedd60bcd3)
+---
+ ldap/schema/slapd-collations.conf | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/ldap/schema/slapd-collations.conf b/ldap/schema/slapd-collations.conf
+index 9f653e4..31fa477 100644
+--- a/ldap/schema/slapd-collations.conf
++++ b/ldap/schema/slapd-collations.conf
+@@ -88,7 +88,7 @@ collation as "" "" 1 3	2.16.840.1.113730.3.3.2.71.1	as
+ collation as IN "" 1 3	2.16.840.1.113730.3.3.2.72.1	as-IN
+ collation az "" "" 1 3	2.16.840.1.113730.3.3.2.73.1	az
+ collation az Latn "" 1 3	2.16.840.1.113730.3.3.2.74.1	az-Latn
+-collation az Latn_AZ "" 1 3	2.16.840.1.113730.3.3.2.75.1	az-Latn-AZ
++collation az Latn AZ 1 3	2.16.840.1.113730.3.3.2.75.1	az-Latn-AZ
+ collation bn "" "" 1 3	2.16.840.1.113730.3.3.2.76.1	bn
+ collation bn BD "" 1 3	2.16.840.1.113730.3.3.2.77.1	bn-BD
+ collation bn IN "" 1 3	2.16.840.1.113730.3.3.2.78.1	bn-IN
+@@ -189,8 +189,8 @@ collation ha Latn NG 1 3	2.16.840.1.113730.3.3.2.172.1	ha-Latn-NG
+ collation he "" "" 1 3	2.16.840.1.113730.3.3.2.173.1	he	he-IL
+ collation hi "" "" 1 3	2.16.840.1.113730.3.3.2.174.1	hi	hi-IN
+ collation hy "" "" 1 3	2.16.840.1.113730.3.3.2.175.1	hy	hy-AM
+-collation id "" "" 1 3	2.16.840.1.113730.3.3.2.176.1	id-ID
+-collation id ID "" 1 3	2.16.840.1.113730.3.3.2.177.1	ig-NG
++collation id "" "" 1 3	2.16.840.1.113730.3.3.2.176.1	id	id-ID
++collation ig "" "" 1 3	2.16.840.1.113730.3.3.2.177.1	ig	ig-NG
+ collation it IT "" 1 3	2.16.840.1.113730.3.3.2.178.1	it-IT
+ collation ka "" "" 1 3	2.16.840.1.113730.3.3.2.179.1	ka
+ collation ka GE "" 1 3	2.16.840.1.113730.3.3.2.180.1	ka-GE
+@@ -224,9 +224,9 @@ collation ru MD "" 1 3	2.16.840.1.113730.3.3.2.207.1	ru-MD
+ collation ru RU "" 1 3	2.16.840.1.113730.3.3.2.208.1	ru-RU
+ collation ru UA "" 1 3	2.16.840.1.113730.3.3.2.209.1	ru-UA
+ collation si "" "" 1 3	2.16.840.1.113730.3.3.2.210.1	si	si-LK
+-collation sk "" "" 1 3	2.16.840.1.113730.3.3.2.211.1	sk	sk-SK
+-collation sl "" "" 1 3	2.16.840.1.113730.3.3.2.212.1	sl	sl-SI
+-collation sq "" "" 1 3	2.16.840.1.113730.3.3.2.213.1	sq	sq-AL
++collation sk SK "" 1 3	2.16.840.1.113730.3.3.2.211.1	sk-SK
++collation sl SI "" 1 3	2.16.840.1.113730.3.3.2.212.1	sl-SI
++collation sq AL "" 1 3	2.16.840.1.113730.3.3.2.213.1	sq-AL
+ collation sr Cyrl "" 1 3	2.16.840.1.113730.3.3.2.214.1	sr-Cyrl
+ collation sr Cyrl BA 1 3	2.16.840.1.113730.3.3.2.215.1	sr-Cyrl-BA
+ collation sr Cyrl ME 1 3	2.16.840.1.113730.3.3.2.216.1	sr-Cyrl-ME
+-- 
+2.4.11
+
diff --git a/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch b/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
deleted file mode 100644
index 5ad4f0c..0000000
--- a/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 422028f6589250523c8a8669827bd0cccc347090 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 20 Jul 2015 11:18:12 -0400
-Subject: [PATCH 27/30] Ticket 47910 - logconv.pl - check that the end time is
- greater than the start time
-
-Bug Description:  There is no check if the end time is greater than the start time.
-                  This leads to an empty report being generated, when an error
-                  should be returned instead.
-
-Fix Description:  If start and end time are used, validate that the end time is
-                  greater than the start time.
-
-                  Also, improved an error message when the tool options are not
-                  correctly used.
-
-https://fedorahosted.org/389/ticket/47910
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 34ffa6c44734b99c252e7585bb499089ac8e6a67)
-(cherry picked from commit 16b95b12d26fb293d68be154c602398798353bb8)
----
- ldap/admin/src/logconv.pl | 22 +++++++++++++++++-----
- 1 file changed, 17 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index d26e91e..0038a03 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -148,14 +148,13 @@ while($arg_count <= $#ARGV){
- }
- 
- if($file_count == 0){
--	if($reportStatsSecFile or $reportStatsMinFile){
--		print "Usage error for option -m or -M, either the output file or access log is missing!\n\n";
--	} else {
--		print "There are no access logs specified!\n\n";
--	}
-+	print "There are no access logs specified, or the tool options have not been used correctly!\n";
- 	exit 1;
- }
- 
-+#
-+# Initialize the statistic blocks
-+#
- if ($reportStatsSecFile) {
- 	$s_stats = new_stats_block($reportStatsSecFile);
- 	$reportStats = "-m";
-@@ -357,6 +356,19 @@ my %monthname = (
- 
- );
- 
-+#
-+# Validate start/end times (if specified)
-+#
-+if ($startTime and $endTime){
-+	# Make sure the end time is not earlier than the start time
-+	my $testStart = convertTimeToSeconds($startTime);
-+	my $testEnd = convertTimeToSeconds($endTime);
-+	if ($testStart > $testEnd){
-+		print "Start time ($startTime) is greater than end time ($endTime)!\n";
-+		exit 1;
-+	}
-+}
-+
- my $linesProcessed;
- my $lineBlockCount;
- my $cursize = 0;
--- 
-1.9.3
-
diff --git a/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch b/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch
new file mode 100644
index 0000000..7e2dfcf
--- /dev/null
+++ b/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch
@@ -0,0 +1,111 @@
+From 8afc979b47994c8bebae22868b86761590231e09 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Fri, 29 Jul 2016 14:36:19 +1000
+Subject: [PATCH 27/29] Ticket 48450 - Add prestart work around for systemd ask
+ password
+
+Bug Description:  Due to a lack of response to fix the systemd ask password
+permissions, we must resolve this ourselves. Without this, we cannot utilise
+the ask password feature at all.
+
+Fix Description:  We add an execstartpre script, that parses dse.ldif for
+the running server user. If found, we add the acl to ask-password directory
+which will allow the server to start. We do this so that if each instance
+has a unique user, they can all use ask pass correctly.
+
+https://fedorahosted.org/389/ticket/48450
+
+Author: wibrown
+
+Review by: nhosoi (Thanks)
+
+(cherry picked from commit e6b48924adb753f47683f25fab6e2b8e5d3cf84c)
+---
+ Makefile.am                               |  3 ++-
+ wrappers/ds_systemd_ask_password_acl.in   | 34 +++++++++++++++++++++++++++++++
+ wrappers/systemd.template.asan.service.in |  1 +
+ wrappers/systemd.template.service.in      |  1 +
+ 4 files changed, 38 insertions(+), 1 deletion(-)
+ create mode 100644 wrappers/ds_systemd_ask_password_acl.in
+
+diff --git a/Makefile.am b/Makefile.am
+index ed3d462..3e1bf47 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -620,7 +620,8 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
+ 	ldap/admin/src/scripts/dbmon.sh \
+ 	ldap/admin/src/scripts/ds_selinux_enabled \
+ 	ldap/admin/src/scripts/ds_selinux_port_query \
+-    wrappers/ldap-agent
++	wrappers/ds_systemd_ask_password_acl \
++	wrappers/ldap-agent
+ 
+ bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
+ 	wrappers/dbscan \
+diff --git a/wrappers/ds_systemd_ask_password_acl.in b/wrappers/ds_systemd_ask_password_acl.in
+new file mode 100644
+index 0000000..59bffc5
+--- /dev/null
++++ b/wrappers/ds_systemd_ask_password_acl.in
+@@ -0,0 +1,34 @@
++#!/bin/sh
++# BEGIN COPYRIGHT BLOCK
++# Copyright (C) 2016 Red Hat, Inc.
++#
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details.
++# END COPYRIGHT BLOCK
++
++# Systemd has not fixed the issue at https://bugzilla.redhat.com/show_bug.cgi?id=1322167
++# As a result, we need a way to fix the permissions as we start.
++# We have to reset these each time, as this folder is on a tmpfs.
++# If we don't do this, we can't prompt for the password!
++# If you want this script to go away, fix the bugzilla so we don't need it!
++
++# Make sure we have the path to the dse.ldif
++if [ -z $1 ]
++then
++    echo "usage: ${0} /etc/dirsrv/slapd-<instance>/dse.ldif"
++    exit 1
++fi
++
++# Grep the user out
++
++DS_USER=`grep 'nsslapd-localuser: ' $1 | awk '{print $2}'`
++
++# Now apply the acl
++
++if [ -d /var/run/systemd/ask-password ]
++then
++    setfacl -m u:${DS_USER}:rwx /var/run/systemd/ask-password
++fi
++
+diff --git a/wrappers/systemd.template.asan.service.in b/wrappers/systemd.template.asan.service.in
+index dd361b4..5de91de 100644
+--- a/wrappers/systemd.template.asan.service.in
++++ b/wrappers/systemd.template.asan.service.in
+@@ -25,6 +25,7 @@ PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid
+ # We can't symbolize here, as llvm symbolize crashes when it goes near systemd.
+ Environment='ASAN_OPTIONS="detect_leaks=1 symbolize=0 log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.asan detect_deadlocks=1"'
+ LimitCORE=infinity
++ExecStartPre=@sbindir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
+ ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid
+ # if you need to set other directives e.g. LimitNOFILE=8192
+ # set them in this file
+diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in
+index a045036..6f096b7 100644
+--- a/wrappers/systemd.template.service.in
++++ b/wrappers/systemd.template.service.in
+@@ -22,6 +22,7 @@ Type=notify
+ EnvironmentFile=@initconfigdir@/@package_name@
+ EnvironmentFile=@initconfigdir@/@package_name@-%i
+ PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid
++ExecStartPre=@sbindir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
+ ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid
+ # if you need to set other directives e.g. LimitNOFILE=8192
+ # set them in this file
+-- 
+2.4.11
+
diff --git a/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..bad5476
--- /dev/null
+++ b/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,115 @@
+From 0f22cc8a2ab2a968b5ff0878b81bb5d39fa5a35e Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 26 Jul 2016 18:08:38 -0700
+Subject: [PATCH 28/29] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description:
+1. When an account is inactivated, the error UNWILLING_TO_PERFORM with
+   the inactivated message should be returned only when the bind is
+   successful.
+2. When SASL bind fails, instead of returning the cause of the failure
+   directly to the client, but logging it in the access log.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1347760
+
+Reviewed by wibrown@redhat.com (Thank you, William!)
+
+(cherry picked from commit b8767d510d11c7cbfede24daaae3348b9f028f47)
+---
+ ldap/servers/slapd/bind.c     | 49 ++++++++++++++++++++-----------------------
+ ldap/servers/slapd/saslbind.c |  4 ++--
+ 2 files changed, 25 insertions(+), 28 deletions(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index 702d4c2..c271577 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -720,25 +720,6 @@ do_bind( Slapi_PBlock *pb )
+                     }
+                 }
+             }
+-
+-            /*
+-             * Is this account locked ?
+-             *	could be locked through the account inactivation
+-             *	or by the password policy
+-             *
+-             * rc=0: account not locked
+-             * rc=1: account locked, can not bind, result has been sent
+-             * rc!=0 and rc!=1: error. Result was not sent, lets be_bind
+-             * 		deal with it.
+-             *
+-             */
+-
+-            /* get the entry now, so that we can give it to slapi_check_account_lock and reslimit_update_from_dn */
+-            if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
+-                bind_target_entry = get_entry(pb,  slapi_sdn_get_ndn(sdn));
+-                rc = slapi_check_account_lock ( pb, bind_target_entry, pw_response_requested, 1, 1);
+-            }
+-
+             slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database );
+             set_db_default_result_handlers(pb);
+             if ( (rc != 1) && 
+@@ -777,6 +758,28 @@ do_bind( Slapi_PBlock *pb )
+ 
+                 if ( rc == SLAPI_BIND_SUCCESS ) {
+                     int myrc = 0;
++                    /* 
++                     * The bind is successful.
++                     * We can give it to slapi_check_account_lock and reslimit_update_from_dn.
++                     */
++                    /*
++                     * Is this account locked ?
++                     *	could be locked through the account inactivation
++                     *	or by the password policy
++                     *
++                     * rc=0: account not locked
++                     * rc=1: account locked, can not bind, result has been sent
++                     * rc!=0 and rc!=1: error. Result was not sent, lets be_bind
++                     * 		deal with it.
++                     *
++                     */
++                    if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
++                        bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
++                        rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
++                        if (1 == rc) { /* account is locked */
++                            goto account_locked;
++                        }
++                    }
+                     if (!auto_bind) {
+                         /* 
+                          * There could be a race that bind_target_entry was not added 
+@@ -787,13 +790,7 @@ do_bind( Slapi_PBlock *pb )
+                         if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA) && 
+                             !bind_target_entry) {
+                             bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
+-                            if (bind_target_entry) {
+-                                myrc = slapi_check_account_lock(pb, bind_target_entry,
+-                                                              pw_response_requested, 1, 1);
+-                                if (1 == myrc) { /* account is locked */
+-                                    goto account_locked;
+-                                }
+-                            } else {
++                            if (!bind_target_entry) {
+                                 slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry");
+                                 send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
+                                 goto free_and_return;
+diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
+index 37175f4..742987e 100644
+--- a/ldap/servers/slapd/saslbind.c
++++ b/ldap/servers/slapd/saslbind.c
+@@ -1051,8 +1051,8 @@ sasl_check_result:
+         errstr = sasl_errdetail(sasl_conn);
+ 
+         PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
+-        send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
+-                         (char*)errstr, 0, NULL);
++        slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, (void *)errstr);
++        send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL);
+         break;
+     }
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch b/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
deleted file mode 100644
index 4ad70ad..0000000
--- a/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 53e51059c4e95fab6c3601952069191343fe92b3 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 20 Jul 2015 10:31:46 -0600
-Subject: [PATCH 28/30] Ticket #48224 - redux 2 - logconv.pl should handle
- *.tar.xz, *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by: nhosoi (Thanks!)
-Branch: 389-ds-base-1.3.4
-Fix Description: Use $? instead of $! to get pipe errors.
-Platforms tested: Fedora 21, RHEL 7.2 candidate
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit 29043c5716a1bc8364689d518cb4e35722eaaf77)
-(cherry picked from commit 0e31d818366e846f45c60b2c24bdb8026a82c048)
----
- ldap/admin/src/logconv.pl | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index 0038a03..3113f8a 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -437,9 +437,9 @@ sub doUncompress {
- 		# so use the xz command directly
- 		# NOTE: This doesn't work if the argument is a file handle e.g. from
- 		# Archive::Tar
--		$! = 0; # clear
--		if (!open($TARFH, "xz -dc $_ |") or $!) {
--			openFailed($!, $_);
-+		$? = 0; # clear
-+		if (!open($TARFH, "xz -dc $_ |") or $?) {
-+			openFailed($?, $_);
- 			return;
- 		}
- 	} else {
--- 
-1.9.3
-
diff --git a/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..d41f609
--- /dev/null
+++ b/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,40 @@
+From 114221f292d0f8609d98bdad59feb3d460639673 Mon Sep 17 00:00:00 2001
+From: Ludwig Krispenz <lkrispen@redhat.com>
+Date: Thu, 4 Aug 2016 11:45:49 -0700
+Subject: [PATCH 29/29] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description: do not overwrite rc used to decide if bind was successful.
+When the bind is through ldapi/autobind, an entry does not exist to be
+checked with slapi_check_account_lock.  In that case, a variable rc is
+not supposed to be modified which confuses the following code path.
+
+Reviewed by nhosoi@redhat.com.
+
+(cherry picked from commit caa351ae0cc81cbf2309a43c5f74b359cda152d0)
+---
+ ldap/servers/slapd/bind.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index c271577..3054c1f 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -775,10 +775,12 @@ do_bind( Slapi_PBlock *pb )
+                      */
+                     if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
+                         bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
+-                        rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
+-                        if (1 == rc) { /* account is locked */
++                        myrc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
++                        if (1 == myrc) { /* account is locked */
++                            rc = myrc;
+                             goto account_locked;
+                         }
++                        myrc = 0;
+                     }
+                     if (!auto_bind) {
+                         /* 
+-- 
+2.4.11
+
diff --git a/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch b/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
deleted file mode 100644
index a162506..0000000
--- a/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 4c275349c72a01803b772717ee29e7ac6f9a903f Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 20 Jul 2015 14:22:05 -0400
-Subject: [PATCH 29/30] Ticket 48206 - Crash during retro changelog trimming
-
-Bug Description:  If the retro changelog entry is small, its possible that
-                  during the trimming the reto changelog entry is not in the
-                  cache after the trim, but its tries to blindly unlock it
-                  from the cache, which leads to a crash.
-
-FIx Description:  After we call the post op plugins and retrieve the entry
-                  from the cache, double check that it was found.  If it
-                  is not found, do not unlock it.
-
-https://fedorahosted.org/389/ticket/48206
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 2a8a8c8ced5849dada34ab28d79e87dd3636e413)
-(cherry picked from commit 6d439887b99da557e8d7bc0c611d9afa909fdce7)
----
- ldap/servers/slapd/back-ldbm/ldbm_delete.c | 27 +++++++++++++++++----------
- 1 file changed, 17 insertions(+), 10 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-index 59c1f76..f31d545 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-@@ -1257,17 +1257,24 @@ ldbm_back_delete( Slapi_PBlock *pb )
- 				CACHE_RETURN(&inst->inst_cache, &e);
- 			}
- 		}
--		if (cache_is_in_cache(&inst->inst_cache, e)) {
--			ep_id = e->ep_id; /* Otherwise, e might have been freed. */
--			CACHE_REMOVE(&inst->inst_cache, e);
--		}
--		cache_unlock_entry(&inst->inst_cache, e);
--		CACHE_RETURN(&inst->inst_cache, &e);
--		/* 
--		 * e is unlocked and no longer in cache.
--		 * It could be freed at any moment.
-+
-+		/*
-+		 * e could have been replaced by cache_find_id(), recheck if it's NULL
-+		 * before trying to unlock it, etc.
- 		 */
--		e = NULL;
-+		if (e) {
-+			if (cache_is_in_cache(&inst->inst_cache, e)) {
-+				ep_id = e->ep_id; /* Otherwise, e might have been freed. */
-+				CACHE_REMOVE(&inst->inst_cache, e);
-+			}
-+			cache_unlock_entry(&inst->inst_cache, e);
-+			CACHE_RETURN(&inst->inst_cache, &e);
-+			/*
-+			 * e is unlocked and no longer in cache.
-+			 * It could be freed at any moment.
-+			 */
-+			e = NULL;
-+		}
- 
- 		if (entryrdn_get_switch() && ep_id) { /* subtree-rename: on */
- 			/* since the op was successful, delete the tombstone dn from the dn cache */
--- 
-1.9.3
-
diff --git a/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch b/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
deleted file mode 100644
index b6a5197..0000000
--- a/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-From bc26583d161168ce664d160592a30abbd98b9a1f Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 22 Jul 2015 09:41:46 -0700
-Subject: [PATCH 30/30] Ticket #48010 - winsync range retrieval gets only 5000
- values upon initialization
-
-Description: Search with DirSync control does not support range subtype.
-On WS2012, it returns all the multi-valued attribute values regardless
-of MaxValRange, but on WS2008, it cuts at the physical limit 5000.
-This patch does not rely on the entry returned by the DirySync search.
-
-Also, since DirSync search does not support the range subtype, removing
-the range related code from the DirSync search.
-
-Researched and tested by vashirov@redhat.com (Thank you, Viktor!!)
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-https://fedorahosted.org/389/ticket/48010
-(cherry picked from commit c6b211f8ea4970623f8ac1b365d040756d46bf3c)
-(cherry picked from commit d9af22eb940353c0692b6d73cc0a2d6998311498)
----
- .../plugins/replication/windows_connection.c       | 21 ++-----
- ldap/servers/plugins/replication/windows_private.c | 70 ----------------------
- .../plugins/replication/windows_protocol_util.c    | 21 +++++--
- ldap/servers/plugins/replication/windowsrepl.h     |  5 --
- 4 files changed, 21 insertions(+), 96 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c
-index 5db43a5..a06a07e 100644
---- a/ldap/servers/plugins/replication/windows_connection.c
-+++ b/ldap/servers/plugins/replication/windows_connection.c
-@@ -821,7 +821,6 @@ send_dirsync_search(Repl_Connection *conn)
- 		const char *old_dn = slapi_sdn_get_ndn( windows_private_get_windows_subtree(conn->agmt) );
- 		/* LDAP_SERVER_DIRSYNC_OID requires the search base Naming Context */
- 		char *dn = slapi_ch_strdup(strstr(old_dn, "dc="));
--		char **exattrs = NULL;
- 
- 		if (conn->supports_dirsync == 0)
- 		{
-@@ -847,10 +846,6 @@ send_dirsync_search(Repl_Connection *conn)
- 
- 		winsync_plugin_call_dirsync_search_params_cb(conn->agmt, old_dn, &dn, &scope, &filter,
- 		                                             &attrs, &server_controls);
--		exattrs = windows_private_get_range_attrs(conn->agmt);
--		charray_merge(&attrs, exattrs, 0 /* pass in */);
--		slapi_ch_free((void **)&exattrs); /* strings are passed in */
--
- 		LDAPDebug( LDAP_DEBUG_REPL, "Sending dirsync search request\n", 0, 0, 0 );
- 
- 		rc = ldap_search_ext( conn->ld, dn, scope, filter, attrs, PR_FALSE, server_controls,
-@@ -1010,20 +1005,14 @@ Slapi_Entry * windows_conn_get_search_result(Repl_Connection *conn)
- 			{
- 				if (( dn = ldap_get_dn( conn->ld, res )) != NULL ) 
- 				{
--					char **exattrs = NULL;
- 					slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"received entry from dirsync: %s\n", dn);
- 					lm = ldap_first_entry( conn->ld, res );
--					e = windows_private_get_curr_entry(conn->agmt); /* if range search, e != NULL */
--					e = windows_LDAPMessage2Entry(e, conn, lm, 0, &exattrs);
-+					/* 
-+					 * we don't have to retrieve all the members here.
-+					 * here, we have to make sure to get the entry once.
-+					 */
-+					e = windows_LDAPMessage2Entry(e, conn, lm, 0, NULL);
- 					ldap_memfree(dn);
--					if (exattrs) {
--						/* some attribute returned "<attr>;range=low-high" */
--						windows_private_set_curr_entry(conn->agmt, e);
--						windows_private_set_range_attrs(conn->agmt, exattrs);
--					} else {
--						windows_private_set_curr_entry(conn->agmt, NULL);
--						windows_private_set_range_attrs(conn->agmt, NULL);
--					}
- 				}
- 			}
- 			break;
-diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c
-index f5cb44e..c118236 100644
---- a/ldap/servers/plugins/replication/windows_private.c
-+++ b/ldap/servers/plugins/replication/windows_private.c
-@@ -1570,76 +1570,6 @@ windows_private_set_move_action(const Repl_Agmt *ra, int value)
- 	LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" );
- }
- 
--/* Get entry being retrieved; used for the range retrieval */
--Slapi_Entry *
--windows_private_get_curr_entry(const Repl_Agmt *ra)
--{
--	Dirsync_Private *dp;
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_curr_entry\n" );
--
--	PR_ASSERT(ra);
--
--	dp = (Dirsync_Private *) agmt_get_priv(ra);
--	PR_ASSERT (dp);
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_curr_entry\n" );
--
--	return dp->curr_entry;	
--}
--
--/* Set entry being retrieved; used for the range retrieval */
--void
--windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e)
--{
--	Dirsync_Private *dp;
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_curr_entry\n" );
--
--	PR_ASSERT(ra);
--
--	dp = (Dirsync_Private *) agmt_get_priv(ra);
--	PR_ASSERT (dp);
--	dp->curr_entry = e;
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_curr_entry\n" );
--}
--
--/* Get next range retrieval attributes */
--char **
--windows_private_get_range_attrs(const Repl_Agmt *ra)
--{
--	Dirsync_Private *dp;
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_range_attrs\n" );
--
--	PR_ASSERT(ra);
--
--	dp = (Dirsync_Private *) agmt_get_priv(ra);
--	PR_ASSERT (dp);
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_range_attrs\n" );
--
--	return dp->range_attrs;	
--}
--
--/* Set next range retrieval attributes */
--void
--windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs)
--{
--	Dirsync_Private *dp;
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_move_action\n" );
--
--	PR_ASSERT(ra);
--
--	dp = (Dirsync_Private *) agmt_get_priv(ra);
--	PR_ASSERT (dp);
--	dp->range_attrs = attrs;
--
--	LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" );
--}
--
- static PRCallOnceType winsync_callOnce = {0,0};
- 
- struct winsync_plugin {
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 6bf20b7..4cfa20d 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -5847,6 +5847,9 @@ windows_process_dirsync_entry(Private_Repl_Protocol *prp,Slapi_Entry *e, int is_
- 		/* Is this entry one we should be interested in ? */
- 		if (is_subject_of_agreement_remote(e,prp->agmt)) 
- 		{
-+			ConnResult cres = 0;
-+			const char *searchbase = slapi_entry_get_dn_const(e);
-+			char *filter = "(objectclass=*)";
- retry:
- 			/* First make its local DN */
- 			rc = map_entry_dn_inbound(e, &local_sdn, prp->agmt);
-@@ -5902,7 +5905,19 @@ retry:
- 					/* If it doesn't exist, try to make it */
- 					if (add_local_entry_allowed(prp,e))
- 					{
--						windows_create_local_entry(prp,e,local_sdn);
-+						found_entry = NULL;
-+						/* 
-+						 * BZ 1172037: Search with DirSync Control does not return the range subtype.
-+						 * Re-search the entry to get all the attribute values over hard limit MaxValRange
-+						 * on 2008R2.  Note: 2012R2 does not have the hard limit.
-+						 * If we stop supporting 2008R2, this windows_search_entry_ext call can be removed.
-+						 */
-+						cres = windows_search_entry_ext(prp->conn, (char*)searchbase, 
-+						                                filter, &found_entry, NULL, LDAP_SCOPE_BASE);
-+						if (found_entry) {
-+							e = found_entry;
-+						}
-+						windows_create_local_entry(prp, e, local_sdn);
- 					} else
- 					{
- 						slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: not allowed to add entry %s.\n",agmt_get_long_name(prp->agmt)
-@@ -5918,10 +5933,6 @@ retry:
- 			 	 * We search Windows with the dn and retry using the found 
- 				 * entry.
- 			 	 */
--				ConnResult cres = 0;
--				const char *searchbase = slapi_entry_get_dn_const(e);
--				char *filter = "(objectclass=*)";
--
- 				retried = 1;
- 				cres = windows_search_entry_ext(prp->conn, (char*)searchbase, 
- 												filter, &found_entry, NULL, LDAP_SCOPE_BASE);
-diff --git a/ldap/servers/plugins/replication/windowsrepl.h b/ldap/servers/plugins/replication/windowsrepl.h
-index fd80212..66f4804 100644
---- a/ldap/servers/plugins/replication/windowsrepl.h
-+++ b/ldap/servers/plugins/replication/windowsrepl.h
-@@ -66,11 +66,6 @@ void windows_private_set_one_way(const Repl_Agmt *ra, PRBool value);
- int windows_private_get_move_action(const Repl_Agmt *ra);
- void windows_private_set_move_action(const Repl_Agmt *ra, int value);
- 
--Slapi_Entry *windows_private_get_curr_entry(const Repl_Agmt *ra);
--void windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e);
--char **windows_private_get_range_attrs(const Repl_Agmt *ra);
--void windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs);
--
- void windows_private_set_directory_userfilter(const Repl_Agmt *ra, char *filter);
- void windows_private_set_windows_userfilter(const Repl_Agmt *ra, char *filter);
- const char* windows_private_get_directory_userfilter(const Repl_Agmt *ra);
--- 
-1.9.3
-
diff --git a/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
new file mode 100644
index 0000000..39bef22
--- /dev/null
+++ b/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
@@ -0,0 +1,37 @@
+From 741e8534323f6b7eb5565f8ec09ab2731e52735b Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 4 Aug 2016 13:26:44 -0700
+Subject: [PATCH] Ticket bz1358565 -  clear and unsalted password types are
+ vulnerable to timing attack
+
+Description: Build fails with the commit f0e03b5a51972a125fe78f448d1f68e288782d1e:
+  error: 'for' loop initial declarations are only allowed in C99 mode
+  for (size_t i = 0; i < n; i++) {
+  ^
+Moved "size_t i;" to the top of slapi_ct_memcmp.
+---
+ ldap/servers/slapd/ch_malloc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c
+index a38268c..705ea86 100644
+--- a/ldap/servers/slapd/ch_malloc.c
++++ b/ldap/servers/slapd/ch_malloc.c
+@@ -374,12 +374,13 @@ slapi_ct_memcmp( const void *p1, const void *p2, size_t n)
+     int result = 0;
+     const unsigned char *_p1 = (const unsigned char *)p1;
+     const unsigned char *_p2 = (const unsigned char *)p2;
++    size_t i;
+ 
+     if (_p1 == NULL || _p2 == NULL) {
+         return 2;
+     }
+ 
+-    for (size_t i = 0; i < n; i++) {
++    for (i = 0; i < n; i++) {
+         if (_p1[i] ^ _p2[i]) {
+             result = 1;
+         }
+-- 
+2.4.11
+
diff --git a/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch b/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
deleted file mode 100644
index 1464ae9..0000000
--- a/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From bf8da26adf08db15ae2cbaeadb40f62af6c52037 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 29 Jul 2015 11:26:22 -0700
-Subject: [PATCH 31/39] Ticket #48232 - winsync lastlogon attribute not syncing
- between DS and AD.
-
-Bug Description:
-From Microsoft forum:
- The DirSync control taps into the replication stream to get the necessary
- changes. Since lastLogon is not replicated, it isn't available via the
- DirSync control.
-Additional notes:
- The lastLogon attribute is not replicated.
- In contrast the lastLogontimeStamp attribute is replicated.
-
-Fix Description:
- Instead of lastLogon|lastLogoff, sync lastLogonTimestamp|lastLogoffTimestamp
- which are the target of DirSync, to ntUserLastLogon|ntUserLastLogoff.
-
-https://fedorahosted.org/389/ticket/48232
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 0db29788e6c1b17f944fcafa368b66580e1e90d5)
-(cherry picked from commit b81adb0bc8ad97fec50fba30454e94858476bad5)
----
- ldap/servers/plugins/replication/windows_protocol_util.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 4cfa20d..5c12af7 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -194,8 +194,8 @@ static windows_attribute_map user_attribute_map[] =
- {
- 	{ "homeDirectory", "ntUserHomeDir", bidirectional, always, normal},
- 	{ "scriptPath", "ntUserScriptPath", bidirectional, always, normal},
--	{ "lastLogon", "ntUserLastLogon", fromwindowsonly, always, normal},
--	{ "lastLogoff", "ntUserLastLogoff", fromwindowsonly, always, normal},
-+	{ "lastLogonTimestamp", "ntUserLastLogon", fromwindowsonly, always, normal},
-+	{ "lastLogoffTimestamp", "ntUserLastLogoff", fromwindowsonly, always, normal},
- 	{ "accountExpires", "ntUserAcctExpires", bidirectional, always, normal},
- 	{ "codePage", "ntUserCodePage", bidirectional, always, normal},
- 	{ "logonHours", "ntUserLogonHours", bidirectional, always, normal},
--- 
-1.9.3
-
diff --git a/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch b/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch
new file mode 100644
index 0000000..df4c700
--- /dev/null
+++ b/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch
@@ -0,0 +1,76 @@
+From 1d4ad57ad50a33b8a1ef2db7d592f2adb09c3083 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Mon, 8 Aug 2016 13:56:02 +1000
+Subject: [PATCH 31/32] Ticket 48450 - Autotools components for
+ ds_systemd_ask_password_acl
+
+Bug Description:  William forgot to add the Makefile.in to the commit. This was
+found in the rpm build because it does not run autoreconf to regenerate the
+Makefile.in, manifiesting as a missing file.
+
+Fix Description:  Commit Makefile.in
+
+https://fedorahosted.org/389/ticket/48450
+
+Author: wibrown
+
+Review by: nhosoi@redhat.com
+
+(cherry picked from commit c5e4ca4e1e0f1ab8be60df7453e6f0b126e6581c)
+---
+ Makefile.in | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 8109469..6788fe1 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2044,7 +2044,8 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
+ 	ldap/admin/src/scripts/dbmon.sh \
+ 	ldap/admin/src/scripts/ds_selinux_enabled \
+ 	ldap/admin/src/scripts/ds_selinux_port_query \
+-    wrappers/ldap-agent
++	wrappers/ds_systemd_ask_password_acl \
++	wrappers/ldap-agent
+ 
+ bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
+ 	wrappers/dbscan \
+@@ -10359,7 +10360,7 @@ distdir: $(DISTFILES)
+ 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ 	|| chmod -R a+r "$(distdir)"
+ dist-gzip: distdir
+-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
++	tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
+ 	$(am__post_remove_distdir)
+ dist-bzip2: distdir
+ 	tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
+@@ -10384,7 +10385,7 @@ dist-shar: distdir
+ 	@echo WARNING: "Support for shar distribution archives is" \
+ 	               "deprecated." >&2
+ 	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
+-	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
++	shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
+ 	$(am__post_remove_distdir)
+ 
+ dist-zip: distdir
+@@ -10402,7 +10403,7 @@ dist dist-all:
+ distcheck: dist
+ 	case '$(DIST_ARCHIVES)' in \
+ 	*.tar.gz*) \
+-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
++	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
+ 	*.tar.bz2*) \
+ 	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ 	*.tar.lz*) \
+@@ -10412,7 +10413,7 @@ distcheck: dist
+ 	*.tar.Z*) \
+ 	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ 	*.shar.gz*) \
+-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
++	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
+ 	*.zip*) \
+ 	  unzip $(distdir).zip ;;\
+ 	esac
+-- 
+2.4.11
+
diff --git a/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch b/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
deleted file mode 100644
index f9682d7..0000000
--- a/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From ddf6d5dfd566d44a10af342d049f22b5dbe26381 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 30 Jul 2015 11:07:40 -0700
-Subject: [PATCH 32/39] Ticket #48231 - logconv autobind handling regression
- caused by 47446
-
-Description: When there are autobinds with ldapi, the tool fails with
-an syntax error:
- Use of uninitialized value in transliteration (tr///) at /Local/dirsrv/bin/logconv.pl line 2018, <$LOGFH> line 207.
- Use of uninitialized value $tmpp in hash element at /Local/dirsrv/bin/logconv.pl line 2019, <$LOGFH> line 207.
-
-Thanks for providing the fix and testing it, pj101 and rmeggins@redhat.com.
-
-Reviewed by nhosoi@redhat.com.
-
-https://fedorahosted.org/389/ticket/48231
-(cherry picked from commit 44a223f73a537445976a77af1652515ea46f970b)
-(cherry picked from commit e7fc14305e7e431034d5e076f31d2ee22742578f)
----
- ldap/admin/src/logconv.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index 3113f8a..9cd9aaa 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -2025,8 +2025,8 @@ sub parseLineNormal
- 			if($1 eq $rootDN){
- 				$rootDNBindCount++;
- 			}
-+			$tmpp = $1;
- 			if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
--				$tmpp = $1;
- 				$tmpp =~ tr/A-Z/a-z/;
- 				$hashes->{bindlist}->{$tmpp}++;
- 			}
--- 
-1.9.3
-
diff --git a/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
new file mode 100644
index 0000000..8a84fdc
--- /dev/null
+++ b/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
@@ -0,0 +1,27 @@
+From bf87f952dc7a07786ddb9e895a956505cd951cf3 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 8 Aug 2016 10:12:33 -0700
+Subject: [PATCH 32/32] Ticket bz1358565 -  clear and unsalted password types
+ are vulnerable to timing attack
+
+Description: Fixing a compiler warning introduced by commit
+f0e03b5a51972a125fe78f448d1f68e288782d1e.
+---
+ ldap/servers/plugins/pwdstorage/clear_pwd.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+index 2afe16e..b9b362d 100644
+--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+@@ -26,7 +26,6 @@ int
+ clear_pw_cmp( const char *userpwd, const char *dbpwd )
+ {
+     int result = 0;
+-    int len = 0;
+     int len_user = strlen(userpwd);
+     int len_dbp = strlen(dbpwd);
+     if ( len_user != len_dbp ) {
+-- 
+2.4.11
+
diff --git a/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch b/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
deleted file mode 100644
index 2803014..0000000
--- a/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From 0536984f7b3e9d6e143936b0eda92b510f63d304 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 4 Aug 2015 12:15:31 -0400
-Subject: [PATCH 33/39] Ticket 47810 - memberOf plugin not properly rejecting
- updates
-
-Bug Description:  When the memberOf plugin tries to add memberOf attribute to
-                  an entry during a mod-replace on a group, even though the
-                  update to the user entry fails, but plugin still allows
-                  the member to be added to the group.
-
-Fix Description:  During a mod/replace check and return an error if the member
-                  update fails.
-
-https://fedorahosted.org/389/ticket/47810
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit eb54f03e240402a4bd16f9cde1d66539805f56ea)
-(cherry picked from commit b4b6adcec7d810c7893fd9cb888fa906b9ffa836)
----
- dirsrvtests/suites/betxns/betxn_test.py  | 64 +++++++++++++++++++++++++++++++-
- ldap/servers/plugins/memberof/memberof.c | 13 ++++---
- 2 files changed, 70 insertions(+), 7 deletions(-)
-
-diff --git a/dirsrvtests/suites/betxns/betxn_test.py b/dirsrvtests/suites/betxns/betxn_test.py
-index 93c4c31..5da6e50 100644
---- a/dirsrvtests/suites/betxns/betxn_test.py
-+++ b/dirsrvtests/suites/betxns/betxn_test.py
-@@ -3,7 +3,7 @@
- # All rights reserved.
- #
- # License: GPL (version 3 or any later version).
--# See LICENSE for details. 
-+# See LICENSE for details.
- # --- END COPYRIGHT BLOCK ---
- #
- import os
-@@ -174,6 +174,67 @@ def test_betxn_attr_uniqueness(topology):
-     log.info('test_betxn_attr_uniqueness: PASSED')
- 
- 
-+def test_betxn_memberof(topology):
-+    ENTRY1_DN = 'cn=group1,' + DEFAULT_SUFFIX
-+    ENTRY2_DN = 'cn=group2,' + DEFAULT_SUFFIX
-+    PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config'
-+
-+    # Enable and configure memberOf plugin
-+    topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
-+    try:
-+        topology.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')])
-+    except ldap.LDAPError, e:
-+        log.fatal('test_betxn_memberof: Failed to update config(member): error ' + e.message['desc'])
-+        assert False
-+
-+    # Add our test entries
-+    try:
-+        topology.standalone.add_s(Entry((ENTRY1_DN, {'objectclass': "top groupofnames".split(),
-+                                     'cn': 'group1'})))
-+    except ldap.LDAPError, e:
-+        log.error('test_betxn_memberof: Failed to add group1:' +
-+                  ENTRY1_DN + ', error ' + e.message['desc'])
-+        assert False
-+
-+    try:
-+        topology.standalone.add_s(Entry((ENTRY2_DN, {'objectclass': "top groupofnames".split(),
-+                                     'cn': 'group1'})))
-+    except ldap.LDAPError, e:
-+        log.error('test_betxn_memberof: Failed to add group2:' +
-+                  ENTRY2_DN + ', error ' + e.message['desc'])
-+        assert False
-+
-+    #
-+    # Test mod replace
-+    #
-+
-+    # Add group2 to group1 - it should fail with objectclass violation
-+    try:
-+        topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_REPLACE, 'member', ENTRY2_DN)])
-+        log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
-+        assert False
-+    except ldap.LDAPError, e:
-+        log.info('test_betxn_memberof: Group2 was correctly rejected (mod replace): error ' + e.message['desc'])
-+
-+    #
-+    # Test mod add
-+    #
-+
-+    # Add group2 to group1 - it should fail with objectclass violation
-+    try:
-+        topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_ADD, 'member', ENTRY2_DN)])
-+        log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
-+        assert False
-+    except ldap.LDAPError, e:
-+        log.info('test_betxn_memberof: Group2 was correctly rejected (mod add): error ' + e.message['desc'])
-+
-+    #
-+    # Done
-+    #
-+
-+    log.info('test_betxn_memberof: PASSED')
-+
-+
- def test_betxn_final(topology):
-     topology.standalone.delete()
-     log.info('betxn test suite PASSED')
-@@ -187,6 +248,7 @@ def run_isolated():
-     test_betxn_init(topo)
-     test_betxt_7bit(topo)
-     test_betxn_attr_uniqueness(topo)
-+    test_betxn_memberof(topo)
-     test_betxn_final(topo)
- 
- 
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index 144285b..da52bc8 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -2373,6 +2373,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- 	struct slapi_entry *post_e = NULL;
- 	Slapi_Attr *pre_attr = 0;
- 	Slapi_Attr *post_attr = 0;
-+	int rc = 0;
- 	int i = 0;
- 
- 	slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
-@@ -2449,14 +2450,14 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- 				in pre, not in post, delete from entry
- 				not in pre, in post, add to entry
- 			*/
--			while(pre_index < pre_total || post_index < post_total)
-+			while(rc == 0 && (pre_index < pre_total || post_index < post_total))
- 			{
- 				if(pre_index == pre_total)
- 				{
- 					/* add the rest of post */
- 					slapi_sdn_set_normdn_byref(sdn,
- 					            slapi_value_get_string(post_array[post_index]));
--					memberof_add_one(pb, config, group_sdn, sdn);
-+					rc = memberof_add_one(pb, config, group_sdn, sdn);
- 
- 					post_index++;
- 				}
-@@ -2465,7 +2466,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- 					/* delete the rest of pre */
- 					slapi_sdn_set_normdn_byref(sdn,
- 					            slapi_value_get_string(pre_array[pre_index]));
--					memberof_del_one(pb, config, group_sdn, sdn);
-+					rc = memberof_del_one(pb, config, group_sdn, sdn);
- 
- 					pre_index++;
- 				}
-@@ -2482,7 +2483,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- 						/* delete pre array */
- 						slapi_sdn_set_normdn_byref(sdn,
- 					            slapi_value_get_string(pre_array[pre_index]));
--						memberof_del_one(pb, config, group_sdn, sdn);
-+						rc = memberof_del_one(pb, config, group_sdn, sdn);
- 
- 						pre_index++;
- 					}
-@@ -2491,7 +2492,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- 						/* add post array */
- 						slapi_sdn_set_normdn_byref(sdn,
- 					            slapi_value_get_string(post_array[post_index]));
--						memberof_add_one(pb, config, group_sdn, sdn);
-+						rc = memberof_add_one(pb, config, group_sdn, sdn);
- 
- 						post_index++;
- 					}
-@@ -2509,7 +2510,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- 		}
- 	}
- 	
--	return 0;
-+	return rc;
- }
- 
- /* memberof_load_array()
--- 
-1.9.3
-
diff --git a/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch b/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch
new file mode 100644
index 0000000..6862b7e
--- /dev/null
+++ b/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch
@@ -0,0 +1,38 @@
+From cb23f2f29464f9f800a4cf1f1e3d48e0c66358c7 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 11 Aug 2016 10:50:02 -0400
+Subject: [PATCH 33/35] Ticket 48950 - Change example in /etc/sysconfig/dirsrv
+ to use tcmalloc
+
+Description:  Update the example to use tcmalloc instead of jemalloc.
+
+https://fedorahosted.org/389/ticket/48950
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 06a4adb4ad42a2d7cee383d6e2ef69a7188251a2)
+---
+ ldap/admin/src/base-initconfig.in | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/admin/src/base-initconfig.in b/ldap/admin/src/base-initconfig.in
+index e803a36..0481c3e 100644
+--- a/ldap/admin/src/base-initconfig.in
++++ b/ldap/admin/src/base-initconfig.in
+@@ -43,8 +43,8 @@
+ # if using systemd, omit the "; export VARNAME" at the end
+ #PID_TIME=600 ; export PID_TIME
+ 
+-# jemalloc is a general purpose malloc implementation that emphasizes
+-# fragmentation avoidance and scalable concurrency support.  jemalloc
+-# has been shown to have a significant positive impact on the Directory
+-# Server's process size/growth.
+-#LD_PRELOAD=@libdir@/@package_name@/libjemalloc.so.1 ; export LD_PRELOAD
++# The tcmalloc memory allocator has been shown to have a positive impact on
++# the Directory Server's virtual & resident memory size/growth.  tcmalloc is
++# available on RHEL/Fedora in the gperftools package (this could be different
++# on other platforms).  Here is an example of preloading tcmalloc:
++#LD_PRELOAD=@libdir@/libtcmalloc.so.4 ; export LD_PRELOAD
+-- 
+2.4.11
+
diff --git a/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch b/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
deleted file mode 100644
index 288ff91..0000000
--- a/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
+++ /dev/null
@@ -1,288 +0,0 @@
-From a117d87aac507e4002429e5f7aebe61a867da06d Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 5 Aug 2015 16:31:49 -0400
-Subject: [PATCH 34/39] Ticket 48215 - verify_db.pl doesn't verify DB specified
- by -a option
-
-Bug Description:  verify_db.pl -a only uses the db location for
-                  checking the transaction logs, because it ends up
-                  calling "nsslapd dbverify" which only checks the
-                  db files in the server configuration.
-
-Fix Description:  Allow a new argument to be passed to "nsslapd dbverify"
-                  that specifies the db parent directory.
-
-https://fedorahosted.org/389/ticket/48215
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 27fadb75ec1f3b252028ce715cd7fa16da1f6525)
-(cherry picked from commit 210071c682751897099e8eb138e5db1e47ac2bae)
----
- ldap/admin/src/scripts/dbverify.in      |  3 ++-
- ldap/admin/src/scripts/verify-db.pl.in  | 17 +++++++++--------
- ldap/servers/slapd/back-ldbm/dbverify.c | 13 +++++++++++++
- ldap/servers/slapd/main.c               | 18 +++++++++++++-----
- ldap/servers/slapd/pblock.c             | 12 +++++++++++-
- ldap/servers/slapd/slap.h               |  2 ++
- ldap/servers/slapd/slapi-plugin.h       |  3 +++
- man/man8/dbverify.8                     |  3 +++
- 8 files changed, 56 insertions(+), 15 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index 6306a07..778a9ba 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -26,7 +26,7 @@ usage()
- }
- 
- display_version="no"
--while getopts "Z:n:hVvfd:n:D:" flag
-+while getopts "Z:n:hVvfd:n:D:a:" flag
- do
-     case $flag in
-         h) usage
-@@ -39,6 +39,7 @@ do
-            display_version="yes";;
-         f) args=$args" -f";;
-         D) args=$args" -D $OPTARG";;
-+        a) args=$args" -a $OPTARG";;
-         ?) usage
-            exit 1;;
-     esac
-diff --git a/ldap/admin/src/scripts/verify-db.pl.in b/ldap/admin/src/scripts/verify-db.pl.in
-index ae56a16..d481ecb 100644
---- a/ldap/admin/src/scripts/verify-db.pl.in
-+++ b/ldap/admin/src/scripts/verify-db.pl.in
-@@ -16,7 +16,7 @@ DSUtil::libpath_add("@db_libdir@");
- DSUtil::libpath_add("@libdir@");
- $ENV{'PATH'} = "@libdir@/@package_name@/slapd-$servid:@db_bindir@:/usr/bin:/";
- $ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
--
-+my $custom_dbdir = 0;
- my $i = 0;
- 
- sub usage
-@@ -118,12 +118,7 @@ sub getLastLogfile
-   return \$logfile;
- }
- 
--$isWin = -d '\\';
--if ($isWin) {
--  $NULL = "nul";
--} else {
--  $NULL = "/dev/null";
--}
-+$NULL = "/dev/null";
- 
- while ($i <= $#ARGV) {
-   if ( "$ARGV[$i]" eq "-a" ) {  # path to search the db files
-@@ -149,6 +144,8 @@ print("*****************************************************************\n");
- 
- if ( "$startpoint" eq "" ) {
-   $startpoint = "@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/db";
-+} else {
-+  $custom_dbdir = 1;
- }
- # get dirs having DBVERSION
- my $dbdirs = getDbDir($startpoint);
-@@ -192,7 +189,11 @@ for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++)
- 
- # Check db files by db_verify
- print "Verify db files ... ";
--open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |");
-+if ($custom_dbdir){
-+    open(DBVERIFY, "@sbindir@/dbverify -Z $servid -a $startpoint 2>&1 1> $NULL |");
-+} else {
-+    open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |");
-+}
- sleep 1;
- my $bad_index = 0;
- my $bad_id2entry = 0;
-diff --git a/ldap/servers/slapd/back-ldbm/dbverify.c b/ldap/servers/slapd/back-ldbm/dbverify.c
-index 85ee7a0..315ef93 100644
---- a/ldap/servers/slapd/back-ldbm/dbverify.c
-+++ b/ldap/servers/slapd/back-ldbm/dbverify.c
-@@ -186,13 +186,16 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
-     int rval              = 1;
-     int rval_main         = 0;
-     char **instance_names = NULL;
-+    char *dbdir           = NULL;
- 
-     slapi_log_error(SLAPI_LOG_TRACE, "verify DB", "Verifying db files...\n");
-     slapi_pblock_get(pb, SLAPI_BACKEND_INSTANCE_NAME, &instance_names);
-     slapi_pblock_get(pb, SLAPI_SEQ_TYPE, &verbose);
-     slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &li);
-+    slapi_pblock_get(pb, SLAPI_DBVERIFY_DBDIR, &dbdir);
-     ldbm_config_load_dse_info(li);
-     ldbm_config_internal_set(li, CONFIG_DB_TRANSACTION_LOGGING, "off");
-+
-     /* no write needed; choose EXPORT MODE */
-     if (0 != dblayer_start(li, DBLAYER_EXPORT_MODE))
-     {
-@@ -211,6 +214,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
-             inst = ldbm_instance_find_by_name(li, *inp);
-             if (inst)
-             {
-+                if (dbdir){
-+                    /* verifying backup */
-+                    slapi_ch_free_string(&inst->inst_parent_dir_name);
-+                    inst->inst_parent_dir_name = slapi_ch_strdup(dbdir);
-+                }
-                 rval_main |= dbverify_ext(inst, verbose);
-             }
-             else
-@@ -235,6 +243,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
-                             inst->inst_name);
-                 continue; /* skip this instance and go to the next*/
-             }
-+            if (dbdir){
-+                /* verifying backup */
-+                slapi_ch_free_string(&inst->inst_parent_dir_name);
-+                inst->inst_parent_dir_name = slapi_ch_strdup(dbdir);
-+            }
-             rval_main |= dbverify_ext(inst, verbose);
-         }
-     }
-diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
-index 9016144..922de97 100644
---- a/ldap/servers/slapd/main.c
-+++ b/ldap/servers/slapd/main.c
-@@ -435,13 +435,15 @@ static int ldif_printkey = EXPORT_PRINTKEY|EXPORT_APPENDMODE;
- static char *archive_name = NULL;
- static int db2ldif_dump_replica = 0;
- static int db2ldif_dump_uniqueid = 1;
--static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED;	
--static int dbverify_verbose = 0;
-+static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED;
- static char *ldif2db_namespaceid = NULL;
- int importexport_encrypt = 0;
- static int upgradedb_flags = 0;
- static int upgradednformat_dryrun = 0;
- static int is_quiet = 0;
-+/* dbverify options */
-+static int dbverify_verbose = 0;
-+static char *dbverify_dbdir = NULL;
- 
- /* taken from idsktune */
- #if defined(__sun)
-@@ -1301,13 +1303,14 @@ process_command_line(int argc, char **argv, char *myname,
- 		{"dryrun",ArgNone,'N'},
- 		{0,0,0}};
- 
--	char *opts_dbverify = "vVfd:n:D:"; 
-+	char *opts_dbverify = "vVfd:n:D:a:";
- 	struct opt_ext long_options_dbverify[] = {
- 		{"version",ArgNone,'v'},
- 		{"debug",ArgRequired,'d'},
- 		{"backend",ArgRequired,'n'},
- 		{"configDir",ArgRequired,'D'},
- 		{"verbose",ArgNone,'V'},
-+		{"dbdir",ArgRequired,'a'},
- 		{0,0,0}};
- 
- 	char *opts_referral = "vd:p:r:SD:"; 
-@@ -1674,7 +1677,11 @@ process_command_line(int argc, char **argv, char *myname,
- 			break;
- 
- 		case 'a':	/* archive pathname for db */
--			archive_name = optarg_ext;
-+			if ( slapd_exemode == SLAPD_EXEMODE_DBVERIFY ) {
-+				dbverify_dbdir = optarg_ext;
-+			} else {
-+				archive_name = optarg_ext;
-+			}
- 			break;
- 
- 		case 'Z':
-@@ -2688,7 +2695,8 @@ slapd_exemode_dbverify()
-     pb.pb_plugin = backend_plugin;
-     pb.pb_instance_name = (char *)cmd_line_instance_names;
-     pb.pb_task_flags = SLAPI_TASK_RUNNING_FROM_COMMANDLINE;
--    
-+    pb.pb_dbverify_dbdir = dbverify_dbdir;
-+
-     if ( backend_plugin->plg_dbverify != NULL ) {
-         return_value = (*backend_plugin->plg_dbverify)( &pb );
-     } else {
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index c10f788..bf57a33 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -5,7 +5,7 @@
-  * All rights reserved.
-  *
-  * License: GPL (version 3 or any later version).
-- * See LICENSE for details. 
-+ * See LICENSE for details.
-  * END COPYRIGHT BLOCK **/
- 
- #ifdef HAVE_CONFIG_H
-@@ -1677,6 +1677,11 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 		(*(IFP*)value) = pblock->pb_txn_ruv_mods_fn;
- 		break;
- 
-+	/* dbverify */
-+	case SLAPI_DBVERIFY_DBDIR:
-+		(*(char **)value) = pblock->pb_dbverify_dbdir;
-+		break;
-+
- 	/* Search results set */
- 	case SLAPI_SEARCH_RESULT_SET:
- 		if(pblock->pb_op!=NULL)
-@@ -3520,6 +3525,11 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- 		pblock->pb_aci_target_check = *((int *) value);
- 		break;
- 
-+	/* dbverify */
-+	case SLAPI_DBVERIFY_DBDIR:
-+		pblock->pb_dbverify_dbdir = (char *) value;
-+		break;
-+
- 	default:
- 		LDAPDebug( LDAP_DEBUG_ANY,
- 		    "Unknown parameter block argument %d\n", arg, 0, 0 );
-diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
-index 6d1ad7b..823568d 100644
---- a/ldap/servers/slapd/slap.h
-+++ b/ldap/servers/slapd/slap.h
-@@ -1600,6 +1600,8 @@ typedef struct slapi_pblock {
- 	int             pb_seq_type;
- 	char            *pb_seq_attrname;
- 	char            *pb_seq_val;
-+	/* dbverify argument */
-+	char *pb_dbverify_dbdir;
- 	/* ldif2db arguments */
- 	char		*pb_ldif_file;
- 	int		pb_removedupvals;
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index a8c7a4a..6b04610 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -7289,6 +7289,9 @@ typedef struct slapi_plugindesc {
- /* ACI Target Check */
- #define SLAPI_ACI_TARGET_CHECK      1946
- 
-+/* dbverify */
-+#define SLAPI_DBVERIFY_DBDIR		1947
-+
- /* convenience macros for checking modify operation types */
- #define SLAPI_IS_MOD_ADD(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_ADD)
- #define SLAPI_IS_MOD_DELETE(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE)
-diff --git a/man/man8/dbverify.8 b/man/man8/dbverify.8
-index 30d6933..c74747a 100644
---- a/man/man8/dbverify.8
-+++ b/man/man8/dbverify.8
-@@ -31,6 +31,9 @@ one instance on the system, this option can be skipped.
- .B \fB\-n\fR \fIBackend Name\fR
- The name of the LDBM database to reindex.  Example: userRoot
- .TP
-+.B \fB\-a\fR \fIDatabase Directory\fR
-+Location of database if it is different than what is in the server configuration(e.g. backup directories)
-+.TP
- .B \fB\-d\fR \fIDebug Level\fR
- Sets the debugging level.
- .TP
--- 
-1.9.3
-
diff --git a/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch b/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch
new file mode 100644
index 0000000..8cc9460
--- /dev/null
+++ b/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch
@@ -0,0 +1,183 @@
+From 1cd2d9b06b8bc006078ed26bb0d3cbe808681a86 Mon Sep 17 00:00:00 2001
+From: Ludwig Krispenz <lkrispen@redhat.com>
+Date: Fri, 12 Aug 2016 14:06:21 +0200
+Subject: [PATCH 34/35] Ticket 48954 - replication fails because anchorcsn
+ cannot be found
+
+Bug Description: the anchorcsn is calculated based on supploier and consumer
+                 ruv. If this csn is not found in the changelog
+                 replication stops.
+
+Fix Description: Fix consists of two parts
+                 1. log start-iteration csn record for all replicas
+                    after initialization
+                 2. If the csn still cannot be found
+                    - log an error
+                    - use the closest csn available by calling
+                      cursor->c_get with DB_SET_RANGE instead of DB_SET
+
+https://fedorahosted.org/389/ticket/48954
+
+Reviewed by: Noriko, Thierry. thanks
+
+(cherry picked from commit 0721856d5a203689c15ea66ffe6c94ce4d785bd7)
+---
+ ldap/servers/plugins/replication/cl5_clcache.c   | 32 +++++++++++--
+ ldap/servers/plugins/replication/repl5_replica.c | 58 ++++++++++++++++--------
+ 2 files changed, 67 insertions(+), 23 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
+index 2d3bb28..74f0fec 100644
+--- a/ldap/servers/plugins/replication/cl5_clcache.c
++++ b/ldap/servers/plugins/replication/cl5_clcache.c
+@@ -376,6 +376,7 @@ clcache_load_buffer_bulk ( CLC_Buffer *buf, int flag )
+ 	DBC *cursor = NULL;
+ 	int rc = 0;
+ 	int tries = 0;
++	int use_flag = flag;
+ 
+ #if 0 /* txn control seems not improving anything so turn it off */
+ 	if ( *(_pool->pl_dbenv) ) {
+@@ -400,20 +401,44 @@ clcache_load_buffer_bulk ( CLC_Buffer *buf, int flag )
+ retry:
+ 	if ( 0 == ( rc = clcache_open_cursor ( txn, buf, &cursor )) ) {
+ 
+-		if ( flag == DB_NEXT ) {
++		if ( use_flag == DB_NEXT ) {
+ 			/* For bulk read, position the cursor before read the next block */
+ 			rc = cursor->c_get ( cursor,
+ 								 & buf->buf_key,
+ 								 & buf->buf_data,
+ 								 DB_SET );
++			if (rc == DB_NOTFOUND) {
++				/* the start position in the changelog is not found
++				 * 1. log an error
++				 * 2. try to find another starting position as close
++				 *    as possible
++				 */
++				slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk",
++							"changelog record with csn (%s) not found for DB_NEXT\n",
++							(char *)buf->buf_key.data );
++				rc = cursor->c_get ( cursor, & buf->buf_key, & buf->buf_data,
++							 DB_SET_RANGE );
++				/* this moves the cursor ahead of the tageted csn,
++				 * so we achieved what was intended with DB_SET/DB_NEXT
++				 * continute at this csn.
++				 */
++				use_flag = DB_CURRENT;
++			}
+ 		}
+ 
+ 		/*
+ 		 * Continue if the error is no-mem since we don't need to
+ 		 * load in the key record anyway with DB_SET.
+ 		 */
+-		if ( 0 == rc || DB_BUFFER_SMALL == rc )
+-			rc = clcache_cursor_get ( cursor, buf, flag );
++		if ( 0 == rc || DB_BUFFER_SMALL == rc ) {
++			rc = clcache_cursor_get ( cursor, buf, use_flag );
++			if ( rc == DB_NOTFOUND && use_flag == DB_SET) {
++				slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk",
++							"changelog record with csn (%s) not found for DB_SET\n",
++							(char *)buf->buf_key.data );
++				rc = clcache_cursor_get ( cursor, buf, DB_SET_RANGE );
++			}
++		}
+ 
+ 	}
+ 
+@@ -434,6 +459,7 @@ retry:
+ 		/* back off */
+ 		interval = PR_MillisecondsToInterval(slapi_rand() % 100);
+ 		DS_Sleep(interval);
++		use_flag = flag;
+ 		goto retry;
+ 	}
+ 	if ((rc == DB_LOCK_DEADLOCK) && (tries >= MAX_TRIALS)) {
+diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
+index b5d65ef..7360d97 100644
+--- a/ldap/servers/plugins/replication/repl5_replica.c
++++ b/ldap/servers/plugins/replication/repl5_replica.c
+@@ -3794,41 +3794,59 @@ replica_remove_legacy_attr (const Slapi_DN *repl_root_sdn, const char *attr)
+     slapi_mods_done (&smods);
+     slapi_pblock_destroy (pb);
+ }
++typedef struct replinfo {
++    char *repl_gen;
++    char *repl_name;
++} replinfo;
++
++static int
++replica_log_start_iteration(const ruv_enum_data *rid_data, void *data)
++{
++    int rc = 0;
++    replinfo *r_info = (replinfo *)data;
++    slapi_operation_parameters op_params;
++
++    if (rid_data->csn == NULL) return 0;
++
++    memset (&op_params, 0, sizeof (op_params));
++    op_params.operation_type = SLAPI_OPERATION_DELETE;
++    op_params.target_address.sdn = slapi_sdn_new_ndn_byval(START_ITERATION_ENTRY_DN);
++    op_params.target_address.uniqueid = START_ITERATION_ENTRY_UNIQUEID;
++    op_params.csn = csn_dup(rid_data->csn);
++    rc = cl5WriteOperation(r_info->repl_name, r_info->repl_gen, &op_params, PR_FALSE);
++    if (rc == CL5_SUCCESS)
++        rc = 0;
++    else
++        rc = -1;
++
++    slapi_sdn_free(&op_params.target_address.sdn);
++    csn_free (&op_params.csn);
++
++    return rc;
++}
+ 
+ static int 
+ replica_log_ruv_elements_nolock (const Replica *r)
+ {
+     int rc = 0;
+-    slapi_operation_parameters op_params;
+     RUV *ruv;
+     char *repl_gen; 
+-    CSN *csn = NULL;
++    replinfo r_info;
+ 
+     ruv = (RUV*) object_get_data (r->repl_ruv);
+     PR_ASSERT (ruv);
+ 
+-    if ((ruv_get_min_csn(ruv, &csn) == RUV_SUCCESS) && csn)
+-    {
+         /* we log it as a delete operation to have the least number of fields
+            to set. the entry can be identified by a special target uniqueid and
+            special target dn */
+-        memset (&op_params, 0, sizeof (op_params));
+-        op_params.operation_type = SLAPI_OPERATION_DELETE;
+-        op_params.target_address.sdn = slapi_sdn_new_ndn_byval(START_ITERATION_ENTRY_DN);
+-        op_params.target_address.uniqueid = START_ITERATION_ENTRY_UNIQUEID;
+-        op_params.csn = csn;
+-        repl_gen = ruv_get_replica_generation (ruv);
+-
+-        rc = cl5WriteOperation(r->repl_name, repl_gen, &op_params, PR_FALSE); 
+-        if (rc == CL5_SUCCESS)
+-            rc = 0;
+-        else
+-            rc = -1;
++    repl_gen = ruv_get_replica_generation (ruv);
+ 
+-        slapi_ch_free ((void**)&repl_gen);
+-        slapi_sdn_free(&op_params.target_address.sdn);
+-        csn_free (&csn);
+-    }
++    r_info.repl_name = r->repl_name;
++    r_info.repl_gen = repl_gen;
++
++    rc = ruv_enumerate_elements(ruv, replica_log_start_iteration, &r_info);
++
++    slapi_ch_free ((void**)&repl_gen);
+ 
+     return rc;
+ }
+-- 
+2.4.11
+
diff --git a/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch b/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch
deleted file mode 100644
index b0931eb..0000000
--- a/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 4fdac66777dd780bd1e46d91bf38513832934695 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 6 Aug 2015 10:13:40 -0400
-Subject: [PATCH 35/39] Ticket 48215 - update dbverify usage
-
-Description:  Need to add the "-a" argument usage
-
-https://fedorahosted.org/389/ticket/48215
-(cherry picked from commit 20284e6539f557efc0679d974d5156cdcd55c407)
-(cherry picked from commit 8e08c8b53641d807b63d87ee79564c596c5da4dd)
----
- ldap/admin/src/scripts/dbverify.in | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index 778a9ba..461cc16 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -14,15 +14,16 @@ PATH=$PATH:/bin
- 
- usage()
- {
--    echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V] [-v] [-d debuglevel] [-h]"
-+    echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-a db_directory ] [-V] [-v] [-d debuglevel] [-h]"
-     echo "Note if \"-n backend\" is not passed, verify all DBs."
-     echo "Options:"
--    echo "        -Z             - Server instance identifier"
--    echo "        -n backend     - Backend database name.  Example: userRoot"
--    echo "        -V             - Verbose output"
--    echo "        -d debuglevel  - Debugging level"
--    echo "        -v             - Display version"
--    echo "        -h             - Display usage"
-+    echo "        -Z              - Server instance identifier"
-+    echo "        -n backend      - Backend database name.  Example: userRoot"
-+    echo "        -a db_directory - Database directory"
-+    echo "        -V              - Verbose output"
-+    echo "        -d debuglevel   - Debugging level"
-+    echo "        -v              - Display version"
-+    echo "        -h              - Display usage"
- }
- 
- display_version="no"
--- 
-1.9.3
-
diff --git a/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch b/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch
new file mode 100644
index 0000000..2a21292
--- /dev/null
+++ b/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch
@@ -0,0 +1,320 @@
+From 3d1a6717b4b8c11dda68dd3d1a923acb2e6c5eeb Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Wed, 17 Aug 2016 16:46:47 +0200
+Subject: [PATCH 35/35] Ticket 48956 ns-accountstatus.pl showing "activated"
+ user even if it is inactivated
+
+Bug Description:
+    If the account policy DN is long (suffix is long), it is fold on several lines.
+    So when looking for it, the base DN is invalid and fail to retrieve it and the limit value.
+
+Fix Description:
+    Change the DSutil search to be in no fold
+
+https://fedorahosted.org/389/ticket/48956
+
+Reviewed by: Noriko Hosoi (Thanks Noriko)
+
+Platforms tested: F23
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit 3cce9f9188a38e1a5043c9659ecbc5955ddb0242)
+---
+ dirsrvtests/tests/tickets/ticket48956_test.py | 167 ++++++++++++++++++++++++++
+ ldap/admin/src/scripts/DSUtil.pm.in           |  34 +++---
+ 2 files changed, 185 insertions(+), 16 deletions(-)
+ create mode 100644 dirsrvtests/tests/tickets/ticket48956_test.py
+
+diff --git a/dirsrvtests/tests/tickets/ticket48956_test.py b/dirsrvtests/tests/tickets/ticket48956_test.py
+new file mode 100644
+index 0000000..291dd4e
+--- /dev/null
++++ b/dirsrvtests/tests/tickets/ticket48956_test.py
+@@ -0,0 +1,167 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++import subprocess
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++
++DEBUGGING = False
++
++RDN_LONG_SUFFIX = 'this'
++LONG_SUFFIX = "dc=%s,dc=is,dc=a,dc=very,dc=long,dc=suffix,dc=so,dc=long,dc=suffix,dc=extremely,dc=long,dc=suffix" % RDN_LONG_SUFFIX
++LONG_SUFFIX_BE = 'ticket48956'
++
++
++ACCT_POLICY_PLUGIN_DN = 'cn=%s,cn=plugins,cn=config' % PLUGIN_ACCT_POLICY
++ACCT_POLICY_CONFIG_DN = 'cn=config,%s' % ACCT_POLICY_PLUGIN_DN
++
++
++INACTIVITY_LIMIT = '9'
++SEARCHFILTER = '(objectclass=*)'
++
++TEST_USER = 'ticket48956user'
++TEST_USER_PW = '%s' % TEST_USER
++
++if DEBUGGING:
++    logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++    logging.getLogger(__name__).setLevel(logging.INFO)
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++    """The DS Topology Class"""
++    def __init__(self, standalone):
++        """Init"""
++        standalone.open()
++        self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    """Create DS Deployment"""
++
++    # Creating standalone instance ...
++    if DEBUGGING:
++        standalone = DirSrv(verbose=True)
++    else:
++        standalone = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_STANDALONE
++    args_instance[SER_PORT] = PORT_STANDALONE
++    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_standalone = args_instance.copy()
++    standalone.allocate(args_standalone)
++    instance_standalone = standalone.exists()
++    if instance_standalone:
++        standalone.delete()
++    standalone.create()
++    standalone.open()
++
++    def fin():
++        """If we are debugging just stop the instances, otherwise remove them
++        """
++        if DEBUGGING:
++            standalone.stop()
++        else:
++            standalone.delete()
++    request.addfinalizer(fin)
++
++    return TopologyStandalone(standalone)
++
++def _check_status(topology, user, expected):
++    nsaccountstatus = '%s/sbin/ns-accountstatus.pl' % topology.standalone.prefix
++    proc = subprocess.Popen([nsaccountstatus, '-Z', 'standalone', '-D', DN_DM, '-w', PASSWORD, '-p', str(topology.standalone.port), '-I', user], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
++
++    found = False
++    while True:
++        l = proc.stdout.readline()
++        log.info("output: %s" % l)
++        if l == "":
++            break
++        if expected in l:
++            found = True
++            break
++    return found
++
++def _check_inactivity(topology, mysuffix):
++    ACCT_POLICY_DN = 'cn=Account Inactivation Policy,%s' % mysuffix
++    log.info("\n######################### Adding Account Policy entry: %s ######################\n" % ACCT_POLICY_DN)
++    topology.standalone.add_s(Entry((ACCT_POLICY_DN, {'objectclass': "top ldapsubentry extensibleObject accountpolicy".split(),
++                                                      'accountInactivityLimit': INACTIVITY_LIMIT})))
++    TEST_USER_DN = 'uid=%s,%s' % (TEST_USER, mysuffix)
++    log.info("\n######################### Adding Test User entry: %s ######################\n" % TEST_USER_DN)
++    topology.standalone.add_s(Entry((TEST_USER_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++                                                    'cn': TEST_USER,
++                                                    'sn': TEST_USER,
++                                                    'givenname': TEST_USER,
++                                                    'userPassword': TEST_USER_PW,
++                                                    'acctPolicySubentry': ACCT_POLICY_DN})))
++
++    # Setting the lastLoginTime
++    try:
++        topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PW)
++    except ldap.CONSTRAINT_VIOLATION as e:
++        log.error('CONSTRAINT VIOLATION ' + e.message['desc'])
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++
++    assert(_check_status(topology, TEST_USER_DN, '- activated'))
++
++    time.sleep(int(INACTIVITY_LIMIT) + 5)
++    assert(_check_status(topology, TEST_USER_DN, '- inactivated (inactivity limit exceeded'))
++
++def test_ticket48956(topology):
++    """Write your testcase here...
++
++    Also, if you need any testcase initialization,
++    please, write additional fixture for that(include finalizer).
++
++    """
++
++    topology.standalone.modify_s(ACCT_POLICY_PLUGIN_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', ACCT_POLICY_CONFIG_DN)])
++
++    topology.standalone.modify_s(ACCT_POLICY_CONFIG_DN, [(ldap.MOD_REPLACE, 'alwaysrecordlogin', 'yes'),
++                                                         (ldap.MOD_REPLACE, 'stateattrname', 'lastLoginTime'),
++                                                         (ldap.MOD_REPLACE, 'altstateattrname', 'createTimestamp'),
++                                                         (ldap.MOD_REPLACE, 'specattrname', 'acctPolicySubentry'),
++                                                         (ldap.MOD_REPLACE, 'limitattrname', 'accountInactivityLimit')])
++
++    # Enable the plugins
++    topology.standalone.plugins.enable(name=PLUGIN_ACCT_POLICY)
++
++    topology.standalone.restart(timeout=10)
++
++    # Check inactivity on standard suffix (short)
++    _check_inactivity(topology, SUFFIX)
++
++    # Check inactivity on a long suffix
++    topology.standalone.backend.create(LONG_SUFFIX, {BACKEND_NAME: LONG_SUFFIX_BE})
++    topology.standalone.mappingtree.create(LONG_SUFFIX, bename=LONG_SUFFIX_BE)
++    topology.standalone.add_s(Entry((LONG_SUFFIX, {
++                                            'objectclass': "top domain".split(),
++                                            'dc': RDN_LONG_SUFFIX})))
++    _check_inactivity(topology, LONG_SUFFIX)
++
++
++    if DEBUGGING:
++        # Add debugging steps(if any)...
++        pass
++
++    log.info('Test PASSED')
++
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
++
+diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
+index f53f0c0..756d6ea 100644
+--- a/ldap/admin/src/scripts/DSUtil.pm.in
++++ b/ldap/admin/src/scripts/DSUtil.pm.in
+@@ -1201,8 +1201,10 @@ sub get_info {
+     my $toollib = `ldapsearch -V 2>&1`;
+     if ($toollib =~ /OpenLDAP/) { 
+         $info{openldap} = "yes";
++        $info{nofold} = "-o ldif-wrap=no";
+     } else {
+         $info{openldap} = "no";
++        $info{nofold} = "-T";
+     }
+     
+     #
+@@ -1537,10 +1539,10 @@ sub ldapsrch {
+             print "STARTTLS)\n";
+         }
+         if($info{openldap} eq "yes"){
+-            $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " .
++            $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+                       "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+         } else {
+-            $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" " .
++            $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " .
+                       "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+         }  
+     } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ 
+@@ -1551,10 +1553,10 @@ sub ldapsrch {
+             print "LDAPS)\n";
+         }
+         if($info{openldap} eq "yes"){
+-            $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" " .
++            $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" $info{nofold} " .
+                       "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+         } else {
+-            $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" " .
++            $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " .
+                       "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+         } 
+     } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){  
+@@ -1562,10 +1564,10 @@ sub ldapsrch {
+         # LDAPI
+         #
+         if ($< == 0 && $info{autobind} eq "on"){
+-            $search = "ldapsearch  -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL " .
++            $search = "ldapsearch  -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} " .
+                   "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} 2>/dev/null";
+         } else {
+-            $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw " .
++            $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+                   "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+         }
+     } else {
+@@ -1576,10 +1578,10 @@ sub ldapsrch {
+             print "LDAP)\n";
+         }
+         if($info{openldap} eq "yes"){
+-            $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " .
++            $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+                   "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+         } else {
+-            $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " .
++            $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+                   "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+         }
+     }
+@@ -1611,9 +1613,9 @@ sub ldapsrch_ext {
+             print "STARTTLS)\n";
+         }
+         if($info{openldap} eq "yes"){
+-            return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++            return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+         } else {
+-            return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++            return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+         }     
+     } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ 
+         # 
+@@ -1623,18 +1625,18 @@ sub ldapsrch_ext {
+             print "LDAPS)\n";
+         }
+         if($info{openldap} eq "yes"){
+-            return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++            return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args}  -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+         } else {
+-            return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++            return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+         }
+     } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){  
+         # 
+         # LDAPI
+         #
+         if ($< == 0 && $info{autobind} eq "on"){
+-            return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`;
++            return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`;
+         } else {
+-            return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++            return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+         }
+     } else {
+         # 
+@@ -1644,9 +1646,9 @@ sub ldapsrch_ext {
+             print "LDAP)\n";
+         }
+         if($info{openldap} eq "yes"){
+-            return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++            return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+         } else {
+-            return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++            return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+         }
+     }
+ }
+-- 
+2.4.11
+
diff --git a/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch b/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
deleted file mode 100644
index 82f9189..0000000
--- a/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 5e348707ba4bece4ad4c75a8b640f1c40cbbaa0e Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 6 Aug 2015 11:27:40 -0400
-Subject: [PATCH 36/39] Ticket 48215  - update dbverify usage in main.c
-
-Description:  Need to update dbverify usage in main.c
-
-https://fedorahosted.org/389/ticket/48215
-(cherry picked from commit c1912cdcac8319e2fe0f98f765aa935e6a8ff297)
-(cherry picked from commit c842dbe3d0ee2ac28c55e31b9b8e5e5a3c5dc200)
----
- ldap/servers/slapd/main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
-index 922de97..4f9fbfe 100644
---- a/ldap/servers/slapd/main.c
-+++ b/ldap/servers/slapd/main.c
-@@ -398,7 +398,7 @@ usage( char *name, char *extraname )
- 	usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-N] -n backend-instance-name -a fullpath-backend-instance-dir-full\n";
- 	break;
-     case SLAPD_EXEMODE_DBVERIFY:
--	usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name]\n";
-+	usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name] [-a db-directory]\n";
- 	break;
- 
-     default:	/* SLAPD_EXEMODE_SLAPD */
--- 
-1.9.3
-
diff --git a/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch b/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch
new file mode 100644
index 0000000..f48a0e5
--- /dev/null
+++ b/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch
@@ -0,0 +1,212 @@
+From 4525faed1a8cb985596c0617abc6ce32fb85b7c2 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Fri, 19 Aug 2016 12:49:17 +1000
+Subject: [PATCH 36/45] Ticket 48958 - Audit fail log doesn't work if audit log
+ disabled.
+
+Bug Description:  Due to a configuration interpretation issue, when audit was
+not enabled, but auditfail was with no log defined, the fail log should write to
+the audit log location on failed events, but audit events should not be written.
+This did not work.
+
+Fix Description:  This was because when we wrote to the audit file in the
+abscence of the auditfail log, the audit enabled state was checked. This adds a
+check to determine what the source event was from, and to check the correct log
+enabled state during the event processing.
+
+https://fedorahosted.org/389/ticket/48958
+
+Author: wibrown
+
+Review by: nhosoi (Thank you!)
+
+(cherry picked from commit 5fed8021a0487c092af6038d4a7dcce1ef3fab75)
+---
+ ldap/servers/slapd/auditlog.c   | 15 +++++----
+ ldap/servers/slapd/log.c        | 71 ++++++++++++++++++++++++-----------------
+ ldap/servers/slapd/proto-slap.h |  4 +--
+ 3 files changed, 53 insertions(+), 37 deletions(-)
+
+diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
+index 0f4cc94..ec7111b 100644
+--- a/ldap/servers/slapd/auditlog.c
++++ b/ldap/servers/slapd/auditlog.c
+@@ -33,7 +33,7 @@ static int audit_hide_unhashed_pw = 1;
+ static int auditfail_hide_unhashed_pw = 1;
+ 
+ /* Forward Declarations */
+-static void write_audit_file(int logtype, int optype, const char *dn, void *change, int flag, time_t curtime, int rc );
++static void write_audit_file(int logtype, int optype, const char *dn, void *change, int flag, time_t curtime, int rc, int sourcelog );
+ 
+ static const char *modrdn_changes[4];
+ 
+@@ -98,7 +98,7 @@ write_audit_log_entry( Slapi_PBlock *pb )
+     curtime = current_time();
+     /* log the raw, unnormalized DN */
+     dn = slapi_sdn_get_udn(sdn);
+-    write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, LDAP_SUCCESS);
++    write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, LDAP_SUCCESS, SLAPD_AUDIT_LOG);
+ }
+ 
+ void
+@@ -169,10 +169,10 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+     auditfail_config = config_get_auditfaillog();
+     if (auditfail_config == NULL || strlen(auditfail_config) == 0) {
+         /* If no auditfail log write to audit log */
+-        write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc);
++        write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+     } else {
+         /* If we have our own auditfail log path */
+-        write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc);
++        write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+     }
+     slapi_ch_free_string(&auditfail_config);
+ }
+@@ -181,6 +181,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+ /*
+  * Function: write_audit_file
+  * Arguments: 
++ *            logtype - Destination where the message will go.
+  *            optype - type of LDAP operation being logged
+  *            dn     - distinguished name of entry being changed
+  *            change - pointer to the actual change operation
+@@ -188,6 +189,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+  *            flag   - only used by modrdn operations - value of deleteoldrdn flag
+  *            curtime - the current time
+  *            rc     - The ldap result code. Used in conjunction with auditfail
++ *            sourcelog - The source of the message (audit or auditfail)
+  * Returns: nothing
+  */
+ static void
+@@ -198,7 +200,8 @@ write_audit_file(
+     void        *change,
+     int         flag,
+     time_t      curtime,
+-    int         rc
++    int         rc,
++    int         sourcelog
+ )
+ {
+     LDAPMod **mods;
+@@ -359,7 +362,7 @@ write_audit_file(
+     switch (logtype)
+     {
+     case SLAPD_AUDIT_LOG:
+-        slapd_log_audit (l->ls_buf, l->ls_len);
++        slapd_log_audit (l->ls_buf, l->ls_len, sourcelog);
+         break;
+     case SLAPD_AUDITFAIL_LOG:
+         slapd_log_auditfail (l->ls_buf, l->ls_len);
+diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
+index a16c395..ae8b5f8 100644
+--- a/ldap/servers/slapd/log.c
++++ b/ldap/servers/slapd/log.c
+@@ -1962,14 +1962,26 @@ auditfail_log_openf( char *pathname, int locked)
+ 
+ int
+ slapd_log_audit (
+-	char	*buffer,
+-	int	buf_len)
++    char *buffer,
++    int buf_len,
++    int sourcelog)
+ {
+     /* We use this to route audit log entries to where they need to go */
+     int retval = LDAP_SUCCESS;
+     int lbackend = loginfo.log_backend; /* We copy this to make these next checks atomic */
++
++    int state = 0;
++    if (sourcelog == SLAPD_AUDIT_LOG) {
++        state = loginfo.log_audit_state;
++    } else if (sourcelog == SLAPD_AUDITFAIL_LOG ) {
++        state = loginfo.log_auditfail_state;
++    } else {
++        /* How did we even get here! */
++        return 1;
++    }
++
+     if (lbackend & LOGGING_BACKEND_INTERNAL) {
+-        retval = slapd_log_audit_internal(buffer, buf_len);
++        retval = slapd_log_audit_internal(buffer, buf_len, state);
+     }
+ 
+     if (retval != LDAP_SUCCESS) {
+@@ -1989,33 +2001,34 @@ slapd_log_audit (
+ 
+ int
+ slapd_log_audit_internal (
+-	char	*buffer,
+-	int	buf_len)
++    char    *buffer,
++    int buf_len,
++    int state)
+ {
+-	if ( (loginfo.log_audit_state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL) ){
+-		LOG_AUDIT_LOCK_WRITE( );
+-		if (log__needrotation(loginfo.log_audit_fdes,
+-					SLAPD_AUDIT_LOG) == LOG_ROTATE) {
+-    		if (log__open_auditlogfile(LOGFILE_NEW, 1) != LOG_SUCCESS) {
+-	    		LDAPDebug(LDAP_DEBUG_ANY,
+-    				"LOGINFO: Unable to open audit file:%s\n",
+-	    			loginfo.log_audit_file,0,0);
+-    			LOG_AUDIT_UNLOCK_WRITE();
+-	    		return 0;
+-			}
+-			while (loginfo.log_audit_rotationsyncclock <= loginfo.log_audit_ctime) {
+-				loginfo.log_audit_rotationsyncclock += PR_ABS(loginfo.log_audit_rotationtime_secs);
+-			}
+-		}
+-		if (loginfo.log_audit_state & LOGGING_NEED_TITLE) {
+-			log_write_title( loginfo.log_audit_fdes);
+-			loginfo.log_audit_state &= ~LOGGING_NEED_TITLE;
+-		}
+-	    LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0);
+-   		LOG_AUDIT_UNLOCK_WRITE();
+-	    return 0;
+-	}
+-	return 0;
++    if ( (state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL) ){
++        LOG_AUDIT_LOCK_WRITE( );
++        if (log__needrotation(loginfo.log_audit_fdes,
++                    SLAPD_AUDIT_LOG) == LOG_ROTATE) {
++            if (log__open_auditlogfile(LOGFILE_NEW, 1) != LOG_SUCCESS) {
++                LDAPDebug(LDAP_DEBUG_ANY,
++                    "LOGINFO: Unable to open audit file:%s\n",
++                    loginfo.log_audit_file,0,0);
++                LOG_AUDIT_UNLOCK_WRITE();
++                return 0;
++            }
++            while (loginfo.log_audit_rotationsyncclock <= loginfo.log_audit_ctime) {
++                loginfo.log_audit_rotationsyncclock += PR_ABS(loginfo.log_audit_rotationtime_secs);
++            }
++        }
++        if (state & LOGGING_NEED_TITLE) {
++            log_write_title( loginfo.log_audit_fdes);
++            state &= ~LOGGING_NEED_TITLE;
++        }
++        LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0);
++        LOG_AUDIT_UNLOCK_WRITE();
++        return 0;
++    }
++    return 0;
+ }
+ /******************************************************************************
+ * write in the audit fail log
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index 6bc1065..1f37010 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -766,8 +766,8 @@ int slapi_log_access( int level, char *fmt, ... )
+ #else
+         ;
+ #endif
+-int slapd_log_audit(char *buffer, int buf_len);
+-int slapd_log_audit_internal(char *buffer, int buf_len);
++int slapd_log_audit(char *buffer, int buf_len, int sourcelog);
++int slapd_log_audit_internal(char *buffer, int buf_len, int state);
+ int slapd_log_auditfail(char *buffer, int buf_len);
+ int slapd_log_auditfail_internal(char *buffer, int buf_len);
+ void log_access_flush();
+-- 
+2.4.11
+
diff --git a/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
deleted file mode 100644
index 7e4a3ba..0000000
--- a/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-From a3d41922c0f211aa7602fb843f7cb4980f4bf285 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 3 Aug 2015 18:49:58 -0700
-Subject: [PATCH 37/39] Ticket #48228 - wrong password check if
- passwordInHistory is decreased.
-
-Bug Description: When N passwords to be remembered (passwordInHistroy)
-and N passwords are remembered, decreasing the passwordInHistory value
-to M (< N) does not allow to use the oldest password which should have
-been discarded from the history and should be allowed.
-
-Fix Description: Before checking if the password is in the history or
-not, adding a check the passwordInHistory value (M) is less than the
-count of passwords remembered (N).  If M < N, discard the (N-M) oldest
-passwords.
-
-https://fedorahosted.org/389/ticket/48228
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 1a119125856006543aae0520b5800a8b52c3b049)
-(cherry picked from commit dd85ee9c9ac24f1b141dd806943de236d2e44c90)
----
- ldap/servers/slapd/pw.c | 193 ++++++++++++++++++++++++++++--------------------
- 1 file changed, 114 insertions(+), 79 deletions(-)
-
-diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
-index f883010..3abebbf 100644
---- a/ldap/servers/slapd/pw.c
-+++ b/ldap/servers/slapd/pw.c
-@@ -613,7 +613,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
- 	
- 	/* update passwordHistory */
- 	if ( old_pw != NULL && pwpolicy->pw_history == 1 ) {
--		update_pw_history(pb, sdn, old_pw);
-+		(void)update_pw_history(pb, sdn, old_pw);
- 		slapi_ch_free ( (void**)&old_pw );
- 	}
- 
-@@ -654,8 +654,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
- 	 */
- 	if ((internal_op && pwpolicy->pw_must_change && (!pb->pb_conn || strcasecmp(target_dn, pb->pb_conn->c_dn))) ||
- 	    (!internal_op && pwpolicy->pw_must_change &&
--	     ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy))))
--	{
-+	     ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy)))) {
- 		pw_exp_date = NO_TIME;
- 	} else if ( pwpolicy->pw_exp == 1 ) {
- 		Slapi_Entry *pse = NULL;
-@@ -996,6 +995,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
- 
- 	/* get the entry and check for the password history if this is called by a modify operation */
- 	if ( mod_op ) {
-+retry:
- 		/* retrieve the entry */
- 		e = get_entry ( pb, dn );
- 		if ( e == NULL ) {
-@@ -1004,19 +1004,21 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
- 
- 		/* check for password history */
- 		if ( pwpolicy->pw_history == 1 ) {
-+			Slapi_Value **va = NULL;
- 			attr = attrlist_find(e->e_attrs, "passwordHistory");
--			if (attr && 
--				!valueset_isempty(&attr->a_present_values))
--			{
--				Slapi_Value **va= attr_get_present_values(attr);
-+			if (attr && !valueset_isempty(&attr->a_present_values)) {
-+				/* Resetting password history array if necessary. */
-+				if (0 == update_pw_history(pb, sdn, NULL)) {
-+					/* There was an update in the password history.  Retry... */
-+					slapi_entry_free(e); 
-+					goto retry;
-+				}
-+				va = attr_get_present_values(attr);
- 				if ( pw_in_history( va, vals[0] ) == 0 ) {
- 					if ( pwresponse_req == 1 ) {
--						slapi_pwpolicy_make_response_control ( pb, -1, -1,
--							LDAP_PWPOLICY_PWDINHISTORY );
-+						slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDINHISTORY);
- 					}
--					pw_send_ldap_result ( pb, 
--						LDAP_CONSTRAINT_VIOLATION, NULL,
--						"password in history", 0, NULL );
-+					pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
- 					slapi_entry_free( e ); 
- 					return ( 1 );
- 				}
-@@ -1024,26 +1026,17 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
- 
- 			/* get current password. check it and remember it  */
- 			attr = attrlist_find(e->e_attrs, "userpassword");
--			if (attr && !valueset_isempty(&attr->a_present_values))
--			{
--				Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values);
--				if (slapi_is_encoded((char*)slapi_value_get_string(vals[0]))) 
--				{
--					if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 )
--					{
--						pw_send_ldap_result ( pb, 
--										   LDAP_CONSTRAINT_VIOLATION ,NULL,
--										   "password in history", 0, NULL);
-+			if (attr && !valueset_isempty(&attr->a_present_values)) {
-+				va = valueset_get_valuearray(&attr->a_present_values);
-+				if (slapi_is_encoded((char*)slapi_value_get_string(vals[0]))) {
-+					if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 ) {
-+						pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
- 						slapi_entry_free( e ); 
- 						return ( 1 );
- 					}
--				} else 
--				{
--					if ( slapi_pw_find_sv ( va, vals[0] ) == 0 )
--					{
--						pw_send_ldap_result ( pb, 
--										   LDAP_CONSTRAINT_VIOLATION ,NULL,
--										   "password in history", 0, NULL);
-+				} else {
-+					if ( slapi_pw_find_sv ( va, vals[0] ) == 0 ) {
-+						pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
- 						slapi_entry_free( e ); 
- 						return ( 1 );
- 					}
-@@ -1086,68 +1079,112 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
- 
- }
- 
-+/*
-+ * Basically, h0 and h1 must be longer than GENERALIZED_TIME_LENGTH.
-+ */
-+static int
-+pw_history_cmp(const void *h0, const void *h1)
-+{
-+	size_t h0sz = 0;
-+	size_t h1sz = 0;
-+	if (!h0) {
-+		if (!h1) {
-+			return 0;
-+		} else {
-+			return -1;
-+		}
-+	} else {
-+		if (!h1) {
-+			return 1;
-+		} else {
-+			size_t delta;
-+			h0sz = strlen(h0);
-+			h1sz = strlen(h1);
-+			delta = h0sz - h1sz;
-+			if (!delta) {
-+				return delta;
-+			}
-+			if (h0sz < GENERALIZED_TIME_LENGTH) {
-+				/* too short for the history str. */
-+				return 0;
-+			}
-+		}
-+	}
-+	return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
-+}
-+
-+
- static int
- update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
- {
--	time_t 		t, old_t, cur_time;
--	int 		i = 0, oldest = 0;
--	int res;
--	Slapi_Entry		*e;
--	Slapi_Attr 	*attr;
-+	time_t cur_time;
-+	int res = 1; /* no update, by default */
-+	Slapi_Entry *e = NULL;
- 	LDAPMod 	attribute;
--	char 		*values_replace[25]; /* 2-24 passwords in history */
- 	LDAPMod 	*list_of_mods[2];
- 	Slapi_PBlock 	mod_pb;
--	char		*history_str;
--	char		*str;
-+	char		*str = NULL;
- 	passwdPolicy *pwpolicy = NULL;
- 	const char *dn = slapi_sdn_get_dn(sdn);
-+	char **values_replace = NULL;
-+	int vacnt = 0;
-+	int vacnt_todelete = 0;
- 
- 	pwpolicy = new_passwdPolicy(pb, dn);
- 
- 	/* retrieve the entry */
- 	e = get_entry ( pb, dn );
- 	if ( e == NULL ) {
--		return ( 1 );
-+		return res;
- 	}
- 
--	history_str = (char *)slapi_ch_malloc(GENERALIZED_TIME_LENGTH + strlen(old_pw) + 1);
--	/* get password history, and find the oldest password in history */
--	cur_time = current_time ();
--	old_t = cur_time;
--	str = format_genTime ( cur_time );
--	attr = attrlist_find(e->e_attrs, "passwordHistory");
--	if (attr && !valueset_isempty(&attr->a_present_values))
--	{
--		Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values);
--		for ( i = oldest = 0 ; 
--			  (va[i] != NULL) && (slapi_value_get_length(va[i]) > 0) ;
--			  i++ ) {
--
--			values_replace[i] = (char*)slapi_value_get_string(va[i]);
--			strncpy( history_str, values_replace[i], GENERALIZED_TIME_LENGTH);
--			history_str[GENERALIZED_TIME_LENGTH] = '\0';
--			if (history_str[GENERALIZED_TIME_LENGTH - 1] != 'Z'){
--				/* The time is not a generalized Time. Probably a password history from 4.x */
--				history_str[GENERALIZED_TIME_LENGTH - 1] = '\0';
--			}
--			t = parse_genTime ( history_str ); 
--			if ( difftime ( t, old_t ) < 0 ) {
--				oldest = i;
--				old_t = t;
--			}
-+	/* get password history */
-+	values_replace = slapi_entry_attr_get_charray_ext(e, "passwordHistory", &vacnt);
-+	if (old_pw) {
-+		/* we have a password to replace with the oldest one in the history. */
-+		if (!values_replace || !vacnt) { /* This is the first one to store */
-+			values_replace = (char **)slapi_ch_calloc(2, sizeof(char *));
- 		}
-+	} else {
-+		/* we are checking the history size if it stores more than the current inhistory count. */
-+		if (!values_replace || !vacnt) { /* nothing to revise */
-+			res = 1;
-+			goto bail;
-+		}
-+		/* 
-+		 * If revising the passwords in the passwordHistory values
-+		 * and the password count in the value array is less than the inhistory,
-+		 * we have nothing to do.
-+		 */
-+		if (vacnt <= pwpolicy->pw_inhistory) {
-+			res = 1;
-+			goto bail;
-+		}
-+		vacnt_todelete = vacnt - pwpolicy->pw_inhistory;
- 	}
--	strcpy ( history_str, str );
--	strcat ( history_str, old_pw );
--	if ( i >= pwpolicy->pw_inhistory ) {
--		/* replace the oldest password in history */
--		values_replace[oldest] = history_str;
--		values_replace[pwpolicy->pw_inhistory] = NULL;
-+
-+	cur_time = current_time();
-+	str = format_genTime(cur_time);
-+	/* values_replace is sorted. */
-+	if (old_pw) {
-+		if ( vacnt >= pwpolicy->pw_inhistory ) {
-+			slapi_ch_free_string(&values_replace[0]);
-+			values_replace[0] = slapi_ch_smprintf("%s%s", str, old_pw);
-+		} else {
-+			/* add old_pw at the end of password history */
-+			values_replace = (char **)slapi_ch_realloc((char *)values_replace, sizeof(char *) * (vacnt + 2));
-+			values_replace[vacnt] = slapi_ch_smprintf("%s%s", str, old_pw);
-+			values_replace[vacnt+1] = NULL;
-+		}
-+		qsort((void *)values_replace, vacnt, (size_t)sizeof(char *), pw_history_cmp);
- 	} else {
--		/* add old_pw at the end of password history */
--		values_replace[i] =  history_str;
--		values_replace[++i]=NULL;
-+		int i;
-+		/* vacnt > pwpolicy->pw_inhistory */
-+		for (i = 0; i < vacnt_todelete; i++) {
-+			slapi_ch_free_string(&values_replace[i]);
-+		}
-+		memmove(values_replace, values_replace + vacnt_todelete, sizeof(char *) * pwpolicy->pw_inhistory);
-+		values_replace[pwpolicy->pw_inhistory] = NULL;
- 	}
- 
- 	/* modify the attribute */
-@@ -1159,21 +1196,19 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
- 	list_of_mods[1] = NULL;
- 
- 	pblock_init(&mod_pb);
--	slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL, 
--								 pw_get_componentID(), 0);
-+	slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL, pw_get_componentID(), 0);
- 	slapi_modify_internal_pb(&mod_pb);
- 	slapi_pblock_get(&mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
- 	if (res != LDAP_SUCCESS){
- 		LDAPDebug2Args(LDAP_DEBUG_ANY,
- 		    "WARNING: passwordPolicy modify error %d on entry '%s'\n", res, dn);
- 	}
--
- 	pblock_done(&mod_pb);
--
--	slapi_ch_free((void **) &str );
--	slapi_ch_free((void **) &history_str );
-+	slapi_ch_free_string(&str);
-+bail:
-+	slapi_ch_array_free(values_replace);
- 	slapi_entry_free( e );
--	return 0;
-+	return res;
- }
- 
- static
--- 
-1.9.3
-
diff --git a/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch b/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch
new file mode 100644
index 0000000..07ea823
--- /dev/null
+++ b/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch
@@ -0,0 +1,88 @@
+From b20743a90c1eac752341d19a283e7d3ebf07ac10 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Fri, 19 Aug 2016 14:32:47 +0200
+Subject: [PATCH 37/45] Ticket 48960 Crash in import_wait_for_space_in_fifo().
+
+Bug Description:
+    At online total import on a consumer, the total import startup
+    function allocates a fifo queue and monitor the overall import.
+    This queue contain the entries later received during import.
+
+    When monitoring ends (import complete or error) it frees
+    the queue.
+
+    Under error condition, there is a possibility that monitoring
+    ends while entries are still received (bulk_import_queue).
+    So there is a risk that the received entries will be added into
+    the queue at the same time the monitoring thread frees the queue
+
+Fix Description:
+    The thread storing the entries into the queue runs while
+    holding the job->wire_lock.
+
+    To prevent the monitoring thread to frees the queue under
+    bulk_import_queue, make sure to acquire job->wire_lock
+    before calling import_free_job
+
+https://fedorahosted.org/389/ticket/48960
+
+Reviewed by: Mark Reynolds (thanks Mark !)
+
+Platforms tested: F23
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit 776d94214295cc95f9a906d4bb6268397a6bf091)
+---
+ ldap/servers/slapd/back-ldbm/import-threads.c |  5 +++++
+ ldap/servers/slapd/back-ldbm/import.c         | 15 ++++++++++++++-
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
+index 1759478..c3fca2b 100644
+--- a/ldap/servers/slapd/back-ldbm/import-threads.c
++++ b/ldap/servers/slapd/back-ldbm/import-threads.c
+@@ -3201,6 +3201,11 @@ static int bulk_import_queue(ImportJob *job, Slapi_Entry *entry)
+         return -1;
+     }
+ 
++    /* The import is aborted, just ignore that entry */
++    if(job->flags & FLAG_ABORT) {
++        return -1;
++    }
++
+     PR_Lock(job->wire_lock);
+     /* Let's do this inside the lock !*/
+     id = job->lead_ID + 1;
+diff --git a/ldap/servers/slapd/back-ldbm/import.c b/ldap/servers/slapd/back-ldbm/import.c
+index 9b6ae0d..78aefbf 100644
+--- a/ldap/servers/slapd/back-ldbm/import.c
++++ b/ldap/servers/slapd/back-ldbm/import.c
+@@ -408,8 +408,21 @@ void import_free_job(ImportJob *job)
+     
+     ldbm_back_free_incl_excl(job->include_subtrees, job->exclude_subtrees);
+     charray_free(job->input_filenames);
+-    if (job->fifo.size)
++    if (job->fifo.size) {
++        /* bulk_import_queue is running, while holding the job lock.
++         * bulk_import_queue is using the fifo queue.
++         * To avoid freeing fifo queue under bulk_import_queue use
++         * job lock to synchronize
++         */
++        if (job->wire_lock)
++            PR_Lock(job->wire_lock);
++
+         import_fifo_destroy(job);
++
++        if (job->wire_lock)
++            PR_Unlock(job->wire_lock);
++    }
++
+     if (NULL != job->uuid_namespace)
+         slapi_ch_free((void **)&job->uuid_namespace);
+     if (job->wire_lock)
+-- 
+2.4.11
+
diff --git a/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch b/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch
new file mode 100644
index 0000000..fd34e7e
--- /dev/null
+++ b/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch
@@ -0,0 +1,54 @@
+From 0927945fa67133654ec8d8178ffcfe0c20103454 Mon Sep 17 00:00:00 2001
+From: kamlesh <kchaudha@redhat.com>
+Date: Mon, 22 Aug 2016 14:20:27 +0530
+Subject: [PATCH 38/45] Bugzilla: 1368956 man page of ns-accountstatus.pl shows
+ redundant entries for -p port option
+
+    Bug Description:
+         Description of problem:
+         man page of ns-accountstatus.pl contain redundant entries for -p option
+
+         -p port
+              Port number of the Directory Server.
+
+         -p port
+              Port number of the Directory Server.
+
+         -p port
+              Port number of the Directory Server.
+
+    Fix Description:
+         Delete the redundant entrys
+
+    Platforms tested: RHEL7.3
+
+    Flag Day: no
+
+    Doc impact: yes
+
+Signed-off-by: kamlesh <kchaudha@redhat.com>
+(cherry picked from commit 370a70c431d5f235d4371e4cb080215ac4500b6c)
+---
+ man/man8/ns-accountstatus.pl.8 | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/man/man8/ns-accountstatus.pl.8 b/man/man8/ns-accountstatus.pl.8
+index be3a8e9..9ffc4d3 100644
+--- a/man/man8/ns-accountstatus.pl.8
++++ b/man/man8/ns-accountstatus.pl.8
+@@ -57,12 +57,6 @@ Host name of the Directory Server.
+ .B \fB\-p\fR \fIport\fR
+ Port number of the Directory Server.
+ .TP
+-.B \fB\-p\fR \fIport\fR
+-Port number of the Directory Server.
+-.TP
+-.B \fB\-p\fR \fIport\fR
+-Port number of the Directory Server.
+-.TP
+ .B \fB\-b\fR \fIbasedn\fR
+ The suffix DN from which to search from.
+ .TP
+-- 
+2.4.11
+
diff --git a/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index 8d833cf..0000000
--- a/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,350 +0,0 @@
-From 970672905f7ca994f1d0f92e82f4c80484796181 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 5 Aug 2015 14:40:12 -0700
-Subject: [PATCH 38/39] Ticket #48228 - CI test: added test cases for ticket
- 48228
-
-Description: wrong password check if passwordInHistory is decreased.
-(cherry picked from commit 6b138a2091bf7d78f3bc60a13f226a39296e0f4c)
-(cherry picked from commit e62b4815f0682845992dc9a4375e1d7c5597bfba)
----
- dirsrvtests/tickets/ticket48228_test.py | 327 ++++++++++++++++++++++++++++++++
- 1 file changed, 327 insertions(+)
- create mode 100644 dirsrvtests/tickets/ticket48228_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48228_test.py b/dirsrvtests/tickets/ticket48228_test.py
-new file mode 100644
-index 0000000..e0595bb
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48228_test.py
-@@ -0,0 +1,327 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2015 Red Hat, Inc.
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details. 
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+# Assuming DEFAULT_SUFFIX is "dc=example,dc=com", otherwise it does not work... :(
-+SUBTREE_CONTAINER = 'cn=nsPwPolicyContainer,' + DEFAULT_SUFFIX
-+SUBTREE_PWPDN = 'cn=nsPwPolicyEntry,' + DEFAULT_SUFFIX
-+SUBTREE_PWP = 'cn=cn\3DnsPwPolicyEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
-+SUBTREE_COS_TMPLDN = 'cn=nsPwTemplateEntry,' + DEFAULT_SUFFIX
-+SUBTREE_COS_TMPL = 'cn=cn\3DnsPwTemplateEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
-+SUBTREE_COS_DEF = 'cn=nsPwPolicy_CoS,' + DEFAULT_SUFFIX
-+
-+USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
-+USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
-+
-+class TopologyStandalone(object):
-+    def __init__(self, standalone):
-+        standalone.open()
-+        self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    '''
-+        This fixture is used to standalone topology for the 'module'.
-+    '''
-+    global installation_prefix
-+
-+    if installation_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+    standalone = DirSrv(verbose=False)
-+
-+    # Args for the standalone instance
-+    args_instance[SER_HOST] = HOST_STANDALONE
-+    args_instance[SER_PORT] = PORT_STANDALONE
-+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+    args_standalone = args_instance.copy()
-+    standalone.allocate(args_standalone)
-+
-+    # Get the status of the instance and restart it if it exists
-+    instance_standalone = standalone.exists()
-+
-+    # Remove the instance
-+    if instance_standalone:
-+        standalone.delete()
-+
-+    # Create the instance
-+    standalone.create()
-+
-+    # Used to retrieve configuration information (dbdir, confdir...)
-+    standalone.open()
-+
-+    # clear the tmp directory
-+    standalone.clearTmpDir(__file__)
-+
-+    # Here we have standalone instance up and running
-+    return TopologyStandalone(standalone)
-+
-+def set_global_pwpolicy(topology, inhistory):
-+    log.info("	+++++ Enable global password policy +++++\n")
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+    # Enable password policy
-+    try:
-+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', 'on')])
-+    except ldap.LDAPError, e:
-+        log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
-+        assert False
-+
-+    log.info("		Set global password history on\n")
-+    try:
-+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordHistory', 'on')])
-+    except ldap.LDAPError, e:
-+        log.error('Failed to set passwordHistory: error ' + e.message['desc'])
-+        assert False
-+
-+    log.info("		Set global passwords in history\n")
-+    try:
-+        count = "%d" % inhistory
-+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordInHistory', count)])
-+    except ldap.LDAPError, e:
-+        log.error('Failed to set passwordInHistory: error ' + e.message['desc'])
-+        assert False
-+
-+def set_subtree_pwpolicy(topology):
-+    log.info("	+++++ Enable subtree level password policy +++++\n")
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+    log.info("		Add the container")
-+    try:
-+        topology.standalone.add_s(Entry((SUBTREE_CONTAINER, {'objectclass': 'top nsContainer'.split(),
-+                                                             'cn': 'nsPwPolicyContainer'})))
-+    except ldap.LDAPError, e:
-+        log.error('Failed to add subtree container: error ' + e.message['desc'])
-+        assert False
-+
-+    log.info("		Add the password policy subentry {passwordHistory: on, passwordInHistory: 6}")
-+    try:
-+        topology.standalone.add_s(Entry((SUBTREE_PWP, {'objectclass': 'top ldapsubentry passwordpolicy'.split(),
-+                                                       'cn': SUBTREE_PWPDN,
-+                                                       'passwordMustChange': 'off',
-+                                                       'passwordExp': 'off',
-+                                                       'passwordHistory': 'on',
-+                                                       'passwordInHistory': '6',
-+                                                       'passwordMinAge': '0',
-+                                                       'passwordChange': 'on',
-+                                                       'passwordStorageScheme': 'clear'})))
-+    except ldap.LDAPError, e:
-+        log.error('Failed to add passwordpolicy: error ' + e.message['desc'])
-+        assert False
-+
-+    log.info("		Add the COS template")
-+    try:
-+        topology.standalone.add_s(Entry((SUBTREE_COS_TMPL, {'objectclass': 'top ldapsubentry costemplate extensibleObject'.split(),
-+                                                            'cn': SUBTREE_PWPDN,
-+                                                            'cosPriority': '1',
-+                                                            'cn': SUBTREE_COS_TMPLDN,
-+                                                            'pwdpolicysubentry': SUBTREE_PWP})))
-+    except ldap.LDAPError, e:
-+        log.error('Failed to add COS template: error ' + e.message['desc'])
-+        assert False
-+
-+    log.info("		Add the COS definition")
-+    try:
-+        topology.standalone.add_s(Entry((SUBTREE_COS_DEF, {'objectclass': 'top ldapsubentry cosSuperDefinition cosPointerDefinition'.split(),
-+                                                           'cn': SUBTREE_PWPDN,
-+                                                           'costemplatedn': SUBTREE_COS_TMPL,
-+                                                           'cosAttribute': 'pwdpolicysubentry default operational-default'})))
-+    except ldap.LDAPError, e:
-+        log.error('Failed to add COS def: error ' + e.message['desc'])
-+        assert False
-+
-+def check_passwd_inhistory(topology, user, cpw, passwd):
-+    inhistory = 0
-+    log.info("		Bind as {%s,%s}" % (user, cpw))
-+    topology.standalone.simple_bind_s(user, cpw)
-+    try:
-+        topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', passwd)])
-+    except ldap.LDAPError, e:
-+        log.info('		The password ' + passwd + ' of user' + USER1_DN + ' in history: error ' + e.message['desc'])
-+        inhistory = 1
-+    return inhistory
-+
-+def update_passwd(topology, user, passwd, times):
-+    cpw = passwd
-+    loop = 0
-+    while loop < times:
-+        log.info("		Bind as {%s,%s}" % (user, cpw))
-+        topology.standalone.simple_bind_s(user, cpw)
-+        cpw = 'password%d' % loop
-+        try:
-+            topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw)])
-+        except ldap.LDAPError, e:
-+            log.fatal('test_ticket48228: Failed to update the password ' + cpw + ' of user ' + user + ': error ' + e.message['desc'])
-+            assert False
-+        loop += 1
-+
-+    # checking the first password, which is supposed to be in history
-+    inhistory = check_passwd_inhistory(topology, user, cpw, passwd)
-+    assert inhistory == 1
-+
-+def test_ticket48228_test_global_policy(topology):
-+    """
-+    Check global password policy
-+    """
-+
-+    log.info('	Set inhistory = 6')
-+    set_global_pwpolicy(topology, 6)
-+
-+    log.info('	Bind as directory manager')
-+    log.info("Bind as %s" % DN_DM)
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+    log.info('	Add an entry' + USER1_DN)
-+    try:
-+        topology.standalone.add_s(Entry((USER1_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
-+                                     'sn': '1',
-+                                     'cn': 'user 1',
-+                                     'uid': 'user1',
-+                                     'givenname': 'user',
-+                                     'mail': 'user1@example.com',
-+                                     'userpassword': 'password'})))
-+    except ldap.LDAPError, e:
-+        log.fatal('test_ticket48228: Failed to add user' + USER1_DN + ': error ' + e.message['desc'])
-+        assert False
-+
-+    log.info('	Update the password of ' + USER1_DN + ' 6 times')
-+    update_passwd(topology, USER1_DN, 'password', 6)
-+
-+    log.info('	Set inhistory = 4')
-+    set_global_pwpolicy(topology, 4)
-+
-+    log.info('	checking the first password, which is supposed NOT to be in history any more')
-+    cpw = 'password%d' % 5
-+    tpw = 'password'
-+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+    assert inhistory == 0
-+
-+    log.info('	checking the second password, which is supposed NOT to be in history any more')
-+    cpw = tpw
-+    tpw = 'password%d' % 0
-+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+    assert inhistory == 0
-+
-+    log.info('	checking the second password, which is supposed NOT to be in history any more')
-+    cpw = tpw
-+    tpw = 'password%d' % 1
-+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+    assert inhistory == 0
-+
-+    log.info('	checking the third password, which is supposed to be in history')
-+    cpw = tpw
-+    tpw = 'password%d' % 2
-+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+    assert inhistory == 1
-+
-+    log.info("Global policy was successfully verified.")
-+
-+def test_ticket48228_test_subtree_policy(topology):
-+    """
-+    Check subtree level password policy
-+    """
-+
-+    log.info('	Set inhistory = 6')
-+    set_subtree_pwpolicy(topology)
-+
-+    log.info('	Bind as directory manager')
-+    log.info("Bind as %s" % DN_DM)
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+    log.info('	Add an entry' + USER2_DN)
-+    try:
-+        topology.standalone.add_s(Entry((USER2_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
-+                                     'sn': '2',
-+                                     'cn': 'user 2',
-+                                     'uid': 'user2',
-+                                     'givenname': 'user',
-+                                     'mail': 'user2@example.com',
-+                                     'userpassword': 'password'})))
-+    except ldap.LDAPError, e:
-+        log.fatal('test_ticket48228: Failed to add user' + USER2_DN + ': error ' + e.message['desc'])
-+        assert False
-+
-+    log.info('	Update the password of ' + USER2_DN + ' 6 times')
-+    update_passwd(topology, USER2_DN, 'password', 6)
-+
-+    log.info('	Set inhistory = 4')
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+    try:
-+        topology.standalone.modify_s(SUBTREE_PWP, [(ldap.MOD_REPLACE, 'passwordInHistory', '4')])
-+    except ldap.LDAPError, e:
-+        log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
-+        assert False
-+
-+    log.info('	checking the first password, which is supposed NOT to be in history any more')
-+    cpw = 'password%d' % 5
-+    tpw = 'password'
-+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+    assert inhistory == 0
-+
-+    log.info('	checking the second password, which is supposed NOT to be in history any more')
-+    cpw = tpw
-+    tpw = 'password%d' % 0
-+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+    assert inhistory == 0
-+
-+    log.info('	checking the second password, which is supposed NOT to be in history any more')
-+    cpw = tpw
-+    tpw = 'password%d' % 1
-+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+    assert inhistory == 0
-+
-+    log.info('	checking the third password, which is supposed to be in history')
-+    cpw = tpw
-+    tpw = 'password%d' % 2
-+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+    assert inhistory == 1
-+
-+    log.info("Subtree level policy was successfully verified.")
-+
-+def test_ticket48228_final(topology):
-+    topology.standalone.delete()
-+    log.info('Testcase PASSED')
-+
-+def run_isolated():
-+    '''
-+        run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+        To run isolated without py.test, you need to
-+            - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+            - set the installation prefix
-+            - run this program
-+    '''
-+    global installation_prefix
-+    installation_prefix = None
-+
-+    topo = topology(True)
-+    log.info('Testing Ticket 48228 - wrong password check if passwordInHistory is decreased')
-+
-+    test_ticket48228_test_global_policy(topo)
-+
-+    test_ticket48228_test_subtree_policy(topo)
-+
-+    test_ticket48228_final(topo)
-+
-+
-+if __name__ == '__main__':
-+    run_isolated()
-+
--- 
-1.9.3
-
diff --git a/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch b/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
deleted file mode 100644
index 2cb87d6..0000000
--- a/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
+++ /dev/null
@@ -1,1282 +0,0 @@
-From 9ba3240a177c156e365f22c721432321bb0a679e Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 4 Aug 2015 12:19:31 -0400
-Subject: [PATCH 39/39] Ticket 47931 - memberOf & retrocl deadlocks
-
-Bug Description:  When concurrently updating multiple backends the
-                  memberOf and retrocl plugins can deadlock on each
-                  other.  This is caused by the required retrocl lock,
-                  and the db lock on the changenumber index in the
-                  retrocl db.
-
-Fix Description:  Added scoping to the retrocl that allows subtrees/suffixes
-                  to be included or excluded.  Also moved the existing
-                  memberOf scoping outside of its global lock.
-
-                  Also improved the memberOf config copying to be consistent
-                  and more efficient.  Improved the memberOf scoping attributes
-                  to be multivalued.  And, properly valdiated new config
-                  settings in the preop valdiation function, instead of the
-                  "apply config" function.
-
-https://fedorahosted.org/389/ticket/47931
-
-Valgrind: passed
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit fd959ac864d6d86d24928bc2c6f097d1a6031ecd)
-(cherry picked from commit d8108476d3bedbcc03f6c61bfb3d50e921faaf42)
----
- ldap/servers/plugins/memberof/memberof.c        | 217 +++++++++++++--------
- ldap/servers/plugins/memberof/memberof.h        |   8 +-
- ldap/servers/plugins/memberof/memberof_config.c | 249 +++++++++++++++++-------
- ldap/servers/plugins/retrocl/retrocl.c          | 183 +++++++++++++++--
- ldap/servers/plugins/retrocl/retrocl.h          |   4 +
- ldap/servers/plugins/retrocl/retrocl_po.c       |  41 +++-
- 6 files changed, 516 insertions(+), 186 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index da52bc8..9b577b9 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -116,7 +116,7 @@ static int memberof_compare(MemberOfConfig *config, const void *a, const void *b
- static int memberof_qsort_compare(const void *a, const void *b);
- static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr);
- static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn);
--static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
-+static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, MemberOfConfig *config,
- 	char **types, plugin_search_entry_callback callback,  void *callback_data);
- static int memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn,
- 	Slapi_Value *memberdn);
-@@ -144,7 +144,7 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
- static void memberof_fixup_task_thread(void *arg);
- static int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str);
- static int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data);
--
-+static int memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn);
- 
- /*** implementation ***/
- 
-@@ -489,7 +489,8 @@ memberof_get_plugin_area()
- int memberof_postop_del(Slapi_PBlock *pb)
- {
- 	int ret = SLAPI_PLUGIN_SUCCESS;
--	MemberOfConfig configCopy = {0, 0, 0, 0};
-+	MemberOfConfig *mainConfig = NULL;
-+	MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- 	Slapi_DN *sdn;
- 	void *caller_id = NULL;
- 
-@@ -509,12 +510,13 @@ int memberof_postop_del(Slapi_PBlock *pb)
- 		struct slapi_entry *e = NULL;
- 
- 		slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &e );
--
--		/* We need to get the config lock first.  Trying to get the
--		 * config lock after we already hold the op lock can cause
--		 * a deadlock. */
- 		memberof_rlock_config();
--		/* copy config so it doesn't change out from under us */
-+		mainConfig = memberof_get_config();
-+		if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
-+			/* The entry is not in scope, bail...*/
-+			memberof_unlock_config();
-+			goto bail;
-+		}
- 		memberof_copy_config(&configCopy, memberof_get_config());
- 		memberof_unlock_config();
- 
-@@ -529,7 +531,6 @@ int memberof_postop_del(Slapi_PBlock *pb)
- 			                "memberof_postop_del: error deleting dn (%s) from group. Error (%d)\n",
- 			                slapi_sdn_get_dn(sdn),ret);
- 			memberof_unlock();
--			memberof_free_config(&configCopy);
- 			goto bail;
- 		}
- 
-@@ -554,10 +555,10 @@ int memberof_postop_del(Slapi_PBlock *pb)
- 			}
- 		}
- 		memberof_unlock();
-+bail:
- 		memberof_free_config(&configCopy);
- 	}
- 
--bail:
- 	if(ret){
- 		slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
- 		ret = SLAPI_PLUGIN_FAILURE;
-@@ -591,7 +592,7 @@ memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *
- 
- 		groupattrs[0] = config->groupattrs[i];
- 
--		rc = memberof_call_foreach_dn(pb, sdn, groupattrs,
-+		rc = memberof_call_foreach_dn(pb, sdn, config, groupattrs,
- 		                              memberof_del_dn_type_callback, &data);
- 	}
- 
-@@ -641,6 +642,20 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
- 	return rc;
- }
- 
-+/* Check if the the entry include scope is a child of the sdn */
-+static Slapi_DN*
-+memberof_scope_is_child_of_dn(MemberOfConfig *config, Slapi_DN *sdn)
-+{
-+	int i = 0;
-+
-+	while(config->entryScopes && config->entryScopes[i]){
-+		if(slapi_sdn_issuffix(config->entryScopes[i], sdn)){
-+			return config->entryScopes[i];
-+		}
-+		i++;
-+	}
-+	return NULL;
-+}
- /*
-  * Does a callback search of "type=dn" under the db suffix that "dn" is in,
-  * unless all_backends is set, then we look at all the backends.  If "dn"
-@@ -649,7 +664,7 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
-  */
- int
- memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
--	char **types, plugin_search_entry_callback callback, void *callback_data)
-+	MemberOfConfig *config, char **types, plugin_search_entry_callback callback, void *callback_data)
- {
- 	Slapi_PBlock *search_pb = NULL;
- 	Slapi_DN *base_sdn = NULL;
-@@ -657,9 +672,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- 	char *escaped_filter_val;
- 	char *filter_str = NULL;
- 	char *cookie = NULL;
--	int all_backends = memberof_config_get_all_backends();
--	Slapi_DN *entry_scope = memberof_config_get_entry_scope();
--	Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
-+	int all_backends = config->allBackends;
- 	int types_name_len = 0;
- 	int num_types = 0;
- 	int dn_len = slapi_sdn_get_ndn_len(sdn);
-@@ -667,11 +680,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- 	int rc = 0;
- 	int i = 0;
- 
--	if (entry_scope && !slapi_sdn_issuffix(sdn, entry_scope)) {
--		return (rc);
--	}
--        
--	if (entry_scope_exclude_subtree && slapi_sdn_issuffix(sdn, entry_scope_exclude_subtree)) {
-+	if (!memberof_entry_in_scope(config, sdn)) {
- 		return (rc);
- 	}
- 
-@@ -728,6 +737,8 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- 	search_pb = slapi_pblock_new();
- 	be = slapi_get_first_backend(&cookie);
- 	while(be){
-+		Slapi_DN *scope_sdn = NULL;
-+
- 		if(!all_backends){
- 			be = slapi_be_select(sdn);
- 			if(be == NULL){
-@@ -743,13 +754,14 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- 				continue;
- 			}
- 		}
--		if (entry_scope) {
--			if (slapi_sdn_issuffix(base_sdn, entry_scope)) {
-+
-+		if (config->entryScopes || config->entryScopeExcludeSubtrees) {
-+			if (memberof_entry_in_scope(config, base_sdn)) {
- 				/* do nothing, entry scope is spanning 
- 				 * multiple suffixes, start at suffix */
--			} else if (slapi_sdn_issuffix(entry_scope, base_sdn)) {
-+			} else if ((scope_sdn = memberof_scope_is_child_of_dn(config, base_sdn))) {
- 				/* scope is below suffix, set search base */
--				base_sdn = entry_scope;
-+				base_sdn = scope_sdn;
- 			} else if(!all_backends){
- 				break;
- 			} else {
-@@ -767,7 +779,6 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- 			break;
- 		}
- 
--
- 		if(!all_backends){
- 			break;
- 		}
-@@ -792,10 +803,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- {
- 	int ret = SLAPI_PLUGIN_SUCCESS;
- 	void *caller_id = NULL;
--	Slapi_DN *entry_scope = NULL;
--        Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
- 
--	entry_scope = memberof_config_get_entry_scope();
- 	slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
- 		     "--> memberof_postop_modrdn\n" );
- 
-@@ -810,7 +818,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- 	if(memberof_oktodo(pb))
- 	{
- 		MemberOfConfig *mainConfig = 0;
--		MemberOfConfig configCopy = {0, 0, 0, 0};
-+		MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- 		struct slapi_entry *pre_e = NULL;
- 		struct slapi_entry *post_e = NULL;
- 		Slapi_DN *pre_sdn = 0;
-@@ -818,7 +826,6 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- 
- 		slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
- 		slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &post_e );
--		
- 		if(pre_e && post_e)
- 		{
- 			pre_sdn = slapi_entry_get_sdn(pre_e);
-@@ -831,11 +838,19 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- 		memberof_copy_config(&configCopy, mainConfig);
- 		memberof_unlock_config();
- 
-+		/* Need to check both the pre/post entries */
-+		if((pre_sdn && !memberof_entry_in_scope(&configCopy, pre_sdn)) &&
-+		   (post_sdn && !memberof_entry_in_scope(&configCopy, post_sdn)))
-+		{
-+			/* The entry is not in scope */
-+			goto bail;
-+		}
-+
- 		memberof_lock();
- 
- 		/*  update any downstream members */
- 		if(pre_sdn && post_sdn && configCopy.group_filter &&
--			0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
-+		   0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
- 		{
- 			int i = 0;
- 			Slapi_Attr *attr = 0;
-@@ -847,7 +862,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- 				if(0 == slapi_entry_attr_find(post_e, configCopy.groupattrs[i], &attr))
- 				{
- 					if((ret = memberof_moddn_attr_list(pb, &configCopy, pre_sdn,
--					                            post_sdn, attr) != 0))
-+					                                   post_sdn, attr) != 0))
- 					{
- 						slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- 							"memberof_postop_modrdn - update failed for (%s), error (%d)\n",
-@@ -862,49 +877,49 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- 		 * of other group entries.  We need to update any member
- 		 * attributes to refer to the new name. */
- 		if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) {
--			if ((entry_scope && !slapi_sdn_issuffix(post_sdn, entry_scope)) || 
--                            (entry_scope_exclude_subtree && slapi_sdn_issuffix(post_sdn, entry_scope_exclude_subtree))) {
-+			if (!memberof_entry_in_scope(&configCopy, post_sdn)){
- 				if((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_sdn))){
- 					slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- 						"memberof_postop_modrdn - delete dn failed for (%s), error (%d)\n",
- 						slapi_sdn_get_dn(pre_sdn), ret);
- 				}
- 				if(ret == LDAP_SUCCESS && pre_e && configCopy.group_filter &&
--						0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) {
-+				   0 == slapi_filter_test_simple(pre_e, configCopy.group_filter))
-+				{
- 					/* is the entry of interest as a group? */
--						int i = 0;
--						Slapi_Attr *attr = 0;
--
--						/* Loop through to find each grouping attribute separately. */
--						for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
--							if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
--								if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
--									slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
--									"memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
--									slapi_sdn_get_dn(pre_sdn),ret);
--								}
-+					int i = 0;
-+					Slapi_Attr *attr = 0;
- 
-+					/* Loop through to find each grouping attribute separately. */
-+					for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
-+						if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
-+							if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
-+								slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+								"memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
-+								slapi_sdn_get_dn(pre_sdn),ret);
- 							}
-+
- 						}
--					} 
-+					}
-+				}
- 				if(ret == LDAP_SUCCESS) {
--						memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
--						if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
--							slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
--								"memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
--								slapi_entry_get_dn(post_e), ret);
--						}
-+					memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
-+					if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
-+						slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+							"memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
-+							slapi_entry_get_dn(post_e), ret);
- 					}
-+				}
- 			} else {
- 				if((ret = memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn))){
- 					slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
--						"memberof_postop_modrdn - replace dne failed for (%s), error (%d)\n",
-+						"memberof_postop_modrdn - replace dn failed for (%s), error (%d)\n",
- 						slapi_sdn_get_dn(pre_sdn), ret);
- 				}
- 			}
- 		}
--
- 		memberof_unlock();
-+bail:
- 		memberof_free_config(&configCopy);
- 	}
- 
-@@ -946,7 +961,7 @@ memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config,
- 
- 		groupattrs[0] = config->groupattrs[i];
- 
--		if((ret = memberof_call_foreach_dn(pb, pre_sdn, groupattrs,
-+		if((ret = memberof_call_foreach_dn(pb, pre_sdn, config, groupattrs,
- 		                                   memberof_replace_dn_type_callback,
- 		                                   &data)))
- 		{
-@@ -1064,12 +1079,11 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- 		goto done;
- 	}
- 
--
--	if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
-+	if(memberof_oktodo(pb))
- 	{
- 		int config_copied = 0;
- 		MemberOfConfig *mainConfig = 0;
--		MemberOfConfig configCopy = {0, 0, 0, 0};
-+		MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- 
- 		/* get the mod set */
- 		slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
-@@ -1088,19 +1102,22 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- 			 * only copy the config the first time it's needed so
- 			 * it remains the same for all mods in the operation,
- 			 * despite any config changes that may be made. */
--			if (!config_copied)
--			{
-+			if (!config_copied){
- 				memberof_rlock_config();
- 				mainConfig = memberof_get_config();
- 
- 				if (memberof_is_grouping_attr(type, mainConfig))
- 				{
- 					interested = 1;
-+					if (!memberof_entry_in_scope(mainConfig, sdn)){
-+						/* Entry is not in scope */
-+						memberof_unlock_config();
-+						goto bail;
-+					}
- 					/* copy config so it doesn't change out from under us */
- 					memberof_copy_config(&configCopy, mainConfig);
- 					config_copied = 1;
- 				}
--
- 				memberof_unlock_config();
- 			} else {
- 				if (memberof_is_grouping_attr(type, &configCopy))
-@@ -1197,8 +1214,7 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- 		}
- 
- bail:
--		if (config_copied)
--		{
-+		if (config_copied){
- 			memberof_free_config(&configCopy);
- 		}
- 
-@@ -1244,22 +1260,25 @@ int memberof_postop_add(Slapi_PBlock *pb)
- 
- 	if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
- 	{
--		MemberOfConfig *mainConfig = 0;
--		MemberOfConfig configCopy = {0, 0, 0, 0};
- 		struct slapi_entry *e = NULL;
--
-+		MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+		MemberOfConfig *mainConfig;
- 		slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e );
--		
- 
- 		/* is the entry of interest? */
- 		memberof_rlock_config();
- 		mainConfig = memberof_get_config();
- 		if(e && mainConfig && mainConfig->group_filter &&
- 		   0 == slapi_filter_test_simple(e, mainConfig->group_filter))
-+
- 		{
- 			interested = 1;
--			/* copy config so it doesn't change out from under us */
--			memberof_copy_config(&configCopy, mainConfig);
-+			if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
-+				/* Entry is not in scope */
-+				memberof_unlock_config();
-+				goto bail;
-+			}
-+			memberof_copy_config(&configCopy, memberof_get_config());
- 		}
- 		memberof_unlock_config();
- 
-@@ -1284,11 +1303,11 @@ int memberof_postop_add(Slapi_PBlock *pb)
- 			}
- 
- 			memberof_unlock();
--
- 			memberof_free_config(&configCopy);
- 		}
- 	}
- 
-+bail:
- 	if(ret){
- 		slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
- 		ret = SLAPI_PLUGIN_FAILURE;
-@@ -1326,26 +1345,61 @@ int memberof_oktodo(Slapi_PBlock *pb)
- 	}
- 
- 	if(slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0) 
--        {
-+	{
- 		slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- 			"memberof_postop_oktodo: could not get parameters\n" );
- 		ret = -1;
- 	}
- 
--        /* this plugin should only execute if the operation succeeded
--	*/
--        if(oprc != 0)
-+	/* this plugin should only execute if the operation succeeded */
-+	if(oprc != 0)
- 	{
- 		ret = 0;
- 	}
--	
-+
-+bail:
- 	slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
- 		     "<-- memberof_postop_oktodo\n" );
- 
--bail:
- 	return ret;
- }
- 
-+/*
-+ * Return 1 if the entry is in the scope.
-+ * For MODRDN the caller should check both the preop
-+ * and postop entries.  If we are moving out of, or
-+ * into scope, we should process it.
-+ */
-+static int
-+memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn)
-+{
-+    if (config->entryScopeExcludeSubtrees){
-+        int i = 0;
-+
-+        /* check the excludes */
-+        while(config->entryScopeExcludeSubtrees[i]){
-+            if (slapi_sdn_issuffix(sdn, config->entryScopeExcludeSubtrees[i])){
-+                return 0;
-+            }
-+            i++;
-+        }
-+    }
-+    if (config->entryScopes){
-+        int i = 0;
-+
-+        /* check the excludes */
-+        while(config->entryScopes[i]){
-+            if (slapi_sdn_issuffix(sdn, config->entryScopes[i])){
-+                return 1;
-+            }
-+            i++;
-+        }
-+        return 0;
-+    }
-+
-+    return 1;
-+}
-+
- static Slapi_DN *
- memberof_getsdn(Slapi_PBlock *pb)
- {
-@@ -2013,7 +2067,7 @@ memberof_get_groups_r(MemberOfConfig *config, Slapi_DN *member_sdn,
- {
- 	/* Search for any grouping attributes that point to memberdn.
- 	 * For each match, add it to the list, recurse and do same search */
--	return memberof_call_foreach_dn(NULL, member_sdn, config->groupattrs,
-+	return memberof_call_foreach_dn(NULL, member_sdn, config, config->groupattrs,
- 		memberof_get_groups_callback, data);
- }
- 
-@@ -2030,7 +2084,6 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- 	Slapi_Value *group_dn_val = 0;
- 	Slapi_ValueSet *groupvals = *((memberof_get_groups_data*)callback_data)->groupvals;
- 	Slapi_ValueSet *group_norm_vals = *((memberof_get_groups_data*)callback_data)->group_norm_vals;
--	Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
- 	MemberOfConfig *config = ((memberof_get_groups_data*)callback_data)->config;
- 	int rc = 0;
- 
-@@ -2086,7 +2139,7 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- 	}
- 
- 	/* if the group does not belong to an excluded subtree, adds it to the valueset */
--	if (!(entry_scope_exclude_subtree && slapi_sdn_issuffix(group_sdn, entry_scope_exclude_subtree))) {
-+	if (memberof_entry_in_scope(config, group_sdn)) {
- 			/* Push group_dn_val into the valueset.  This memory is now owned
- 			 * by the valueset. */
- 			group_dn_val = slapi_value_new_string(group_dn);
-@@ -2188,8 +2241,8 @@ memberof_test_membership(Slapi_PBlock *pb, MemberOfConfig *config,
- {
- 	char *attrs[2] = {config->memberof_attr, 0};
- 
--	return memberof_call_foreach_dn(pb, group_sdn, attrs, 
--		memberof_test_membership_callback , config);
-+	return memberof_call_foreach_dn(pb, group_sdn, config, attrs,
-+		memberof_test_membership_callback, config);
- }
- 
- /*
-diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h
-index 5a70400..9d9d158 100644
---- a/ldap/servers/plugins/memberof/memberof.h
-+++ b/ldap/servers/plugins/memberof/memberof.h
-@@ -52,8 +52,10 @@ typedef struct memberofconfig {
- 	char **groupattrs;
- 	char *memberof_attr;
- 	int allBackends;
--	Slapi_DN *entryScope;
--	Slapi_DN *entryScopeExcludeSubtree;
-+	Slapi_DN **entryScopes;
-+	int entryScopeCount;
-+	Slapi_DN **entryScopeExcludeSubtrees;
-+	int entryExcludeScopeCount;
- 	Slapi_Filter *group_filter;
- 	Slapi_Attr **group_slapiattrs;
- 	int skip_nested;
-@@ -74,8 +76,6 @@ void memberof_rlock_config();
- void memberof_wlock_config();
- void memberof_unlock_config();
- int memberof_config_get_all_backends();
--Slapi_DN * memberof_config_get_entry_scope();
--Slapi_DN * memberof_config_get_entry_scope_exclude_subtree();
- void memberof_set_config_area(Slapi_DN *sdn);
- Slapi_DN * memberof_get_config_area();
- void memberof_set_plugin_area(Slapi_DN *sdn);
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index ac2d045..b4cc941 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -48,7 +48,7 @@ static int memberof_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_En
- /* This is the main configuration which is updated from dse.ldif.  The
-  * config will be copied when it is used by the plug-in to prevent it
-  * being changed out from under a running memberOf operation. */
--static MemberOfConfig theConfig = {NULL, NULL,0, NULL, NULL, NULL, NULL};
-+static MemberOfConfig theConfig = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- static Slapi_RWLock *memberof_config_lock = 0;
- static int inited = 0;
- 
-@@ -60,6 +60,19 @@ static int dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Ent
- 	return SLAPI_DSE_CALLBACK_ERROR;
- }
- 
-+static void
-+memberof_free_scope(Slapi_DN **scopes, int *count)
-+{
-+	int i = 0;
-+
-+	while(scopes && scopes[i]){
-+		slapi_sdn_free(&scopes[i]);
-+		i++;
-+	}
-+	slapi_ch_free((void**)&scopes);
-+	*count = 0;
-+}
-+
- /*
-  * memberof_config()
-  *
-@@ -155,17 +168,22 @@ memberof_release_config()
-  *
-  * Validate the pending changes in the e entry.
-  */
--static int 
-+int
- memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, 
- 	int *returncode, char *returntext, void *arg)
- {
- 	Slapi_Attr *memberof_attr = NULL;
- 	Slapi_Attr *group_attr = NULL;
- 	Slapi_DN *config_sdn = NULL;
-+	Slapi_DN **include_dn = NULL;
-+	Slapi_DN **exclude_dn = NULL;
- 	char *syntaxoid = NULL;
- 	char *config_dn = NULL;
- 	char *skip_nested = NULL;
-+	char **entry_scopes = NULL;
-+	char **entry_exclude_scopes = NULL;
- 	int not_dn_syntax = 0;
-+	int num_vals = 0;
- 
- 	*returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
- 
-@@ -283,8 +301,112 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- 			*returncode = LDAP_UNWILLING_TO_PERFORM;
- 		}
- 	}
-+	/*
-+	 * Check the entry scopes
-+	 */
-+	entry_scopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
-+	if(entry_scopes){
-+		int i = 0;
-+
-+		/* Validate the syntax before we create our DN array */
-+		for (i = 0;i < num_vals; i++){
-+			if(slapi_dn_syntax_check(pb, entry_scopes[i], 1)){
-+				/* invalid dn syntax */
-+				PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+					"%s: Invalid DN (%s) for include suffix.",
-+					MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+				slapi_ch_array_free(entry_scopes);
-+				theConfig.entryScopeCount = 0;
-+				*returncode = LDAP_UNWILLING_TO_PERFORM;
-+				goto done;
-+			}
-+		}
-+		/* Now create our SDN array for conflict checking */
-+		include_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
-+		for (i = 0;i < num_vals; i++){
-+			include_dn[i] = slapi_sdn_new_dn_passin(entry_scopes[i]);
-+		}
-+	}
-+	/*
-+	 * Check and process the entry exclude scopes
-+	 */
-+	entry_exclude_scopes =
-+		slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
-+	if(entry_exclude_scopes){
-+		int i = 0;
-+
-+		/* Validate the syntax before we create our DN array */
-+		for (i = 0;i < num_vals; i++){
-+			if(slapi_dn_syntax_check(pb, entry_exclude_scopes[i], 1)){
-+				/* invalid dn syntax */
-+				PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+					"%s: Invalid DN (%s) for exclude suffix.",
-+					MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+				slapi_ch_array_free(entry_exclude_scopes);
-+				*returncode = LDAP_UNWILLING_TO_PERFORM;
-+				goto done;
-+			}
-+		}
-+		/* Now create our SDN array for conflict checking */
-+		exclude_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+		for (i = 0;i < num_vals; i++){
-+			exclude_dn[i] = slapi_sdn_new_dn_passin(entry_exclude_scopes[i]);
-+		}
-+	}
-+	/*
-+	 * Need to do conflict checking
-+	 */
-+	if(include_dn && exclude_dn){
-+		/*
-+		 * Make sure we haven't mixed the same suffix, and there are no
-+		 * conflicts between the includes and excludes
-+		 */
-+		int i = 0;
-+
-+		while(include_dn[i]){
-+			int x = 0;
-+			while(exclude_dn[x]){
-+				if(slapi_sdn_compare(include_dn[i], exclude_dn[x] ) == 0)
-+				{
-+					/* we have a conflict */
-+					PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+						"%s: include suffix (%s) is also listed as an exclude suffix list",
-+						MEMBEROF_PLUGIN_SUBSYSTEM, slapi_sdn_get_dn(include_dn[i]));
-+					*returncode = LDAP_UNWILLING_TO_PERFORM;
-+					goto done;
-+			   }
-+			   x++;
-+			}
-+			i++;
-+		}
-+
-+		/* Check for parent/child conflicts */
-+		i = 0;
-+		while(include_dn[i]){
-+			int x = 0;
-+			while(exclude_dn[x]){
-+				if(slapi_sdn_issuffix(include_dn[i], exclude_dn[x]))
-+				{
-+					/* we have a conflict */
-+					PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+						"%s: include suffix (%s) is a child of the exclude suffix(%s)",
-+						MEMBEROF_PLUGIN_SUBSYSTEM,
-+						slapi_sdn_get_dn(include_dn[i]),
-+						slapi_sdn_get_dn(exclude_dn[i]));
-+					*returncode = LDAP_UNWILLING_TO_PERFORM;
-+					goto done;
-+			   }
-+			   x++;
-+			}
-+			i++;
-+		}
-+	}
- 
- done:
-+	memberof_free_scope(exclude_dn, &num_vals);
-+	memberof_free_scope(include_dn,	&num_vals);
-+	slapi_ch_free((void**)&entry_scopes);
-+	slapi_ch_free((void**)&entry_exclude_scopes);
- 	slapi_sdn_free(&config_sdn);
- 	slapi_ch_free_string(&config_dn);
- 	slapi_ch_free_string(&skip_nested);
-@@ -299,7 +421,6 @@ done:
- 	}
- }
- 
--
- /*
-  * memberof_apply_config()
-  *
-@@ -318,10 +439,11 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- 	int num_groupattrs = 0;
- 	int groupattr_name_len = 0;
- 	char *allBackends = NULL;
--	char *entryScope = NULL;
--	char *entryScopeExcludeSubtree = NULL;
-+	char **entryScopes = NULL;
-+	char **entryScopeExcludeSubtrees = NULL;
- 	char *sharedcfg = NULL;
- 	char *skip_nested = NULL;
-+	int num_vals = 0;
- 
- 	*returncode = LDAP_SUCCESS;
- 
-@@ -353,8 +475,6 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- 	groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR);
- 	memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
- 	allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
--	entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR);
--	entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE);
- 	skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR);
- 
- 	/*
-@@ -480,49 +600,39 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- 		theConfig.allBackends = 0;
- 	}
- 
--	slapi_sdn_free(&theConfig.entryScope);
--	if (entryScope)
--	{
--        	if (slapi_dn_syntax_check(NULL, entryScope, 1) == 1) {
--            		slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
--                		"Error: Ignoring invalid DN used as plugin entry scope: [%s]\n",
--                		entryScope);
--			theConfig.entryScope = NULL;
--			slapi_ch_free_string(&entryScope);
--		} else {
--			theConfig.entryScope = slapi_sdn_new_dn_passin(entryScope);
-+	/*
-+	 * Check and process the entry scopes
-+	 */
-+	memberof_free_scope(theConfig.entryScopes, &theConfig.entryScopeCount);
-+	entryScopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
-+	if(entryScopes){
-+		int i = 0;
-+
-+		/* Validation has already been performed in preop, just build the DN's */
-+		theConfig.entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
-+		for (i = 0;i < num_vals; i++){
-+			theConfig.entryScopes[i] = slapi_sdn_new_dn_passin(entryScopes[i]);
- 		}
--	} else {
--		theConfig.entryScope = NULL;
-+		theConfig.entryScopeCount = num_vals; /* shortcut for config copy */
- 	}
--        
--        slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
--        if (entryScopeExcludeSubtree)
--	{
--        	if (theConfig.entryScope == NULL) {
--                        slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
--                		"Error: Ignoring ExcludeSubtree (%s) because entryScope is not define\n",
--                		entryScopeExcludeSubtree);
--			theConfig.entryScopeExcludeSubtree = NULL;
--			slapi_ch_free_string(&entryScopeExcludeSubtree);
--                } else if (slapi_dn_syntax_check(NULL, entryScopeExcludeSubtree, 1) == 1) {
--            		slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
--                		"Error: Ignoring invalid DN used as plugin entry exclude subtree: [%s]\n",
--                		entryScopeExcludeSubtree);
--			theConfig.entryScopeExcludeSubtree = NULL;
--			slapi_ch_free_string(&entryScopeExcludeSubtree);
--		} else {
--			theConfig.entryScopeExcludeSubtree = slapi_sdn_new_dn_passin(entryScopeExcludeSubtree);
-+	/*
-+	 * Check and process the entry exclude scopes
-+	 */
-+	memberof_free_scope(theConfig.entryScopeExcludeSubtrees,
-+	                    &theConfig.entryExcludeScopeCount);
-+	entryScopeExcludeSubtrees =
-+	    slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
-+	if(entryScopeExcludeSubtrees){
-+		int i = 0;
-+
-+		/* Validation has already been performed in preop, just build the DN's */
-+		theConfig.entryScopeExcludeSubtrees =
-+				(Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+		for (i = 0;i < num_vals; i++){
-+			theConfig.entryScopeExcludeSubtrees[i] =
-+				slapi_sdn_new_dn_passin(entryScopeExcludeSubtrees[i]);
- 		}
--	} else {
--		theConfig.entryScopeExcludeSubtree = NULL;
--	}
--        if (theConfig.entryScopeExcludeSubtree && theConfig.entryScope && !slapi_sdn_issuffix(theConfig.entryScopeExcludeSubtree, theConfig.entryScope)) {
--                slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
--                        "Error: Ignoring ExcludeSubtree (%s) that is out of the scope (%s)\n",
--                        slapi_sdn_get_dn(theConfig.entryScopeExcludeSubtree),
--                        slapi_sdn_get_dn(theConfig.entryScope));
--                slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
-+		theConfig.entryExcludeScopeCount = num_vals; /* shortcut for config copy */
- 	}
- 
- 	/* release the lock */
-@@ -536,6 +646,8 @@ done:
- 	slapi_ch_free_string(&memberof_attr);
- 	slapi_ch_free_string(&allBackends);
- 	slapi_ch_free_string(&skip_nested);
-+	slapi_ch_free((void **)&entryScopes);
-+	slapi_ch_free((void **)&entryScopeExcludeSubtrees);
- 
- 	if (*returncode != LDAP_SUCCESS)
- 	{
-@@ -616,6 +728,23 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
- 		{
- 			dest->allBackends = src->allBackends;
- 		}
-+
-+		if(src->entryScopes){
-+			int num_vals = 0;
-+
-+			dest->entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryScopeCount+1);
-+			for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+				dest->entryScopes[num_vals] = slapi_sdn_dup(src->entryScopes[num_vals]);
-+			}
-+		}
-+		if(src->entryScopeExcludeSubtrees){
-+			int num_vals = 0;
-+
-+			dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
-+			for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+				dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
-+			}
-+		}
- 	}
- }
- 
-@@ -641,6 +770,8 @@ memberof_free_config(MemberOfConfig *config)
- 		slapi_ch_free((void **)&config->group_slapiattrs);
- 
- 		slapi_ch_free_string(&config->memberof_attr);
-+		memberof_free_scope(config->entryScopes, &config->entryScopeCount);
-+		memberof_free_scope(config->entryScopeExcludeSubtrees, &config->entryExcludeScopeCount);
- 	}
- }
- 
-@@ -706,30 +837,6 @@ memberof_config_get_all_backends()
- 	return all_backends;
- }
- 
--Slapi_DN *
--memberof_config_get_entry_scope()
--{
--	Slapi_DN *entry_scope;
--
--	slapi_rwlock_rdlock(memberof_config_lock);
--	entry_scope = theConfig.entryScope;
--	slapi_rwlock_unlock(memberof_config_lock);
--
--	return entry_scope;
--}
--
--Slapi_DN *
--memberof_config_get_entry_scope_exclude_subtree()
--{
--	Slapi_DN *entry_exclude_subtree;
--
--	slapi_rwlock_rdlock(memberof_config_lock);
--	entry_exclude_subtree = theConfig.entryScopeExcludeSubtree;
--	slapi_rwlock_unlock(memberof_config_lock);
--
--	return entry_exclude_subtree;
--}
--
- /*
-  * Check if we are modifying the config, or changing the shared config entry
-  */
-diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c
-index 78a0c6d..4bcbb38 100644
---- a/ldap/servers/plugins/retrocl/retrocl.c
-+++ b/ldap/servers/plugins/retrocl/retrocl.c
-@@ -45,6 +45,9 @@ char **retrocl_attributes = NULL;
- char **retrocl_aliases = NULL;
- int retrocl_log_deleted = 0;
- 
-+static Slapi_DN **retrocl_includes = NULL;
-+static Slapi_DN **retrocl_excludes = NULL;
-+
- /* ----------------------------- Retrocl Plugin */
- 
- static Slapi_PluginDesc retrocldesc = {"retrocl", VENDOR, DS_PACKAGE_VERSION, "Retrocl Plugin"};
-@@ -349,6 +352,8 @@ static int retrocl_start (Slapi_PBlock *pb)
-     int rc = 0;
-     Slapi_Entry *e = NULL;
-     char **values = NULL;
-+    int num_vals = 0;
-+    int i = 0;
- 
-     retrocl_rootdse_init(pb);
- 
-@@ -369,6 +374,87 @@ static int retrocl_start (Slapi_PBlock *pb)
-         return -1;
-     }
- 
-+    /* Get the exclude suffixes */
-+    values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_EXCLUDE_SUFFIX, &num_vals);
-+    if(values){
-+        /* Validate the syntax before we create our DN array */
-+        for (i = 0;i < num_vals; i++){
-+            if(slapi_dn_syntax_check(pb, values[i], 1)){
-+                /* invalid dn syntax */
-+                slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+                        "Invalid DN (%s) for exclude suffix.\n", values[i] );
-+                slapi_ch_array_free(values);
-+                return -1;
-+            }
-+        }
-+        /* Now create our SDN array */
-+        retrocl_excludes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+        for (i = 0;i < num_vals; i++){
-+            retrocl_excludes[i] = slapi_sdn_new_dn_byval(values[i]);
-+        }
-+        slapi_ch_array_free(values);
-+    }
-+    /* Get the include suffixes */
-+    values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_INCLUDE_SUFFIX, &num_vals);
-+    if(values){
-+        for (i = 0;i < num_vals; i++){
-+            /* Validate the syntax before we create our DN array */
-+            if(slapi_dn_syntax_check(pb, values[i], 1)){
-+                /* invalid dn syntax */
-+                slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+                        "Invalid DN (%s) for include suffix.\n", values[i] );
-+                slapi_ch_array_free(values);
-+                return -1;
-+            }
-+        }
-+        /* Now create our SDN array */
-+        retrocl_includes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+        for (i = 0;i < num_vals; i++){
-+            retrocl_includes[i] = slapi_sdn_new_dn_byval(values[i]);
-+        }
-+        slapi_ch_array_free(values);
-+    }
-+    if(retrocl_includes && retrocl_excludes){
-+        /*
-+         * Make sure we haven't mixed the same suffix, and there are no
-+         * conflicts between the includes and excludes
-+         */
-+        int i = 0;
-+
-+        while(retrocl_includes[i]){
-+            int x = 0;
-+            while(retrocl_excludes[x]){
-+               if(slapi_sdn_compare(retrocl_includes[i], retrocl_excludes[x] ) == 0){
-+                   /* we have a conflict */
-+                   slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+                           "include suffix (%s) is also listed in exclude suffix list\n",
-+		                   slapi_sdn_get_dn(retrocl_includes[i]));
-+                   return -1;
-+               }
-+               x++;
-+            }
-+            i++;
-+        }
-+
-+        /* Check for parent/child conflicts */
-+        i = 0;
-+        while(retrocl_includes[i]){
-+            int x = 0;
-+            while(retrocl_excludes[x]){
-+               if(slapi_sdn_issuffix(retrocl_includes[i], retrocl_excludes[x])){
-+                   /* we have a conflict */
-+                   slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+                           "include suffix (%s) is a child of the exclude suffix(%s)\n",
-+                           slapi_sdn_get_dn(retrocl_includes[i]),
-+                           slapi_sdn_get_dn(retrocl_excludes[i]));
-+                   return -1;
-+               }
-+               x++;
-+            }
-+            i++;
-+        }
-+    }
-+
-     values = slapi_entry_attr_get_charray(e, "nsslapd-attribute");
-     if (values != NULL) {
-         int n = 0;
-@@ -434,6 +520,49 @@ static int retrocl_start (Slapi_PBlock *pb)
- }
- 
- /*
-+ * Check if an entry is in the configured scope.
-+ * Return 1 if entry is in the scope, or 0 otherwise.
-+ * For MODRDN the caller should check both the preop
-+ * and postop entries.  If we are moving out of, or
-+ * into scope, we should record it.
-+ */
-+int
-+retrocl_entry_in_scope(Slapi_Entry *e)
-+{
-+    Slapi_DN *sdn = slapi_entry_get_sdn(e);
-+
-+    if (e == NULL){
-+        return 1;
-+    }
-+
-+    if (retrocl_excludes){
-+        int i = 0;
-+
-+        /* check the excludes */
-+        while(retrocl_excludes[i]){
-+            if (slapi_sdn_issuffix(sdn, retrocl_excludes[i])){
-+                return 0;
-+            }
-+            i++;
-+        }
-+    }
-+    if (retrocl_includes){
-+        int i = 0;
-+
-+        /* check the excludes */
-+        while(retrocl_includes[i]){
-+            if (slapi_sdn_issuffix(sdn, retrocl_includes[i])){
-+                return 1;
-+            }
-+            i++;
-+        }
-+        return 0;
-+    }
-+
-+    return 1;
-+}
-+
-+/*
-  * Function: retrocl_stop
-  *
-  * Returns: 0
-@@ -446,26 +575,40 @@ static int retrocl_start (Slapi_PBlock *pb)
- 
- static int retrocl_stop (Slapi_PBlock *pb)
- {
--  int rc = 0;
--
--  slapi_ch_array_free(retrocl_attributes);
--  retrocl_attributes = NULL;
--  slapi_ch_array_free(retrocl_aliases);
--  retrocl_aliases = NULL;
--
--  retrocl_stop_trimming();  
--  retrocl_be_changelog = NULL;
--  retrocl_forget_changenumbers();
--  PR_DestroyLock(retrocl_internal_lock);
--  retrocl_internal_lock = NULL;
--  slapi_destroy_rwlock(retrocl_cn_lock);
--  retrocl_cn_lock = NULL;
--  legacy_initialised = 0;
--
--  slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
--          LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
--
--  return rc;
-+    int rc = 0;
-+    int i = 0;
-+
-+    slapi_ch_array_free(retrocl_attributes);
-+    retrocl_attributes = NULL;
-+    slapi_ch_array_free(retrocl_aliases);
-+    retrocl_aliases = NULL;
-+
-+    while(retrocl_excludes && retrocl_excludes[i]){
-+        slapi_sdn_free(&retrocl_excludes[i]);
-+        i++;
-+    }
-+    slapi_ch_free((void**)&retrocl_excludes);
-+    i = 0;
-+
-+    while(retrocl_includes && retrocl_includes[i]){
-+        slapi_sdn_free(&retrocl_includes[i]);
-+        i++;
-+    }
-+    slapi_ch_free((void**)&retrocl_includes);
-+
-+    retrocl_stop_trimming();
-+    retrocl_be_changelog = NULL;
-+    retrocl_forget_changenumbers();
-+    PR_DestroyLock(retrocl_internal_lock);
-+    retrocl_internal_lock = NULL;
-+    slapi_destroy_rwlock(retrocl_cn_lock);
-+    retrocl_cn_lock = NULL;
-+    legacy_initialised = 0;
-+
-+    slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
-+            LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
-+
-+    return rc;
- }
- 
- /*
-diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h
-index ae0139c..7edd62f 100644
---- a/ldap/servers/plugins/retrocl/retrocl.h
-+++ b/ldap/servers/plugins/retrocl/retrocl.h
-@@ -67,6 +67,8 @@ typedef struct _cnumRet {
- /* was originally changelogmaximumage */
- #define CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE     "nsslapd-changelogmaxage"
- #define CONFIG_CHANGELOG_DIRECTORY_ATTRIBUTE  "nsslapd-changelogdir"
-+#define CONFIG_CHANGELOG_INCLUDE_SUFFIX       "nsslapd-include-suffix"
-+#define CONFIG_CHANGELOG_EXCLUDE_SUFFIX       "nsslapd-exclude-suffix"
- 
- #define RETROCL_CHANGELOG_DN "cn=changelog"
- #define RETROCL_MAPPINGTREE_DN "cn=\"cn=changelog\",cn=mapping tree,cn=config"
-@@ -140,4 +142,6 @@ extern void retrocl_init_trimming(void);
- extern void retrocl_stop_trimming(void);
- extern char *retrocl_get_config_str(const char *attrt);
- 
-+int retrocl_entry_in_scope(Slapi_Entry *e);
-+
- #endif /* _H_RETROCL */
-diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
-index 7083d0a..f689373 100644
---- a/ldap/servers/plugins/retrocl/retrocl_po.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
-@@ -140,6 +140,7 @@ write_replog_db(
-     int			flag,
-     time_t		curtime,
-     Slapi_Entry         *log_e,
-+	Slapi_Entry         *post_entry,
-     const char          *newrdn,
-     LDAPMod		**modrdn_mods,
-     const char          *newsuperior
-@@ -156,11 +157,26 @@ write_replog_db(
-     int	err = 0;
-     int ret = LDAP_SUCCESS;
-     int	i;
-+    int mark = 0;
- 
-     if (!dn) {
-         slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
-         return ret;
-     }
-+    mark = (post_entry && retrocl_entry_in_scope(post_entry));
-+    slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
-+
-+    if (post_entry){
-+        if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
-+            /* modrdn: entry not in scope, just return... */
-+            return ret;
-+        }
-+    } else {
-+        if(!retrocl_entry_in_scope(log_e)){
-+            /* entry not in scope, just return... */
-+            return ret;
-+        }
-+    }
- 
-     PR_Lock(retrocl_internal_lock);
-     changenum = retrocl_assign_changenumber();
-@@ -319,7 +335,7 @@ write_replog_db(
-         break;
- 
-     case OP_DELETE:
--        if (log_e) {
-+        if (retrocl_log_deleted) {
-             /* we have to log the full entry */
-             if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) {
-                 err = SLAPI_PLUGIN_FAILURE;
-@@ -559,7 +575,8 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
-     char		*dn;
-     LDAPMod		**log_m = NULL;
-     int			flag = 0;
--    Slapi_Entry		*te = NULL;
-+    Slapi_Entry		*entry = NULL;
-+    Slapi_Entry		*post_entry = NULL;
-     Slapi_Operation     *op = NULL;
-     LDAPMod		**modrdn_mods = NULL;
-     char *newrdn = NULL;
-@@ -624,7 +641,12 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
-         LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change for nsTombstone entries\n");
-         return SLAPI_PLUGIN_SUCCESS;
-     }
--	
-+    /*
-+     * Start by grabbing the preop entry, ADD will replace it as needed.  Getting the entry
-+     * allows up to perform scoping in write_replog_db() for all op types.
-+     */
-+    (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
-+
-     switch ( optype ) {
-     case OP_MODIFY:
-         (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &log_m );
-@@ -634,14 +656,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
-          * For adds, we want the unnormalized dn, so we can preserve
-          * spacing, case, when replicating it.
-          */
--        (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &te );
--        if ( NULL != te ) {
--            dn = slapi_entry_get_dn( te );
-+        (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &entry );
-+        if ( NULL != entry ) {
-+            dn = slapi_entry_get_dn( entry );
-         }
-         break;
-     case OP_DELETE:
-         if (retrocl_log_deleted)
--            (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te);
-+            (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
-         break;
-     case OP_MODRDN:
-         /* newrdn is used just for logging; no need to be normalized */
-@@ -649,13 +671,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
-         (void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
-         (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods );
-         (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior );
-+        (void)slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &post_entry);
-         break;
-     }
- 
-     /* check if we should log change to retro changelog, and
-      * if so, do it here */
--    if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, te,
--        newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
-+    if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, entry,
-+        post_entry, newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
-     {
-         slapi_log_error(SLAPI_LOG_FATAL, "retrocl-plugin",
-                         "retrocl_postob: operation failure [%d]\n", rc);
--- 
-1.9.3
-
diff --git a/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch b/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch
new file mode 100644
index 0000000..e45ee51
--- /dev/null
+++ b/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch
@@ -0,0 +1,330 @@
+From e71e44e4393a803900ac79d26a91f96ad0068e59 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 23 Aug 2016 12:06:30 -0400
+Subject: [PATCH 39/45] Ticket 48964 - cleanAllRUV changelog purging
+ incorrectly  processes all backends
+
+Bug Description:  When the changelog was being purged of "cleaned" rids it was checking
+                  all the backend changelogs, and not the one from which the
+                  cleanAllRUV task originated from.  This could corrupt a different
+                  backend's changelog if both backends used the same RID.
+
+Fix Description:  Purge the changelog associated with the backend that is specified in
+                  the cleanAllRUV task.  Also moved the "purging" to its own function,
+                  and fixed a few compiler warnings.
+
+https://fedorahosted.org/389/ticket/48965
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit fda00435a7536c1ded72bb78a975f3370d09a3be)
+---
+ ldap/servers/plugins/replication/cl5_api.c         | 162 +++++++++++++--------
+ ldap/servers/plugins/replication/cl5_api.h         |   2 +-
+ .../plugins/replication/repl5_replica_config.c     |   2 +-
+ 3 files changed, 106 insertions(+), 60 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
+index 3adaf86..6a09aea 100644
+--- a/ldap/servers/plugins/replication/cl5_api.c
++++ b/ldap/servers/plugins/replication/cl5_api.c
+@@ -317,7 +317,7 @@ static int _cl5CheckMissingCSN (const CSN *minCsn, const RUV *supplierRUV, CL5DB
+ static int _cl5TrimInit ();
+ static void _cl5TrimCleanup ();
+ static int _cl5TrimMain (void *param);
+-static void _cl5DoTrimming (ReplicaId rid);
++static void _cl5DoTrimming ();
+ static void _cl5CompactDBs();
+ static void _cl5PurgeRID(Object *obj,  ReplicaId cleaned_rid);
+ static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key);
+@@ -3447,43 +3447,37 @@ static int _cl5TrimMain (void *param)
+     return 0;
+ }
+ 
+-/* We remove an entry if it has been replayed to all consumers and
+-   and the number of entries in the changelog is larger than maxEntries 
+-   or age of the entry is larger than maxAge. 
+-   Also we can't purge entries which correspond to max csns in the
+-   supplier's ruv. Here is a example where we can get into trouble:
+-   The server is setup with time based trimming and no consumer's
+-   At some point all the entries are trimmed from the changelog.
+-   At a later point a consumer is added and initialized online
+-   Then a change is made on the supplier.
+-   To update the consumer, the supplier would attempt to locate
+-   the last change sent to the consumer in the changelog and will
+-   fail because the change was removed.
+-    
++/*
++ * We remove an entry if it has been replayed to all consumers and the number
++ * of entries in the changelog is larger than maxEntries or age of the entry
++ * is larger than maxAge.  Also we can't purge entries which correspond to max
++ * csns in the supplier's ruv. Here is a example where we can get into trouble:
++ *
++ *   The server is setup with time based trimming and no consumer's
++ *   At some point all the entries are trimmed from the changelog.
++ *   At a later point a consumer is added and initialized online.
++ *   Then a change is made on the supplier.
++ *   To update the consumer, the supplier would attempt to locate the last
++ *   change sent to the consumer in the changelog and will fail because the
++ *   change was removed.
+  */
+-
+-static void _cl5DoTrimming (ReplicaId rid)
++static void _cl5DoTrimming ()
+ {
+ 	Object *obj;
+ 	long numToTrim;
+ 
+ 	PR_Lock (s_cl5Desc.dbTrim.lock);
+ 
+-	/* ONREPL We trim file by file which means that some files will be 
+-	   trimmed more often than other. We might have to fix that by, for 
+-	   example, randomizing starting point */
++	/*
++	 * We are trimming all the changelogs.  We trim file by file which
++	 * means that some files will be trimmed more often than other. We
++	 * might have to fix that by, for example, randomizing the starting
++	 * point.
++	 */
+ 	obj = objset_first_obj (s_cl5Desc.dbFiles);
+-	while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid))
++	while (obj && _cl5CanTrim ((time_t)0, &numToTrim))
+ 	{
+-		if (rid){
+-			/*
+-			 * We are cleaning an invalid rid, and need to strip it
+-			 * from the changelog.
+-			 */
+-			_cl5PurgeRID (obj, rid);
+-		} else {
+-			_cl5TrimFile (obj, &numToTrim);
+-		}
++		_cl5TrimFile (obj, &numToTrim);
+ 		obj = objset_next_obj (s_cl5Desc.dbFiles, obj);
+ 	}
+ 
+@@ -3495,6 +3489,43 @@ static void _cl5DoTrimming (ReplicaId rid)
+ 	return;
+ }
+ 
++/*
++ * We are purging a changelog after a cleanAllRUV task.  Find the specific
++ * changelog for the backend that is being cleaned, and purge all the records
++ * with the cleaned rid.
++ */
++static void _cl5DoPurging (Replica *replica)
++{
++	ReplicaId rid = replica_get_rid(replica);
++	const Slapi_DN *sdn = replica_get_root(replica);
++	const char *replName = replica_get_name(replica);
++	char *replGen = replica_get_generation(replica);
++	char *fileName;
++	Object *obj;
++
++	PR_Lock (s_cl5Desc.dbTrim.lock);
++	fileName = _cl5MakeFileName (replName, replGen);
++	obj = objset_find(s_cl5Desc.dbFiles, _cl5CompareDBFile, fileName);
++	if (obj) {
++		/* We found our changelog, now purge it */
++		_cl5PurgeRID (obj, rid);
++		object_release (obj);
++		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
++			"Purged rid (%d) from suffix (%s)\n",
++			rid, slapi_sdn_get_dn(sdn));
++	} else {
++		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++			"Purge rid (%d) failed to find changelog file (%s) for suffix (%s)\n",
++			rid, fileName, slapi_sdn_get_dn(sdn));
++	}
++	PR_Unlock (s_cl5Desc.dbTrim.lock);
++
++	slapi_ch_free_string(&replGen);
++	slapi_ch_free_string(&fileName);
++
++	return;
++}
++
+ /* clear free page files to reduce changelog */
+ static void
+ _cl5CompactDBs()
+@@ -4072,23 +4103,25 @@ static PRBool _cl5CanTrim (time_t time, long *numToTrim)
+ {
+ 	*numToTrim = 0;
+ 
+-    if (s_cl5Desc.dbTrim.maxAge == 0 && s_cl5Desc.dbTrim.maxEntries == 0)
++	if (s_cl5Desc.dbTrim.maxAge == 0 && s_cl5Desc.dbTrim.maxEntries == 0) {
+ 		return PR_FALSE;
+-
++	}
+ 	if (s_cl5Desc.dbTrim.maxAge == 0)
+ 	{
+ 		*numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries;
+ 		return ( *numToTrim > 0 );
+ 	}
+ 
+-    if (s_cl5Desc.dbTrim.maxEntries > 0 &&
+-		(*numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries) > 0)
+-    	return PR_TRUE;
++	if (s_cl5Desc.dbTrim.maxEntries > 0 &&
++	    (*numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries) > 0) {
++		return PR_TRUE;
++	}
+ 
+-	if (time)
++	if (time) {
+ 		return (current_time () - time > s_cl5Desc.dbTrim.maxAge);
+-    else			
+-	    return PR_TRUE;
++	} else {
++		return PR_TRUE;
++	}
+ }  
+ 
+ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+@@ -4101,7 +4134,6 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+ 	char *pos;
+ 	char *agmt_name;
+ 
+-
+ 	PR_ASSERT (replGen && obj);
+ 
+     file = (CL5DBFile*)object_get_data (obj);
+@@ -4109,13 +4141,12 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+ 
+ 	agmt_name = get_thread_private_agmtname();
+ 	
+-    if (purge) /* read purge vector entry */
+-	    key.data = _cl5GetHelperEntryKey (PURGE_RUV_TIME, csnStr);
+-    else /* read upper bound vector */
+-        key.data = _cl5GetHelperEntryKey (MAX_RUV_TIME, csnStr);
+-
++	if (purge) { /* read purge vector entry */
++		key.data = _cl5GetHelperEntryKey (PURGE_RUV_TIME, csnStr);
++	} else { /* read upper bound vector */
++		key.data = _cl5GetHelperEntryKey (MAX_RUV_TIME, csnStr);
++	}
+ 	key.size = CSN_STRSIZE;
+-
+ 	data.flags = DB_DBT_MALLOC;
+ 
+ 	rc = file->db->get(file->db, NULL/*txn*/, &key, &data, 0);
+@@ -4125,13 +4156,13 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+ 							rc = _cl5ReadBervals (&vals, &pos, data.size);
+                             slapi_ch_free (&(data.data));
+                             if (rc != CL5_SUCCESS)
+-				goto done;
++                                goto done;
+                             
+-                            if (purge)
++                            if (purge) {
+                                 rc = ruv_init_from_bervals(vals, &file->purgeRUV);							
+-                            else
++                            } else {
+                                 rc = ruv_init_from_bervals(vals, &file->maxRUV);	    
+-
++                            }
+                             if (rc != RUV_SUCCESS)
+                             {
+                                 slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, 
+@@ -4139,7 +4170,7 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+                                     "RUV error %d\n", agmt_name, purge? "purge" : "upper bound", rc);
+ 						
+                                 rc = CL5_RUV_ERROR;
+-				goto done;
++                                goto done;
+                             }
+ 
+                             /* delete the entry; it is re-added when file
+@@ -4151,7 +4182,7 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+ 
+ 		case DB_NOTFOUND:	/* RUV is lost - need to construct */
+                             rc = _cl5ConstructRUV (replGen, obj, purge);
+-							goto done;
++                            goto done;
+ 		
+ 		default:			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
+ 								"%s: _cl5ReadRUV: failed to get purge RUV; "
+@@ -6946,12 +6977,14 @@ cl5CleanRUV(ReplicaId rid){
+     slapi_rwlock_unlock (s_cl5Desc.stLock);
+ }
+ 
+-void trigger_cl_purging(ReplicaId rid){
++/*
++ * Create a thread to purge a changelog of cleaned RIDs
++ */
++void trigger_cl_purging(Replica *replica){
+     PRThread *trim_tid = NULL;
+ 
+-    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid);
+     trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread,
+-                   (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
++                   (void *)replica, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+                    PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE);
+     if (NULL == trim_tid){
+         slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+@@ -6963,19 +6996,32 @@ void trigger_cl_purging(ReplicaId rid){
+     }
+ }
+ 
++/*
++ * Purge a changelog of entries that originated from a particular replica(rid)
++ */
+ void
+ trigger_cl_purging_thread(void *arg){
+-    ReplicaId rid = *(ReplicaId *)arg;
++    Replica *replica = (Replica *)arg;
+ 
+-    /* make sure we have a change log, and we aren't closing it */
+-    if(s_cl5Desc.dbState == CL5_STATE_CLOSED || s_cl5Desc.dbState == CL5_STATE_CLOSING){
++    /* Make sure we have a change log, and we aren't closing it */
++    if (replica == NULL ||
++        s_cl5Desc.dbState == CL5_STATE_CLOSED ||
++        s_cl5Desc.dbState == CL5_STATE_CLOSING) {
+         return;
+     }
++
++    /* Bump the changelog thread count */
+     if (CL5_SUCCESS != _cl5AddThread()) {
+         slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+-            "trigger_cl_purging: failed to increment thread count "
++            "trigger_cl_purging: Abort - failed to increment thread count "
+             "NSPR error - %d\n", PR_GetError ());
++        return;
+     }
+-    _cl5DoTrimming(rid);
++
++    /* Purge the changelog */
++    _cl5DoPurging(replica);
+     _cl5RemoveThread();
++    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
++        "trigger_cl_purging: purged changelog for (%s) rid (%d)\n",
++        slapi_sdn_get_dn(replica_get_root(replica)), replica_get_rid(replica));
+ }
+diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h
+index 4c3b8e8..1a1c2f5 100644
+--- a/ldap/servers/plugins/replication/cl5_api.h
++++ b/ldap/servers/plugins/replication/cl5_api.h
+@@ -467,6 +467,6 @@ int cl5WriteRUV();
+ int cl5DeleteRUV();
+ void cl5CleanRUV(ReplicaId rid);
+ void cl5NotifyCleanup(int rid);
+-void trigger_cl_purging(ReplicaId rid);
++void trigger_cl_purging(Replica *replica);
+ 
+ #endif
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index 59d3374..011e4ca 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -1467,7 +1467,7 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not
+ 	/*
+ 	 * Now purge the changelog
+ 	 */
+-	trigger_cl_purging(rid);
++	trigger_cl_purging(replica);
+ 
+ 	if (rc != RUV_SUCCESS){
+ 		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc);
+-- 
+2.4.11
+
diff --git a/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch b/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch
deleted file mode 100644
index d1ac778..0000000
--- a/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From a389bc3bafccb1f7bd9917a734230680e382af91 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 10 Aug 2015 10:42:40 -0400
-Subject: [PATCH] Ticket 47931 - Fix coverity issues
-
-Description:  Fix coverity issues in memberof_config.c
-
-              13316 - double free
-              13315 - Dereference after null check
-              13314 - Dereference after null check
-              13313 - copy/paste error
-
-https://fedorahosted.org/389/ticket/47931
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 5daea973e4526584ee41d7b9f4b1b4993b4de6f1)
-(cherry picked from commit 9a0047ef75f6dbeb1980ac77fab5d62865c77e6a)
----
- ldap/servers/plugins/memberof/memberof_config.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index b4cc941..10cbd7a 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -316,6 +316,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- 					"%s: Invalid DN (%s) for include suffix.",
- 					MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
- 				slapi_ch_array_free(entry_scopes);
-+				entry_scopes = NULL;
- 				theConfig.entryScopeCount = 0;
- 				*returncode = LDAP_UNWILLING_TO_PERFORM;
- 				goto done;
-@@ -341,8 +342,9 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- 				/* invalid dn syntax */
- 				PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
- 					"%s: Invalid DN (%s) for exclude suffix.",
--					MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+					MEMBEROF_PLUGIN_SUBSYSTEM, entry_exclude_scopes[i]);
- 				slapi_ch_array_free(entry_exclude_scopes);
-+				entry_exclude_scopes = NULL;
- 				*returncode = LDAP_UNWILLING_TO_PERFORM;
- 				goto done;
- 			}
-@@ -741,7 +743,7 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
- 			int num_vals = 0;
- 
- 			dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
--			for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+			for(num_vals = 0; src->entryScopeExcludeSubtrees[num_vals]; num_vals++){
- 				dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
- 			}
- 		}
--- 
-1.9.3
-
diff --git a/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch b/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
new file mode 100644
index 0000000..8205429
--- /dev/null
+++ b/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
@@ -0,0 +1,72 @@
+From 192deb3b1bf9e5f359e0468809cdd81df51af4a0 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 22 Aug 2016 22:24:51 -0700
+Subject: [PATCH 40/45] Ticket #48969 - nsslapd-auditfaillog always has an
+ explicit path
+
+Bug Description:
+In the current implementation, nsslapd-auditfaillog is not set,
+by default. Internally, the value is NULL, which let audit fail
+log share the same audit log file with nsslapd-auditlog.
+
+Once, some path is set to nsslapd-auditfaillog, it is not allowed
+to delete or set NULL or empty to it. That is, there is no way to
+go back to the default behaviour.
+
+There is another issue for the default value. Since search for
+nsslapd-auditfaillog under cn=config does not return anything,
+it is hard to find out where the failed logs are written.
+
+Fix Description:
+To solve the 2 issues, this patch changes the default value to an
+explicit path /path/to/logdir/audit.
+
+https://fedorahosted.org/389/ticket/48969
+
+Reviewed by wibrown@redhat.com (Thank you, William!)
+
+(cherry picked from commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4)
+---
+ ldap/ldif/template-dse.ldif.in | 1 +
+ ldap/servers/slapd/auditlog.c  | 6 ++++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
+index 46b416b..8258b70 100644
+--- a/ldap/ldif/template-dse.ldif.in
++++ b/ldap/ldif/template-dse.ldif.in
+@@ -53,6 +53,7 @@ nsslapd-auditlog-maxlogsize: 100
+ nsslapd-auditlog-logrotationtime: 1
+ nsslapd-auditlog-logrotationtimeunit: day
+ nsslapd-auditlog-logging-enabled: off
++nsslapd-auditfaillog: %log_dir%/audit
+ nsslapd-auditfaillog-logging-enabled: off
+ nsslapd-rootdn: %rootdn%
+ nsslapd-rootpw: %ds_passwd%
+diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
+index ec7111b..85d136c 100644
+--- a/ldap/servers/slapd/auditlog.c
++++ b/ldap/servers/slapd/auditlog.c
+@@ -112,6 +112,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+     Operation *op;
+     int pbrc = 0;
+     char *auditfail_config = NULL;
++    char *audit_config = NULL;
+ 
+     /* if the audit log is not enabled, just skip all of
+        this stuff */
+@@ -167,8 +168,9 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+     /* log the raw, unnormalized DN */
+     dn = slapi_sdn_get_udn(sdn);
+     auditfail_config = config_get_auditfaillog();
+-    if (auditfail_config == NULL || strlen(auditfail_config) == 0) {
+-        /* If no auditfail log write to audit log */
++    audit_config = config_get_auditlog();
++    if (auditfail_config == NULL || strlen(auditfail_config) == 0 || PL_strcasecmp(auditfail_config, audit_config) == 0) {
++        /* If no auditfail log or "auditfaillog" == "auditlog", write to audit log */
+         write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+     } else {
+         /* If we have our own auditfail log path */
+-- 
+2.4.11
+
diff --git a/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch b/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch
deleted file mode 100644
index 9a24344..0000000
--- a/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From a6532aa364e350224dcace082484a7cc58d678dc Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 10 Aug 2015 12:19:00 -0400
-Subject: [PATCH 41/45] Ticket 47686 - removing chaining database links trigger
- valgrind read errors
-
-Bug Description:  Plugins that remove their dse callback from the dse callback
-                  function lead to invalid reads in dse_call_callback().
-
-Fix Description:  In dse_call_callback(), save the pointers to the next callback,
-                  and its plugin, before we call the callback function.  So in
-                  case the callback function removes itself, we are not accessing
-                  the freed callback pointer later on.
-
-https://fedorahosted.org/389/ticket/47686
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit a799c4670f2e6f6be1fc9a2828dc4a0f738d3021)
-(cherry picked from commit 29c669e43e16611a290e1c82dfdcf5b51903319e)
----
- ldap/servers/slapd/dse.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
-index 61e2629..e8e393b 100644
---- a/ldap/servers/slapd/dse.c
-+++ b/ldap/servers/slapd/dse.c
-@@ -2607,18 +2607,21 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
- 
-     if (pdse->dse_callback != NULL) {
-         struct dse_callback *p = pdse->dse_callback;
-+        struct dse_callback *next = NULL;
-         int result = SLAPI_DSE_CALLBACK_OK;
- 
-         while (p != NULL) {
-+            next = p->next;
-             if ((p->operation & operation) && (p->flags & flags)) {
-                 if(slapi_sdn_scope_test(slapi_entry_get_sdn_const(entryBefore), p->base, p->scope)){
-                     if(NULL == p->slapifilter || slapi_vattr_filter_test(pb, entryBefore, p->slapifilter, 0) == 0){
-+                        struct slapdplugin *plugin = p->plugin;
-                         int plugin_started = 1;
- 
--                        if(p->plugin){
-+                        if(plugin){
-                             /* this is a plugin callback, update the operation counter */
--                            slapi_plugin_op_started(p->plugin);
--                            if(!p->plugin->plg_started){
-+                            slapi_plugin_op_started(plugin);
-+                            if(!plugin->plg_started){
-                                 /* must be a task function being called */
-                                 result = SLAPI_DSE_CALLBACK_ERROR;
-                                 PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-@@ -2633,11 +2636,11 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
-                         if(result < rc){
-                             rc = result;
-                         }
--                        slapi_plugin_op_finished(p->plugin);
-+                        slapi_plugin_op_finished(plugin);
-                     }
-                 }
-             }
--            p = p->next;
-+            p = next;
-         }
-     }
-     return rc;
--- 
-1.9.3
-
diff --git a/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch b/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
new file mode 100644
index 0000000..3fed75f
--- /dev/null
+++ b/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
@@ -0,0 +1,35 @@
+From 755a15ebafb8ae98cef681512d3ab3ef0470e11d Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 23 Aug 2016 14:18:32 -0700
+Subject: [PATCH 41/45] Ticket #48967 - passwordMinAge attribute doesn't limit
+ the minimum age of the password
+
+Description: There was a logic error in check_pw_minage.  Password-
+MinAge was ignored by the error.  This patch fixes the logic error.
+
+https://fedorahosted.org/389/ticket/48967
+
+Reviewed and tested by wibrown@redhat.com and spichugi@redhat.com.
+(Thank you, William and Simon!)
+
+(cherry picked from commit 790e723e4f30b3d245535ce7a9d5d00477878341)
+---
+ ldap/servers/slapd/pw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 6b865ec..7469b9e 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -729,7 +729,7 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals)
+ 	pwpolicy = new_passwdPolicy(pb, dn);
+ 	slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req );
+ 
+-	if (!pb->pb_op->o_isroot && !pwpolicy->pw_minage) {
++	if (!pb->pb_op->o_isroot && pwpolicy->pw_minage) {
+ 
+ 		Slapi_Entry     *e;
+ 		char *passwordAllowChangeTime;
+-- 
+2.4.11
+
diff --git a/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch b/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
deleted file mode 100644
index 067ca01..0000000
--- a/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
+++ /dev/null
@@ -1,1250 +0,0 @@
-From 9075d78f6878907f676fda1062779c921b23ae59 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 10 Aug 2015 17:04:25 -0700
-Subject: [PATCH 42/45] Ticket #47511 - bashisms in 389-ds-base admin scripts
-
-Description by mvocu (Thank you):
-The shell scripts in 389-ds-base/ldap/admin/src/scripts use 'source'
-to source common scripts; the 'source' keyword is bash-specific (or
-c-shell, if memory serves). The interpreter is set to /bin/sh, which
-is not guaranteed to be bash (and at least on Debian 7.1 it is dash).
-The 'source' keyword can be replaced by '.', which should work.
-
-The patch was provided by tjaalton@ubuntu.com (Thank you, Timo!).
-
-https://fedorahosted.org/389/ticket/47511
-
-Reviewed and tested by nhosoi@redhat.com.
-
-(cherry picked from commit 2ce7a7334bcb89e47c0f5c544144aec37010a5b9)
-(cherry picked from commit 49245911410cdd04bc53b00d8973c26defa5a37b)
----
- ldap/admin/src/initconfig.in              |  4 +-
- ldap/admin/src/scripts/DSSharedLib.in     | 92 +++++++++++++++----------------
- ldap/admin/src/scripts/bak2db.in          | 23 ++++----
- ldap/admin/src/scripts/db2bak.in          |  7 +--
- ldap/admin/src/scripts/db2index.in        |  4 +-
- ldap/admin/src/scripts/db2ldif.in         | 22 ++++----
- ldap/admin/src/scripts/dbverify.in        |  6 +-
- ldap/admin/src/scripts/dn2rdn.in          |  4 +-
- ldap/admin/src/scripts/ldif2db.in         |  4 +-
- ldap/admin/src/scripts/ldif2ldap.in       | 46 ++++++++--------
- ldap/admin/src/scripts/monitor.in         | 44 +++++++--------
- ldap/admin/src/scripts/restart-dirsrv.in  |  2 +-
- ldap/admin/src/scripts/restoreconfig.in   |  4 +-
- ldap/admin/src/scripts/saveconfig.in      |  6 +-
- ldap/admin/src/scripts/start-dirsrv.in    | 16 +++---
- ldap/admin/src/scripts/stop-dirsrv.in     | 14 ++---
- ldap/admin/src/scripts/suffix2instance.in |  6 +-
- ldap/admin/src/scripts/upgradedb.in       |  4 +-
- ldap/admin/src/scripts/upgradednformat.in |  6 +-
- ldap/admin/src/scripts/vlvindex.in        |  4 +-
- rpm/389-ds-base-git.sh                    |  2 +-
- rpm/add_patches.sh                        |  4 +-
- rpm/rpmverrel.sh                          |  2 +-
- wrappers/initscript.in                    | 26 +++------
- wrappers/ldap-agent-initscript.in         | 28 ++++------
- 25 files changed, 181 insertions(+), 199 deletions(-)
-
-diff --git a/ldap/admin/src/initconfig.in b/ldap/admin/src/initconfig.in
-index 134e82c..7afa315 100644
---- a/ldap/admin/src/initconfig.in
-+++ b/ldap/admin/src/initconfig.in
-@@ -2,11 +2,11 @@
- OS=`uname -s`
- # use the new mt slab memory allocator on Solaris
- # this requires Solaris 9 update 3 or later
--if [ "$OS" = "SunOS" -a -f /usr/lib/libumem.so ] ; then
-+if [ "$OS" = "SunOS" ] && [ -f /usr/lib/libumem.so ] ; then
-     LD_PRELOAD=/usr/lib/libumem.so
-     export LD_PRELOAD
- fi
--if [ "$OS" = "SunOS" -a -f /usr/lib/64/libumem.so ] ; then
-+if [ "$OS" = "SunOS" ] && [ -f /usr/lib/64/libumem.so ] ; then
-     LD_PRELOAD_64=/usr/lib/64/libumem.so
-     export LD_PRELOAD_64
- fi
-diff --git a/ldap/admin/src/scripts/DSSharedLib.in b/ldap/admin/src/scripts/DSSharedLib.in
-index 3683696..8317c58 100644
---- a/ldap/admin/src/scripts/DSSharedLib.in
-+++ b/ldap/admin/src/scripts/DSSharedLib.in
-@@ -98,13 +98,13 @@ get_init_file()
-     do
-         inst_count=`expr $inst_count + 1`
-         id=`normalize_server_id $configfile`
--        if [ -n "$servid" -a "$id" = "$servid" ]
-+        if [ -n "$servid" ] && [ "$id" = "$servid" ]
-         then
-             # found it
-             echo $configfile
-             exit 0
-         fi
--        if  [ $first == "yes" ]
-+        if  [ $first = "yes" ]
-         then
-             instances=$id
-             first="no"
-@@ -114,7 +114,7 @@ get_init_file()
-     done
- 
-     # server id not provided, check if there is only one instance
--    if [ -z "$servid" -a $inst_count -eq 1 ]
-+    if [ -z "$servid" ] && [ $inst_count -eq 1 ]
-     then
-         # return the file
-         echo $configfile
-@@ -135,48 +135,44 @@ process_dse ()
-     configdir=$1
-     pid=$2
-     file="$configdir/dse.ldif"
--    shopt -s nocasematch
--    OLD_IFC=$IFC
-+    OLD_IFS=$IFS
-     IFS=""
-     while read -r LINE
-     do
--        if [[ $LINE !=  \ * ]] && [ "$output" != "" ]
-+        case $LINE in
-+            ' '*)
-+                ;;
-+            *)
-+                if [ -n "$output" ]
-+                then
-+                    echo "$output" >> /tmp/DSSharedLib.$pid
-+                    output=""
-+                fi
-+                ;;
-+        esac
-+        if [ -n "$output" ]
-         then
--            echo "$output" >> /tmp/DSSharedLib.$pid
--            output=""
--        fi
--        if [ "$output" != "" ] && [[ $LINE == \ * ]]
--        then
--            # continuation line, strip the space and append it
--            LINE=`echo "$LINE" | sed -e 's/^ //'`
--            output=$output$LINE
--        elif [[ $LINE == nsslapd-port* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-localhost* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-securePort* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-security* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-ldapilisten* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-ldapifilepath* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-rootdn* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-ldapiautobind* ]]
--        then
--            output=$LINE;
--        elif [[ $LINE == nsslapd-certdir* ]]
--        then
--            output=$LINE;
-+            case $LINE in
-+                ' '*)
-+                    # continuation line, strip the space and append it
-+                    LINE=`echo "$LINE" | sed -e 's/^ //'`
-+                    output=$output$LINE
-+                    ;;
-+            esac
-+        else
-+            case $LINE in
-+                nsslapd-certdir*|\
-+                nsslapd-ldapiautobind*|\
-+                nsslapd-ldapilisten*|\
-+                nsslapd-ldapifilepath*|\
-+                nsslapd-localhost*|\
-+                nsslapd-port*|\
-+                nsslapd-rootdn*|\
-+                nsslapd-securePort*|\
-+                nsslapd-security*)
-+                    output=$LINE
-+                    ;;
-+            esac
-         fi
-     
-     done < $file
-@@ -194,19 +190,19 @@ check_protocol ()
-     ldapi=$3
-     openldap=$4
-        
--    if [ "$protocol" == "LDAPI" ] && [ "$openldap" != "yes" ]; then
-+    if [ "$protocol" = "LDAPI" ] && [ "$openldap" != "yes" ]; then
-         echo ""
-         exit
--    elif [ "$protocol" == "LDAPI" ] && [ "$ldapi" == "off" ]; then
-+    elif [ "$protocol" = "LDAPI" ] && [ "$ldapi" = "off" ]; then
-         echo ""
-         exit
--    elif [ "$protocol" == "STARTTLS" ]; then
--        if [ "$security" == "" ] || [ "$security" == "off" ]; then
-+    elif [ "$protocol" = "STARTTLS" ]; then
-+        if [ -z "$security" ] || [ "$security" = "off" ]; then
-             echo ""
-             exit
-         fi
--    elif [ "$protocol" == "LDAPS" ]; then
--        if [ "$security" == "" ] || [ "$security" == "off" ]; then
-+    elif [ "$protocol" = "LDAPS" ]; then
-+        if [ -z "$security" ] || [ "$security" = "off" ]; then
-             echo ""
-             exit
-         fi
-@@ -224,4 +220,4 @@ check_protocol ()
-     fi
- 
-     echo "$protocol"
--}
-\ No newline at end of file
-+}
-diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in
-index f0cede4..a2e54cc 100755
---- a/ldap/admin/src/scripts/bak2db.in
-+++ b/ldap/admin/src/scripts/bak2db.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -26,15 +26,18 @@ if [ $# -lt 1 ] || [ $# -gt 7 ]
- then
-     usage
-     exit 1
--elif [[ $1 == -* ]]
--then
--    usage
--    exit 1
--else
--    archivedir=$1
--    shift
- fi
--    
-+case $1 in
-+    -*)
-+        usage
-+        exit 1
-+        ;;
-+    *)
-+        archivedir=$1
-+        shift
-+        ;;
-+esac
-+
- while getopts "hn:Z:qd:vi:a:SD:" flag
- do
-     case $flag in
-@@ -55,7 +58,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in
-index dacd7b0..1896c19 100755
---- a/ldap/admin/src/scripts/db2bak.in
-+++ b/ldap/admin/src/scripts/db2bak.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -26,7 +26,6 @@ then
-     usage
-     exit 1
- fi
--
- if [ "$#" -gt 0 ]
- then
-     if [[ $1 != -* ]]
-@@ -56,7 +55,7 @@ done
- 
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-@@ -67,7 +66,7 @@ fi
- servid=`normalize_server_id $initfile`
- . $initfile
- 
--if [ -z $bak_dir ]
-+if [ -z "$bak_dir" ]
- then
-     bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H_%M_%S`
- fi
-diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
-index a1321ea..2b76cd1 100755
---- a/ldap/admin/src/scripts/db2index.in
-+++ b/ldap/admin/src/scripts/db2index.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -59,7 +59,7 @@ then
- fi
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
-index d7e0ff0..fcf73a0 100755
---- a/ldap/admin/src/scripts/db2ldif.in
-+++ b/ldap/admin/src/scripts/db2ldif.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -39,7 +39,7 @@ make_ldiffile()
-     be=""
-     while [ "$1" != "" ]
-     do
--        if [ "$1" = "-a" ]; then
-+        if [ "x$1" = "x-a" ]; then
-             shift
-             if [ `expr "$1" : "/.*"` -gt 0 ]; then 
- 	            if [ `expr "$1" : "/.*"` -gt 0 ]; then 
-@@ -56,17 +56,17 @@ make_ldiffile()
-                 shift 
-                 return 0 
-             fi
--        elif [ "$1" = "-n" ]; then
-+        elif [ "x$1" = "x-n" ]; then
-             shift
--            if [ "$be" = "" ]; then
-+            if [ -z "$be" ]; then
-                 be="$1"
-             else
-                 tmpbe="$be"
-                 be="${tmpbe}-$1"
-             fi
--        elif [ "$1" = "-s" ]; then
-+        elif [ "x$1" = "x-s" ]; then
-             shift
--            if [ "$1" != "" ]; then
-+            if [ -n "$1" ]; then
-                 rdn=`echo $1 | awk -F, '{print $1}'`
-                 rdnval=`echo $rdn | awk -F= '{print $2}'`
-                 if [ "$be" = "" ]; then
-@@ -76,15 +76,15 @@ make_ldiffile()
-                     be="${tmpbe}-$rdnval"
-                 fi
-             fi
--        elif [ "$1" = "-M" ]; then
-+        elif [ "x$1" = "x-M" ]; then
-             be=""
-         fi
--        if [ "$1" != "" ]; then
-+        if [ -n "$1" ]; then
-             shift
-         fi
-     done
- 
--    if [ "$be" = "" ]; then
-+    if [ -z "$be" ]; then
-         echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
-     else
-         echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-${be}-`date +%Y_%m_%d_%H%M%S`.ldif
-@@ -92,7 +92,7 @@ make_ldiffile()
-     return 0
- }
- 
--if [ "$#" -lt 2 ];
-+if [ $# -lt 2 ];
- then
-     usage
-     exit 1
-@@ -137,7 +137,7 @@ then
- fi
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index 461cc16..bbacc17 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -47,7 +47,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-@@ -58,7 +58,7 @@ fi
- . $initfile
- 
- @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
--if [ $display_version == "yes" ]; then
-+if [ $display_version = "yes" ]; then
-     exit 0
- fi
- if [ $? -eq 0 ]; then
-diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in
-index 32a70c8..616969a 100755
---- a/ldap/admin/src/scripts/dn2rdn.in
-+++ b/ldap/admin/src/scripts/dn2rdn.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -39,7 +39,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in
-index ce15349..a34241a 100755
---- a/ldap/admin/src/scripts/ldif2db.in
-+++ b/ldap/admin/src/scripts/ldif2db.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -82,7 +82,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/ldif2ldap.in b/ldap/admin/src/scripts/ldif2ldap.in
-index 874b1bb..1e871be 100755
---- a/ldap/admin/src/scripts/ldif2ldap.in
-+++ b/ldap/admin/src/scripts/ldif2ldap.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@ldapsdk_libdir@"
- libpath_add "@libdir@"
-@@ -40,14 +40,14 @@ do
-     esac
- done
- 
--if [ "$input_file" == "" ]
-+if [ -z "$input_file" ]
- then 
-     usage
-     exit 1
- fi
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-@@ -67,13 +67,13 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
- ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
- certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
- autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
--if [ "$rootdn" == "" ]; then
-+if [ -z "$rootdn" ]; then
-     value=$(grep -i 'nsslapd-rootdn' $file)
-     rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
- fi
- rm $file
- 
--if [ "$ldapiURL" != "" ]; then
-+if [ -n "$ldapiURL" ]; then
-     ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
-     ldapiURL="ldapi://"$ldapiURL
- fi
-@@ -86,7 +86,7 @@ then
-     export LDAPTLS_CACERTDIR=$certdir
- fi
- 
--if [ -z $security ]; then
-+if [ -z "$security" ]; then
-     security="off"
- fi
- revised_protocol=$(check_protocol $protocol $security $ldapi $openldap)
-@@ -99,12 +99,12 @@ protocol=$revised_protocol
- #
- # STARTTLS
- #
--if [ "$security" == "on" ]; then
--    if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then
--        if [ "$error" == "yes" ]; then 
-+if [ "$security" = "on" ]; then
-+    if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
-+        if [ "$error" = "yes" ]; then
-             echo "Using the next most secure protocol(STARTTLS)"
-         fi
--        if [ "$openldap" == "yes" ]; then
-+        if [ "$openldap" = "yes" ]; then
-             ldapmodify -x -ZZ -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
-         else
-             ldapmodify -ZZZ -P $certdir -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
-@@ -116,12 +116,12 @@ fi
- #
- # LDAPS
- #
--if [ "$security" == "on" ]; then
--    if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then
--        if [ "$error" == "yes" ]; then 
-+if [ "$security" = "on" ]; then
-+    if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
-+        if [ "$error" = "yes" ]; then
-             echo "Using the next most secure protocol(LDAPS)"
-         fi
--        if [ "$openldap" == "yes" ]; then
-+        if [ "$openldap" = "yes" ]; then
-             ldapmodify -x -H "ldaps://$host:$secure_port" -D $rootdn -w $passwd -a -f $input_file
-         else
-             ldapmodify -Z -P $certdir -p $secure_port -h $host -D $rootdn -w $passwd -a -f $input_file 
-@@ -133,21 +133,21 @@ fi
- #
- # LDAPI
- #
--if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then
--    if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then
--        if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then
--            if [ "$error" == "yes" ]; then 
-+if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
-+    if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
-+        if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
-+            if [ "$error" = "yes" ]; then
-                 echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
-             fi
-             ldapmodify -H $ldapiURL -Y EXTERNAL -a -f $input_file 2>/dev/null
-         else
--            if [ "$error" == "yes" ]; then 
-+            if [ "$error" = "yes" ]; then
-                 echo "Using the next most secure protocol(LDAPI)"
-             fi
-             ldapmodify -x -H $ldapiURL -D $rootdn -w $passwd -a -f $input_file
-         fi
-         rc=$?
--        if [ $rc != 0 ]
-+        if [ $rc -ne 0 ]
-         then
-             echo "Operation failed (error $rc)"
-         fi
-@@ -158,11 +158,11 @@ fi
- #
- # LDAP
- #
--if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then
--    if [ "$error" == "yes" ]; then 
-+if [ "$protocol" = "LDAP" ] || [ -z "$protocol" ]; then
-+    if [ "$error" = "yes" ]; then
-         echo "Using the next most secure protocol(LDAP)"
-     fi
--    if [ "$openldap" == "yes" ]; then
-+    if [ "$openldap" = "yes" ]; then
-         ldapmodify -x -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
-     else
-         ldapmodify -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
-diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in
-index 7b2058b..36a2fc9 100755
---- a/ldap/admin/src/scripts/monitor.in
-+++ b/ldap/admin/src/scripts/monitor.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@ldapsdk_libdir@"
-@@ -41,7 +41,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-@@ -66,17 +66,17 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
- ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
- certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
- autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
--if [ "$rootdn" == "" ]; then
-+if [ -z "$rootdn" ]; then
-     value=$(grep -i 'nsslapd-rootdn' $file)
-     rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
- fi
- rm $file
- 
--if [ "$passwd" != "" ]; then
-+if [ -n "$passwd" ]; then
-     dn="-D $rootdn"
-     passwd="-w$passwd"
- fi
--if [ "$ldapiURL" != "" ]
-+if [ -n "$ldapiURL" ]
- then
-     ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
-     ldapiURL="ldapi://"$ldapiURL
-@@ -103,12 +103,12 @@ protocol=$revised_protocol
- #
- # STARTTLS
- #
--if [ "$security" == "on" ]; then
--    if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then
--        if [ "$error" == "yes" ]; then 
-+if [ "$security" = "on" ]; then
-+    if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
-+        if [ "$error" = "yes" ]; then
-             echo "Using the next most secure protocol(STARTTLS)"
-         fi
--        if [ "$openldap" == "yes" ]; then
-+        if [ "$openldap" = "yes" ]; then
-             ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-         else
-             ldapsearch -ZZZ -P $certdir  -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-@@ -120,12 +120,12 @@ fi
- #
- # LDAPS
- #
--if [ "$security" == "on" ]; then
--    if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then
--        if [ "$error" == "yes" ]; then 
-+if [ "$security" = "on" ]; then
-+    if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
-+        if [ "$error" = "yes" ]; then
-             echo "Using the next most secure protocol(LDAPS)"
-         fi
--        if [ "$openldap" == "yes" ]; then
-+        if [ "$openldap" = "yes" ]; then
-             ldapsearch -x -LLL -H "ldaps://$host:$secure_port" -b "$MDN" -s base $dn $passwd "objectClass=*"
-         else 
-             ldapsearch -Z -P $certdir -p $secure_port -b "$MDN" -s base $dn $passwd "objectClass=*"
-@@ -137,15 +137,15 @@ fi
- #
- # LDAPI
- #
--if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then
--    if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then
--        if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then
--            if [ "$error" == "yes" ]; then 
-+if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
-+    if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
-+        if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
-+            if [ "$error" = "yes" ]; then
-                 echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
-             fi
-             ldapsearch -LLL -H "$ldapiURL" -b "$MDN" -s base -Y EXTERNAL "objectClass=*" 2>/dev/null
-         else
--            if [ "$error" == "yes" ]; then 
-+            if [ "$error" = "yes" ]; then
-                 echo "Using the next most secure protocol(LDAPI)"
-             fi
-             ldapsearch -x -LLL -H "$ldapiURL" -b "$MDN" -s base $dn $passwd "objectClass=*"
-@@ -157,14 +157,14 @@ fi
- #
- # LDAP
- #
--if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then
--    if [ "$error" == "yes" ]; then 
-+if [ "$protocol" = "LDAP" ] || [ "$protocol" = "" ]; then
-+    if [ "$error" = "yes" ]; then
-         echo "Using the next most secure protocol(LDAP)"
-     fi
--    if [ "$openldap" == "yes" ]; then
-+    if [ "$openldap" = "yes" ]; then
-         ldapsearch -x -LLL -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-     else
-         ldapsearch -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
--    fi   
-+    fi
-     exit $?
- fi
-diff --git a/ldap/admin/src/scripts/restart-dirsrv.in b/ldap/admin/src/scripts/restart-dirsrv.in
-index 130e06e..e86a24c 100644
---- a/ldap/admin/src/scripts/restart-dirsrv.in
-+++ b/ldap/admin/src/scripts/restart-dirsrv.in
-@@ -7,7 +7,7 @@
- #       2: Server started successfully (was not running)
- #       3: Server could not be stopped
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- restart_instance() {
-     SERV_ID=$1
-diff --git a/ldap/admin/src/scripts/restoreconfig.in b/ldap/admin/src/scripts/restoreconfig.in
-index 9bb1acf..56c9e43 100755
---- a/ldap/admin/src/scripts/restoreconfig.in
-+++ b/ldap/admin/src/scripts/restoreconfig.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -31,7 +31,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/saveconfig.in b/ldap/admin/src/scripts/saveconfig.in
-index 65d80f3..16e3efc 100755
---- a/ldap/admin/src/scripts/saveconfig.in
-+++ b/ldap/admin/src/scripts/saveconfig.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -31,7 +31,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-@@ -45,7 +45,7 @@ servid=`normalize_server_id $initfile`
- echo saving configuration...
- conf_ldif=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
- @sbindir@/ns-slapd db2ldif -N -D $CONFIG_DIR -s "o=NetscapeRoot" -a $conf_ldif -n NetscapeRoot 2>&1
--if [ "$?" -ge 1 ] 
-+if [ $? -ge 1 ]
- then
-     echo Error occurred while saving configuration
-     exit 1
-diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in
-index 481797d..458f0e8 100755
---- a/ldap/admin/src/scripts/start-dirsrv.in
-+++ b/ldap/admin/src/scripts/start-dirsrv.in
-@@ -6,7 +6,7 @@
- #       1: Server could not be started
- #       2: Server already running
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- # Starts a single instance
- start_instance() {
-@@ -44,7 +44,7 @@ start_instance() {
-     STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid
-     if test -f $STARTPIDFILE ; then
-         PID=`cat $STARTPIDFILE`
--        if kill -0 $PID > /dev/null 2>&1 ; then
-+        if kill -s 0 $PID > /dev/null 2>&1 ; then
-             echo There is an ns-slapd process already running: $PID
-             return 2;
-         else
-@@ -53,7 +53,7 @@ start_instance() {
-     fi
-     if test -f $PIDFILE ; then
-         PID=`cat $PIDFILE`
--        if kill -0 $PID > /dev/null 2>&1 ; then
-+        if kill -s 0 $PID > /dev/null 2>&1 ; then
-             echo There is an ns-slapd running: $PID
-             return 2;
-         else
-@@ -64,7 +64,7 @@ start_instance() {
-     # Use systemctl if available and running as root, 
-     # otherwise start the instance the old way.
-     #
--    if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then
-+    if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then
-         @bindir@/systemctl start @package_name@@$SERV_ID.service
-         if [ $? -ne 0 ]; then
-             return 1
-@@ -96,7 +96,7 @@ start_instance() {
-     while test $loop_counter -le $max_count; do
-         loop_counter=`expr $loop_counter + 1`
-         if test ! -f $PIDFILE ; then
--            if kill -0 $PID > /dev/null 2>&1 ; then
-+            if kill -s 0 $PID > /dev/null 2>&1 ; then
-                 sleep 1
-         else
-             echo Server failed to start !!! Please check errors log for problems
-@@ -123,12 +123,12 @@ do
- done
- shift $(($OPTIND-1))
- 
--if [ "$initconfig_dir" = "" ]; then
-+if [ -z "$initconfig_dir" ]; then
-     initconfig_dir=@initconfigdir@
- fi
- 
- found=0
--if [ "$#" -eq 0 ]; then
-+if [ $# -eq 0 ]; then
-     # We're starting all instances.
-     ret=0
-     initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; }
-@@ -137,7 +137,7 @@ if [ "$#" -eq 0 ]; then
-         echo Starting instance \"$inst\"
-         start_instance $inst
-         rv=$?
--        if [ "$rv" -ne 0 ]; then
-+        if [ $rv -ne 0 ]; then
-             ret=$rv
-         fi
-     done
-diff --git a/ldap/admin/src/scripts/stop-dirsrv.in b/ldap/admin/src/scripts/stop-dirsrv.in
-index 3f02e78..72e2b85 100755
---- a/ldap/admin/src/scripts/stop-dirsrv.in
-+++ b/ldap/admin/src/scripts/stop-dirsrv.in
-@@ -6,7 +6,7 @@
- #       1: Server could not be stopped
- #       2: Server was not running
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- stop_instance() {
-     SERV_ID=$1
-@@ -28,7 +28,7 @@ stop_instance() {
-     fi
-     PID=`cat $PIDFILE`
-     # see if the server is already stopped
--    kill -0 $PID > /dev/null 2>&1 || {
-+    kill -s 0 $PID > /dev/null 2>&1 || {
-         echo Server not running
-         if test -f $PIDFILE ; then
-             rm -f $PIDFILE
-@@ -39,7 +39,7 @@ stop_instance() {
-     #
-     # use systemctl if running as root
-     #
--    if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then
-+    if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then
-         # 
-         # Now, check if systemctl is aware of this running instance
-         #
-@@ -65,7 +65,7 @@ stop_instance() {
-     max_count=600
-     while test $loop_counter -le $max_count; do
-         loop_counter=`expr $loop_counter + 1`
--        if kill -0 $PID > /dev/null 2>&1 ; then
-+        if kill -s 0 $PID > /dev/null 2>&1 ; then
-             sleep 1;
-         else
-             if test -f $PIDFILE ; then
-@@ -88,11 +88,11 @@ do
- done
- shift $(($OPTIND-1))
- 
--if [ "$initconfig_dir" = "" ]; then
-+if [ -z "$initconfig_dir" ]; then
-     initconfig_dir=@initconfigdir@
- fi
- 
--if [ "$#" -eq 0 ]; then
-+if [ $# -eq 0 ]; then
-     # We're stopping all instances.
-     ret=0
-     initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; }
-@@ -105,7 +105,7 @@ if [ "$#" -eq 0 ]; then
-         echo Stopping instance \"$inst\"
-         stop_instance $inst
-         rv=$?
--        if [ "$rv" -ne 0 ]; then
-+        if [ $rv -ne 0 ]; then
-             ret=$rv
-         fi
-     done
-diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in
-index e2f73c3..7774148 100755
---- a/ldap/admin/src/scripts/suffix2instance.in
-+++ b/ldap/admin/src/scripts/suffix2instance.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -32,14 +32,14 @@ do
-     esac
- done
- 
--if [ "$args" == "" ]
-+if [ -z "$args" ]
- then
-     usage
-     exit 1
- fi
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in
-index 211bdce..bf600dd 100755
---- a/ldap/admin/src/scripts/upgradedb.in
-+++ b/ldap/admin/src/scripts/upgradedb.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -39,7 +39,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-     echo "Available instances: $initfile"
-diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in
-index e9d8cab..51585ae 100755
---- a/ldap/admin/src/scripts/upgradednformat.in
-+++ b/ldap/admin/src/scripts/upgradednformat.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- # upgradednformat -- upgrade DN format to the new style (RFC 4514)
- # Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory
-@@ -49,13 +49,13 @@ do
-     esac
- done
- 
--if [ "$be" = "" ] || [ "$dir" = "" ]; then
-+if [ -z "$be" ] || [ -z "$dir" ]; then
-     usage
-     exit 1
- fi
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in
-index 0b46b27..365e32f 100755
---- a/ldap/admin/src/scripts/vlvindex.in
-+++ b/ldap/admin/src/scripts/vlvindex.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
- 
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -45,7 +45,7 @@ do
- done
- 
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
-     usage
-     echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
-diff --git a/rpm/389-ds-base-git.sh b/rpm/389-ds-base-git.sh
-index e5aaa8a..1a38da1 100644
---- a/rpm/389-ds-base-git.sh
-+++ b/rpm/389-ds-base-git.sh
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
- 
- DATE=`date +%Y%m%d`
- # use a real tag name here
-diff --git a/rpm/add_patches.sh b/rpm/add_patches.sh
-index 690d0b2..31823d5 100755
---- a/rpm/add_patches.sh
-+++ b/rpm/add_patches.sh
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
--function usage()
-+usage()
- {
-     echo "Adds patches to a specfile"
-     echo ""
-@@ -51,5 +51,5 @@ for p in $patches; do
-     sed -i -e "/${prefix}/a Patch${i}: ${p}" -e "/$prepprefix/a %patch${i} -p1" $specfile
-     prefix="Patch${i}:"
-     prepprefix="%patch${i}"
--    i=$(($i+1))
-+    i=`expr $i + 1`
- done
-diff --git a/rpm/rpmverrel.sh b/rpm/rpmverrel.sh
-index 86b808e..06e97c7 100755
---- a/rpm/rpmverrel.sh
-+++ b/rpm/rpmverrel.sh
-@@ -6,7 +6,7 @@ srcdir=`pwd`
- 
- # Source VERSION.sh to set the version
- # and release environment variables.
--source ./VERSION.sh
-+. ./VERSION.sh
- 
- if [ "$1" = "version" ]; then
-   echo $RPM_VERSION
-diff --git a/wrappers/initscript.in b/wrappers/initscript.in
-index ad4ea2b..fa79dbd 100644
---- a/wrappers/initscript.in
-+++ b/wrappers/initscript.in
-@@ -32,28 +32,20 @@ then
-     fi
- fi
- 
--# figure out which echo we're using
--ECHO_N=`echo -n`
--
--# some shells echo cannot use -n - linux echo by default cannot use \c
- echo_n()
- {
--    if [ "$ECHO_N" = '-n' ] ; then
--        echo "$*\c"
--    else
--        echo -n "$*"
--    fi
-+    printf '%s' "$*"
- }
- 
- # failure and success are not defined on some platforms
--type failure > /dev/null 2>&1 || {
-+which failure > /dev/null 2>&1 || {
- failure()
- {
-     echo_n " FAILED"
- }
- }
- 
--type success > /dev/null 2>&1 || {
-+which success > /dev/null 2>&1 || {
- success()
- {
-     echo_n " SUCCESS"
-@@ -178,7 +170,7 @@ start() {
-             pid=`cat $pidfile`
-             instlockfile="@localstatedir@/lock/@package_name@/slapd-$instance/server/$pid"
-             name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
--            if kill -0 $pid && [ $name = "ns-slapd" ]; then
-+            if kill -s 0 $pid && [ $name = "ns-slapd" ]; then
-                 echo_n " already running"
-                 success; echo
-                 successes=`expr $successes + 1`
-@@ -239,7 +231,7 @@ start() {
-             while test $loop_counter -le $max_count ; do
-                 loop_counter=`expr $loop_counter + 1`
-                 if test ! -f $pidfile ; then
--                    if kill -0 $pid > /dev/null 2>&1 ; then
-+                    if kill -s 0 $pid > /dev/null 2>&1 ; then
-                         sleep 1
-                     else
-                         break
-@@ -249,7 +241,7 @@ start() {
-                     break
-                 fi
-             done
--            if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
-+            if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
-                 success; echo
-                 successes=`expr $successes + 1`
-             else
-@@ -278,7 +270,7 @@ stop() {
-         if [ -f $pidfile ]; then
-             pid=`cat $pidfile`
-             server_stopped=0
--            if kill -0 $pid > /dev/null 2>&1 ; then
-+            if kill -s 0 $pid > /dev/null 2>&1 ; then
-                 kill $pid
-                 if [ $? -eq 0 ]; then
-                     server_stopped=1
-@@ -297,7 +289,7 @@ stop() {
-                 max_count=600
-                 while test $loop_counter -le $max_count; do
-                     loop_counter=`expr $loop_counter + 1`
--                    if kill -0 $pid > /dev/null 2>&1 ; then
-+                    if kill -s 0 $pid > /dev/null 2>&1 ; then
-                         sleep 1
-                     else
-                         if test -f $pidfile ; then
-@@ -339,7 +331,7 @@ status() {
-      for instance in $INSTANCES; do
-          if [ -f $piddir/slapd-$instance.pid ]; then
-              pid=`cat $piddir/slapd-$instance.pid`
--             if kill -0 $pid > /dev/null 2>&1 ; then
-+             if kill -s 0 $pid > /dev/null 2>&1 ; then
-                  echo "$prog $instance (pid $pid) is running..."
-              else
-                 echo "$prog $instance dead but pid file exists"
-diff --git a/wrappers/ldap-agent-initscript.in b/wrappers/ldap-agent-initscript.in
-index dd8ee97..b7aa4fe 100644
---- a/wrappers/ldap-agent-initscript.in
-+++ b/wrappers/ldap-agent-initscript.in
-@@ -31,28 +31,20 @@ then
-     fi
- fi
- 
--# figure out which echo we're using
--ECHO_N=`echo -n`
--
--# some shells echo cannot use -n - linux echo by default cannot use \c
- echo_n()
- {
--    if [ "$ECHO_N" = '-n' ] ; then
--        echo "$*\c"
--    else
--        echo -n "$*"
--    fi
-+    printf '%s' "$*"
- }
- 
- # failure and success are not defined on some platforms
--type failure > /dev/null 2>&1 || {
-+which failure > /dev/null 2>&1 || {
- failure()
- {
-     echo_n " FAILED"
- }
- }
- 
--type success > /dev/null 2>&1 || {
-+which success > /dev/null 2>&1 || {
- success()
- {
-     echo_n " SUCCESS"
-@@ -92,7 +84,7 @@ start() {
-     if [ -f $pidfile ]; then
-         pid=`cat $pidfile`
-         name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
--        if kill -0 $pid && [ $name = "$processname" ]; then
-+        if kill -s 0 $pid && [ $name = "$processname" ]; then
-             echo_n " already running"
-             success; echo
-             subagent_running=1
-@@ -121,7 +113,7 @@ start() {
-         while test $loop_counter -le $max_count ; do
-             loop_counter=`expr $loop_counter + 1`
-             if test ! -f $pidfile ; then
--                if kill -0 $pid > /dev/null 2>&1 ; then
-+                if kill -s 0 $pid > /dev/null 2>&1 ; then
-                     sleep 1
-                 else
-                     break
-@@ -131,7 +123,7 @@ start() {
-                 break
-             fi
-         done
--        if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
-+        if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
-             success; echo
-         else
-             failure; echo
-@@ -147,7 +139,7 @@ stop() {
-     if [ -f $pidfile ]; then
-         pid=`cat $pidfile`
-         subagent_stopped=0
--        if kill -0 $pid > /dev/null 2>&1 ; then
-+        if kill -s 0 $pid > /dev/null 2>&1 ; then
-             kill $pid
-             if [ $? -eq 0 ]; then
-                 subagent_stopped=1
-@@ -164,7 +156,7 @@ stop() {
-             max_count=10
-             while test $loop_counter -le $max_count; do
-                 loop_counter=`expr $loop_counter + 1`
--                if kill -0 $pid > /dev/null 2>&1 ; then
-+                if kill -s 0 $pid > /dev/null 2>&1 ; then
-                     sleep 1
-                 else
-                     if test -f $pidfile ; then
-@@ -200,7 +192,7 @@ condrestart() {
-     if [ -f $pidfile ]; then
-         pid=`cat $pidfile`
-         name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
--        if kill -0 $pid && [ $name = "$processname" ]; then
-+        if kill -s 0 $pid && [ $name = "$processname" ]; then
-             restart
-         fi
-     fi
-@@ -210,7 +202,7 @@ status() {
-      ret=0
-      if [ -f $pidfile ]; then
-          pid=`cat $pidfile`
--         if kill -0 $pid > /dev/null 2>&1 ; then
-+         if kill -s 0 $pid > /dev/null 2>&1 ; then
-              echo "$prog (pid $pid) is running..."
-          else
-             echo "$prog dead but pid file exists"
--- 
-1.9.3
-
diff --git a/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch b/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
new file mode 100644
index 0000000..593e292
--- /dev/null
+++ b/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
@@ -0,0 +1,933 @@
+From 986930d491d64ce32b91ed70d452074f2963fc55 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <spichugi@redhat.com>
+Date: Wed, 24 Aug 2016 10:08:29 +0200
+Subject: [PATCH 42/45] Ticket 48967 - Add CI test and refactor test suite
+
+Description: Add a test case to password policy test suite.
+Refactor structure of password test suite so it would become more
+logical.
+
+https://fedorahosted.org/389/ticket/48967
+
+Reviewed by: nhosoi (Thank you, Noriko!)
+
+(cherry picked from commit 6abd5f49d8e32732a97794e68f642045f16f23e3)
+---
+ .../suites/password/pwdPolicy_attribute_test.py    | 339 +++++++++++++++++++++
+ .../tests/suites/password/pwdPolicy_syntax_test.py | 151 +++++++++
+ .../tests/suites/password/pwdPolicy_test.py        | 151 ---------
+ .../tests/suites/password/pwd_change_policytest.py | 240 ---------------
+ 4 files changed, 490 insertions(+), 391 deletions(-)
+ create mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
+ create mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
+ delete mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_test.py
+ delete mode 100644 dirsrvtests/tests/suites/password/pwd_change_policytest.py
+
+diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
+new file mode 100644
+index 0000000..d3be7e2
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
+@@ -0,0 +1,339 @@
++import os
++import sys
++import time
++import subprocess
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = False
++OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX)
++TEST_USER_NAME = 'simplepaged_test'
++TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE)
++TEST_USER_PWD = 'simplepaged_test'
++PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\
++                      'ou=people,dc=example,dc=com",'\
++                      'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\
++                        'ou=people,dc=example,dc=com",'\
++                        'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++
++if DEBUGGING:
++    logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++    logging.getLogger(__name__).setLevel(logging.INFO)
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++    """The DS Topology Class"""
++    def __init__(self, standalone):
++        """Init"""
++        standalone.open()
++        self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    """Create DS Deployment"""
++
++    # Creating standalone instance ...
++    if DEBUGGING:
++        standalone = DirSrv(verbose=True)
++    else:
++        standalone = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_STANDALONE
++    args_instance[SER_PORT] = PORT_STANDALONE
++    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_standalone = args_instance.copy()
++    standalone.allocate(args_standalone)
++    instance_standalone = standalone.exists()
++    if instance_standalone:
++        standalone.delete()
++    standalone.create()
++    standalone.open()
++
++    def fin():
++        """If we are debugging just stop the instances, otherwise remove
++        them
++        """
++        if DEBUGGING:
++            standalone.stop()
++        else:
++            standalone.delete()
++
++    request.addfinalizer(fin)
++
++
++    return TopologyStandalone(standalone)
++
++
++@pytest.fixture(scope="module")
++def test_user(topology, request):
++    """User for binding operation"""
++
++    log.info('Adding user {}'.format(TEST_USER_DN))
++    try:
++        topology.standalone.add_s(Entry((TEST_USER_DN, {
++                                        'objectclass': 'top person'.split(),
++                                        'objectclass': 'organizationalPerson',
++                                        'objectclass': 'inetorgperson',
++                                        'cn': TEST_USER_NAME,
++                                        'sn': TEST_USER_NAME,
++                                        'userpassword': TEST_USER_PWD,
++                                        'mail': '%s@redhat.com' % TEST_USER_NAME,
++                                        'uid': TEST_USER_NAME
++                                        })))
++    except ldap.LDAPError as e:
++        log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
++                                                           e.message['desc']))
++        raise e
++
++    def fin():
++        log.info('Deleting user {}'.format(TEST_USER_DN))
++        topology.standalone.delete_s(TEST_USER_DN)
++    request.addfinalizer(fin)
++
++
++@pytest.fixture(scope="module")
++def password_policy(topology, test_user):
++    """Set up password policy for subtree and user"""
++
++    log.info('Enable fine-grained policy')
++    try:
++        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
++                                                  'nsslapd-pwpolicy-local',
++                                                  'on')])
++    except ldap.LDAPError as e:
++        log.error('Failed to set fine-grained policy: error {}'.format(
++            e.message['desc']))
++        raise e
++
++    log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
++    try:
++        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++                         '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++                         '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
++    except subprocess.CalledProcessError as e:
++        log.error('Failed to create pw policy policy for {}: error {}'.format(
++            OU_PEOPLE, e.message['desc']))
++        raise e
++
++    log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE))
++    try:
++        topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE,
++                                                  'pwdpolicysubentry',
++                                                  PW_POLICY_CONT_PEOPLE)])
++    except ldap.LDAPError as e:
++        log.error('Failed to pwdpolicysubentry pw policy '\
++                  'policy for {}: error {}'.format(OU_PEOPLE,
++                                                   e.message['desc']))
++        raise e
++
++    log.info('Create password policy for subtree {}'.format(TEST_USER_DN))
++    try:
++        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++                         '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++                         '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE])
++    except subprocess.CalledProcessError as e:
++        log.error('Failed to create pw policy policy for {}: error {}'.format(
++            TEST_USER_DN, e.message['desc']))
++        raise e
++
++    log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN))
++    try:
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'pwdpolicysubentry',
++                                                     PW_POLICY_CONT_USER)])
++    except ldap.LDAPError as e:
++        log.error('Failed to pwdpolicysubentry pw policy '\
++                  'policy for {}: error {}'.format(TEST_USER_DN,
++                                                   e.message['desc']))
++        raise e
++
++
++@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',
++                         [('on', 'off', ldap.UNWILLING_TO_PERFORM),
++                          ('off', 'off', ldap.UNWILLING_TO_PERFORM),
++                          ('off', 'on', None), ('on', 'on', None)])
++def test_change_pwd(topology, test_user, password_policy,
++                    subtree_pwchange, user_pwchange, exception):
++    """Verify that 'passwordChange' attr works as expected
++    User should have a priority over a subtree.
++
++    :Feature: Password policy
++
++    :Setup: Standalone instance, test user,
++            password policy entries for a user and a subtree
++
++    :Steps: 1. Set passwordChange on the user and the subtree
++               to various combinations
++            2. Bind as test user
++            3. Try to change password
++
++    :Assert: Subtree/User passwordChange - result
++             off/on, on/on - success
++             on/off, off/off - UNWILLING_TO_PERFORM
++    """
++
++    log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange,
++                                                      PW_POLICY_CONT_PEOPLE))
++    try:
++        topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
++                                                             'passwordChange',
++                                                             subtree_pwchange)])
++    except ldap.LDAPError as e:
++        log.error('Failed to set passwordChange '\
++                  'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
++                                                   e.message['desc']))
++        raise e
++
++
++    log.info('Set passwordChange to "{}" - {}'.format(user_pwchange,
++                                                      PW_POLICY_CONT_USER))
++    try:
++        topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
++                                                            'passwordChange',
++                                                            user_pwchange)])
++    except ldap.LDAPError as e:
++        log.error('Failed to set passwordChange '\
++                  'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
++                                                   e.message['desc']))
++        raise e
++
++    try:
++        log.info('Bind as user and modify userPassword')
++        topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++        if exception:
++            with pytest.raises(exception):
++                topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                            'userPassword',
++                                                            'new_pass')])
++        else:
++            topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                        'userPassword',
++                                                        'new_pass')])
++    except ldap.LDAPError as e:
++        log.error('Failed to change userpassword for {}: error {}'.format(
++            TEST_USER_DN, e.message['info']))
++        raise e
++    finally:
++        log.info('Bind as DM')
++        topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'userPassword',
++                                                     TEST_USER_PWD)])
++
++
++def test_pwd_min_age(topology, test_user, password_policy):
++    """If we set passwordMinAge to some value, for example to 10, then it
++    should not allow the user to change the password within 10 seconds after
++    his previous change.
++
++    :Feature: Password policy
++
++    :Setup: Standalone instance, test user,
++            password policy entries for a user and a subtree
++
++    :Steps: 1. Set passwordMinAge to 10 on the user pwpolicy entry
++            2. Set passwordMinAge to 10 on the subtree pwpolicy entry
++            3. Set passwordMinAge to 10 on the cn=config entry
++            4. Bind as test user
++            5. Try to change password two times in a row
++            6. Wait 12 seconds
++            7. Try to change password
++
++    :Assert: User should be not allowed to change the password
++             right after previous change - CONSTRAINT_VIOLATION
++             User should be not allowed to change the password
++             after 12 seconds passed
++    """
++
++    num_seconds = '10'
++
++    log.info('Set passwordminage to "{}" - {}'.format(num_seconds, PW_POLICY_CONT_PEOPLE))
++    try:
++        topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
++                                                             'passwordminage',
++                                                             num_seconds)])
++    except ldap.LDAPError as e:
++        log.error('Failed to set passwordminage '\
++                  'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
++                                                   e.message['desc']))
++        raise e
++
++    log.info('Set passwordminage to "{}" - {}'.format(num_seconds, PW_POLICY_CONT_USER))
++    try:
++        topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
++                                                            'passwordminage',
++                                                            num_seconds)])
++    except ldap.LDAPError as e:
++        log.error('Failed to set passwordminage '\
++                  'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
++                                                   e.message['desc']))
++        raise e
++
++    log.info('Set passwordminage to "{}" - {}'.format(num_seconds, DN_CONFIG))
++    try:
++        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
++                                                  'passwordminage',
++                                                  num_seconds)])
++    except ldap.LDAPError as e:
++        log.error('Failed to set passwordminage '\
++                  'policy for {}: error {}'.format(DN_CONFIG,
++                                                   e.message['desc']))
++        raise e
++
++    try:
++        log.info('Bind as user and modify userPassword')
++        topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'userPassword',
++                                                     'new_pass')])
++    except ldap.LDAPError as e:
++        log.error('Failed to change userpassword for {}: error {}'.format(
++            TEST_USER_DN, e.message['info']))
++        raise e
++
++
++    log.info('Bind as user and modify userPassword straight away after previous change')
++    topology.standalone.simple_bind_s(TEST_USER_DN, 'new_pass')
++    with pytest.raises(ldap.CONSTRAINT_VIOLATION):
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'userPassword',
++                                                     'new_new_pass')])
++
++    log.info('Wait {} second'.format(int(num_seconds) + 2))
++    time.sleep(int(num_seconds) + 2)
++
++    try:
++        log.info('Bind as user and modify userPassword')
++        topology.standalone.simple_bind_s(TEST_USER_DN, 'new_pass')
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'userPassword',
++                                                     TEST_USER_PWD)])
++    except ldap.LDAPError as e:
++        log.error('Failed to change userpassword for {}: error {}'.format(
++            TEST_USER_DN, e.message['info']))
++        raise e
++    finally:
++        log.info('Bind as DM')
++        topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++                                                     'userPassword',
++                                                     TEST_USER_PWD)])
++
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
+diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
+new file mode 100644
+index 0000000..653d033
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
+@@ -0,0 +1,151 @@
++# --- BEGIN COPYRIGHT BLOCK ---
++# Copyright (C) 2015 Red Hat, Inc.
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details. 
++# --- END COPYRIGHT BLOCK ---
++#
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++from lib389.config import RSA, Encryption, Config
++
++DEBUGGING = False
++
++USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX
++
++if DEBUGGING:
++    logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++    logging.getLogger(__name__).setLevel(logging.INFO)
++
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++    """The DS Topology Class"""
++    def __init__(self, standalone):
++        """Init"""
++        standalone.open()
++        self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    """Create DS Deployment"""
++
++    # Creating standalone instance ...
++    if DEBUGGING:
++        standalone = DirSrv(verbose=True)
++    else:
++        standalone = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_STANDALONE
++    args_instance[SER_PORT] = PORT_STANDALONE
++    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_standalone = args_instance.copy()
++    standalone.allocate(args_standalone)
++    instance_standalone = standalone.exists()
++    if instance_standalone:
++        standalone.delete()
++    standalone.create()
++    standalone.open()
++
++    # Deploy certs
++    # This is a trick. The nss db that ships with DS is broken
++    for f in ('key3.db', 'cert8.db', 'key4.db', 'cert9.db', 'secmod.db', 'pkcs11.txt'):
++        try:
++            os.remove("%s/%s" % (topology.standalone.confdir, f ))
++        except:
++            pass
++
++    assert(standalone.nss_ssl.reinit() is True)
++    assert(standalone.nss_ssl.create_rsa_ca() is True)
++    assert(standalone.nss_ssl.create_rsa_key_and_cert() is True)
++
++    # Say that we accept the cert
++    # Connect again!
++
++    # Enable the SSL options
++    standalone.rsa.create()
++    standalone.rsa.set('nsSSLPersonalitySSL', 'Server-Cert')
++    standalone.rsa.set('nsSSLToken', 'internal (software)')
++    standalone.rsa.set('nsSSLActivation', 'on')
++
++    standalone.config.set('nsslapd-secureport', PORT_STANDALONE2)
++    standalone.config.set('nsslapd-security', 'on')
++
++    standalone.restart()
++
++
++    def fin():
++        """If we are debugging just stop the instances, otherwise remove
++        them
++        """
++        if DEBUGGING:
++            standalone.stop()
++        else:
++            standalone.delete()
++
++    request.addfinalizer(fin)
++
++    # Clear out the tmp dir
++    standalone.clearTmpDir(__file__)
++
++    return TopologyStandalone(standalone)
++
++def _create_user(inst):
++    inst.add_s(Entry((
++                USER_DN, {
++                    'objectClass': 'top account simplesecurityobject'.split(),
++                     'uid': 'user',
++                     'userpassword': 'password'
++                })))
++
++
++def test_pwdPolicy_constraint(topology):
++    '''
++    Password policy test: Ensure that on a password change, the policy is
++    enforced correctly.
++    '''
++
++    # Create a user
++    _create_user(topology.standalone)
++    # Set the password policy globally
++    topology.standalone.config.set('passwordMinLength', '10')
++    topology.standalone.config.set('passwordMinDigits', '2')
++    topology.standalone.config.set('passwordCheckSyntax', 'on')
++    topology.standalone.config.set('nsslapd-pwpolicy-local', 'off')
++    # Now open a new ldap connection with TLS
++    userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
++    userconn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap. OPT_X_TLS_NEVER )
++    userconn.start_tls_s()
++    userconn.simple_bind_s(USER_DN, 'password')
++    # This should have an exception!
++    try:
++        userconn.passwd_s(USER_DN, 'password', 'password1')
++        assert(False)
++    except ldap.CONSTRAINT_VIOLATION:
++        assert(True)
++    # Change the password to something invalid!
++
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
+diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_test.py
+deleted file mode 100644
+index 653d033..0000000
+--- a/dirsrvtests/tests/suites/password/pwdPolicy_test.py
++++ /dev/null
+@@ -1,151 +0,0 @@
+-# --- BEGIN COPYRIGHT BLOCK ---
+-# Copyright (C) 2015 Red Hat, Inc.
+-# All rights reserved.
+-#
+-# License: GPL (version 3 or any later version).
+-# See LICENSE for details. 
+-# --- END COPYRIGHT BLOCK ---
+-#
+-import os
+-import sys
+-import time
+-import ldap
+-import logging
+-import pytest
+-from lib389 import DirSrv, Entry, tools, tasks
+-from lib389.tools import DirSrvTools
+-from lib389._constants import *
+-from lib389.properties import *
+-from lib389.tasks import *
+-
+-logging.getLogger(__name__).setLevel(logging.DEBUG)
+-log = logging.getLogger(__name__)
+-
+-from lib389.config import RSA, Encryption, Config
+-
+-DEBUGGING = False
+-
+-USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX
+-
+-if DEBUGGING:
+-    logging.getLogger(__name__).setLevel(logging.DEBUG)
+-else:
+-    logging.getLogger(__name__).setLevel(logging.INFO)
+-
+-
+-log = logging.getLogger(__name__)
+-
+-
+-class TopologyStandalone(object):
+-    """The DS Topology Class"""
+-    def __init__(self, standalone):
+-        """Init"""
+-        standalone.open()
+-        self.standalone = standalone
+-
+-
+-@pytest.fixture(scope="module")
+-def topology(request):
+-    """Create DS Deployment"""
+-
+-    # Creating standalone instance ...
+-    if DEBUGGING:
+-        standalone = DirSrv(verbose=True)
+-    else:
+-        standalone = DirSrv(verbose=False)
+-    args_instance[SER_HOST] = HOST_STANDALONE
+-    args_instance[SER_PORT] = PORT_STANDALONE
+-    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+-    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+-    args_standalone = args_instance.copy()
+-    standalone.allocate(args_standalone)
+-    instance_standalone = standalone.exists()
+-    if instance_standalone:
+-        standalone.delete()
+-    standalone.create()
+-    standalone.open()
+-
+-    # Deploy certs
+-    # This is a trick. The nss db that ships with DS is broken
+-    for f in ('key3.db', 'cert8.db', 'key4.db', 'cert9.db', 'secmod.db', 'pkcs11.txt'):
+-        try:
+-            os.remove("%s/%s" % (topology.standalone.confdir, f ))
+-        except:
+-            pass
+-
+-    assert(standalone.nss_ssl.reinit() is True)
+-    assert(standalone.nss_ssl.create_rsa_ca() is True)
+-    assert(standalone.nss_ssl.create_rsa_key_and_cert() is True)
+-
+-    # Say that we accept the cert
+-    # Connect again!
+-
+-    # Enable the SSL options
+-    standalone.rsa.create()
+-    standalone.rsa.set('nsSSLPersonalitySSL', 'Server-Cert')
+-    standalone.rsa.set('nsSSLToken', 'internal (software)')
+-    standalone.rsa.set('nsSSLActivation', 'on')
+-
+-    standalone.config.set('nsslapd-secureport', PORT_STANDALONE2)
+-    standalone.config.set('nsslapd-security', 'on')
+-
+-    standalone.restart()
+-
+-
+-    def fin():
+-        """If we are debugging just stop the instances, otherwise remove
+-        them
+-        """
+-        if DEBUGGING:
+-            standalone.stop()
+-        else:
+-            standalone.delete()
+-
+-    request.addfinalizer(fin)
+-
+-    # Clear out the tmp dir
+-    standalone.clearTmpDir(__file__)
+-
+-    return TopologyStandalone(standalone)
+-
+-def _create_user(inst):
+-    inst.add_s(Entry((
+-                USER_DN, {
+-                    'objectClass': 'top account simplesecurityobject'.split(),
+-                     'uid': 'user',
+-                     'userpassword': 'password'
+-                })))
+-
+-
+-def test_pwdPolicy_constraint(topology):
+-    '''
+-    Password policy test: Ensure that on a password change, the policy is
+-    enforced correctly.
+-    '''
+-
+-    # Create a user
+-    _create_user(topology.standalone)
+-    # Set the password policy globally
+-    topology.standalone.config.set('passwordMinLength', '10')
+-    topology.standalone.config.set('passwordMinDigits', '2')
+-    topology.standalone.config.set('passwordCheckSyntax', 'on')
+-    topology.standalone.config.set('nsslapd-pwpolicy-local', 'off')
+-    # Now open a new ldap connection with TLS
+-    userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
+-    userconn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap. OPT_X_TLS_NEVER )
+-    userconn.start_tls_s()
+-    userconn.simple_bind_s(USER_DN, 'password')
+-    # This should have an exception!
+-    try:
+-        userconn.passwd_s(USER_DN, 'password', 'password1')
+-        assert(False)
+-    except ldap.CONSTRAINT_VIOLATION:
+-        assert(True)
+-    # Change the password to something invalid!
+-
+-
+-if __name__ == '__main__':
+-    # Run isolated
+-    # -s for DEBUG mode
+-    CURRENT_FILE = os.path.realpath(__file__)
+-    pytest.main("-s %s" % CURRENT_FILE)
+diff --git a/dirsrvtests/tests/suites/password/pwd_change_policytest.py b/dirsrvtests/tests/suites/password/pwd_change_policytest.py
+deleted file mode 100644
+index 1d48c65..0000000
+--- a/dirsrvtests/tests/suites/password/pwd_change_policytest.py
++++ /dev/null
+@@ -1,240 +0,0 @@
+-import os
+-import sys
+-import time
+-import subprocess
+-import ldap
+-import logging
+-import pytest
+-from lib389 import DirSrv, Entry, tools, tasks
+-from lib389.tools import DirSrvTools
+-from lib389._constants import *
+-from lib389.properties import *
+-from lib389.tasks import *
+-from lib389.utils import *
+-
+-DEBUGGING = False
+-OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX)
+-TEST_USER_NAME = 'simplepaged_test'
+-TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE)
+-TEST_USER_PWD = 'simplepaged_test'
+-PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\
+-                      'ou=people,dc=example,dc=com",'\
+-                      'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
+-PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\
+-                        'ou=people,dc=example,dc=com",'\
+-                        'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
+-
+-if DEBUGGING:
+-    logging.getLogger(__name__).setLevel(logging.DEBUG)
+-else:
+-    logging.getLogger(__name__).setLevel(logging.INFO)
+-
+-log = logging.getLogger(__name__)
+-
+-
+-class TopologyStandalone(object):
+-    """The DS Topology Class"""
+-    def __init__(self, standalone):
+-        """Init"""
+-        standalone.open()
+-        self.standalone = standalone
+-
+-
+-@pytest.fixture(scope="module")
+-def topology(request):
+-    """Create DS Deployment"""
+-
+-    # Creating standalone instance ...
+-    if DEBUGGING:
+-        standalone = DirSrv(verbose=True)
+-    else:
+-        standalone = DirSrv(verbose=False)
+-    args_instance[SER_HOST] = HOST_STANDALONE
+-    args_instance[SER_PORT] = PORT_STANDALONE
+-    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+-    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+-    args_standalone = args_instance.copy()
+-    standalone.allocate(args_standalone)
+-    instance_standalone = standalone.exists()
+-    if instance_standalone:
+-        standalone.delete()
+-    standalone.create()
+-    standalone.open()
+-
+-    def fin():
+-        """If we are debugging just stop the instances, otherwise remove
+-        them
+-        """
+-        if DEBUGGING:
+-            standalone.stop()
+-        else:
+-            standalone.delete()
+-
+-    request.addfinalizer(fin)
+-
+-
+-    return TopologyStandalone(standalone)
+-
+-
+-@pytest.fixture(scope="module")
+-def test_user(topology, request):
+-    """User for binding operation"""
+-
+-    log.info('Adding user {}'.format(TEST_USER_DN))
+-    try:
+-        topology.standalone.add_s(Entry((TEST_USER_DN, {
+-                                        'objectclass': 'top person'.split(),
+-                                        'objectclass': 'organizationalPerson',
+-                                        'objectclass': 'inetorgperson',
+-                                        'cn': TEST_USER_NAME,
+-                                        'sn': TEST_USER_NAME,
+-                                        'userpassword': TEST_USER_PWD,
+-                                        'mail': '%s@redhat.com' % TEST_USER_NAME,
+-                                        'uid': TEST_USER_NAME
+-                                        })))
+-    except ldap.LDAPError as e:
+-        log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
+-                                                           e.message['desc']))
+-        raise e
+-
+-    def fin():
+-        log.info('Deleting user {}'.format(TEST_USER_DN))
+-        topology.standalone.delete_s(TEST_USER_DN)
+-    request.addfinalizer(fin)
+-
+-
+-@pytest.fixture(scope="module")
+-def password_policy(topology, test_user):
+-    """Set up password policy for subtree and user"""
+-
+-    log.info('Enable fine-grained policy')
+-    try:
+-        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
+-                                                  'nsslapd-pwpolicy-local',
+-                                                  'on')])
+-    except ldap.LDAPError as e:
+-        log.error('Failed to set fine-grained policy: error {}'.format(
+-            e.message['desc']))
+-        raise e
+-
+-    log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
+-    try:
+-        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+-                         '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
+-                         '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
+-    except subprocess.CalledProcessError as e:
+-        log.error('Failed to create pw policy policy for {}: error {}'.format(
+-            OU_PEOPLE, e.message['desc']))
+-        raise e
+-
+-    log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE))
+-    try:
+-        topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE,
+-                                                  'pwdpolicysubentry',
+-                                                  PW_POLICY_CONT_PEOPLE)])
+-    except ldap.LDAPError as e:
+-        log.error('Failed to pwdpolicysubentry pw policy '\
+-                  'policy for {}: error {}'.format(OU_PEOPLE,
+-                                                   e.message['desc']))
+-        raise e
+-
+-    log.info('Create password policy for subtree {}'.format(TEST_USER_DN))
+-    try:
+-        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+-                         '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
+-                         '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE])
+-    except subprocess.CalledProcessError as e:
+-        log.error('Failed to create pw policy policy for {}: error {}'.format(
+-            TEST_USER_DN, e.message['desc']))
+-        raise e
+-
+-    log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN))
+-    try:
+-        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+-                                                     'pwdpolicysubentry',
+-                                                     PW_POLICY_CONT_USER)])
+-    except ldap.LDAPError as e:
+-        log.error('Failed to pwdpolicysubentry pw policy '\
+-                  'policy for {}: error {}'.format(TEST_USER_DN,
+-                                                   e.message['desc']))
+-        raise e
+-
+-
+-@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',
+-                         [('off', 'on', None), ('on', 'on', None),
+-                          ('on', 'off', ldap.UNWILLING_TO_PERFORM),
+-                          ('off', 'off', ldap.UNWILLING_TO_PERFORM)])
+-def test_change_pwd(topology, test_user, password_policy,
+-                    subtree_pwchange, user_pwchange, exception):
+-    """Verify that 'passwordChange' attr works as expected
+-    User should have a priority over a subtree.
+-
+-    :Feature: Password policy
+-
+-    :Setup: Standalone instance, test user,
+-            password policy entries for a user and a subtree
+-
+-    :Steps: 1. Set passwordChange on the user and the subtree
+-               to various combinations
+-            2. Bind as test user
+-            3. Try to change password
+-
+-    :Assert: Subtree/User passwordChange - result
+-             off/on, on/on - success
+-             on/off, off/off - UNWILLING_TO_PERFORM
+-    """
+-
+-    log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange,
+-                                                      PW_POLICY_CONT_PEOPLE))
+-    try:
+-        topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
+-                                                             'passwordChange',
+-                                                             subtree_pwchange)])
+-    except ldap.LDAPError as e:
+-        log.error('Failed to set passwordChange '\
+-                  'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
+-                                                   e.message['desc']))
+-        raise e
+-
+-
+-    log.info('Set passwordChange to "{}" - {}'.format(user_pwchange,
+-                                                      PW_POLICY_CONT_USER))
+-    try:
+-        topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
+-                                                            'passwordChange',
+-                                                            user_pwchange)])
+-    except ldap.LDAPError as e:
+-        log.error('Failed to set passwordChange '\
+-                  'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
+-                                                   e.message['desc']))
+-        raise e
+-
+-    try:
+-        log.info('Bind as user and modify userPassword')
+-        topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+-        if exception:
+-            with pytest.raises(exception):
+-                topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+-                                                            'userPassword',
+-                                                            'new_pass')])
+-        else:
+-            topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+-                                                        'userPassword',
+-                                                        'new_pass')])
+-    except ldap.LDAPError as e:
+-        log.error('Failed to change userpassword for {}: error {}'.format(
+-            TEST_USER_DN, e.message['info']))
+-        raise e
+-    finally:
+-        log.info('Bind as DM')
+-        topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+-        topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+-                                                     'userPassword',
+-                                                     TEST_USER_PWD)])
+-
+-
+-if __name__ == '__main__':
+-    # Run isolated
+-    # -s for DEBUG mode
+-    CURRENT_FILE = os.path.realpath(__file__)
+-    pytest.main("-s %s" % CURRENT_FILE)
+-- 
+2.4.11
+
diff --git a/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch b/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
deleted file mode 100644
index 94219a4..0000000
--- a/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 0cb8a7e2f797b4d48a20e650cf8510b8495a35e6 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 11 Aug 2015 10:23:21 -0700
-Subject: [PATCH 43/45] Ticket #48245 - Man pages and help for remove-ds.pl
- doesn't display "-a" option
-
-Description: Adding the description for "-a" to the man page and the help usage.
-
-https://fedorahosted.org/389/ticket/48245
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit a2dbb56ec5ad468972a41a500e1cdbb4ced01cb0)
-(cherry picked from commit 06dafdfed1528ea6724f61492f4c93977a3ce809)
----
- ldap/admin/src/scripts/remove-ds.pl.in | 5 +++--
- man/man8/remove-ds.pl.8                | 5 ++++-
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in
-index e7eb591..b35ae32 100755
---- a/ldap/admin/src/scripts/remove-ds.pl.in
-+++ b/ldap/admin/src/scripts/remove-ds.pl.in
-@@ -21,8 +21,9 @@ Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd
- my $res = new Resource("@propertydir@/setup-ds.res");
- 
- sub usage {
--        print(STDERR "Usage: $0 [-f] [-d -d ... -d] -i instance\n\n");
--        print(STDERR " Opts: -f            - force removal\n");
-+        print(STDERR "Usage: $0 [-a] [-f] [-d -d ... -d] -i instance\n\n");
-+        print(STDERR " Opts: -a            - remove all\n");
-+        print(STDERR "       -f            - force removal\n");
-         print(STDERR "       -i instance   - instance name to remove (e.g. - slapd-example)\n");
-         print(STDERR "       -d            - turn on debugging output\n");
- }
-diff --git a/man/man8/remove-ds.pl.8 b/man/man8/remove-ds.pl.8
-index 8c7c118..0568ff8 100644
---- a/man/man8/remove-ds.pl.8
-+++ b/man/man8/remove-ds.pl.8
-@@ -19,7 +19,7 @@
- remove\-ds.pl \- Remove an instance of Directory Server
- .SH SYNOPSIS
- .B remove-ds.pl
--[\-f] [\-d \-d ... \-d] \-i \fIinstance\fR
-+[\-a] [\-f] [\-d \-d ... \-d] \-i \fIinstance\fR
- .SH DESCRIPTION
- Removes a Directory Server instance from the system.  The instance
- will be shutdown and the files will be removed.  The certificate
-@@ -33,6 +33,9 @@ will contain the retained certificate database files.
- .SH OPTIONS
- A summary of options is included below:
- .TP
-+.B \fB\-a\fR
-+Removes all files and directories belonging to the instance
-+.TP
- .B \fB\-f\fR
- Force removal
- .TP
--- 
-1.9.3
-
diff --git a/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch b/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch
new file mode 100644
index 0000000..be4eeee
--- /dev/null
+++ b/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch
@@ -0,0 +1,105 @@
+From 8bfade183d98992172425642edbfcf5952a74319 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 25 Aug 2016 13:39:25 -0400
+Subject: [PATCH 43/45] Ticket 48950 - Add systemd warning to the LD_PRELOAD
+ example in /etc/sysconfig/dirsrv
+
+Description:  systemd warning about omitting the PORT was missing from the
+              LD_PRELOAD example.
+
+              Also fixed up file format/layout..
+
+https://fedorahosted.org/389/ticket/48950
+
+Reviewed by: nhosoi, amsharma, lkrispen (Thanks!!!)
+
+(cherry picked from commit 1e44c1f321d03dcb30615bcacfc5c099612b1c66)
+---
+ ldap/admin/src/base-initconfig.in | 67 +++++++++++++++++++--------------------
+ 1 file changed, 33 insertions(+), 34 deletions(-)
+
+diff --git a/ldap/admin/src/base-initconfig.in b/ldap/admin/src/base-initconfig.in
+index 0481c3e..8507296 100644
+--- a/ldap/admin/src/base-initconfig.in
++++ b/ldap/admin/src/base-initconfig.in
+@@ -7,44 +7,43 @@
+ 
+ @preamble@
+ 
+-# In order to make more file descriptors available
+-# to the directory server, first make sure the system
+-# hard limits are raised, then use ulimit - uncomment
+-# out the following line and change the value to the
+-# desired value
+-# ulimit -n 8192
+-# note - if using systemd, ulimit won't work -  you must edit
+-# the systemd unit file for directory server to add the 
+-# LimitNOFILE option - see man systemd.exec for more info
+-
+-# A per instance keytab does not make much sense for servers.
+-# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN, there
+-# is nothing that can make a client understand how to get a per-instance ticket.
+-# Therefore by default a keytab should be considered a per server option.
+-
+-# Also this file is sourced for all instances, so again all
+-# instances would ultimately get the same keytab.
+-
++# In order to make more file descriptors available to the directory server,
++# first make sure the system hard limits are raised, then use ulimit -
++# uncomment out the following line and change the value to the desired value
++#ulimit -n 8192
++# note - if using systemd, ulimit won't work -  you must edit the systemd unit
++# file for directory server to add the LimitNOFILE option - see "man
++# systemd.exec" for more info
++
++# A per instance keytab does not make much sense for servers.  Kerberos clients
++# use the machine FQDN to obtain a ticket like ldap/FQDN, there is nothing that
++# can make a client understand how to get a per-instance ticket.  Therefore by
++# default a keytab should be considered a per server option.
++#
++# Also this file is sourced for all instances, so again all instances would
++# ultimately get the same keytab.
++#
+ # Finally a keytab is normally named either krb5.keytab or <service>.keytab
+-
+-# In order to use SASL/GSSAPI (Kerberos) the directory
+-# server needs to know where to find its keytab
+-# file - uncomment the following line and set
+-# the path and filename appropriately
+-# if using systemd, omit the "; export VARNAME" at the end
+-# KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
+-
+-# how many seconds to wait for the startpid file to show
+-# up before we assume there is a problem and fail to start
+-# if using systemd, omit the "; export VARNAME" at the end
++#
++# In order to use SASL/GSSAPI (Kerberos) the directory server needs to know
++# where to find its keytab file - uncomment the following line and set the
++# path and filename appropriately.
++# If using systemd, omit the "; export VARNAME" at the end.
++#KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
++
++# How many seconds to wait for the startpid file to show up before we assume
++# there is a problem and fail to start.
++# If using systemd, omit the "; export STARTPID_TIME" at the end.
+ #STARTPID_TIME=10 ; export STARTPID_TIME
+-# how many seconds to wait for the pid file to show
+-# up before we assume there is a problem and fail to start
+-# if using systemd, omit the "; export VARNAME" at the end
++
++# How many seconds to wait for the pid file to show up before we assume there
++# is a problem and fail to start.
++# If using systemd, omit the "; export PID_TIME" at the end.
+ #PID_TIME=600 ; export PID_TIME
+ 
+ # The tcmalloc memory allocator has been shown to have a positive impact on
+ # the Directory Server's virtual & resident memory size/growth.  tcmalloc is
+-# available on RHEL/Fedora in the gperftools package (this could be different
+-# on other platforms).  Here is an example of preloading tcmalloc:
++# available on RHEL/Fedora in the gperftools-libs package (this could be
++# different on other platforms).
++# If using systemd, omit the "; export LD_PRELOAD" at the end.
+ #LD_PRELOAD=@libdir@/libtcmalloc.so.4 ; export LD_PRELOAD
+-- 
+2.4.11
+
diff --git a/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch b/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
deleted file mode 100644
index 75a2224..0000000
--- a/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3598e701b5362633daa40380088d6ba9c8e2d103 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 14 Aug 2015 12:32:31 +0200
-Subject: [PATCH 44/45] Ticket 48249: sync_repl uuid may be invalid
-
-Bug Description:
-	uuid is computed from nsuniqueid of the entry.
-	If the computed uuid contains NULL char, slapi_ch_smprintf("%s")
-	will stop on the it, leaving the rest of the buffer with the value
-	that was on the heap at that time
-
-Fix Description:
-	use malloc/memcpy instead of slapi_ch_smprintf
-
-https://fedorahosted.org/389/ticket/48249
-
-Reviewed by: Noriko Hosoi (thank you !!)
-
-Platforms tested: F22
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit a80fe155cb302e0ef10e14cb238c88698b5995a2)
----
- ldap/servers/plugins/sync/sync_util.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
-index 00dc182..1dcff91 100644
---- a/ldap/servers/plugins/sync/sync_util.c
-+++ b/ldap/servers/plugins/sync/sync_util.c
-@@ -107,7 +107,8 @@ sync_nsuniqueid2uuid(const char *nsuniqueid)
- 
- 	u[16] = '\0';
- 
--	uuid = slapi_ch_smprintf("%s",(char *)u);
-+	uuid = slapi_ch_malloc(sizeof(u));
-+	memcpy(uuid, u, sizeof(u));
- 
- 	return(uuid);
- }
--- 
-1.9.3
-
diff --git a/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch b/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch
new file mode 100644
index 0000000..6605130
--- /dev/null
+++ b/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch
@@ -0,0 +1,582 @@
+From e48616639e254b698edaa778d41597094243ced5 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 26 Aug 2016 15:04:02 -0400
+Subject: [PATCH 44/45] Ticket 48957 - set proper update status to replication 
+ agreement in case of failure
+
+Bug Description:  If a replication agreement fails to send updates it always returns
+                  a generic error message even though there are many ways it could be
+                  failing.
+
+Fix Description:  Set a proper error message when we fail to update a replica.  Also made
+                  all the messages consistent in format, and added new response strings
+                  for known errors.
+
+                  Also fixed some minor compiler warnings.
+
+https://fedorahosted.org/389/ticket/48957
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit cdf4fb4ea6f26b4198d2d6b146ca51dcd51a31ef)
+---
+ ldap/servers/plugins/replication/repl5.h           | 15 +++--
+ ldap/servers/plugins/replication/repl5_agmt.c      | 26 ++++----
+ .../plugins/replication/repl5_inc_protocol.c       | 70 ++++++++++++++--------
+ .../plugins/replication/repl5_protocol_util.c      | 65 ++++++++++++++++++--
+ .../plugins/replication/repl5_replica_config.c     |  4 +-
+ ldap/servers/plugins/replication/repl5_total.c     |  5 +-
+ 6 files changed, 132 insertions(+), 53 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
+index 6f6c81a..13a38fd 100644
+--- a/ldap/servers/plugins/replication/repl5.h
++++ b/ldap/servers/plugins/replication/repl5.h
+@@ -91,11 +91,16 @@
+ #define NSDS50_REPL_BELOW_PURGEPOINT 0x07 /* Supplier provided a CSN below the consumer's purge point */
+ #define NSDS50_REPL_INTERNAL_ERROR 0x08 /* Something bad happened on consumer */
+ #define NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED 0x09 /* Replica released successfully */
+-#define NSDS50_REPL_LEGACY_CONSUMER 0x0A    /* replica is a legacy consumer */
+-#define NSDS50_REPL_REPLICAID_ERROR 0x0B	/* replicaID doesn't seem to be unique */
+-#define NSDS50_REPL_DISABLED 0x0C	/* replica suffix is disabled */
+-#define NSDS50_REPL_UPTODATE 0x0D	/* replica is uptodate */
+-#define NSDS50_REPL_BACKOFF 0x0E        /* replica wants master to go into backoff mode */
++#define NSDS50_REPL_LEGACY_CONSUMER 0x0A /* replica is a legacy consumer */
++#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */
++#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */
++#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */
++#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */
++#define NSDS50_REPL_CL_ERROR 0x0F /* Problem reading changelog */
++#define NSDS50_REPL_CONN_ERROR 0x10 /* Problem with replication connection*/
++#define NSDS50_REPL_CONN_TIMEOUT 0x11 /* Connection timeout */
++#define NSDS50_REPL_TRANSIENT_ERROR 0x12 /* Transient error */
++#define NSDS50_REPL_RUV_ERROR 0x13 /* Problem with the RUV */
+ #define NSDS50_REPL_REPLICA_NO_RESPONSE 0xff /* No response received */
+ 
+ /* Protocol status */
+diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
+index 76d26a1..52cc8b6 100644
+--- a/ldap/servers/plugins/replication/repl5_agmt.c
++++ b/ldap/servers/plugins/replication/repl5_agmt.c
+@@ -2460,9 +2460,9 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
+ 					replmsg = NULL;
+ 				}
+ 			}
+-			PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s%sLDAP error: %s%s%s",
++			PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) %s%s - LDAP error: %s%s%s%s",
+ 				ldaprc, message?message:"",message?"":" - ",
+-				slapi_err2string(ldaprc), replmsg ? " - " : "", replmsg ? replmsg : "");
++				slapi_err2string(ldaprc), replmsg ? " (" : "", replmsg ? replmsg : "", replmsg ? ")" : "");
+ 		}
+ 		/* ldaprc == LDAP_SUCCESS */
+ 		else if (replrc != 0)
+@@ -2470,16 +2470,15 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
+ 			if (replrc == NSDS50_REPL_REPLICA_BUSY)
+ 			{
+ 				PR_snprintf(ra->last_update_status, STATUS_LEN,
+-					"%d Can't acquire busy replica", replrc ); 
++					"Error (%d) Can't acquire busy replica", replrc );
+ 			}
+ 			else if (replrc == NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED)
+ 			{
+-				PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s",
+-					ldaprc, "Replication session successful");
++				PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (0) Replication session successful");
+ 			}
+ 			else if (replrc == NSDS50_REPL_DISABLED)
+ 			{
+-				PR_snprintf(ra->last_update_status, STATUS_LEN, "%d Incremental update aborted: "
++				PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) Incremental update aborted: "
+ 					"Replication agreement for %s\n can not be updated while the replica is disabled.\n"
+ 					"(If the suffix is disabled you must enable it then restart the server for replication to take place).",
+ 					replrc, ra->long_name ? ra->long_name : "a replica");
+@@ -2493,20 +2492,18 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
+ 			else
+ 			{
+ 				PR_snprintf(ra->last_update_status, STATUS_LEN,
+-					"%d Replication error acquiring replica: %s%s%s",
+-					replrc, protocol_response2string(replrc),
+-					message?" - ":"",message?message:"");
++					"Error (%d) Replication error acquiring replica: %s%s(%s)",
++					replrc, message?message:"", message?" ":"", protocol_response2string(replrc));
+ 			}
+ 		}
+ 		else if (message != NULL) /* replrc == NSDS50_REPL_REPLICA_READY == 0 */
+ 		{
+-			PR_snprintf(ra->last_update_status, STATUS_LEN, 
+-						"%d Replica acquired successfully: %s",
+-						ldaprc, message);
++			PR_snprintf(ra->last_update_status, STATUS_LEN,
++				"Error (0) Replica acquired successfully: %s", message);
+ 		}
+ 		else
+ 		{ /* agmt_set_last_update_status(0,0,NULL) to reset agmt */
+-			PR_snprintf(ra->last_update_status, STATUS_LEN, "%d", ldaprc);
++			ra->last_update_status[0] = '\0';
+ 		}
+ 	}
+ }
+@@ -2737,7 +2734,8 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
+ 		slapi_entry_add_string(e, "nsds5replicaChangesSentSinceStartup", changecount_string);
+ 		if (ra->last_update_status[0] == '\0')
+ 		{
+-			slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus", "0 No replication sessions started since server startup");
++			slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus",
++			                       "Error (0) No replication sessions started since server startup");
+ 		}
+ 		else
+ 		{
+diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+index 27bac5d..d1de6c5 100644
+--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+@@ -671,7 +671,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+   int wait_change_timer_set = 0;
+   int current_state = STATE_START;
+   int next_state = STATE_START;
+-  int optype, ldaprc;
+   int done;
+   int e1;
+ 
+@@ -838,14 +837,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+           } else if (rc == ACQUIRE_FATAL_ERROR){
+               next_state = STATE_STOP_FATAL_ERROR;
+           }
+-
+-          if (rc != ACQUIRE_SUCCESS){
+-              int optype, ldaprc;
+-              conn_get_error(prp->conn, &optype, &ldaprc);
+-              agmt_set_last_update_status(prp->agmt, ldaprc,
+-                  prp->last_acquire_response_code, "Unable to acquire replica");
+-          }
+-
+           object_release(prp->replica_object);
+           break;
+ 
+@@ -934,10 +925,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+               } else if (rc == ACQUIRE_FATAL_ERROR){
+                   next_state = STATE_STOP_FATAL_ERROR;
+               }
+-              if (rc != ACQUIRE_SUCCESS){
+-                  conn_get_error(prp->conn, &optype, &ldaprc);
+-                  agmt_set_last_update_status(prp->agmt, ldaprc, prp->last_acquire_response_code, "Unable to acquire replica");
+-              }
+               /*
+                * We either need to step the backoff timer, or
+                * destroy it if we don't need it anymore
+@@ -1037,7 +1024,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+                   slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+                       "%s: Replica has no update vector. It has never been initialized.\n",
+                       agmt_get_long_name(prp->agmt));
+-                  agmt_set_last_update_status(prp->agmt, 0, rc, "Replica is not initialized");
++                  agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
++                      "Replica is not initialized");
+                   next_state = STATE_BACKOFF_START;
+                   break;
+               case EXAMINE_RUV_GENERATION_MISMATCH:
+@@ -1045,8 +1033,9 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+                       "%s: The remote replica has a different database generation ID than "
+                       "the local database.  You may have to reinitialize the remote replica, "
+                       "or the local replica.\n", agmt_get_long_name(prp->agmt));
+-                  agmt_set_last_update_status(prp->agmt, 0, rc, "Replica has different database "
+-                      "generation ID, remote replica may need to be initialized");
++                  agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
++                      "Replica has different database generation ID, remote "
++                      "replica may need to be initialized");
+                   next_state = STATE_BACKOFF_START;
+                   break;
+               case EXAMINE_RUV_REPLICA_TOO_OLD:
+@@ -1054,7 +1043,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+                       "%s: Replica update vector is too out of date to bring "
+                       "into sync using the incremental protocol. The replica "
+                       "must be reinitialized.\n", agmt_get_long_name(prp->agmt));
+-                  agmt_set_last_update_status(prp->agmt, 0, rc, "Replica needs to be reinitialized");
++                  agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
++                      "Replica needs to be reinitialized");
+                   next_state = STATE_BACKOFF_START;
+                   break;
+               case EXAMINE_RUV_OK:
+@@ -1069,11 +1059,15 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+                       slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+                           "%s: Incremental protocol: fatal error - too much time skew between replicas!\n",
+                           agmt_get_long_name(prp->agmt));
++                      agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_EXCESSIVE_CLOCK_SKEW,
++                          "fatal error - too much time skew between replicas");
+                       next_state = STATE_STOP_FATAL_ERROR;
+                   } else if (rc != 0) /* internal error */ {
+                       slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+                           "%s: Incremental protocol: fatal internal error updating the CSN generator!\n",
+                           agmt_get_long_name(prp->agmt));
++                      agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_INTERNAL_ERROR,
++                          "fatal internal error updating the CSN generator");
+                       next_state = STATE_STOP_FATAL_ERROR;
+                   } else {
+                       /*
+@@ -1097,7 +1091,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+                           next_state = STATE_BACKOFF_START;
+                       } else if (rc == UPDATE_TRANSIENT_ERROR){
+                           dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TRANSIENT_ERROR -> STATE_BACKOFF_START");
+-                          agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update transient error.  Backing off, will retry update later.");
++                          agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_TRANSIENT_ERROR,
++                              "Incremental update transient error.  Backing off, will retry update later.");
+                           next_state = STATE_BACKOFF_START;
+                       } else if (rc == UPDATE_FATAL_ERROR){
+                           dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_FATAL_ERROR -> STATE_STOP_FATAL_ERROR");
+@@ -1114,11 +1109,13 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+                           conn_disconnect (prp->conn);
+                       } else if (rc == UPDATE_CONNECTION_LOST){
+                           dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_CONNECTION_LOST -> STATE_BACKOFF_START");
+-                          agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update connection error.  Backing off, will retry update later.");
++                          agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_ERROR,
++                              "Incremental update connection error.  Backing off, will retry update later.");
+                           next_state = STATE_BACKOFF_START;
+                       } else if (rc == UPDATE_TIMEOUT){
+                           dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TIMEOUT -> STATE_BACKOFF_START");
+-                          agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update timeout error.  Backing off, will retry update later.");
++                          agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_TIMEOUT,
++                              "Incremental update timeout error.  Backing off, will retry update later.");
+                           next_state = STATE_BACKOFF_START;
+                       }
+                       /* Set the updates times based off the result of send_updates() */
+@@ -1173,8 +1170,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+           /*
+            * We encountered some sort of a fatal error. Suspend.
+            */
+-          /* XXXggood update state in replica */
+-          agmt_set_last_update_status(prp->agmt, -1, 0, "Incremental update has failed and requires administrator action");
+           dev_debug("repl5_inc_run(STATE_STOP_FATAL_ERROR)");
+           slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+               "%s: Incremental update failed and requires administrator action\n",
+@@ -1630,30 +1625,40 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				"%s: Invalid parameter passed to cl5CreateReplayIterator\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"Invalid parameter passed to cl5CreateReplayIterator");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_BAD_FORMAT:     /* db data has unexpected format */
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				"%s: Unexpected format encountered in changelog database\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"Unexpected format encountered in changelog database");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_BAD_STATE: /* changelog is in an incorrect state for attempted operation */
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				"%s: Changelog database was in an incorrect state\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"Changelog database was in an incorrect state");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_BAD_DBVERSION:  /* changelog has invalid dbversion */
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				"%s: Incorrect dbversion found in changelog database\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"Incorrect dbversion found in changelog database");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_DB_ERROR:       /* database error */
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				"%s: A changelog database error was encountered\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"Changelog database error was encountered");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_NOTFOUND:       /* we have no changes to send */
+@@ -1666,6 +1671,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				"%s: Memory allocation error occurred\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"changelog memory allocation error occurred");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_SYSTEM_ERROR:   /* NSPR error occurred: use PR_GetError for further info */
+@@ -1694,15 +1701,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 			break;
+ 		case CL5_PURGED_DATA:    /* requested data has been purged */
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+-				"%s: Data required to update replica has been purged. "
++				"%s: Data required to update replica has been purged from the changelog. "
+ 				"The replica must be reinitialized.\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"Data required to update replica has been purged from the changelog. "
++				"The replica must be reinitialized.");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_MISSING_DATA:   /* data should be in the changelog, but is missing */
+ 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				"%s: Missing data encountered\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++				"Changelog data is missing");
+ 			return_value = UPDATE_FATAL_ERROR;
+ 			break;
+ 		case CL5_UNKNOWN_ERROR:   /* unclassified error */
+@@ -1738,8 +1750,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 			rc = repl5_inc_create_async_result_thread(rd);
+ 			if (rc) {
+ 				slapi_log_error (SLAPI_LOG_FATAL, repl_plugin_name, "%s: repl5_inc_run: "
+-							 "repl5_tot_create_async_result_thread failed; error - %d\n", 
++							 "repl5_inc_create_async_result_thread failed; error - %d\n",
+ 							 agmt_get_long_name(prp->agmt), rc);
++				agmt_set_last_update_status(prp->agmt, 0, rc, "Failed to create result thread");
+ 				return_value = UPDATE_FATAL_ERROR;
+ 			}
+ 		}
+@@ -1898,6 +1911,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 					"%s: Invalid parameter passed to cl5GetNextOperationToReplay\n",
+ 					agmt_get_long_name(prp->agmt));
++				agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++					"Invalid parameter passed to cl5GetNextOperationToReplay");
+ 				return_value = UPDATE_FATAL_ERROR;
+ 				finished = 1;
+ 				break;
+@@ -1912,6 +1927,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 					"%s: A database error occurred (cl5GetNextOperationToReplay)\n",
+ 					agmt_get_long_name(prp->agmt));
++				agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++					"Database error occurred while getting the next operation to replay");
+ 				return_value = UPDATE_FATAL_ERROR;
+ 				finished = 1;
+ 				break;
+@@ -1922,8 +1939,10 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 				break;
+ 			case CL5_MEMORY_ERROR:
+ 				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+-					"%s: A memory allocation error occurred (cl5GetNextOperationToRepla)\n",
++					"%s: A memory allocation error occurred (cl5GetNextOperationToReplay)\n",
+ 					agmt_get_long_name(prp->agmt));
++				agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++					"Memory allocation error occurred (cl5GetNextOperationToReplay)");
+ 				return_value = UPDATE_FATAL_ERROR;
+ 				break;
+ 			case CL5_IGNORE_OP:
+@@ -1985,6 +2004,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ 			if (!replarea_sdn) {
+ 				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ 				                "send_updates: Unknown replication area due to agreement not found.");
++				agmt_set_last_update_status(prp->agmt, 0, -1, "Agreement is corrupted: missing suffix");
+ 				return_value = UPDATE_FATAL_ERROR;
+ 			} else {
+ 				replica_subentry_update(replarea_sdn, rid);
+diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
+index ce27a8a..ce6281a 100644
+--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
++++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
+@@ -140,10 +140,18 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 	crc = conn_connect(conn);
+ 	if (CONN_OPERATION_FAILED == crc)
+ 	{
++		int operation, error;
++		conn_get_error(conn, &operation, &error);
++		agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
++			"Problem connecting to replica");
+ 		return_value = ACQUIRE_TRANSIENT_ERROR;
+ 	}
+ 	else if (CONN_SSL_NOT_ENABLED == crc)
+ 	{
++		int operation, error;
++		conn_get_error(conn, &operation, &error);
++		agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
++			"Problem connecting to replica (SSL not enabled)");
+ 		return_value = ACQUIRE_FATAL_ERROR;
+ 	}
+ 	else
+@@ -295,6 +303,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 								"an internal error occurred on the remote replica. "
+ 								"Replication is aborting.\n",
+ 								agmt_get_long_name(prp->agmt));
++							agmt_set_last_update_status(prp->agmt, 0, extop_result,
++								"Failed to acquire replica: "
++								"Internal error occurred on the remote replica");
+ 							return_value = ACQUIRE_FATAL_ERROR;
+ 							break;
+ 					case NSDS50_REPL_PERMISSION_DENIED:
+@@ -307,6 +318,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 								"supply replication updates to the replica. "
+ 								"Will retry later.\n",
+ 								agmt_get_long_name(prp->agmt), repl_binddn);
++							agmt_set_last_update_status(prp->agmt, 0, extop_result,
++								"Unable to acquire replica: permission denied. "
++								"The bind dn does not have permission to "
++								"supply replication updates to the replica. "
++								"Will retry later.");
+ 							slapi_ch_free((void **)&repl_binddn);
+ 							return_value = ACQUIRE_TRANSIENT_ERROR;
+ 							break;
+@@ -321,6 +337,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 								"Replication is aborting.\n",
+ 								agmt_get_long_name(prp->agmt),
+ 								slapi_sdn_get_dn(repl_root));
++							agmt_set_last_update_status(prp->agmt, 0, extop_result,
++								"Unable to acquire replica: there is no "
++								"replicated area on the consumer server. "
++								"Replication is aborting.");
+ 							slapi_sdn_free(&repl_root);
+ 							return_value = ACQUIRE_FATAL_ERROR;
+ 							break;
+@@ -342,6 +362,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 							"startReplicationRequest extended operation sent by the "
+ 							"supplier. Replication is aborting.\n",
+ 							agmt_get_long_name(prp->agmt));
++						agmt_set_last_update_status(prp->agmt, 0, extop_result,
++							"Unable to acquire replica: "
++							"the consumer was unable to decode the "
++							"startReplicationRequest extended operation sent "
++							"by the supplier. Replication is aborting.");
+ 						return_value = ACQUIRE_FATAL_ERROR;
+ 						break;
+ 					case NSDS50_REPL_REPLICA_BUSY:
+@@ -365,6 +390,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 								"by another supplier. Will try later\n",
+ 								agmt_get_long_name(prp->agmt));
+ 						}
++						agmt_set_last_update_status(prp->agmt, 0, extop_result,
++							"Unable to acquire replica: "
++							"the replica is currently being updated by another "
++							"supplier.");
+ 						return_value = ACQUIRE_REPLICA_BUSY;
+ 						break;
+ 					case NSDS50_REPL_LEGACY_CONSUMER:
+@@ -373,6 +402,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 							"%s: Unable to acquire replica: the replica "
+ 							"is supplied by a legacy supplier. "
+ 							"Replication is aborting.\n", agmt_get_long_name(prp->agmt));
++						agmt_set_last_update_status(prp->agmt, 0, extop_result,
++							"Unable to acquire replica: the replica is supplied "
++							"by a legacy supplier.  Replication is aborting.");
+ 						return_value = ACQUIRE_FATAL_ERROR;
+ 						break;
+ 					case NSDS50_REPL_REPLICAID_ERROR:
+@@ -382,6 +414,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 							"has the same Replica ID as this one. "
+ 							"Replication is aborting.\n",
+ 							agmt_get_long_name(prp->agmt));
++						agmt_set_last_update_status(prp->agmt, 0, 0,
++							"Unable to aquire replica: the replica has the same "
++							"Replica ID as this one. Replication is aborting.");
+ 						return_value = ACQUIRE_FATAL_ERROR;
+ 						break;
+ 					case NSDS50_REPL_BACKOFF:
+@@ -392,6 +427,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+                                                         "the replica instructed us to go into "
+                                                         "backoff mode. Will retry later.\n",
+                                                         agmt_get_long_name(prp->agmt));
++						agmt_set_last_update_status(prp->agmt, 0, extop_result,
++							"Unable to acquire replica: the replica instructed "
++							"us to go into backoff mode. Will retry later.");
+ 						return_value = ACQUIRE_TRANSIENT_ERROR;
+ 						break;
+ 					case NSDS50_REPL_REPLICA_READY:
+@@ -450,6 +488,8 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 						return_value = ACQUIRE_SUCCESS;
+ 						break;
+ 					default:
++						agmt_set_last_update_status(prp->agmt, 0, extop_result,
++							"Unable to acquire replica");
+ 						return_value = ACQUIRE_FATAL_ERROR;
+ 					}
+ 				}
+@@ -461,6 +501,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 						"startReplication extended operation. "
+ 						"Replication is aborting.\n", 
+ 						agmt_get_long_name(prp->agmt));
++					agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_DECODING_ERROR,
++						"Unable to parse the response to the "
++						"startReplication extended operation. "
++						"Replication is aborting.");
+ 					prp->last_acquire_response_code = NSDS50_REPL_INTERNAL_ERROR;
+ 					return_value = ACQUIRE_FATAL_ERROR;
+ 				}
+@@ -477,6 +521,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 					"extended operation to consumer (%s). Will retry later.\n",
+ 					agmt_get_long_name(prp->agmt),
+ 					error ? ldap_err2string(error) : "unknown error");
++				agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
++					"Unable to receive the response for a startReplication "
++					"extended operation to consumer. Will retry later.");
+ 			}
+ 		}
+ 		else
+@@ -486,6 +533,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ 				"%s: Unable to obtain current CSN. "
+ 				"Replication is aborting.\n",
+ 				agmt_get_long_name(prp->agmt));
++			agmt_set_last_update_status(prp->agmt, 0, 0,
++				"Unable to obtain current CSN. "
++				"Replication is aborting.");
+ 			return_value = ACQUIRE_FATAL_ERROR;
+ 		}
+ 	}
+@@ -535,8 +585,8 @@ release_replica(Private_Repl_Protocol *prp)
+ 	PR_ASSERT(NULL != prp);
+ 	PR_ASSERT(NULL != prp->conn);
+ 
+-    if (!prp->replica_acquired)
+-        return;
++	if (!prp->replica_acquired)
++		return;
+     
+ 	replarea_sdn = agmt_get_replarea(prp->agmt);
+ 	payload = NSDS50EndReplicationRequest_new((char *)slapi_sdn_get_dn(replarea_sdn)); /* XXXggood had to cast away const */
+@@ -650,9 +700,14 @@ protocol_response2string (int response)
+         case NSDS50_REPL_BELOW_PURGEPOINT:          return "csn below purge point";
+         case NSDS50_REPL_INTERNAL_ERROR:            return "internal error";
+         case NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED: return "replica released";
+-        case NSDS50_REPL_LEGACY_CONSUMER:           return "replica is a legacy consumer";						
+-		case NSDS50_REPL_REPLICAID_ERROR:			return "duplicate replica ID detected";
+-		case NSDS50_REPL_UPTODATE:					return "no change to send";
++        case NSDS50_REPL_LEGACY_CONSUMER:           return "replica is a legacy consumer";
++        case NSDS50_REPL_REPLICAID_ERROR:           return "duplicate replica ID detected";
++        case NSDS50_REPL_UPTODATE:                  return "no change to send";
++        case NSDS50_REPL_CL_ERROR:                  return "changelog error";
++        case NSDS50_REPL_CONN_ERROR:                return "connection error";
++        case NSDS50_REPL_CONN_TIMEOUT:              return "connection timeout";
++        case NSDS50_REPL_TRANSIENT_ERROR:           return "transient error";
++        case NSDS50_REPL_RUV_ERROR:                 return "RUV error";
+         default:                                    return "unknown error";
+     }
+ }
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index 011e4ca..59e5298 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -639,8 +639,8 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
+ 	}
+ 
+ done:
+-    if (mtnode_ext->replica)
+-        object_release (mtnode_ext->replica);
++	if (mtnode_ext->replica)
++		object_release (mtnode_ext->replica);
+ 
+ 	/* slapi_ch_free accepts NULL pointer */
+ 	slapi_ch_free_string(&replica_root);
+diff --git a/ldap/servers/plugins/replication/repl5_total.c b/ldap/servers/plugins/replication/repl5_total.c
+index 0512dfa..dcb7af5 100644
+--- a/ldap/servers/plugins/replication/repl5_total.c
++++ b/ldap/servers/plugins/replication/repl5_total.c
+@@ -533,8 +533,9 @@ my_ber_scanf_value(BerElement *ber, Slapi_Value **value, PRBool *deleted)
+ 		goto loser;
+ 	}
+ 	
+-    if (attrval)
+-        ber_bvfree(attrval); 
++	if (attrval)
++		ber_bvfree(attrval);
++
+ 	return 0;
+ 
+ loser:
+-- 
+2.4.11
+
diff --git a/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch b/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
deleted file mode 100644
index 077923f..0000000
--- a/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 0cf9e38234476a0f3680ea388351f9bf90735818 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 14 Aug 2015 11:19:24 -0700
-Subject: [PATCH 45/45] Ticket #48250 - Slapd crashes reported from latest
- build
-
-Bug Description: There was a conflict between an import task and
-deleting the instance.  While the import task was still running,
-the backend instance was removed, which should have been rejected.
-
-Fix Description: Backend tasks keeps instance refcnt positive and
-disable the backend in the mapping tree.  This patch adds the
-check for the mapping tree in the backend deletion callback.  If
-the instance refcnt is positive or the mapping tree is disabled,
-the deletion is backed off.
-
-For the backend deletion, the referral info is not needed.  To
-reduce unnecessary allocation and free, adding the code which
-checks if the given referral variable is NULL or not to mtn_get_be.
-If it is NULL, no allocation for the referral entry occurs.
-
-https://fedorahosted.org/389/ticket/48250
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 01fea1f89a680358245677f72a67e9ccf196f66d)
-(cherry picked from commit 7a4b0a705ec7376e704f6ae591beabf6c8f890af)
----
- ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 11 +++--
- ldap/servers/slapd/mapping_tree.c                | 52 ++++++++++++++----------
- 2 files changed, 39 insertions(+), 24 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
-index 895d846..42c8ffe 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
-@@ -128,7 +128,7 @@ ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_
- 
- /*
-  * Config DSE callback for index deletes.
-- */	
-+ */
- int 
- ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg) 
- { 
-@@ -138,15 +138,19 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
-   const struct berval *attrValue;
-   int rc = SLAPI_DSE_CALLBACK_OK;
-   struct attrinfo *ainfo = NULL;
-+  Slapi_Backend *be = NULL;
-   
-   returntext[0] = '\0';
-   *returncode = LDAP_SUCCESS;
- 
--  if (slapi_counter_get_value(inst->inst_ref_count) > 0) {
-+  if ((slapi_counter_get_value(inst->inst_ref_count) > 0) ||
-+      /* check if the backend is ON or not. 
-+       * If offline or being deleted, non SUCCESS is returned. */
-+      (slapi_mapping_tree_select(pb, &be, NULL, returntext) != LDAP_SUCCESS)) {
-     *returncode = LDAP_UNAVAILABLE;
-     rc = SLAPI_DSE_CALLBACK_ERROR;
-+    goto bail;
-   }
--
-   *returncode = LDAP_SUCCESS;
-   
-   slapi_entry_attr_find(e, "cn", &attr);
-@@ -165,6 +169,7 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
-       rc = SLAPI_DSE_CALLBACK_ERROR;
-     }
-   }
-+bail:
-   return rc;
- }
- 
-diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
-index ca8d6af..165eba1 100644
---- a/ldap/servers/slapd/mapping_tree.c
-+++ b/ldap/servers/slapd/mapping_tree.c
-@@ -2171,7 +2171,9 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
-     } 
- 
-     be[0] = NULL;
--    referral[0] = NULL;
-+    if (referral) {
-+        referral[0] = NULL;
-+    }
- 
-     mtn_lock();
- 
-@@ -2658,7 +2660,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
-          ((SLAPI_OPERATION_SEARCH == op_type)||(SLAPI_OPERATION_BIND == op_type) || 
-          (SLAPI_OPERATION_UNBIND == op_type) || (SLAPI_OPERATION_COMPARE == op_type))) ||
-         override_referral) {
--        *referral = NULL;
-+        if (referral) {
-+            *referral = NULL;
-+        }
-         if ((target_node == mapping_tree_root) ){
-             /* If we got here, then we couldn't find a matching node 
-              * for the target. We'll use the default backend.  Once
-@@ -2679,22 +2683,25 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
-                     /* there is only one backend no choice possible */
-                     *index = 0;
-                 } else {
--                    *index = mtn_get_be_distributed(pb, target_node,
--                         target_sdn, &flag_stop);
--			if (*index == SLAPI_BE_NO_BACKEND) 
--				result = LDAP_UNWILLING_TO_PERFORM;
--            	}
--           }
--	   if (*index == SLAPI_BE_REMOTE_BACKEND) {
--           	*be = NULL;
--               	*referral = (target_node->mtn_referral_entry ?
--                       		slapi_entry_dup(target_node->mtn_referral_entry) :
--                       		NULL);
-+                    *index = mtn_get_be_distributed(pb, target_node, target_sdn, &flag_stop);
-+                    if (*index == SLAPI_BE_NO_BACKEND) {
-+                        result = LDAP_UNWILLING_TO_PERFORM;
-+                    }
-+                }
-+            }
-+            if (*index == SLAPI_BE_REMOTE_BACKEND) {
-+                *be = NULL;
-+                if (referral) {
-+                    *referral = (target_node->mtn_referral_entry ?
-+                                slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
-+                }
-                 (*index)++;
-             }else if ((*index == SLAPI_BE_NO_BACKEND) || (*index >= target_node->mtn_be_count)) {
--        	/* we have already returned all backends -> return NULL */
-+                /* we have already returned all backends -> return NULL */
-                 *be = NULL;
--                *referral = NULL;
-+                if (referral) {
-+                    *referral = NULL;
-+                }
-             } else {
-                 /* return next backend, increment index */
-                 *be = target_node->mtn_be[*index];
-@@ -2749,7 +2756,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
-              * send back NULL to jump to next node 
-              */
-             *be = NULL;
--            *referral = NULL;
-+            if (referral) {
-+                *referral = NULL;
-+            }
-             result = LDAP_SUCCESS;
-         } else {
-             /* first time we hit this referral -> return it
-@@ -2758,11 +2767,12 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
-              * returned this referral
-              */
-             *be = NULL;
--            *referral = (target_node->mtn_referral_entry ?
--                         slapi_entry_dup(target_node->mtn_referral_entry) :
--                         NULL);
-+            if (referral) {
-+                *referral = (target_node->mtn_referral_entry ?
-+                             slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
-+            }
-             (*index)++;
--            if (NULL == *referral) {
-+            if (NULL == target_node->mtn_referral_entry) {
-                 if (errorbuf) {
-                     PR_snprintf(errorbuf, BUFSIZ,
-                     "Mapping tree node for %s is set to return a referral,"
-@@ -2782,7 +2792,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
-                 "mapping tree selected backend : %s\n",
-                 slapi_be_get_name(*be));
-             slapi_be_Rlock(*be);
--        } else if (*referral) {
-+        } else if (referral && *referral) {
-             slapi_log_error(SLAPI_LOG_ARGS, NULL,
-                 "mapping tree selected referral at node : %s\n",
-                 slapi_sdn_get_dn(target_node->mtn_subtree));
--- 
-1.9.3
-
diff --git a/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch b/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch
new file mode 100644
index 0000000..094033c
--- /dev/null
+++ b/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch
@@ -0,0 +1,227 @@
+From 1c4faa3c235c42abde1d7fe93cb43429772b65a6 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 26 Aug 2016 18:51:42 -0400
+Subject: [PATCH 45/45] Ticket 48972 - remove old pwp code that adds/removes
+ ACIs
+
+Bug Description:  Old legacy code is still present in the DS that used
+                  to enforce the password policy "user may change password"
+                  using ACIs.  This old code would re-add the ACI for
+                  selfwrite on userpassword at server startup.
+
+Fix Description:  The current password policy does not depend on these access
+                  access control rules to enforce if a user can change their
+                  password or not.
+
+https://fedorahosted.org/389/ticket/48972
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 32881be120f14b952de67a0d533ad94ba0956093)
+---
+ ldap/servers/slapd/add.c        | 15 --------
+ ldap/servers/slapd/libglobs.c   | 14 -------
+ ldap/servers/slapd/proto-slap.h |  3 --
+ ldap/servers/slapd/pw.c         | 81 -----------------------------------------
+ ldap/servers/slapd/pw_mgmt.c    |  9 +----
+ 5 files changed, 1 insertion(+), 121 deletions(-)
+
+diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
+index 629017e..708d3e7 100644
+--- a/ldap/servers/slapd/add.c
++++ b/ldap/servers/slapd/add.c
+@@ -643,21 +643,6 @@ static void op_shared_add (Slapi_PBlock *pb)
+     }
+ 
+ 	slapi_pblock_set(pb, SLAPI_BACKEND, be);
+-	/* we set local password policy ACI for non-replicated operations only */
+-	if (!repl_op &&
+-		!operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP) &&
+-		!operation_is_flag_set(operation, OP_FLAG_LEGACY_REPLICATION_DN) &&
+-		!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA) &&
+-		!slapi_be_private(be) &&
+-		slapi_be_issuffix (be, slapi_entry_get_sdn_const(e)))
+-	{
+-		/* this is a suffix. update the pw aci */
+-		slapdFrontendConfig_t *slapdFrontendConfig;
+-		slapdFrontendConfig = getFrontendConfig();
+-		pw_add_allowchange_aci(e, !slapdFrontendConfig->pw_policy.pw_change &&
+-							   !slapdFrontendConfig->pw_policy.pw_must_change);
+-	}
+-
+ 
+ 	if (!repl_op)
+ 	{
+diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
+index a630c6c..faf521b 100644
+--- a/ldap/servers/slapd/libglobs.c
++++ b/ldap/servers/slapd/libglobs.c
+@@ -2601,13 +2601,6 @@ config_set_pw_change( const char *attrname, char *value, char *errorbuf, int app
+ 							  errorbuf,
+ 							  apply);
+   
+-  if (retVal == LDAP_SUCCESS) {
+-	  /* LP: Update ACI to reflect the value ! */
+-	  if (apply)
+-		  pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
+-								 !slapdFrontendConfig->pw_policy.pw_must_change);
+-  }
+-  
+   return retVal;
+ }
+ 
+@@ -2638,13 +2631,6 @@ config_set_pw_must_change( const char *attrname, char *value, char *errorbuf, in
+ 							  errorbuf,
+ 							  apply);
+   
+-  if (retVal == LDAP_SUCCESS) {
+-	  /* LP: Update ACI to reflect the value ! */
+-	  if (apply)
+-		  pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
+-								 !slapdFrontendConfig->pw_policy.pw_must_change);
+-  }
+-  
+   return retVal;
+ }
+ 
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index 1f37010..712642f 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -951,9 +951,6 @@ void get_old_pw( Slapi_PBlock *pb, const Slapi_DN *sdn, char **old_pw);
+ int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/);
+ int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ;
+ void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e );
+-void mod_allowchange_aci(char *val);
+-void pw_mod_allowchange_aci(int pw_prohibit_change);
+-void pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change);
+ 
+ int add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e);
+ 
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 7469b9e..3f2cdb0 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -1337,69 +1337,6 @@ slapi_add_pwd_control ( Slapi_PBlock *pb, char *arg, long time) {
+ }
+ 
+ void
+-pw_mod_allowchange_aci(int pw_prohibit_change)
+-{
+-	const Slapi_DN *base;
+-	char		*values_mod[2];
+-	LDAPMod		mod;
+-	LDAPMod		*mods[2];
+-	Slapi_Backend *be;
+-	char *cookie = NULL;
+-
+-	mods[0] = &mod;
+-	mods[1] = NULL;
+-	mod.mod_type = "aci";
+-	mod.mod_values = values_mod;
+-
+-	if (pw_prohibit_change) {
+-		mod.mod_op = LDAP_MOD_ADD;
+-	}
+-	else
+-	{
+-		/* Allow change password by default  */
+-		/* remove the aci if it is there.  it is ok to fail */
+-		mod.mod_op = LDAP_MOD_DELETE;
+-	}
+-
+-	be = slapi_get_first_backend (&cookie);
+-	/* Foreach backend... */
+-    while (be)
+-    {
+-		/* Don't add aci on a chaining backend holding remote entries */
+-        if((!be->be_private) && (!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA)))
+-        {
+-			/* There's only One suffix per DB now. No need to loop */
+-			base = slapi_be_getsuffix(be, 0);
+-			if (base != NULL)
+-			{
+-				Slapi_PBlock pb;
+-				int rc;
+-				
+-				pblock_init (&pb);
+-				values_mod[0] = DENY_PW_CHANGE_ACI;
+-				values_mod[1] = NULL;
+-				slapi_modify_internal_set_pb_ext(&pb, base, mods, NULL, NULL,
+-				                                 pw_get_componentID(), 0);
+-				slapi_modify_internal_pb(&pb);
+-				slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+-				if (rc == LDAP_SUCCESS){
+-					/* 
+-					** Since we modified the acl 
+-					** successfully, let's update the 
+-					** in-memory acl list
+-					*/
+-					slapi_pblock_set(&pb, SLAPI_TARGET_SDN, (void *)base);
+-					plugin_call_acl_mods_update (&pb, LDAP_REQ_MODIFY );
+-				}
+-				pblock_done(&pb);
+-			}
+-        }
+-		be = slapi_get_next_backend (cookie);
+-    }
+-	slapi_ch_free((void **) &cookie);
+-}
+-
+-void
+ add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e )
+ {
+ 	struct berval   bv;
+@@ -1583,24 +1520,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char
+ 	return ( 0 );
+ }
+ 
+-
+-void
+-pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change) {
+-	char		*aci_pw = NULL;
+-	const char *aciattr = "aci";
+-
+-	aci_pw = slapi_ch_strdup(DENY_PW_CHANGE_ACI);
+-
+-	if (pw_prohibit_change) {
+-		/* Add ACI */
+-		slapi_entry_add_string(e, aciattr, aci_pw);
+-	} else {
+-		/* Remove ACI */
+-		slapi_entry_delete_string(e, aciattr, aci_pw);
+-	}
+-	slapi_ch_free((void **) &aci_pw);
+-}
+-
+ int
+ pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp){
+ 	Slapi_DN *bind_sdn = NULL;
+diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
+index 5470556..7252c08 100644
+--- a/ldap/servers/slapd/pw_mgmt.c
++++ b/ldap/servers/slapd/pw_mgmt.c
+@@ -256,13 +256,8 @@ skip:
+ void
+ pw_init ( void )
+ {
+-	slapdFrontendConfig_t *slapdFrontendConfig;
+-
+ 	pw_set_componentID(generate_componentid(NULL, COMPONENT_PWPOLICY));
+-	
+-	slapdFrontendConfig = getFrontendConfig();
+-	pw_mod_allowchange_aci (!slapdFrontendConfig->pw_policy.pw_change && 
+-                            !slapdFrontendConfig->pw_policy.pw_must_change);
++
+ #if defined(USE_OLD_UNHASHED)
+ 	slapi_add_internal_attr_syntax( PSEUDO_ATTR_UNHASHEDUSERPASSWORD,
+ 	                                PSEUDO_ATTR_UNHASHEDUSERPASSWORD_OID,
+@@ -273,5 +268,3 @@ pw_init ( void )
+ 	                                SLAPI_ATTR_FLAG_NOEXPOSE);
+ #endif
+ }
+-
+-
+-- 
+2.4.11
+
diff --git a/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch b/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
deleted file mode 100644
index 245fe21..0000000
--- a/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-From 34024061a980fa5472fab680b873c0666413e5ec Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 17 Aug 2015 14:51:17 -0400
-Subject: [PATCH 46/47] Ticket 48233 - Server crashes in ACL_LasFindFlush
- during  shutdown if ACIs contain IP addresss restrictions
-
-Bug Description:  The server will crash at shutdown if there are ACI's that use IP rules.
-
-Fix Description:  When we stop the acl plugin we need to free aci avl list first, before
-                  we free the libaccess ACL global lists.  Otherwise, we dereference a freed
-                  struct.
-
-https://fedorahosted.org/389/ticket/48233
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 22d315b910b086d3e7edca3b6b52511d5da63802)
-(cherry picked from commit 57c5d35b4a5ea3e85ae2a7471cbe487531ee3835)
----
- dirsrvtests/tickets/ticket48233_test.py | 105 ++++++++++++++++++++++++++++++++
- ldap/servers/plugins/acl/aclplugin.c    |   2 +-
- 2 files changed, 106 insertions(+), 1 deletion(-)
- create mode 100644 dirsrvtests/tickets/ticket48233_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48233_test.py b/dirsrvtests/tickets/ticket48233_test.py
-new file mode 100644
-index 0000000..387279d
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48233_test.py
-@@ -0,0 +1,105 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+    def __init__(self, standalone):
-+        standalone.open()
-+        self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    global installation1_prefix
-+    if installation1_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+    # Creating standalone instance ...
-+    standalone = DirSrv(verbose=False)
-+    args_instance[SER_HOST] = HOST_STANDALONE
-+    args_instance[SER_PORT] = PORT_STANDALONE
-+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+    args_standalone = args_instance.copy()
-+    standalone.allocate(args_standalone)
-+    instance_standalone = standalone.exists()
-+    if instance_standalone:
-+        standalone.delete()
-+    standalone.create()
-+    standalone.open()
-+
-+    # Delete each instance in the end
-+    def fin():
-+        standalone.delete()
-+    request.addfinalizer(fin)
-+
-+    # Clear out the tmp dir
-+    standalone.clearTmpDir(__file__)
-+
-+    return TopologyStandalone(standalone)
-+
-+
-+def test_ticket48233(topology):
-+    """Test that ACI's that use IP restrictions do not crash the server at
-+       shutdown
-+    """
-+
-+    # Add aci to restrict access my ip
-+    aci_text = ('(targetattr != "userPassword")(version 3.0;acl ' +
-+                '"Enable anonymous access - IP"; allow (read,compare,search)' +
-+                '(userdn = "ldap:///anyone") and (ip="127.0.0.1");)')
-+
-+    try:
-+        topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', aci_text)])
-+    except ldap.LDAPError as e:
-+        log.error('Failed to add aci: (%s) error %s' % (aci_text, e.message['desc']))
-+        assert False
-+    time.sleep(1)
-+
-+    # Anonymous search to engage the aci
-+    try:
-+        topology.standalone.simple_bind_s("", "")
-+    except ldap.LDAPError as e:
-+        log.error('Failed to anonymously bind -error %s' % (e.message['desc']))
-+        assert False
-+
-+    try:
-+        entries = topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'objectclass=*')
-+        if not entries:
-+            log.fatal('Failed return an entries from search')
-+            assert False
-+    except ldap.LDAPError, e:
-+        log.fatal('Search failed: ' + e.message['desc'])
-+        assert False
-+
-+    # Restart the server
-+    topology.standalone.restart(timeout=10)
-+
-+    # Check for crash
-+    if topology.standalone.detectDisorderlyShutdown():
-+        log.fatal('Server crashed!')
-+        assert False
-+
-+    log.info('Test complete')
-+
-+
-+if __name__ == '__main__':
-+    # Run isolated
-+    # -s for DEBUG mode
-+    CURRENT_FILE = os.path.realpath(__file__)
-+    pytest.main("-s %s" % CURRENT_FILE)
-\ No newline at end of file
-diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
-index 45a6315..d90996e 100644
---- a/ldap/servers/plugins/acl/aclplugin.c
-+++ b/ldap/servers/plugins/acl/aclplugin.c
-@@ -269,13 +269,13 @@ aclplugin_stop ( Slapi_PBlock *pb )
- {
- 	int rc = 0; /* OK */
- 
-+	free_acl_avl_list();
- 	ACL_Destroy();
- 	acl_destroy_aclpb_pool();
- 	acl_remove_ext();
- 	ACL_AttrGetterHashDestroy();
- 	ACL_MethodHashDestroy();
- 	ACL_DestroyPools();
--	free_acl_avl_list();
- 	aclanom__del_profile(1);
- 	aclgroup_free();
- 	//aclext_free_lockarray();
--- 
-1.9.3
-
diff --git a/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch b/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch
new file mode 100644
index 0000000..d710373
--- /dev/null
+++ b/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch
@@ -0,0 +1,192 @@
+From d8399105d3b9ca281522624fdd471360b8ea59f6 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 30 Aug 2016 10:32:45 -0400
+Subject: [PATCH 46/47] Ticket 48970 - Serverside sorting crashes the server
+
+Bug Description:  When using a matching rule and server side sorting
+                  the server does a double-free on the matching rule
+                  keys which crashes the server.
+
+Fix Description:  Set the pblock pointer to NULL after the keys are
+                  freed.  This prevents the double free.
+
+                  Also fixed some complier warnings/indentation.
+
+Valgrind: passed
+
+https://fedorahosted.org/389/ticket/48970
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 43997fa8782ca93e20595ae10e303d85e5b765f4)
+---
+ ldap/servers/plugins/collation/collate.c  | 14 ++++----
+ ldap/servers/plugins/collation/orfilter.c | 55 ++++++++++++++++++-------------
+ ldap/servers/slapd/back-ldbm/sort.c       | 12 +++----
+ 3 files changed, 43 insertions(+), 38 deletions(-)
+
+diff --git a/ldap/servers/plugins/collation/collate.c b/ldap/servers/plugins/collation/collate.c
+index 0480280..483a132 100644
+--- a/ldap/servers/plugins/collation/collate.c
++++ b/ldap/servers/plugins/collation/collate.c
+@@ -347,23 +347,23 @@ collation_index (indexer_t* ix, struct berval** bvec, struct berval** prefixes)
+     return keys;
+ }
+ 
++/* The destructor function for a collation-based indexer. */
+ static void
+ collation_indexer_destroy (indexer_t* ix)
+-    /* The destructor function for a collation-based indexer. */
+ {
+     collation_indexer_t* etc = (collation_indexer_t*) ix->ix_etc;
+     if (etc->converter) {
+-	ucnv_close(etc->converter);
+-	etc->converter = NULL;
++        ucnv_close(etc->converter);
++        etc->converter = NULL;
+     }
+ 
+     if (etc->collator) {
+-	ucol_close(etc->collator);
+-	etc->collator = NULL;
++        ucol_close(etc->collator);
++        etc->collator = NULL;
+     }
+     if (etc->ix_keys != NULL) {
+-	ber_bvecfree (etc->ix_keys);
+-	etc->ix_keys = NULL;
++        ber_bvecfree (etc->ix_keys);
++        etc->ix_keys = NULL;
+     }
+     slapi_ch_free((void**)&ix->ix_etc);
+     ix->ix_etc = NULL; /* just for hygiene */
+diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c
+index 8dc4246..084fdf6 100644
+--- a/ldap/servers/plugins/collation/orfilter.c
++++ b/ldap/servers/plugins/collation/orfilter.c
+@@ -34,7 +34,7 @@ static void
+ indexer_free (indexer_t* ix)
+ {
+     if (ix->ix_destroy != NULL) {
+-	ix->ix_destroy (ix);
++        ix->ix_destroy (ix);
+     }
+     slapi_ch_free((void**)&ix);
+ }
+@@ -221,23 +221,28 @@ op_filter_match (or_filter_t* or, struct berval** vals)
+     auto indexer_t* ix = or->or_indexer;
+     auto struct berval** v = ix->ix_index (ix, vals, NULL);
+     if (v != NULL) for (; *v; ++v) {
+-	auto struct berval** k = or->or_match_keys;
+-	if (k != NULL) for (; *k; ++k) {
+-	    switch (or->or_op) {
+-	      case SLAPI_OP_LESS:
+-		if (slapi_berval_cmp (*v, *k) <  0) return 0; break;
+-	      case SLAPI_OP_LESS_OR_EQUAL:
+-		if (slapi_berval_cmp (*v, *k) <= 0) return 0; break;
+-	      case SLAPI_OP_EQUAL:
+-		if (SLAPI_BERVAL_EQ  (*v, *k))      return 0; break;
+-	      case SLAPI_OP_GREATER_OR_EQUAL:
+-		if (slapi_berval_cmp (*v, *k) >= 0) return 0; break;
+-	      case SLAPI_OP_GREATER:
+-		if (slapi_berval_cmp (*v, *k) >  0) return 0; break;
+-	      default:
+-		break;
+-	    }
+-	}
++        auto struct berval** k = or->or_match_keys;
++        if (k != NULL) for (; *k; ++k) {
++            switch (or->or_op) {
++                case SLAPI_OP_LESS:
++                    if (slapi_berval_cmp (*v, *k) <  0) return 0;
++                    break;
++                case SLAPI_OP_LESS_OR_EQUAL:
++                    if (slapi_berval_cmp (*v, *k) <= 0) return 0;
++                    break;
++                case SLAPI_OP_EQUAL:
++                    if (SLAPI_BERVAL_EQ  (*v, *k)) return 0;
++                    break;
++                case SLAPI_OP_GREATER_OR_EQUAL:
++                    if (slapi_berval_cmp (*v, *k) >= 0) return 0;
++                    break;
++                case SLAPI_OP_GREATER:
++                    if (slapi_berval_cmp (*v, *k) >  0) return 0;
++                    break;
++                default:
++                    break;
++            }
++        }
+     }
+     return -1;
+ }
+@@ -570,7 +575,9 @@ op_indexer_destroy (Slapi_PBlock* pb)
+     auto indexer_t* ix = op_indexer_get (pb);
+     LDAPDebug (LDAP_DEBUG_FILTER, "op_indexer_destroy(%p)\n", (void*)ix, 0, 0);
+     if (ix != NULL) {
+-	indexer_free (ix);
++        indexer_free (ix);
++        /* The keys were freed, but we need to reset the pblock pointer */
++        slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
+     }
+     return 0;
+ }
+@@ -623,10 +630,10 @@ typedef struct ss_indexer_t {
+ static void
+ ss_indexer_free (ss_indexer_t* ss)
+ {
+-	slapi_ch_free((void**)&ss->ss_oid);
++    slapi_ch_free_string(&ss->ss_oid);
+     if (ss->ss_indexer != NULL) {
+-	indexer_free (ss->ss_indexer);
+-	ss->ss_indexer = NULL;
++        indexer_free (ss->ss_indexer);
++        ss->ss_indexer = NULL;
+     }
+     slapi_ch_free((void**)&ss);
+ }
+@@ -647,7 +654,9 @@ ss_indexer_destroy (Slapi_PBlock* pb)
+     auto ss_indexer_t* ss = ss_indexer_get (pb);
+     LDAPDebug (LDAP_DEBUG_FILTER, "ss_indexer_destroy(%p)\n", (void*)ss, 0, 0);
+     if (ss) {
+-	ss_indexer_free (ss);
++        ss_indexer_free(ss);
++        /* The keys were freed, but we need to reset the pblock pointer */
++        slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
+     }
+ }
+ 
+diff --git a/ldap/servers/slapd/back-ldbm/sort.c b/ldap/servers/slapd/back-ldbm/sort.c
+index 69fe659..46f2dbd 100644
+--- a/ldap/servers/slapd/back-ldbm/sort.c
++++ b/ldap/servers/slapd/back-ldbm/sort.c
+@@ -32,15 +32,11 @@ static int print_out_sort_spec(char* buffer,sort_spec *s,int *size);
+ 
+ static void sort_spec_thing_free(sort_spec_thing *s)
+ {
+-	if (NULL != s->type) {
+-		slapi_ch_free((void **)&s->type);
+-	}
+-	if (NULL != s->matchrule) {
+-		slapi_ch_free( (void**)&s->matchrule);
+-	}
++	slapi_ch_free_string(&s->type);
++	slapi_ch_free_string(&s->matchrule);
+ 	if (NULL != s->mr_pb) {
+ 		destroy_matchrule_indexer(s->mr_pb);
+-	    slapi_pblock_destroy (s->mr_pb);
++		slapi_pblock_destroy (s->mr_pb);
+ 	}
+ 	attr_done(&s->sattr);
+ 	slapi_ch_free( (void**)&s);
+@@ -116,7 +112,7 @@ void sort_log_access(Slapi_PBlock *pb,sort_spec_thing *s,IDList *candidates)
+ 	/* Now output it */
+ 	ldbm_log_access_message(pb,buffer);
+ 	if (buffer != stack_buffer) {
+-		slapi_ch_free( (void**)&buffer);
++		slapi_ch_free_string(&buffer);
+ 	}
+ }
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch b/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
deleted file mode 100644
index 616cc6b..0000000
--- a/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From d88650af2dc614519bdb138b162d3c6e3b5ae9c5 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 18 Aug 2015 13:43:55 -0700
-Subject: [PATCH 47/47] Ticket #48243 - replica upgrade failed in starting
- dirsrv service due to upgrade scripts did not run
-
-Description: In the upgrade process, there is a combination of requirements:
- . the server is running.
- . the server instance service is disabled.
- . upgrade scripts are expected to run against the instance.
- . the server is restarted once the upgrade is done.
- . the server instance service remains disabled.
-To fulfill the requirements,
- . spec file is modified to enumerate slapd dir (except .remove) in the
-   /etc/dirsrv for getting the server instance.
- . Start/Update perl scripts are modified not to create a symlink in
-   /etc/systemd/system/dirsrv.target.wants for the upgrade case, which
-   means the service remains disabled.
-
-https://fedorahosted.org/389/ticket/48243
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 29c09a5bcc7d54be1aa6880b4f2a423edd3dc463)
-(cherry picked from commit 2c5e0d5692bcabe16a7e3b8e0d24eb3a88913155)
----
- ldap/admin/src/scripts/DSCreate.pm.in    |  7 ++++---
- ldap/admin/src/scripts/DSMigration.pm.in |  2 +-
- ldap/admin/src/scripts/DSUpdate.pm.in    |  2 +-
- rpm/389-ds-base.spec.in                  | 20 +++++++++++++-------
- 4 files changed, 19 insertions(+), 12 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
-index e4a4ed0..cdde339 100644
---- a/ldap/admin/src/scripts/DSCreate.pm.in
-+++ b/ldap/admin/src/scripts/DSCreate.pm.in
-@@ -1098,6 +1098,7 @@ sub updateTmpfilesDotD {
- }
- 
- sub updateSystemD {
-+    my $noservicelink = shift;
-     my $inf = shift;
-     my $unitdir = "@systemdsystemunitdir@";
-     my $confbasedir = "@systemdsystemconfdir@";
-@@ -1129,7 +1130,7 @@ sub updateSystemD {
-             next;
-         } else {
-             my $servicelink = "$confdir/$pkgname\@$inst.service";
--            if (! -l $servicelink) {
-+            if (! -l $servicelink && ! $noservicelink) {
-                 if (!symlink($servicefile, $servicelink)) {
-                     debug(1, "error updating link $servicelink to $servicefile - $!\n");
-                     push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ];
-@@ -1216,7 +1217,7 @@ sub createDSInstance {
-         return @errs;
-     }
- 
--    if (@errs = updateSystemD($inf)) {
-+    if (@errs = updateSystemD(0, $inf)) {
-         return @errs;
-     }
- 
-@@ -1452,7 +1453,7 @@ sub removeDSInstance {
-     }
- 
-     # update systemd files
--    push @errs, updateSystemD();
-+    push @errs, updateSystemD(0);
-     
-     # if we got here, report success
-     if (@errs) {
-diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
-index e59e667..630ab43 100644
---- a/ldap/admin/src/scripts/DSMigration.pm.in
-+++ b/ldap/admin/src/scripts/DSMigration.pm.in
-@@ -1132,7 +1132,7 @@ sub migrateDS {
-         }
- 
- 	# do the systemd stuff
--        @errs = DSCreate::updateSystemD($inf);
-+        @errs = DSCreate::updateSystemD(0, $inf);
-         if (@errs) {
-             $mig->msg(@errs);
-             goto cleanup;
-diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in
-index 1809ad9..be1e67c 100644
---- a/ldap/admin/src/scripts/DSUpdate.pm.in
-+++ b/ldap/admin/src/scripts/DSUpdate.pm.in
-@@ -408,7 +408,7 @@ sub updateDSInstance {
- 
-     push @errs, updateTmpfilesDotD($inf);
- 
--    push @errs, updateSystemD($inf);
-+    push @errs, updateSystemD(1, $inf);
- 
-     return @errs;
- }
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index d0bbb7a..b7556e1 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -248,6 +248,7 @@ rm -rf $RPM_BUILD_ROOT
- 
- %post
- output=/dev/null
-+output2=/dev/null
- %systemd_post %{pkgname}-snmp.service
- # reload to pick up any changes to systemd files
- /bin/systemctl daemon-reload >$output 2>&1 || :
-@@ -260,12 +261,17 @@ instances="" # instances that require a restart after upgrade
- ninst=0 # number of instances found in total
- if [ -n "$DEBUGPOSTTRANS" ] ; then
-    output=$DEBUGPOSTTRANS
-+   output2=${DEBUGPOSTTRANS}.upgrade
- fi
--echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
--for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
--    if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
--    inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
--    echo found instance $inst - getting status >> $output 2>&1 || :
-+echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
-+instbase="%{_sysconfdir}/%{pkgname}"
-+for dir in $instbase/slapd-* ; do
-+    echo dir = $dir >> $output 2>&1 || :
-+    if [ ! -d "$dir" ] ; then continue ; fi
-+    case "$dir" in *.removed) continue ;; esac
-+    basename=`basename $dir`
-+    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
-+    echo found instance $inst - getting status  >> $output 2>&1 || :
-     if /bin/systemctl -q is-active $inst ; then
-        echo instance $inst is running >> $output 2>&1 || :
-        instances="$instances $inst"
-@@ -290,9 +296,9 @@ echo remove pid files . . . >> $output 2>&1 || :
- echo upgrading instances . . . >> $output 2>&1 || :
- DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
- if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
--    %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
-+    %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
- else
--    %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
-+    %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || :
- fi
- 
- # restart instances that require it
--- 
-1.9.3
-
diff --git a/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch b/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch
new file mode 100644
index 0000000..1ad2767
--- /dev/null
+++ b/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch
@@ -0,0 +1,85 @@
+From eaf8b3b97e22bf06152d42b90940212e7acc8e00 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 30 Aug 2016 14:25:15 -0400
+Subject: [PATCH 47/47] Ticket 48975- Disabling CLEAR password storage scheme
+ will  crash server when setting a password
+
+Bug Description:  If the CLEAR password storage scheme plugin is disabled, and a
+                  userpassword is set, the server crashes.  This is because we
+                  expect this plugin to be enabled when working with the unhashed
+                  password.
+
+Fix Description:  Always check if the password scheme, returned by pw_val2scheme(),
+                  is NULL before dereferencing it.  If it is NULL treat it as a
+                  clear text password.
+
+Valgrind: Passed
+
+https://fedorahosted.org/389/ticket/48975
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd)
+---
+ ldap/servers/slapd/modify.c | 8 ++++----
+ ldap/servers/slapd/pw.c     | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
+index 4a5faa0..72f2db4 100644
+--- a/ldap/servers/slapd/modify.c
++++ b/ldap/servers/slapd/modify.c
+@@ -827,7 +827,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
+ 				for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) {
+ 					password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val);
+ 					pwsp = pw_val2scheme( password, &valpwd, 1 );
+-					if(strcmp(pwsp->pws_name, "CLEAR") == 0){
++					if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
+ 						/*
+ 						 *  CLEAR password
+ 						 *
+@@ -851,7 +851,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
+ 								const char *userpwd = slapi_value_get_string(present_values[ii]);
+ 
+ 								pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 );
+-								if(strcmp(pass_scheme->pws_name,"CLEAR")){
++								if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){
+ 									/* its encoded, so compare it */
+ 									if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){
+ 									    /*
+@@ -912,7 +912,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
+ 								 *  provided by the client.
+ 								 */
+ 								unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 );
+-								if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
++								if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
+ 									if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
+ 										/* match, add the delete mod for this particular unhashed userpassword */
+ 										if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
+@@ -1156,7 +1156,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***
+ 		*cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *));
+ 		for(i=0,p=0;i<n;i++){
+ 			pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 );
+-			if(strcmp(pwsp->pws_name, "CLEAR") == 0){
++			if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
+ 				(*cvals)[p++] = slapi_value_new_berval(bvals[i]);
+ 			}
+ 			free_pw_scheme( pwsp );
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 3f2cdb0..6f02f90 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -234,8 +234,8 @@ void free_pw_scheme(struct pw_scheme *pwsp)
+ {
+ 	if ( pwsp != NULL )
+ 	{
+-		slapi_ch_free( (void**)&pwsp->pws_name );
+-		slapi_ch_free( (void**)&pwsp );
++		slapi_ch_free_string(&pwsp->pws_name);
++		slapi_ch_free((void**)&pwsp);
+ 	}
+ }
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch b/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
deleted file mode 100644
index 8a3830b..0000000
--- a/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0e44c819b72dfad40a7f9eea6067f6060fa9c35b Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 19 Aug 2015 10:03:50 -0400
-Subject: [PATCH] Ticket 47831 - remove debug logging from retro cl
-
-Description:  Instrumented debug logging was accidentally left in the source.
-              This logging is being removed.
-
-https://fedorahosted.org/389/ticket/47931
-
-Reviewed by: mreynolds
-
-(cherry picked from commit db7153f89bf3dda935e6ef4f175697bda32fe720)
-(cherry picked from commit 1781280f133c4877f83949400294641a558f5406)
----
- ldap/servers/plugins/retrocl/retrocl_po.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
-index f689373..d9f4e6d 100644
---- a/ldap/servers/plugins/retrocl/retrocl_po.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
-@@ -157,14 +157,11 @@ write_replog_db(
-     int	err = 0;
-     int ret = LDAP_SUCCESS;
-     int	i;
--    int mark = 0;
- 
-     if (!dn) {
-         slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
-         return ret;
-     }
--    mark = (post_entry && retrocl_entry_in_scope(post_entry));
--    slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
- 
-     if (post_entry){
-         if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
--- 
-1.9.3
-
diff --git a/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch b/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch
new file mode 100644
index 0000000..a9753ed
--- /dev/null
+++ b/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch
@@ -0,0 +1,39 @@
+From 1eebfaff67aa6af7821fcc861fcdf3ef7fc9d25a Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 1 Sep 2016 12:54:08 -0400
+Subject: [PATCH 48/49] Ticket 48957 - Update repl-monitor to handle new status
+ messages
+
+Bug Description:  The replication agreement status messages have changed,
+                  and the repl-monitor script was not updated to reflect
+                  these changes.  This lead to the html report incorrectly
+                  color coding a successfull status.
+
+Fix Description:  Update the script to ignore "Error (0)"
+
+https://fedorahosted.org/389/ticket/48957
+
+Reviewed by: mreynolds (one line commit rule)
+
+(cherry picked from commit 32ee33b2222a9bbc0657ceb912ca3fa74ee27dcc)
+(cherry picked from commit cf5683ae112528597af70a4e06cfb51e8e0c3c74)
+---
+ ldap/admin/src/scripts/repl-monitor.pl.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/admin/src/scripts/repl-monitor.pl.in b/ldap/admin/src/scripts/repl-monitor.pl.in
+index aa7ab1e..a3efa8e 100755
+--- a/ldap/admin/src/scripts/repl-monitor.pl.in
++++ b/ldap/admin/src/scripts/repl-monitor.pl.in
+@@ -877,7 +877,7 @@ sub print_consumers
+ 			}   
+ 			my $redfontstart = "";
+ 			my $redfontend = "";
+-			if ($status =~ /error/i) {
++			if ($status !~ /Error \(0\)/i) {
+ 			  $redfontstart = "<font color='red'>";
+ 			  $redfontend = "</font>";
+ 			}
+-- 
+2.4.11
+
diff --git a/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch b/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
deleted file mode 100644
index e717cd5..0000000
--- a/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 6a07ebb40ee121c176f789d01937d7ceedc77776 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 20 Aug 2015 17:01:28 -0700
-Subject: [PATCH 49/52] Ticket #48254 - CLI db2index fails with usage errors
-
-Bug Description:
-1) CLI db2index had an issue in option handling, which accidentally
-added '=' at the end of the previous option.
-2) if a value of an option includes a white space, e.g., -T "by MCC
-ou=People dc=example dc=com", the value was not passed to the program
-as a string.
-
-Fix Description:
-1) Removed unnecessary '='.
-2) Quote $OPTARG which could include a white space, and call ns-slapd
-   command line vai eval.
-
-https://fedorahosted.org/389/ticket/48254
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 3507c46c9f1156df11b6cf05eba695d81088b416)
-(cherry picked from commit a6d7e3bd29eb63def170f73dc21e967df230f20a)
----
- ldap/admin/src/scripts/db2index.in | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
-index 2b76cd1..6a0785e 100755
---- a/ldap/admin/src/scripts/db2index.in
-+++ b/ldap/admin/src/scripts/db2index.in
-@@ -39,13 +39,13 @@ do
-            benameopt="set";;
-         s) args=$args" -s $OPTARG"
-            includeSuffix="set";;
--        t) args=$args" -t $OPTARG";;
--        T) args=$args=" -T $OPTARG";;
--        d) args=$args=" -d $OPTARG";;
--        a) args=$args=" -a $OPTARG";;
--        x) args=$args=" -x $OPTARG";;
--        v) args=$args=" -v";;
--        S) args=$args=" -S";;
-+        t) args=$args" -t "\"$OPTARG\";;
-+        T) args=$args" -T "\"$OPTARG\";;
-+        d) args=$args" -d $OPTARG";;
-+        a) args=$args" -a $OPTARG";;
-+        x) args=$args" -x $OPTARG";;
-+        v) args=$args" -v";;
-+        S) args=$args" -S";;
-         D) args=$args" -D $OPTARG";;
-         ?) usage
-            exit 1;;
-@@ -79,5 +79,5 @@ then
-     usage
-     exit 1
- else
--    @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
-+    eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
- fi
--- 
-1.9.3
-
diff --git a/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch b/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
new file mode 100644
index 0000000..b86c3f8
--- /dev/null
+++ b/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
@@ -0,0 +1,35 @@
+From 009e862b170b9a9037852952640558c03ecda481 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 1 Sep 2016 11:34:53 -0700
+Subject: [PATCH 49/49] Ticket #48969 - nsslapd-auditfaillog always has an
+ explicit path
+
+Description: commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4
+introduced a RESOURCE_LEAK.
+    auditlog.c:180: leaked_storage: Variable "audit_config" going
+                    out of scope leaks the storage it points to.
+
+Reviewed by nhosoi (one line commit rule)
+
+(cherry picked from commit 95d820901e7264490bae02b8ca943d09a344d7ac)
+(cherry picked from commit b0fc82233a5ea929c5fad835f9e825a8f0b97968)
+(cherry picked from commit fc1310e352e124d66d58d0a3e86d45c5573cbfb2)
+---
+ ldap/servers/slapd/auditlog.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
+index 85d136c..74d1b46 100644
+--- a/ldap/servers/slapd/auditlog.c
++++ b/ldap/servers/slapd/auditlog.c
+@@ -177,6 +177,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+         write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+     }
+     slapi_ch_free_string(&auditfail_config);
++    slapi_ch_free_string(&audit_config);
+ }
+ 
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch b/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch
new file mode 100644
index 0000000..ba1d19b
--- /dev/null
+++ b/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch
@@ -0,0 +1,52 @@
+From 34ef42f8f839a7c7f40366ae2516aa2692582672 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Thu, 8 Sep 2016 11:38:15 +0200
+Subject: [PATCH] Bug 1321124 - use a consumer maxcsn only as anchor if
+ supplier is more advanced
+
+(cherry picked from commit f4301f6be6bbff3c7bb0180a38f6dfd7e31b8558)
+---
+ ldap/servers/plugins/replication/cl5_clcache.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
+index 74f0fec..ca8b841 100644
+--- a/ldap/servers/plugins/replication/cl5_clcache.c
++++ b/ldap/servers/plugins/replication/cl5_clcache.c
+@@ -717,24 +717,22 @@ clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag )
+ 								curr, conmaxcsn);
+ 			}
+ 
+-			if (csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
+-			    csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) > 0 ) {
+-				if (csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
++			if (csn_compare(cscb->local_maxcsn, cscb->consumer_maxcsn) > 0) {
++				/* We have something to send for this RID */
++
++				if (csn_compare(cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
++					csn_compare(cscb->prev_local_maxcsn, buf->buf_current_csn) > 0) {
++					/* No new changes or it remains, in the buffer, updates to send  */
+ 					rid_anchor = buf->buf_current_csn;
+-				}
+-			} else {
+-				/* prev local max csn < csnBuffer AND different from local maxcsn */
+-				if (cscb->prev_local_maxcsn == NULL) {
++				} else {
++					/* prev local max csn < csnBuffer AND different from local maxcsn */
+ 					if (cscb->consumer_maxcsn == NULL) {
+ 						/* the consumer hasn't seen changes for this RID */
+ 						rid_anchor = cscb->local_mincsn;
+ 						rid_flag = DB_SET;
+-					} else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
++					} else {
+ 						rid_anchor = cscb->consumer_maxcsn;
+ 					}
+-				} else {
+-					/* csnPrevMaxSup > 0 */
+-					rid_anchor = cscb->consumer_maxcsn;
+ 				}
+ 			}
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch b/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
deleted file mode 100644
index 4582e71..0000000
--- a/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
+++ /dev/null
@@ -1,375 +0,0 @@
-From 94bde9f69f10e0811e261b5d53e5bebfcd891820 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 25 Aug 2015 11:48:31 -0700
-Subject: [PATCH 50/52] Ticket #48254 - Shell CLI fails with usage errors if an
- argument containing white spaces is given
-
-Description: In addition to the patch:
-  Ticket #48254 - CLI db2index fails with usage errors
-  commit 3507c46c9f1156df11b6cf05eba695d81088b416
-applying the similar changes to all the shell CLI which could be given
-arguments that include white spaces.
-
-https://fedorahosted.org/389/ticket/48254
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 5fe28921810a53dcd31525ba1f675582b6aba0f7)
-(cherry picked from commit 19b0d4af54e319e3479b16bf1366568271e3daa6)
----
- ldap/admin/src/scripts/bak2db.in          | 10 +++++-----
- ldap/admin/src/scripts/db2bak.in          |  8 ++++----
- ldap/admin/src/scripts/db2index.in        | 10 +++++-----
- ldap/admin/src/scripts/db2ldif.in         | 14 +++++++-------
- ldap/admin/src/scripts/dbverify.in        | 10 +++++-----
- ldap/admin/src/scripts/dn2rdn.in          |  8 ++++----
- ldap/admin/src/scripts/ldif2db.in         | 22 +++++++++++-----------
- ldap/admin/src/scripts/monitor.in         |  8 ++++----
- ldap/admin/src/scripts/suffix2instance.in |  4 ++--
- ldap/admin/src/scripts/upgradedb.in       |  8 ++++----
- ldap/admin/src/scripts/upgradednformat.in | 10 +++++-----
- ldap/admin/src/scripts/vlvindex.in        | 16 ++++++++--------
- 12 files changed, 64 insertions(+), 64 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in
-index a2e54cc..ab7c6b3 100755
---- a/ldap/admin/src/scripts/bak2db.in
-+++ b/ldap/admin/src/scripts/bak2db.in
-@@ -44,12 +44,12 @@ do
-         h) usage
-            exit 0;;
-         Z) servid=$OPTARG;; 
--        n) args=$args" -n $OPTARG";;
-+        n) args=$args" -n \"$OPTARG\"";;
-         q) args=$args" -q";;
--        d) args=$args" -d $OPTARG";;
-+        d) args=$args" -d \"$OPTARG\"";;
-         v) args=$args" -v";;
--        D) args=$args" -D $OPTARG";;
--        i) args=$args" -i $OPTARG";;
-+        D) args=$args" -D \"$OPTARG\"";;
-+        i) args=$args" -i \"$OPTARG\"";;
-         a) archivedir=$OPTARG;;
-         S) args=$args" -S";;
-         ?) usage
-@@ -76,4 +76,4 @@ else
-     archivedir=`pwd`/$archivedir
- fi
- 
--@sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args
-+eval @sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args
-diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in
-index 1896c19..adbe30b 100755
---- a/ldap/admin/src/scripts/db2bak.in
-+++ b/ldap/admin/src/scripts/db2bak.in
-@@ -43,10 +43,10 @@ do
-         q) args=$args" -q";;
-         v) args=$args" -v";;
-         S) args=$args" -S";;
--        D) args=$args" -D $OPTARG";;
--        i) args=$args" -i $OPTARG";;
-+        D) args=$args" -D \"$OPTARG\"";;
-+        i) args=$args" -i \"$OPTARG\"";;
-         a) $bakdir=$OPTARG;;
--        d) args=$args" -d $OPTARG";;
-+        d) args=$args" -d \"$OPTARG\"";;
-         Z) servid=$OPTARG;;
-         ?) usage
-            exit 1;;
-@@ -72,4 +72,4 @@ then
- fi
- 
- echo "Back up directory: $bak_dir"
--@sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args
-+eval @sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args
-diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
-index 6a0785e..c8e9075 100755
---- a/ldap/admin/src/scripts/db2index.in
-+++ b/ldap/admin/src/scripts/db2index.in
-@@ -35,15 +35,15 @@ do
-         h) usage
-            exit 0;;
-         Z) servid=$OPTARG;; 
--        n) args=$args" -n $OPTARG"
-+        n) args=$args" -n \"$OPTARG\""
-            benameopt="set";;
--        s) args=$args" -s $OPTARG"
-+        s) args=$args" -s \"$OPTARG\""
-            includeSuffix="set";;
-         t) args=$args" -t "\"$OPTARG\";;
-         T) args=$args" -T "\"$OPTARG\";;
--        d) args=$args" -d $OPTARG";;
--        a) args=$args" -a $OPTARG";;
--        x) args=$args" -x $OPTARG";;
-+        d) args=$args" -d \"$OPTARG\"";;
-+        a) args=$args" -a \"$OPTARG\"";;
-+        x) args=$args" -x \"$OPTARG\"";;
-         v) args=$args" -v";;
-         S) args=$args" -S";;
-         D) args=$args" -D $OPTARG";;
-diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
-index fcf73a0..e9f7f7e 100755
---- a/ldap/admin/src/scripts/db2ldif.in
-+++ b/ldap/admin/src/scripts/db2ldif.in
-@@ -106,12 +106,12 @@ do
-         Z) servid=$OPTARG;; 
-         n) benameopt="-n $OPTARG"
-            required_param="yes";;
--        s) includeSuffix="-s $OPTARG"
-+        s) includeSuffix="-s \"$OPTARG\""
-            required_param="yes";;
--        x) excludeSuffix="-x $OPTARG";;
--        a) outputFile="-a $OPTARG";;
--        d) args=$args" -d $OPTARG";;
--        D) args=$args" -D $OPTARG";;
-+        x) excludeSuffix="-x \"$OPTARG\"";;
-+        a) outputFile="-a \"$OPTARG\"";;
-+        d) args=$args" -d \"$OPTARG\"";;
-+        D) args=$args" -D \"$OPTARG\"";;
-         N) args=$args" -N";;
-         E) args=$args" -E";;
-         S) args=$args" -S";;
-@@ -154,7 +154,7 @@ rn=$?
- echo "Exported ldif file: $ldif_file"
- if [ $rn -eq 1 ]
- then
--    @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args
-+    eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args
- else
--    @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file
-+    eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file
- fi
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index bbacc17..b98e9b2 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -33,14 +33,14 @@ do
-         h) usage
-            exit 0;;
-         Z) servid=$OPTARG;;
--        n) args=$args" -n $OPTARG";;
--        d) args=$args" -d $OPTARG";;
-+        n) args=$args" -n \"$OPTARG\"";;
-+        d) args=$args" -d \"$OPTARG\"";;
-         V) args=$args" -V";;
-         v) args=$args" -v"
-            display_version="yes";;
-         f) args=$args" -f";;
--        D) args=$args" -D $OPTARG";;
--        a) args=$args" -a $OPTARG";;
-+        D) args=$args" -D \"$OPTARG\"";;
-+        a) args=$args" -a \"$OPTARG\"";;
-         ?) usage
-            exit 1;;
-     esac
-@@ -57,7 +57,7 @@ fi
- 
- . $initfile
- 
--@sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
- if [ $display_version = "yes" ]; then
-     exit 0
- fi
-diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in
-index 616969a..762e63a 100755
---- a/ldap/admin/src/scripts/dn2rdn.in
-+++ b/ldap/admin/src/scripts/dn2rdn.in
-@@ -27,12 +27,12 @@ do
-         h) usage
-            exit 0;;
-         Z) servid=$OPTARG;;
--        d) arg=$arg" -d $OPTARG";;
--        a) arg=$arg" -a $OPTARG"
-+        d) arg=$arg" -d \"$OPTARG\"";;
-+        a) arg=$arg" -a \"$OPTARG\""
-            archive="provided";;
-         v) arg=$arg" -v";;
-         f) arg=$arg" -f";;
--        D) arg=$arg" -D $OPTARG";;
-+        D) arg=$arg" -D \"$OPTARG\"";;
-         ?) usage
-            exit 1;;
-     esac
-@@ -55,4 +55,4 @@ if [ "$archive" != "provided" ]; then
-     args=$args"-a $bak_dir"
- fi
- 
--@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args
-+eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args
-diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in
-index a34241a..3aed469 100755
---- a/ldap/admin/src/scripts/ldif2db.in
-+++ b/ldap/admin/src/scripts/ldif2db.in
-@@ -59,16 +59,16 @@ do
-         h) usage
-            exit 0;;
-         Z) servid=$OPTARG;;
--        n) args=$args" -n $OPTARG";;
--        i) args=$args" -i $OPTARG";;
--        s) args=$args" -s $OPTARG";;
--        x) args=$args" -x $OPTARG";;
--        c) args=$args" -c $OPTARG";;
--        d) args=$args" -d $OPTARG";;
--        g) args=$args" -g $OPTARG";;
--        G) args=$args" -G $OPTARG";;
--        t) args=$args" -t $OPTARG";;
--        D) args=$args" -D $OPTARG";;
-+        n) args=$args" -n \"$OPTARG\"";;
-+        i) args=$args" -i \"$OPTARG\"";;
-+        s) args=$args" -s \"$OPTARG\"";;
-+        x) args=$args" -x \"$OPTARG\"";;
-+        c) args=$args" -c \"$OPTARG\"";;
-+        d) args=$args" -d \"$OPTARG\"";;
-+        g) args=$args" -g \"$OPTARG\"";;
-+        G) args=$args" -G \"$OPTARG\"";;
-+        t) args=$args" -t \"$OPTARG\"";;
-+        D) args=$args" -D \"$OPTARG\"";;
-         E) args=$args" -E";;
-         v) args=$args" -v";;
-         N) args=$args" -N";;
-@@ -104,6 +104,6 @@ if [ $quiet -eq 0 ]; then
-     echo importing data ...
- fi
- 
--@sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1
-+eval @sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1
- 
- exit $?
-diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in
-index 36a2fc9..e9265a1 100755
---- a/ldap/admin/src/scripts/monitor.in
-+++ b/ldap/admin/src/scripts/monitor.in
-@@ -73,8 +73,8 @@ fi
- rm $file
- 
- if [ -n "$passwd" ]; then
--    dn="-D $rootdn"
--    passwd="-w$passwd"
-+    dn="-D \"$rootdn\""
-+    passwd="-w \"$passwd\""
- fi
- if [ -n "$ldapiURL" ]
- then
-@@ -109,9 +109,9 @@ if [ "$security" = "on" ]; then
-             echo "Using the next most secure protocol(STARTTLS)"
-         fi
-         if [ "$openldap" = "yes" ]; then
--            ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-+            eval ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-         else
--            ldapsearch -ZZZ -P $certdir  -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-+            eval ldapsearch -ZZZ -P $certdir  -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-         fi
-         exit $?
-     fi
-diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in
-index 7774148..d7c6661 100755
---- a/ldap/admin/src/scripts/suffix2instance.in
-+++ b/ldap/admin/src/scripts/suffix2instance.in
-@@ -24,7 +24,7 @@ while getopts "Z:s:h" flag
- do
-     case $flag in
-         Z) servid=$OPTARG;;
--        s) args=$args" -s $OPTARG";;
-+        s) args=$args" -s \"$OPTARG\"";;
-         h) usage
-            exit 0;;
-         ?) usage
-@@ -55,4 +55,4 @@ then
-     exit 1
- fi
- 
--@sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1
-+eval @sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1
-diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in
-index bf600dd..2b7c79d 100755
---- a/ldap/admin/src/scripts/upgradedb.in
-+++ b/ldap/admin/src/scripts/upgradedb.in
-@@ -29,10 +29,10 @@ do
-         v) args=$args" -v";;
-         f) args=$args" -f";;
-         r) args=$args" -r";;
--        d) args=$args" -d $OPTARG";;
--        a) args=$args" -a $OPTARG"
-+        d) args=$args" -d \"$OPTARG\"";;
-+        a) args=$args" -a \"$OPTARG\""
-            archive_provided="yes";;
--        D) args=$args" -D $OPTARG";;
-+        D) args=$args" -D \"$OPTARG\"";;
-         h) usage
-            exit 0;;
-     esac
-@@ -56,4 +56,4 @@ then
- fi
- 
- echo upgrade index files ...
--@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args
-diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in
-index 51585ae..9de60ea 100755
---- a/ldap/admin/src/scripts/upgradednformat.in
-+++ b/ldap/admin/src/scripts/upgradednformat.in
-@@ -36,14 +36,14 @@ do
-         Z) servid=$OPTARG;;
-         v) args=$args" -v";;
-         N) args=$args" -N";;
--        d) args=$args" -d $OPTARG";;
--        a) args=$args" -a $OPTARG"
-+        d) args=$args" -d \"$OPTARG\"";;
-+        a) args=$args" -a \"$OPTARG\""
-            dir="set";;
--        n) args=$args" -n $OPTARG"
-+        n) args=$args" -n \"$OPTARG\""
-            be="set";;
-         h) usage
-            exit 0;;
--        D) args=$args" -D $OPTARG";;
-+        D) args=$args" -D \"$OPTARG\"";;
-         ?) usage
-            exit 1;;
-     esac
-@@ -65,7 +65,7 @@ fi
- 
- . $initfile
- 
--@sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args
- rc=$?
- 
- exit $rc
-diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in
-index 365e32f..a1696bc 100755
---- a/ldap/admin/src/scripts/vlvindex.in
-+++ b/ldap/admin/src/scripts/vlvindex.in
-@@ -29,14 +29,14 @@ do
-     case $flag in
-         Z) servid=$OPTARG;;
-         v) args=$args" -v";;
--        s) args=$args" -s $OPTARG";;
--        d) args=$args" -d $OPTARG";;
--        a) args=$args" -a $OPTARG";;
--        T) args=$args" -T $OPTARG";;
-+        s) args=$args" -s \"$OPTARG\"";;
-+        d) args=$args" -d \"$OPTARG\"";;
-+        a) args=$args" -a \"$OPTARG\"";;
-+        T) args=$args" -T \"$OPTARG\"";;
-         S) args=$args" -S";;
--        n) args=$args" -n $OPTARG";;
--        x) args=$args" -x $OPTARG";;
--        D) args=$args" -D $OPTARG";;
-+        n) args=$args" -n \"$OPTARG\"";;
-+        x) args=$args" -x \"$OPTARG\"";;
-+        D) args=$args" -D \"$OPTARG\"";;
-         h) usage
-            exit 0;;
-         ?) usage
-@@ -61,4 +61,4 @@ then
-     exit 1
- fi
- 
--@sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
--- 
-1.9.3
-
diff --git a/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch b/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
deleted file mode 100644
index f24f18a..0000000
--- a/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From ba9f2607b8bf565e2f6d1f8751c16c0b485a7210 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 24 Aug 2015 16:13:12 -0700
-Subject: [PATCH 51/52] Ticket #47757 - Unable to dereference unqiemember
- attribute because it is dn [#UID] not dn syntax
-
-Description: In addtion to DN syntax, adding Name and Optional UID
-syntax to the deref attr's OID check.
-
-https://fedorahosted.org/389/ticket/47757
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 2dbbb9df4691590f788049a822c47eb501182c85)
-(cherry picked from commit 626f2d7060390a3234ebb50b92937d1ec5a89481)
----
- ldap/servers/plugins/deref/deref.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
-index 35c2564..f476a4d 100644
---- a/ldap/servers/plugins/deref/deref.c
-+++ b/ldap/servers/plugins/deref/deref.c
-@@ -20,6 +20,9 @@
- #ifndef DN_SYNTAX_OID
- #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
- #endif
-+#ifndef NAME_AND_OPTIONAL_UID_SYNTAX_OID
-+#define NAME_AND_OPTIONAL_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34"
-+#endif
- 
- /*
-  * Plug-in globals
-@@ -290,7 +293,7 @@ deref_check_for_dn_syntax(const char *derefattr)
- 
-         slapi_attr_init(attr, derefattr);
-         slapi_attr_get_syntax_oid_copy(attr, &oid);
--        ret = oid && !strcmp(oid, DN_SYNTAX_OID);
-+        ret = oid && (!strcmp(oid, DN_SYNTAX_OID) || !strcmp(oid, NAME_AND_OPTIONAL_UID_SYNTAX_OID));
-         slapi_ch_free_string(&oid);
-         slapi_attr_free(&attr);
-     }
--- 
-1.9.3
-
diff --git a/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
deleted file mode 100644
index 4b31ffd..0000000
--- a/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 679e7b024e36ac9dfce85766f5d82cc272911e53 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 25 Aug 2015 16:31:10 -0700
-Subject: [PATCH 52/52] Ticket #48228 - wrong password check if
- passwordInHistory is decreased.
-
-Description: Regression was added by this commit:
-  commit 1a119125856006543aae0520b5800a8b52c3b049
-  Ticket #48228 - wrong password check if passwordInHistory is decreased.
-Compare function pw_history_cmp used in qsort did not check the correct
-address for the timestamp string, which made qsort return the password
-history in the wrong order.
-
-https://fedorahosted.org/389/ticket/48228
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit 391acfcf9a67b9b27ebbd98d1dfe30ef54a027c4)
-(cherry picked from commit 096b386663c949136095def77a7fb12eee64e542)
----
- ldap/servers/slapd/pw.c | 21 ++++++++-------------
- 1 file changed, 8 insertions(+), 13 deletions(-)
-
-diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
-index 3abebbf..4e222d7 100644
---- a/ldap/servers/slapd/pw.c
-+++ b/ldap/servers/slapd/pw.c
-@@ -1085,8 +1085,6 @@ retry:
- static int
- pw_history_cmp(const void *h0, const void *h1)
- {
--	size_t h0sz = 0;
--	size_t h1sz = 0;
- 	if (!h0) {
- 		if (!h1) {
- 			return 0;
-@@ -1097,23 +1095,20 @@ pw_history_cmp(const void *h0, const void *h1)
- 		if (!h1) {
- 			return 1;
- 		} else {
--			size_t delta;
--			h0sz = strlen(h0);
--			h1sz = strlen(h1);
--			delta = h0sz - h1sz;
--			if (!delta) {
--				return delta;
--			}
--			if (h0sz < GENERALIZED_TIME_LENGTH) {
-+			char *h0str = *(char **)h0;
-+			char *h1str = *(char **)h1;
-+			size_t h0sz = strlen(h0str);
-+			size_t h1sz = strlen(h1str);
-+			if ((h0sz < GENERALIZED_TIME_LENGTH) ||
-+			    (h1sz < GENERALIZED_TIME_LENGTH)) {
- 				/* too short for the history str. */
--				return 0;
-+				return h0sz - h1sz;
- 			}
-+			return PL_strncmp(h0str, h1str, GENERALIZED_TIME_LENGTH);
- 		}
- 	}
--	return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
- }
- 
--
- static int
- update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
- {
--- 
-1.9.3
-
diff --git a/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch b/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
deleted file mode 100644
index a428a37..0000000
--- a/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From c03a9f7c121355aefadc92ed67bcb6f400196017 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 2 Sep 2015 14:28:27 -0700
-Subject: [PATCH 53/54] Ticket #48265 - Complex filter in a search request
- doen't work as expected. (regression)
-
-Description: commit c2658c14802783d0a8919783aa7123be9e749c18 to fix
-Ticket 47521 - Complex filter in a search request doen't work as expected.
-regressed this case:
-  "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(|(uid=*test*)(cn=*test*))(o=X))"
-in which a simple filter follows a complex filter which choice is
-different from the outer choice.  I.e., '|' for (uid=...)(cn=...)
-is different from the first '&'.
-
-The fix for 47521 solves this case:
-  "(&(&(uid=A)(cn=B))(&(givenname=C))(mail=D)(&(description=E)))"
-in this case, (mail=D) used to be dropped from the filter in the
-function index_subsys_flatten_filter.
-
-The 47521 fix saved the simple filter "(mail=D)" in the 2nd example,
-but it forced to skip the complex filter with the different choice
-and converted the 1st example to:
-  "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(o=X))"
-This patch saves such a complex filter, as well.
-
-https://fedorahosted.org/389/ticket/48265
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 8c3d3e4648fbb5229e329e2154d46f1ae808ba02)
-(cherry picked from commit 3d9dbf2d441e551495a1f3169dc2020324c484b4)
----
- ldap/servers/slapd/index_subsystem.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c
-index fdaef6a..93bf9d5 100644
---- a/ldap/servers/slapd/index_subsystem.c
-+++ b/ldap/servers/slapd/index_subsystem.c
-@@ -412,6 +412,11 @@ static void index_subsys_flatten_filter(Slapi_Filter *flist)
- 				}
- 				else
- 				{
-+					/* don't loose a nested filter having a different choice */
-+					if (flast) {
-+						flast->f_next = f;
-+						flast = f;
-+					}
- 					fprev = f;
- 					f = f->f_next;
- 				}
--- 
-1.9.3
-
diff --git a/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch b/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
deleted file mode 100644
index 56c535a..0000000
--- a/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 8d4369e6060f7c079b02fa87a0cd0d2ae0488ecd Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 2 Sep 2015 18:04:27 -0700
-Subject: [PATCH 54/54] Ticket #47981 - COS cache doesn't properly mark vattr
- cache as invalid when there are multiple suffixes
-
-Description: commit 42e2df3858a4e14706d57b5c907d1d3768f4d970 for fixing
-icket 47981 accidentally added "break" to the while loop when a
-condition is satisfied:
-  if(!cos_cache_add_dn_defs(suffixVals[valIndex]->bv_val ,pDefs))
-which skips the rest of the definitions.  This patch removes the
-"break".
-
-https://fedorahosted.org/389/ticket/47981
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 6557b820dca7980067afc2a33184197b2d154a51)
-(cherry picked from commit c1721f1d6e2344eefaec817ed47119c15c43fcfc)
----
- ldap/servers/plugins/cos/cos_cache.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
-index ddb85ab..e0b841d 100644
---- a/ldap/servers/plugins/cos/cos_cache.c
-+++ b/ldap/servers/plugins/cos/cos_cache.c
-@@ -647,7 +647,6 @@ static int cos_cache_build_definition_list(cosDefinitions **pDefs, int *vattr_ca
- 									{
- 										*vattr_cacheable = -1;
- 										cos_def_available = 1;
--										break;
- 									}
- 								}
- 								valIndex++;
--- 
-1.9.3
-
diff --git a/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch b/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
deleted file mode 100644
index f77fb37..0000000
--- a/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 4040a7b0968db2aa5b905c7268abf57eca2ec8c2 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 14 Sep 2015 12:01:08 -0400
-Subject: [PATCH 55/61] Ticket 48276 - initialize free_flags in
- reslimit_update_from_entry()
-
-Description:  In reslimit_update_from_entry() the free_flags was not initialized,
-              which could lead to it being seen as set, and cause an entry's
-              vattrs to be incorrectly/unexpectedly freed.
-
-https://fedorahosted.org/389/ticket/48276
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 2311c71cec33c29863bdb1dabe1ed363679316d3)
-(cherry picked from commit 5f32582d043a5498791dda5af7091bf1a4a320f0)
----
- ldap/servers/slapd/resourcelimit.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/resourcelimit.c b/ldap/servers/slapd/resourcelimit.c
-index 8c0a09c..7630f88 100644
---- a/ldap/servers/slapd/resourcelimit.c
-+++ b/ldap/servers/slapd/resourcelimit.c
-@@ -342,11 +342,14 @@ reslimit_update_from_dn( Slapi_Connection *conn, Slapi_DN *dn )
- int
- reslimit_update_from_entry( Slapi_Connection *conn, Slapi_Entry *e )
- {
--	char					*fnname = "reslimit_update_from_entry()";
--	char					*actual_type_name, *get_ext_logname;
--	int						i, rc, type_name_disposition, free_flags;
--	SLAPIResLimitConnData	*rlcdp;
--	Slapi_ValueSet			*vs;
-+	SLAPIResLimitConnData *rlcdp = NULL;
-+	Slapi_ValueSet *vs = NULL;
-+	char *fnname = "reslimit_update_from_entry()";
-+	char *actual_type_name = NULL;
-+	char *get_ext_logname = NULL;
-+	int type_name_disposition = 0;
-+	int free_flags = 0;
-+	int rc, i;
- 
- 	LDAPDebug( SLAPI_RESLIMIT_TRACELEVEL, "=> %s conn=0x%x, entry=0x%x\n",
- 			fnname, conn, e );
--- 
-1.9.3
-
diff --git a/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
deleted file mode 100644
index adc14d9..0000000
--- a/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 14e08bde4a48a8e8b56edc817b5d1e3d56b96c72 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 15 Sep 2015 18:25:02 -0700
-Subject: [PATCH 56/61] Ticket #48226 - In MMR, double free coould occur under
- some special condition
-
-Description: commit a0f8e0f981a046882db299a7a6d6d1c01bc19571 introduced
-a memory leak in the case of resolve_attribute_state_present_to_deleted.
-In the case, csnset is not consumed.  Thus, it has to be freed by csnset_
-free.
-
-https://fedorahosted.org/389/ticket/48226
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit b26ec6762fe2b5d37ade59243086cfd2308e8f0a)
-(cherry picked from commit 4a3efc3330a034fa485f33e453054758561d4cea)
----
- ldap/servers/slapd/entrywsi.c | 22 +++++++++++-----------
- ldap/servers/slapd/valueset.c |  1 +
- 2 files changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
-index e719dce..a8f8455 100644
---- a/ldap/servers/slapd/entrywsi.c
-+++ b/ldap/servers/slapd/entrywsi.c
-@@ -1280,23 +1280,23 @@ resolve_attribute_state_present_to_deleted(Slapi_Entry *e, Slapi_Attr *a, Slapi_
- 	const CSN *adcsn= attr_get_deletion_csn(a);
- 	int i;
- 	if ( valuestoupdate != NULL && valuestoupdate[0] != NULL ) {
--	for (i=0;valuestoupdate[i]!=NULL;++i) {
--	/* This call ensures that the value does not contain a deletion_csn
--	 * which is before the presence_csn or distinguished_csn of the value.
--	 */ 
--	    purge_attribute_state_multi_valued(a, valuestoupdate[i]);
--		vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
--		vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
--		deletedcsn= csn_max(vdcsn, adcsn);
-+		for (i=0;valuestoupdate[i]!=NULL;++i) {
-+			/* This call ensures that the value does not contain a deletion_csn
-+			 * which is before the presence_csn or distinguished_csn of the value.
-+			 */ 
-+			purge_attribute_state_multi_valued(a, valuestoupdate[i]);
-+			vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
-+			vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
-+			deletedcsn= csn_max(vdcsn, adcsn);
- 			if(csn_compare(vucsn,deletedcsn)<0) 
- 			{
--	        		if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
-+				if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
- 				{
- 					entry_present_value_to_deleted_value(a,valuestoupdate[i]);
- 				}
- 			}
--		valuestoupdate[i]->v_csnset = NULL;
--	}
-+			csnset_free(&valuestoupdate[i]->v_csnset);
-+		}
- 	}
- }
- 
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 7eabb82..50c0e52 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1416,6 +1416,7 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- 			{
- 				value_update_csn(v,t,csn);
- 				if (csnref_updated) {
-+					csnset_free(&valuestoupdate[i]->v_csnset);
- 					valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
- 				}
- 				valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
--- 
-1.9.3
-
diff --git a/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch b/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
deleted file mode 100644
index 35347f1..0000000
--- a/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
+++ /dev/null
@@ -1,335 +0,0 @@
-From 05e127c89281cece8bc1fa79bac6b95cc23dcca9 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 11 Sep 2015 18:56:53 +0200
-Subject: [PATCH 57/61] Ticket 48266: Fractional replication evaluates several
- times the same CSN
-
-Bug Description:
-	In fractional replication if there are only skipped updates and many of them, the supplier
-	acquire the replica for a long time. At the end of the session, RUV is not updated
-	so the next session will restart evaluating the same skipped updates
-
-Fix Description:
-	The fix introduces subentries under the suffix: 'cn=repl keep alive <rid>,$SUFFIX'
-	During an incremental replication session, if the session only contains skipped updates
-	and the number of them overpass a threshold (100), it triggers an update on that subentry.
-
-	This update will eventually be replicated, moving forward the RUV
-
-https://fedorahosted.org/389/ticket/48266
-
-Reviewed by: Noriko Hosoi, Rich Megginson, Simon Pichugin
-
-Platforms tested: <plat>
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 6343e4cba17802e19daa5c971120fa352ff80ad4)
----
- ldap/servers/plugins/replication/repl5.h           |   2 +
- .../plugins/replication/repl5_inc_protocol.c       |  39 ++++++
- ldap/servers/plugins/replication/repl5_replica.c   | 156 +++++++++++++++++++++
- .../plugins/replication/repl5_tot_protocol.c       |  13 +-
- 4 files changed, 209 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 0b0f26b..17282bb 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -523,6 +523,8 @@ Replica *windows_replica_new(const Slapi_DN *root);
-    during addition of the replica over LDAP */
- Replica *replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_operation);
- void replica_destroy(void **arg);
-+int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid);
-+int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid);
- PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid,
- 									const char *locking_purl,
- 									char **current_purl);
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 216de3c..e0599e5 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -1672,6 +1672,11 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 		int finished = 0;
- 		ConnResult replay_crc;
- 		char csn_str[CSN_STRSIZE];
-+		PRBool subentry_update_sent = PR_FALSE;
-+		PRBool subentry_update_needed = PR_FALSE;
-+		int skipped_updates = 0;
-+		int fractional_repl;
-+#define FRACTIONAL_SKIPPED_THRESHOLD 100
- 
- 		/* Start the results reading thread */
- 		rd = repl5_inc_rd_new(prp);
-@@ -1688,6 +1693,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 
- 		memset ( (void*)&op, 0, sizeof (op) );
- 		entry.op = &op;
-+		fractional_repl = agmt_is_fractional(prp->agmt);
- 		do {
- 			cl5_operation_parameters_done ( entry.op );
- 			memset ( (void*)entry.op, 0, sizeof (op) );
-@@ -1783,6 +1789,15 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 					csn_as_string(entry.op->csn, PR_FALSE, csn_str);
- 					replica_id = csn_get_replicaid(entry.op->csn);
- 					uniqueid = entry.op->target_address.uniqueid;
-+                    
-+					if (fractional_repl && message_id) 
-+					{
-+						/* This update was sent no need to update the subentry
-+						 * and restart counting the skipped updates
-+						 */
-+						subentry_update_needed = PR_FALSE;
-+						skipped_updates = 0;
-+					}
- 
- 					if (prp->repl50consumer && message_id) 
- 					{
-@@ -1813,6 +1828,16 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 							agmt_get_long_name(prp->agmt),
- 							entry.op->target_address.uniqueid, csn_str);
- 						agmt_inc_last_update_changecount (prp->agmt, csn_get_replicaid(entry.op->csn), 1 /*skipped*/);
-+						if (fractional_repl) 
-+						{
-+							skipped_updates++;
-+							if (skipped_updates > FRACTIONAL_SKIPPED_THRESHOLD) {
-+								slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+										"%s: skipped updates is too high (%d) if no other update is sent we will update the subentry\n",
-+										agmt_get_long_name(prp->agmt), skipped_updates);
-+								subentry_update_needed = PR_TRUE;
-+							}
-+						}
- 					}
- 				}
- 				break;
-@@ -1878,6 +1903,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 			PR_Unlock(rd->lock);
- 		} while (!finished);
- 
-+		if (fractional_repl && subentry_update_needed)
-+		{
-+			Replica *replica;
-+			ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
-+			replica = (Replica*) object_get_data(prp->replica_object);
-+			if (replica)
-+			{
-+				rid = replica_get_rid(replica);
-+			}
-+			slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+					"%s: skipped updates was definitely too high (%d) update the subentry now\n",
-+					agmt_get_long_name(prp->agmt), skipped_updates);
-+			replica_subentry_update(agmt_get_replarea(prp->agmt), rid);
-+		}
- 		/* Terminate the results reading thread */
- 		if (!prp->repl50consumer) 
- 		{
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 92b4e96..6ac28c1 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -414,6 +414,161 @@ replica_destroy(void **arg)
- 	slapi_ch_free((void **)arg);
- }
- 
-+#define KEEP_ALIVE_ATTR "keepalivetimestamp"
-+#define KEEP_ALIVE_ENTRY "repl keep alive"
-+#define KEEP_ALIVE_DN_FORMAT "cn=%s %d,%s"
-+
-+
-+static int
-+replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid) 
-+{
-+    char *entry_string = NULL;
-+    Slapi_Entry *e = NULL;
-+    Slapi_PBlock *pb = NULL;
-+    int return_value;
-+    int rc = 0;
-+
-+    entry_string = slapi_ch_smprintf("dn: cn=%s %d,%s\nobjectclass: top\nobjectclass: ldapsubentry\nobjectclass: extensibleObject\ncn: %s %d",
-+            KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), KEEP_ALIVE_ENTRY, rid);
-+    if (entry_string == NULL) {
-+        slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+            "replica_subentry_create add failed in slapi_ch_smprintf\n");
-+        rc = -1;
-+        goto done;
-+    }
-+
-+    slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "add %s\n", entry_string);
-+    e = slapi_str2entry(entry_string, 0);
-+
-+    /* create the entry */
-+    pb = slapi_pblock_new();
-+
-+
-+    slapi_add_entry_internal_set_pb(pb, e, NULL, /* controls */
-+            repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */);
-+    slapi_add_internal_pb(pb);
-+    slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value);
-+    if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS) 
-+    {
-+        slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
-+                "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
-+                ldap_err2string(return_value));
-+        rc = -1;
-+        slapi_entry_free(e); /* The entry was not consumed */
-+        goto done;
-+    }
-+
-+done:
-+
-+    slapi_pblock_destroy(pb);
-+    slapi_ch_free_string(&entry_string);
-+    return rc;
-+
-+}
-+
-+int
-+replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
-+{
-+    Slapi_PBlock *pb;
-+    char *filter = NULL;
-+    Slapi_Entry **entries = NULL;
-+    int res;
-+    int rc = 0;
-+
-+    pb = slapi_pblock_new();
-+    filter = slapi_ch_smprintf("(&(objectclass=ldapsubentry)(cn=%s %d))", KEEP_ALIVE_ENTRY, rid);
-+    slapi_search_internal_set_pb(pb, slapi_sdn_get_dn(repl_root), LDAP_SCOPE_ONELEVEL,
-+            filter, NULL, 0, NULL, NULL,
-+            repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
-+    slapi_search_internal_pb(pb);
-+    slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
-+    if (res == LDAP_SUCCESS)
-+    {
-+        slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+        if (entries && (entries[0] == NULL))
-+        {
-+            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+                    "Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-+            rc = replica_subentry_create(repl_root, rid);
-+        } else {
-+            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+                    "replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-+            rc = 0;
-+        }
-+    } else {
-+        slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+                "Error accessing replication keep alive entry <cn=%s %d,%s> res=%d\n",
-+                KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), res);
-+        /* The status of the entry is not clear, do not attempt to create it */
-+        rc = 1;
-+    }
-+    slapi_free_search_results_internal(pb);
-+
-+    slapi_pblock_destroy(pb);
-+    slapi_ch_free_string(&filter);
-+    return rc;
-+}
-+
-+int
-+replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid) 
-+{
-+    int ldrc;
-+    int rc = LDAP_SUCCESS; /* Optimistic default */
-+    LDAPMod * mods[2];
-+    LDAPMod mod;
-+    struct berval * vals[2];
-+    char buf[20];
-+    time_t curtime;
-+    struct tm ltm;
-+    struct berval val;
-+    Slapi_PBlock *modpb = NULL;
-+    char *dn;
-+
-+    replica_subentry_check(repl_root, rid);
-+    curtime = current_time();
-+    gmtime_r(&curtime, &ltm);
-+    strftime(buf, sizeof (buf), "%Y%m%d%H%M%SZ", &ltm);
-+
-+    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "subentry_update called at %s\n", buf);
-+
-+
-+    val.bv_val = buf;
-+    val.bv_len = strlen(val.bv_val);
-+
-+    vals [0] = &val;
-+    vals [1] = NULL;
-+
-+    mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
-+    mod.mod_type = KEEP_ALIVE_ATTR;
-+    mod.mod_bvalues = vals;
-+
-+    mods[0] = &mod;
-+    mods[1] = NULL;
-+
-+    modpb = slapi_pblock_new();
-+    dn = slapi_ch_smprintf(KEEP_ALIVE_DN_FORMAT, KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-+
-+    slapi_modify_internal_set_pb(modpb, dn, mods, NULL, NULL,
-+            repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
-+    slapi_modify_internal_pb(modpb);
-+
-+    slapi_pblock_get(modpb, SLAPI_PLUGIN_INTOP_RESULT, &ldrc);
-+
-+    if (ldrc != LDAP_SUCCESS)
-+    {
-+        slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+                "Failure (%d) to update replication keep alive entry \"%s: %s\"\n", ldrc, KEEP_ALIVE_ATTR, buf);
-+        rc = ldrc;
-+    } else {
-+        slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name,
-+                "Successful update of replication keep alive entry \"%s: %s\"\n", KEEP_ALIVE_ATTR, buf);
-+    }
-+
-+    slapi_pblock_destroy(modpb);
-+    slapi_ch_free_string(&dn);
-+    return rc;
-+
-+}
- /*
-  * Attempt to obtain exclusive access to replica (advisory only)
-  *
-@@ -3816,6 +3971,7 @@ replica_enable_replication (Replica *r)
-         /* What to do ? */
-     }
- 
-+    replica_subentry_check(r->repl_root, replica_get_rid(r));
-     /* Replica came back online, Check if the total update was terminated.
-        If flag is still set, it was not terminated, therefore the data is
-        very likely to be incorrect, and we should not restart Replication threads...
-diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-index d9401cf..e004af4 100644
---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-@@ -318,6 +318,9 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- 	int portnum = 0;
- 	Slapi_DN *area_sdn = NULL;
- 	CSN *remote_schema_csn = NULL;
-+	int init_retry = 0;
-+	Replica *replica;
-+	ReplicaId rid = 0; /* Used to create the replica keep alive subentry */
- 	
- 	PR_ASSERT(NULL != prp);
- 
-@@ -395,7 +398,15 @@ repl5_tot_run(Private_Repl_Protocol *prp)
-     ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *));
-     ctrls[0] = create_managedsait_control ();
-     ctrls[1] = create_backend_control(area_sdn);
--	
-+
-+	/* Time to make sure it exists a keep alive subentry for that replica */
-+	replica = (Replica*) object_get_data(prp->replica_object);
-+	if (replica)
-+	{
-+		rid = replica_get_rid(replica);
-+	}
-+	replica_subentry_check(area_sdn, rid);
-+
-     slapi_search_internal_set_pb (pb, slapi_sdn_get_dn (area_sdn), 
-                                   LDAP_SCOPE_SUBTREE, "(|(objectclass=ldapsubentry)(objectclass=nstombstone)(nsuniqueid=*))", NULL, 0, ctrls, NULL, 
-                                   repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
--- 
-1.9.3
-
diff --git a/SOURCES/0058-Ticket-48266-coverity-issue.patch b/SOURCES/0058-Ticket-48266-coverity-issue.patch
deleted file mode 100644
index 7cbc726..0000000
--- a/SOURCES/0058-Ticket-48266-coverity-issue.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 25fa7a078549404141f1fd36b277a857a615df83 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 18 Sep 2015 18:38:19 +0200
-Subject: [PATCH 58/61] Ticket 48266: coverity issue
-
-(cherry picked from commit 8cd4f45a9621dfaea7249179919b783857c9f22c)
----
- ldap/servers/plugins/replication/repl5_inc_protocol.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index e0599e5..7680340 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -1672,7 +1672,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 		int finished = 0;
- 		ConnResult replay_crc;
- 		char csn_str[CSN_STRSIZE];
--		PRBool subentry_update_sent = PR_FALSE;
- 		PRBool subentry_update_needed = PR_FALSE;
- 		int skipped_updates = 0;
- 		int fractional_repl;
--- 
-1.9.3
-
diff --git a/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch b/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
deleted file mode 100644
index b6f97be..0000000
--- a/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From ac98944372376a0d41a33dfe84a99bfaa151699f Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 18 Sep 2015 11:56:29 -0400
-Subject: [PATCH 59/61] Ticket 48217 - cleanallruv - fix regression with server
- shutdown
-
-Bug Description:  Recent checks for server shutdown were added to cleanallruv task,
-                  but we did not properly check for "shutdown" at the end of the task.
-                  This caused the server to think the task successfully finished,
-                  when in fact it did not.
-
-Fix Description:  Properly check for shutdown at the end of the task, and handler it
-                  appropriately.
-
-https://fedorahosted.org/389/ticket/48217
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit c41d36de0ca438bf23e4e810bfec0fd59cbc790b)
-(cherry picked from commit d9f03f5fddfc8ba7009c9dcc584686e43d6339e8)
----
- ldap/servers/plugins/replication/repl5_replica_config.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 446da3f..8d3c481 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1948,7 +1948,7 @@ done:
-     /*
-      *  If the replicas are cleaned, release the rid
-      */
--    if(!aborted){
-+    if(!aborted && !slapi_is_shutting_down()){
-         delete_cleaned_rid_config(data);
-         /* make sure all the replicas have been "pre_cleaned" before finishing */
-         check_replicas_are_done_cleaning(data);
-@@ -3005,7 +3005,7 @@ replica_abort_task_thread(void *arg)
-     }
- 
-     /*
--     *  Now send the cleanruv extended op to all the agreements
-+     *  Now send the abort cleanruv extended op to all the agreements
-      */
-     while(agmt_not_notified && !slapi_is_shutting_down()){
-         agmt_obj = agmtlist_get_first_agreement_for_replica (data->replica);
-@@ -3013,7 +3013,7 @@ replica_abort_task_thread(void *arg)
-         	agmt_not_notified = 0;
-         	break;
-         }
--        while (agmt_obj){
-+        while (agmt_obj && !slapi_is_shutting_down()){
-             agmt = (Repl_Agmt*)object_get_data (agmt_obj);
-             if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
-                 agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -3058,7 +3058,7 @@ replica_abort_task_thread(void *arg)
-     } /* while */
- 
- done:
--    if(agmt_not_notified){
-+    if(agmt_not_notified || slapi_is_shutting_down()){
-         /* failure */
-         cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Abort task failed, will resume the task at the next server startup.");
-     } else {
--- 
-1.9.3
-
diff --git a/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
deleted file mode 100644
index f9138cf..0000000
--- a/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From caab3e19a97d58450bbf06034974d4631aa904b6 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Fri, 18 Sep 2015 11:13:43 -0700
-Subject: [PATCH 60/61] Ticket #48188 - segfault in ns-slapd due to accessing
- Slapi_DN freed in pre bind plug-in
-
-This patch is based upon the patch provided by Simo Sorce <simo@redhat.com> for
-Ticket #48272 - Allow PRE_BIND plugins to mangle DNs
-
-Description:
-Allow a pre_bind plugin to map a DN to another
-
-This is useful for plugins that deal with virtual trees or non-standard
-clients binding with values that are not proper DNs and similar situations.
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
-
-2 changes are made to the original patch:
-1. removed "slapi_sdn_free(&sdn)" with this comment:
-   * It is a plug-in's responsibility to free the original Slapi_DN.
-   Note: slapi-nis already freed the original sdn.
-2. reset dn from the new sdn.
-   dn = slapi_sdn_get_dn(sdn);
-
-https://fedorahosted.org/389/ticket/48188
-
-Reviewed by rmeggins@redhat.com and lkrispen@redhat.com.
-
-(cherry picked from commit 40e0d0f80d6fd1271431e105580293747c43c327)
-(cherry picked from commit 6871f4f6d14198563f7f3cb0646a00faa28d35ea)
----
- ldap/servers/slapd/bind.c | 21 ++++++++++++++++++---
- 1 file changed, 18 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
-index 1bd604f..4ec276a 100644
---- a/ldap/servers/slapd/bind.c
-+++ b/ldap/servers/slapd/bind.c
-@@ -669,7 +669,7 @@ do_bind( Slapi_PBlock *pb )
- 
-     slapi_pblock_set( pb, SLAPI_BACKEND, be );
- 
--	/* not root dn - pass to the backend */
-+    /* not root dn - pass to the backend */
-     if ( be->be_bind != NULL ) {
- 
-         /*
-@@ -677,10 +677,25 @@ do_bind( Slapi_PBlock *pb )
-          * the backend bind function. then call the post-bind
-          * plugins.
-          */
--        if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN )
--             == 0 )  {
-+        if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 )  {
-             rc = 0;
- 
-+            /* Check if a pre_bind plugin mapped the DN to another backend */
-+            Slapi_DN *pb_sdn;
-+            slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
-+            if (pb_sdn != sdn) {
-+                /*
-+                 * Slapi_DN set in pblock was changed by a pre bind plug-in.
-+                 * It is a plug-in's responsibility to free the original Slapi_DN.
-+                 */
-+                sdn = pb_sdn;
-+                dn = slapi_sdn_get_dn(sdn);
-+
-+                slapi_be_Unlock(be);
-+                be = slapi_be_select(sdn);
-+                slapi_be_Rlock(be);
-+            }
-+
-             /*
-              * Is this account locked ?
-              *	could be locked through the account inactivation
--- 
-1.9.3
-
diff --git a/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
deleted file mode 100644
index 0ce22e8..0000000
--- a/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 91e8872841e18eb96f2680fba180d636bb0a2a67 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 18 Sep 2015 15:19:51 -0700
-Subject: [PATCH 61/61] Ticket #48188 - segfault in ns-slapd due to accessing
- Slapi_DN freed in pre bind plug-in
-
-Description: Additional fixes based upon the comments by rmeggins@redhat.com
-(Thank you, Rich!!).
-https://fedorahosted.org/389/ticket/48188?replyto=24#comment:24
-1. Implemented the case 2)
-   If the plugin changes the SLAPI_BIND_TARGET_SDN *value*,
-   we need to select a different backend. It is possible
-   (but not very useful) for the plugin to change the pointer,
-   but use the same value.
-2. Added an api slapi_be_select_exact which returns NULL if
-   there is no matching backend.
-
-https://fedorahosted.org/389/ticket/48188
-
-Reviewed by rmeggins@redhat.com (Thank you!)
-
-(cherry picked from commit 8212a8913b748cd1f5e986a754c37ef41db8272a)
-(cherry picked from commit a215c006e0900caaa555def9e047e295844d8652)
----
- ldap/servers/slapd/bind.c         | 47 +++++++++++++++++++++++++++++----------
- ldap/servers/slapd/mapping_tree.c | 19 ++++++++++++++++
- ldap/servers/slapd/slapi-plugin.h |  1 +
- 3 files changed, 55 insertions(+), 12 deletions(-)
-
-diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
-index 4ec276a..474b508 100644
---- a/ldap/servers/slapd/bind.c
-+++ b/ldap/servers/slapd/bind.c
-@@ -107,6 +107,7 @@ do_bind( Slapi_PBlock *pb )
-     int auto_bind = 0;
-     int minssf = 0;
-     int minssf_exclude_rootdse = 0;
-+    Slapi_DN *original_sdn = NULL;
- 
-     LDAPDebug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
- 
-@@ -660,10 +661,9 @@ do_bind( Slapi_PBlock *pb )
-         goto free_and_return;
-     }
- 
--    if (referral)
--    {
--		send_referrals_from_entry(pb,referral);
--		slapi_entry_free(referral);
-+    if (referral) {
-+        send_referrals_from_entry(pb,referral);
-+        slapi_entry_free(referral);
-         goto free_and_return;
-     }
- 
-@@ -671,29 +671,50 @@ do_bind( Slapi_PBlock *pb )
- 
-     /* not root dn - pass to the backend */
-     if ( be->be_bind != NULL ) {
--
-+        original_sdn = slapi_sdn_dup(sdn);
-         /*
-          * call the pre-bind plugins. if they succeed, call
-          * the backend bind function. then call the post-bind
-          * plugins.
-          */
-         if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 )  {
-+            int sdn_updated = 0;
-             rc = 0;
- 
-             /* Check if a pre_bind plugin mapped the DN to another backend */
-             Slapi_DN *pb_sdn;
-             slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
--            if (pb_sdn != sdn) {
-+            if (!pb_sdn) {
-+                PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
-+                send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
-+                goto free_and_return;
-+            } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
-                 /*
-                  * Slapi_DN set in pblock was changed by a pre bind plug-in.
-                  * It is a plug-in's responsibility to free the original Slapi_DN.
-                  */
-                 sdn = pb_sdn;
-                 dn = slapi_sdn_get_dn(sdn);
--
--                slapi_be_Unlock(be);
--                be = slapi_be_select(sdn);
--                slapi_be_Rlock(be);
-+                if (!dn) {
-+                    PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
-+                    send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
-+                    goto free_and_return;
-+                }
-+                if (!sdn_updated) { /* pb_sdn != sdn; need to compare the dn's. */
-+                    sdn_updated = slapi_sdn_compare(original_sdn, sdn);
-+                }
-+                if (sdn_updated) { /* call slapi_be_select only when the DN is updated. */
-+                    slapi_be_Unlock(be);
-+                    be = slapi_be_select_exact(sdn);
-+                    if (be) {
-+                        slapi_be_Rlock(be);
-+                        slapi_pblock_set( pb, SLAPI_BACKEND, be );
-+                    } else {
-+                        PR_snprintf(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
-+                        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
-+                        goto free_and_return;
-+                    }
-+                }
-             }
- 
-             /*
-@@ -845,10 +866,12 @@ account_locked:
-     }
- 
- free_and_return:;
--    if (be)
-+    slapi_sdn_free(&original_sdn);
-+    if (be) {
-         slapi_be_Unlock(be);
-+    }
-     if (bind_sdn_in_pb) {
--	    slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
-+        slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
-     }
-     slapi_sdn_free(&sdn);
-     slapi_ch_free_string( &saslmech );
-diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
-index 165eba1..20c2cc3 100644
---- a/ldap/servers/slapd/mapping_tree.c
-+++ b/ldap/servers/slapd/mapping_tree.c
-@@ -3095,6 +3095,25 @@ slapi_be_select( const Slapi_DN *sdn ) /* JCM - The name of this should change??
-     return be;
- }
- 
-+Slapi_Backend *
-+slapi_be_select_exact(const Slapi_DN *sdn)
-+{
-+    Slapi_Backend *be = NULL;
-+    mapping_tree_node *node = NULL;
-+
-+    if (!sdn) {
-+        LDAPDebug0Args(LDAP_DEBUG_ANY, "slapi_be_select_exact: Empty Slapi_DN is given.\n");
-+        return NULL;
-+    }
-+    node = slapi_get_mapping_tree_node_by_dn(sdn);
-+
-+    if (node && node->mtn_be) {
-+        be = node->mtn_be[0];
-+    }
-+
-+    return be;
-+}
-+
- /* Check if the dn targets an internal reserved backends */
- int
- slapi_on_internal_backends(const Slapi_DN *sdn)
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index 6b04610..564da44 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -6338,6 +6338,7 @@ Slapi_Backend *slapi_be_new( const char *type, const char *name,
- 	int isprivate, int logchanges );
- void slapi_be_free(Slapi_Backend **be);
- Slapi_Backend *slapi_be_select( const Slapi_DN *sdn );
-+Slapi_Backend *slapi_be_select_exact(const Slapi_DN *sdn);
- Slapi_Backend *slapi_be_select_by_instance_name( const char *name );
- int slapi_be_exist(const Slapi_DN *sdn);
- void slapi_be_delete_onexit(Slapi_Backend *be);
--- 
-1.9.3
-
diff --git a/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch b/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch
deleted file mode 100644
index 6f83044..0000000
--- a/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 02c520c6fa44f9f2499c79e48531b59d62875a39 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Sat, 19 Sep 2015 09:58:39 -0700
-Subject: [PATCH] Ticket 48266 - coverity -- unused variable 'init_retry'
-
-Description: Backport error for Ticket 48266 - Fractional replication
-             evaluates several times the same CSN
-             (commit 05e127c89281cece8bc1fa79bac6b95cc23dcca9)
----
- ldap/servers/plugins/replication/repl5_tot_protocol.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-index e004af4..7da893a 100644
---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-@@ -318,7 +318,6 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- 	int portnum = 0;
- 	Slapi_DN *area_sdn = NULL;
- 	CSN *remote_schema_csn = NULL;
--	int init_retry = 0;
- 	Replica *replica;
- 	ReplicaId rid = 0; /* Used to create the replica keep alive subentry */
- 	
--- 
-1.9.3
-
diff --git a/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch b/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch
deleted file mode 100644
index 2d85f36..0000000
--- a/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 060b9298fd03cbdac725be398e7754f67aa2b5c1 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 22 Sep 2015 09:49:12 -0400
-Subject: [PATCH 63/65] Ticket 48266 - Online init crashes consumer
-
-Bug Description:  When trying to create the 'replica keep alive' entry
-                  on a consumer during an online init, the entry gets freed
-                  in op_shared_add(), and then freed again in
-                  replica_subentry_create() which leads to a crash.
-
-Fix Description:  Do not free the "keep alive" entry if a referral is
-                  returned when trying to create the keep-alive entry.
-
-https://fedorahosted.org/389/ticket/48266
-
-Reviewed by: tbordaz(Thanks!)
-
-(cherry picked from commit 5538bac519c5363bb456e98d615c9366dedd57d8)
-(cherry picked from commit 1c127b40c1c7298839562326babbf2cba65cce1b)
----
- ldap/servers/plugins/replication/repl5_replica.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 6ac28c1..708008c 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -448,7 +448,9 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
-             repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */);
-     slapi_add_internal_pb(pb);
-     slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value);
--    if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS) 
-+    if (return_value != LDAP_SUCCESS &&
-+        return_value != LDAP_ALREADY_EXISTS &&
-+        return_value != LDAP_REFERRAL /* CONSUMER */)
-     {
-         slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
-                 "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
--- 
-1.9.3
-
diff --git a/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch b/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch
deleted file mode 100644
index ebe138e..0000000
--- a/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From d1598673937a83127249e6c26de6af3a18a5f51c Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 22 Sep 2015 13:41:06 -0400
-Subject: [PATCH 64/65] Ticket 48284 - free entry when internal add fails
-
-Bug Description:  The entry passed to an internal add operaton is expected
-                  to be consumed, but it is not freed during an internal
-                  add when setting slapi_add_internal_pb() returns an error.
-
-Fix Description:  Free the entry in slapi_add_internal_pb() when the operation
-                  is not allowed.
-
-https://fedorahosted.org/389/ticket/48284
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 622be8bfbc942fe100b8880df72db26e99e1c954)
-(cherry picked from commit 99dbfb7601daea80f80d1ea9d29766d76555e01a)
----
- ldap/servers/slapd/add.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
-index 5eb2042..31012a2 100644
---- a/ldap/servers/slapd/add.c
-+++ b/ldap/servers/slapd/add.c
-@@ -316,6 +316,12 @@ int slapi_add_internal_pb (Slapi_PBlock *pb)
- 
- 	if (!allow_operation (pb))
- 	{
-+		/* free the entry as it's expected to be consumed */
-+		Slapi_Entry *e;
-+		slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
-+		slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
-+		slapi_entry_free(e);
-+
- 		slapi_send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
- 						 "This plugin is not configured to access operation target data", 0, NULL );
- 		return 0;
-@@ -727,8 +733,8 @@ static void op_shared_add (Slapi_PBlock *pb)
- 				slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &pse);
- 				do_ps_service(pse, NULL, LDAP_CHANGETYPE_ADD, 0);
- 				/* 
--				 * If be_add succeeded, then e is consumed except the resurect case.
--				 * If it is resurect, the corresponding tombstone entry is resurected
-+				 * If be_add succeeded, then e is consumed except the resurrect case.
-+				 * If it is resurrect, the corresponding tombstone entry is resurrected
- 				 * and put into the cache.
- 				 * Otherwise, we set e to NULL to prevent freeing it ourselves.
- 				 */
--- 
-1.9.3
-
diff --git a/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch b/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
deleted file mode 100644
index 23541a8..0000000
--- a/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3a3d1f22ea262270bc859aeb4c80928d5a085817 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 22 Sep 2015 13:58:38 -0400
-Subject: [PATCH 65/65] Ticket 48266 - do not free repl keep alive entry on
- error
-
-Description:  There is no need to free the "repl keep alive" entry
-              if any stage of the "add" fails.  Otherwise we could
-              potentially run into a double free.
-
-https://fedorahosted.org/389/ticket/48266
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit e5d9b0c741af1c3ea5e8212148a3ba95ee18925b)
-(cherry picked from commit f95e73f620987de9107246b30b28fd463024b61f)
----
- ldap/servers/plugins/replication/repl5_replica.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 708008c..8b53f3c 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -456,7 +456,6 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
-                 "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
-                 ldap_err2string(return_value));
-         rc = -1;
--        slapi_entry_free(e); /* The entry was not consumed */
-         goto done;
-     }
- 
--- 
-1.9.3
-
diff --git a/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch b/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
deleted file mode 100644
index d2e826c..0000000
--- a/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 695f06f02f6285bad4c494fda98f8f17ace2d1aa Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 30 Sep 2015 13:32:05 -0700
-Subject: [PATCH 66/68] Ticket #48299 - pagedresults - when timed out, search
- results could have been already freed.
-
-Description: When a search results object is freed, there is a window
-until the information is set to the pagedresults handle.  If the paged-
-results handle is released due to a timeout in the window, double free
-occurs.
-
-This patch sets NULL just before the search results object is freed
-in the backend as well as in dse.
-
-Plus, fixed a minor memory leak in pagedresults_parse_control_value.
-
-https://fedorahosted.org/389/ticket/48299
-
-Reviewed and a bug found by tbordaz@redhat.com (Thank you, Thierry!!)
-
-(cherry picked from commit f90c3a6e1933b9cc19a51b17a038f26652c4b2bc)
-(cherry picked from commit 56151ed75bbd63af80932fe73a512df835b17593)
----
- ldap/servers/slapd/back-ldbm/ldbm_search.c |  1 +
- ldap/servers/slapd/dse.c                   |  1 +
- ldap/servers/slapd/pagedresults.c          | 33 +++++++++++++++++++++++++++++-
- ldap/servers/slapd/proto-slap.h            |  1 +
- 4 files changed, 35 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c
-index 73c54d3..8ed6b4d 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
-@@ -1890,6 +1890,7 @@ delete_search_result_set( Slapi_PBlock *pb, back_search_result_set **sr )
-             /* If the op is pagedresults, let the module clean up sr. */
-             return;
-         }
-+        pagedresults_set_search_result_pb(pb, NULL, 0);
-         slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
-     }
-     if ( NULL != (*sr)->sr_candidates )
-diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
-index e8e393b..68ce751 100644
---- a/ldap/servers/slapd/dse.c
-+++ b/ldap/servers/slapd/dse.c
-@@ -2830,6 +2830,7 @@ dse_next_search_entry (Slapi_PBlock *pb)
- 	/* we reached the end of the list */
- 	if (e == NULL)
- 	{
-+		pagedresults_set_search_result_pb(pb, NULL, 0);
- 		dse_search_set_delete (ss);
- 		slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
- 	}
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index d0c93cd..6dd6432 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -172,7 +172,6 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
-     }
-     /* reset sizelimit */
-     op->o_pagedresults_sizelimit = -1;
--    slapi_ch_free((void **)&cookie.bv_val);
- 
-     if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) {
-         if (conn->c_pagedresults.prl_list[*index].pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) {
-@@ -189,6 +188,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
-         LDAPDebug1Arg(LDAP_DEBUG_ANY, "pagedresults_parse_control_value: invalid cookie: %d\n", *index);
-     }
- bail:
-+    slapi_ch_free((void **)&cookie.bv_val);
-     /* cleaning up the rest of the timedout or abandoned if any */
-     prp = conn->c_pagedresults.prl_list;
-     for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
-@@ -1010,3 +1010,34 @@ pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
-     PR_Unlock(conn->c_mutex);
-     return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
- }
-+
-+int
-+pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked)
-+{
-+    int rc = -1;
-+    Connection *conn = NULL;
-+    Operation *op = NULL;
-+    int index = -1;
-+    if (!pb) {
-+        return 0;
-+    }
-+    slapi_pblock_get(pb, SLAPI_OPERATION, &op);
-+    if (!op_is_pagedresults(op)) {
-+        return 0; /* noop */
-+    }
-+    slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-+    slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &index);
-+    LDAPDebug2Args(LDAP_DEBUG_TRACE,
-+                   "--> pagedresults_set_search_result_pb: idx=%d, sr=%p\n", index, sr);
-+    if (conn && (index > -1)) {
-+        if (!locked) PR_Lock(conn->c_mutex);
-+        if (index < conn->c_pagedresults.prl_maxlen) {
-+            conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-+            rc = 0;
-+        }
-+        if (!locked) PR_Unlock(conn->c_mutex);
-+    }
-+    LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-+                  "<-- pagedresults_set_search_result_pb: %d\n", rc);
-+    return rc;
-+}
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index e8673e1..b10c1eb 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1488,6 +1488,7 @@ void op_set_pagedresults(Operation *op);
- void pagedresults_lock(Connection *conn, int index);
- void pagedresults_unlock(Connection *conn, int index);
- int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
-+int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked);
- 
- /*
-  * sort.c
--- 
-1.9.3
-
diff --git a/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index 913e0c4..0000000
--- a/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 6b1aeee584c74c47abf8f7190d4783c061607279 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 1 Oct 2015 15:11:24 -0700
-Subject: [PATCH 67/68] Ticket #48192 - Individual abandoned simple paged
- results request has no chance to be cleaned up
-
-Description: If CONN_FLAG_PAGEDRESULTS_ABANDONED is set to pr_flags,
-the search results in the pagedresults handle is supposed to have been
-cleaned up.  But when there is a contention, there is a case that it
-is reset with the already released search results.  This patch adds an
-additional check for abandoned flag in pagedresults_set_search_result.
-If the pagedresults handle shows it is abandoned, the search results
-is not set to the handle unless it is for cleaning up with NULL.
-
-https://fedorahosted.org/389/ticket/48192
-
-Reviewed by rmeggins@redhat.com (Thanks, Rich!!)
-
-(cherry picked from commit 6e453918e82af6c597390aebf92a8eb3283c3591)
-(cherry picked from commit 96b9b6794e0a6bfa0d74c84f6c80131c4f820fa7)
----
- ldap/servers/slapd/pagedresults.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 6dd6432..87447c4 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -337,7 +337,7 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
-             for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
-                 if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) {
-                     PagedResults *prp = conn->c_pagedresults.prl_list + i;
--                    if (prp && prp->pr_current_be &&
-+                    if (prp->pr_current_be &&
-                         prp->pr_current_be->be_search_results_release &&
-                         prp->pr_search_result_set) {
-                         prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-@@ -429,7 +429,11 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr,
-     if (conn && (index > -1)) {
-         if (!locked) PR_Lock(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
--            conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-+            PagedResults *prp = conn->c_pagedresults.prl_list + index;
-+            if (!(prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) || !sr) {
-+                /* If abandoned, don't set the search result unless it is NULL */
-+                prp->pr_search_result_set = sr;
-+            }
-             rc = 0;
-         }
-         if (!locked) PR_Unlock(conn->c_mutex);
--- 
-1.9.3
-
diff --git a/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch b/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
deleted file mode 100644
index 0e44b72..0000000
--- a/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
+++ /dev/null
@@ -1,343 +0,0 @@
-From 5b2efd34c07c65e24f4129430064f7299803dbf8 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 2 Oct 2015 11:38:01 -0700
-Subject: [PATCH 68/68] Ticket #48298 - ns-slapd crash during
- ipa-replica-manage del
-
-Bug Description: The cause of the problem is rather not a race condition but
-accessing an already freed agreement in a plug-in:
-> The crashed thread is deleting an agreement object, which calls mep_pre_op.
-> It eventually calls op_shared_search with the deleted agreement object with
-> base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))"
-> Since it is a DSE entry it goes to dse_search, in which it calls agmt_get_
-> replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
-
-Fix Description: This patch adds the check to agmt_get_replarea, in which if
-the agreement is not in the agreement list, it returnes NULL repl area.  When
-the NULL repl area is returned the callers back off with an error.
-
-https://fedorahosted.org/389/ticket/48298
-
-Reviewed by rmeggins@redhat.com (Thanks, Rich!)
-
-(cherry picked from commit 3cbdfa613ed8668337213fe9c3c15cf54ce798aa)
-(cherry picked from commit f09eb8c0f8ee315b2a20d6460c975a546207411e)
----
- ldap/servers/plugins/replication/repl5.h           |  1 +
- ldap/servers/plugins/replication/repl5_agmt.c      | 17 +++++++++--
- ldap/servers/plugins/replication/repl5_agmtlist.c  | 34 ++++++++++++++++++----
- .../plugins/replication/repl5_inc_protocol.c       | 10 ++++++-
- .../plugins/replication/repl5_replica_config.c     |  6 +++-
- .../plugins/replication/repl5_tot_protocol.c       | 12 ++++++--
- .../plugins/replication/repl_session_plugin.c      | 22 +++++++++++---
- .../plugins/replication/windows_protocol_util.c    | 12 ++++++++
- 8 files changed, 98 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 17282bb..df92ca0 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -390,6 +390,7 @@ void agmtlist_shutdown();
- void agmtlist_notify_all(Slapi_PBlock *pb);
- Object* agmtlist_get_first_agreement_for_replica (Replica *r);
- Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev);
-+int agmtlist_agmt_exists(const Repl_Agmt *ra);
- 
- /* In repl5_backoff.c */
- typedef struct backoff_timer Backoff_Timer;
-diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
-index f84eacb..76d26a1 100644
---- a/ldap/servers/plugins/replication/repl5_agmt.c
-+++ b/ldap/servers/plugins/replication/repl5_agmt.c
-@@ -696,6 +696,12 @@ agmt_start(Repl_Agmt *ra)
-      * index.
-      */
-     repl_sdn = agmt_get_replarea(ra);
-+    if (!repl_sdn) {
-+        slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+                        "agmt_start: failed to get repl area.  Please check agreement.\n");
-+        prot_free(&prot);
-+        return -1;
-+    }
- 
-     pb = slapi_pblock_new();
-     attrs[0] = (char*)type_agmtMaxCSN;
-@@ -770,7 +776,7 @@ agmt_start(Repl_Agmt *ra)
-                                 slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
-                                 ra->hostname, ra->port);
-                     if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
--                    	/* Set the maxcsn */
-+                        /* Set the maxcsn */
-                         slapi_ch_free_string(&ra->maxcsn);
-                         ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
-                         ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
-@@ -976,8 +982,11 @@ agmt_get_bindmethod(const Repl_Agmt *ra)
- Slapi_DN *
- agmt_get_replarea(const Repl_Agmt *ra)
- {
--	Slapi_DN *return_value;
-+	Slapi_DN *return_value = NULL;
- 	PR_ASSERT(NULL != ra);
-+	if (!agmtlist_agmt_exists(ra)) {
-+		return return_value;
-+	}
- 	PR_Lock(ra->lock);
- 	return_value = slapi_sdn_new();
- 	slapi_sdn_copy(ra->replarea, return_value);
-@@ -2690,6 +2699,9 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
- 		Object *repl_obj = NULL;
- 
- 		replarea_sdn = agmt_get_replarea(ra);
-+		if (!replarea_sdn) {
-+			goto bail;
-+		}
- 		repl_obj = replica_get_replica_from_dn(replarea_sdn);
- 		slapi_sdn_free(&replarea_sdn);
- 		if (repl_obj) {
-@@ -2748,6 +2760,7 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
- 			slapi_entry_add_string(e, "nsds5replicaLastInitStatus", ra->last_init_status);
- 		}
- 	}
-+bail:
- 	return SLAPI_DSE_CALLBACK_OK;
- }
- 
-diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c
-index 34650b4..f50862f 100644
---- a/ldap/servers/plugins/replication/repl5_agmtlist.c
-+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
-@@ -109,6 +109,24 @@ agmtlist_release_agmt(Repl_Agmt *ra)
- 	}
- }
- 
-+int
-+agmtlist_agmt_exists(const Repl_Agmt *ra)
-+{
-+	Object *ro;
-+	int exists = 0;
-+
-+	PR_ASSERT(NULL != agmt_set);
-+	if (!ra) {
-+		return exists;
-+	}
-+	ro = objset_find(agmt_set, agmt_ptr_cmp, (const void *)ra);
-+	if (ro) {
-+		exists = 1;
-+		object_release(ro);
-+	}
-+	return exists;
-+}
-+
- 
- /*
-  * Note: when we add the new object, we have a reference to it. We hold
-@@ -135,6 +153,9 @@ add_new_agreement(Slapi_Entry *e)
- 
-     /* get the replica for this agreement */
-     replarea_sdn = agmt_get_replarea(ra);
-+    if (!replarea_sdn) {
-+        return 1;
-+    }
-     repl_obj = replica_get_replica_from_dn(replarea_sdn);
-     slapi_sdn_free(&replarea_sdn);
-     if (repl_obj) {
-@@ -841,13 +862,16 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev)
-     else
-         obj = objset_first_obj(agmt_set);
-         
--    while (obj)
--    {
-+    for ( ; obj; obj = objset_next_obj(agmt_set, obj)) {
-         agmt = (Repl_Agmt*)object_get_data (obj);
--        PR_ASSERT (agmt);
-+        if (!agmt) {
-+            continue;
-+        }
- 
-         agmt_root = agmt_get_replarea(agmt);
--        PR_ASSERT (agmt_root);
-+        if (!agmt_root) {
-+            continue;
-+        }
- 
-         if (slapi_sdn_compare (replica_root, agmt_root) == 0)
-         {
-@@ -856,7 +880,7 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev)
-         }
- 
-         slapi_sdn_free (&agmt_root);
--        obj = objset_next_obj(agmt_set, obj);
-+
-     }
- 
-     return NULL;
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 7680340..244bbb2 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -1906,6 +1906,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 		{
- 			Replica *replica;
- 			ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
-+			Slapi_DN *replarea_sdn = NULL;
- 			replica = (Replica*) object_get_data(prp->replica_object);
- 			if (replica)
- 			{
-@@ -1914,7 +1915,14 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 			slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- 					"%s: skipped updates was definitely too high (%d) update the subentry now\n",
- 					agmt_get_long_name(prp->agmt), skipped_updates);
--			replica_subentry_update(agmt_get_replarea(prp->agmt), rid);
-+			replarea_sdn = agmt_get_replarea(prp->agmt);
-+			if (!replarea_sdn) {
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+				                "send_updates: Unknown replication area due to agreement not found.");
-+				return_value = UPDATE_FATAL_ERROR;
-+			} else {
-+				replica_subentry_update(replarea_sdn, rid);
-+			}
- 		}
- 		/* Terminate the results reading thread */
- 		if (!prp->repl50consumer) 
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 8d3c481..e85ae3e 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -2368,13 +2368,17 @@ replica_send_cleanruv_task(Repl_Agmt *agmt, cleanruv_data *clean_data)
-         conn_delete_internal_ext(conn);
-         return;
-     }
--    val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid);
-     sdn = agmt_get_replarea(agmt);
-+    if (!sdn) {
-+        conn_delete_internal_ext(conn);
-+        return;
-+    }
-     mod.mod_op  = LDAP_MOD_ADD|LDAP_MOD_BVALUES;
-     mod.mod_type = "nsds5task";
-     mod.mod_bvalues = vals;
-     vals [0] = &val;
-     vals [1] = NULL;
-+    val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid);
-     val.bv_val = data;
-     mods[0] = &mod;
-     mods[1] = NULL;
-diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-index 7da893a..16b51b5 100644
---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-@@ -329,6 +329,13 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- 		goto done;
- 	}
- 
-+	area_sdn = agmt_get_replarea(prp->agmt);
-+	if (!area_sdn) {
-+		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
-+		                "get repl area.  Please check agreement.\n");
-+		goto done;
-+	}
-+
- 	conn_set_timeout(prp->conn, agmt_get_timeout(prp->agmt));
- 
-     /* acquire remote replica */
-@@ -387,11 +394,10 @@ repl5_tot_run(Private_Repl_Protocol *prp)
-     slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Beginning total update of replica "
- 		"\"%s\".\n", agmt_get_long_name(prp->agmt));
- 
--    pb = slapi_pblock_new ();
-+    /* RMREPL - need to send schema here */
- 
--	/* RMREPL - need to send schema here */
-+    pb = slapi_pblock_new ();
- 
--	area_sdn = agmt_get_replarea(prp->agmt);
-     /* we need to provide managedsait control so that referral entries can
-        be replicated */
-     ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *));
-diff --git a/ldap/servers/plugins/replication/repl_session_plugin.c b/ldap/servers/plugins/replication/repl_session_plugin.c
-index 1c04089..2fa993d 100644
---- a/ldap/servers/plugins/replication/repl_session_plugin.c
-+++ b/ldap/servers/plugins/replication/repl_session_plugin.c
-@@ -48,6 +48,10 @@ repl_session_plugin_call_agmt_init_cb(Repl_Agmt *ra)
-     }
-     if (initfunc) {
-         replarea = agmt_get_replarea(ra);
-+        if (!replarea) {
-+            LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_agmt_init_cb -- Aborted -- No replication area\n");
-+            return;
-+        }
-         cookie = (*initfunc)(replarea);
-         slapi_sdn_free(&replarea);
-     }
-@@ -73,8 +77,11 @@ repl_session_plugin_call_pre_acquire_cb(const Repl_Agmt *ra, int is_total,
- 
-     if (thefunc) {
-         replarea = agmt_get_replarea(ra);
--        rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total,
--                data_guid, data);
-+        if (!replarea) {
-+            LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_pre_acquire_cb -- Aborted -- No replication area\n");
-+            return 1;
-+        }
-+        rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data);
-         slapi_sdn_free(&replarea);
-     }
- 
-@@ -95,8 +102,11 @@ repl_session_plugin_call_post_acquire_cb(const Repl_Agmt *ra, int is_total,
- 
-     if (thefunc) {
-         replarea = agmt_get_replarea(ra);
--        rc = (*thefunc)(agmt_get_priv(ra), replarea,
--		is_total, data_guid, data);
-+        if (!replarea) {
-+            LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_post_acquire_cb -- Aborted -- No replication area\n");
-+            return 1;
-+        }
-+        rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data);
-         slapi_sdn_free(&replarea);
-     }
- 
-@@ -151,6 +161,10 @@ repl_session_plugin_call_destroy_agmt_cb(const Repl_Agmt *ra)
- 
-     if (thefunc) {
-         replarea = agmt_get_replarea(ra);
-+        if (!replarea) {
-+            LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_destroy_agmt_cb -- Aborted -- No replication area\n");
-+            return;
-+        }
-         (*thefunc)(agmt_get_priv(ra), replarea);
-         slapi_sdn_free(&replarea);
-     }
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 5c12af7..084b520 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -5319,6 +5319,13 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
- 		 * in the groups caused by moving member entries.
- 		 * We need to update the local groups manually... */
- 		local_subtree = agmt_get_replarea(prp->agmt); 
-+		if (!local_subtree) {
-+			slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
-+			                "failed to get local subtree from agreement\n");
-+			local_entry = orig_local_entry;
-+			orig_local_entry = NULL;
-+			goto bail;
-+		}
- 		local_subtree_sdn = local_subtree;
- 		orig_local_sdn = slapi_entry_get_sdn_const(orig_local_entry);
- 		escaped_filter_val = slapi_escape_filter_value((char *)slapi_sdn_get_ndn(orig_local_sdn),
-@@ -5651,6 +5658,11 @@ windows_search_local_entry_by_uniqueid(Private_Repl_Protocol *prp,
- 	*ret_entry = NULL;
- 	if (is_global) { /* Search from the suffix (rename case) */
- 		local_subtree = agmt_get_replarea(prp->agmt); 
-+		if (!local_subtree) {
-+			slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
-+			                "failed to get local subtree from agreement\n");
-+			return LDAP_PARAM_ERROR;
-+		}
- 		local_subtree_sdn = local_subtree;
- 	} else {
- 		local_subtree_sdn = windows_private_get_directory_treetop(prp->agmt);
--- 
-1.9.3
-
diff --git a/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch b/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
deleted file mode 100644
index e98104e..0000000
--- a/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 68cdd9df5c923cca591dfe7d22207d7d31ef4928 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 23 Oct 2015 15:17:44 -0400
-Subject: [PATCH 69/75] Ticket 48311 - nunc-stans: Attempt to release
- connection that   is not acquired
-
-Bug Description:  ns_connection_post_io_or_closing() was not aquiring the
-                  connection in the optimized build, which led to the connection
-                  ref count getting out sequence.
-
-Fix Description   Do not call connection_acquire_nolock() inside a PR_ASSERT call.
-
-                  Also changed other PR_ASSERTs to only be called if DEBUG is set
-
-https://fedorahosted.org/389/ticket/48311
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 97946bd212c5094a490d6a3429e0d5763ccd39ce)
-(cherry picked from commit a8d30b356f312b24132f4ced324a67601b7cfb9b)
----
- ldap/servers/slapd/daemon.c | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index ba73da3..82099bc 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1836,7 +1836,11 @@ ns_handle_closure(struct ns_job_t *job)
- 	int do_yield = 0;
- 
- 	/* this function must be called from the event loop thread */
-+#ifdef DEBUG
- 	PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
-+#else
-+	NS_JOB_IS_THREAD(ns_job_get_type(job));
-+#endif
- 	PR_Lock(c->c_mutex);
- 	connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */
- 	PR_ASSERT(c->c_ns_close_jobs == 1); /* should be exactly 1 active close job - this one */
-@@ -1889,7 +1893,11 @@ ns_connection_post_io_or_closing(Connection *conn)
- 		/* process event normally - wait for I/O until idletimeout */
- 		tv.tv_sec = conn->c_idletimeout;
- 		tv.tv_usec = 0;
--		PR_ASSERT(0 == connection_acquire_nolock(conn)); /* event framework now has a reference */
-+#ifdef DEBUG
-+		PR_ASSERT(0 == connection_acquire_nolock(conn));
-+#else
-+		connection_acquire_nolock(conn); /* event framework now has a reference */
-+#endif
- 		ns_add_io_timeout_job(conn->c_tp, conn->c_prfd, &tv,
- 				      NS_JOB_READ|NS_JOB_PRESERVE_FD,
- 				      ns_handle_pr_read_ready, conn, NULL);
-@@ -1911,7 +1919,11 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- 	Connection *c = (Connection *)ns_job_get_data(job);
- 
- 	/* this function must be called from the event loop thread */
-+#ifdef DEBUG
- 	PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
-+#else
-+	NS_JOB_IS_THREAD(ns_job_get_type(job));
-+#endif
- 
- 	PR_Lock(c->c_mutex);
- 	LDAPDebug2Args(LDAP_DEBUG_CONNS, "activity on conn %" NSPRIu64 " for fd=%d\n",
--- 
-2.4.3
-
diff --git a/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch b/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
deleted file mode 100644
index c574566..0000000
--- a/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From d7609aa1166fb79dd5e1f838f5ab27e0924441a1 Mon Sep 17 00:00:00 2001
-From: William Brown <firstyear@redhat.com>
-Date: Fri, 6 Nov 2015 14:56:44 +1000
-Subject: [PATCH 70/75] Ticket 48311  -nunc-stans: Attempt to release
- connection that is not acquired https://fedorahosted.org/389/ticket/48311
-
-Bug Description: DS with nunc stans enabled produces lots of messages like
-[13/Oct/2015:11:29:24 -0400] connection - conn=98 fd=161 Attempt to release
-connection that is not acquired
-
-FixDescription: From the original patch:
- * Do not call connection_acquire_nolock() inside a PR_ASSERT call.
- * Also changed other PR_ASSERTs to only be called if DEBUG is set
-
-This additionally guarantees the return codes of these functions since we have
-removed the PR_ASSERT that previously wrapped these function calls. If these
-assertions fail, we log to the error log in all cases.
-
-Author: wibrown
-
-Review by: mreynolds, nhosoi (Thanks!)
-
-(cherry picked from commit 49aaf98732d1e16dde3edb81272de8203aded21c)
-(cherry picked from commit b03987689c3a2477630e2a3452e64cc7759ba5f3)
----
- ldap/servers/slapd/daemon.c | 23 ++++++++++++++++++++---
- 1 file changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 82099bc..bd3bfb2 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1839,7 +1839,12 @@ ns_handle_closure(struct ns_job_t *job)
- #ifdef DEBUG
- 	PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
- #else
--	NS_JOB_IS_THREAD(ns_job_get_type(job));
-+    /* This doesn't actually confirm it's in the event loop thread, but it's a start */
-+	if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) {
-+		LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_closure: Attempt to close outside of event loop thread %" NSPRIu64 " for fd=%d\n",
-+			c->c_connid, c->c_sd);
-+		return;
-+	}
- #endif
- 	PR_Lock(c->c_mutex);
- 	connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */
-@@ -1896,7 +1901,14 @@ ns_connection_post_io_or_closing(Connection *conn)
- #ifdef DEBUG
- 		PR_ASSERT(0 == connection_acquire_nolock(conn));
- #else
--		connection_acquire_nolock(conn); /* event framework now has a reference */
-+		if (connection_acquire_nolock(conn) != 0) { /* event framework now has a reference */
-+			/* 
-+			 * This has already been logged as an error in ./ldap/servers/slapd/connection.c
-+			 * The error occurs when we get a connection in a closing state.
-+			 * For now we return, but there is probably a better way to handle the error case.
-+			 */
-+			return;
-+		}
- #endif
- 		ns_add_io_timeout_job(conn->c_tp, conn->c_prfd, &tv,
- 				      NS_JOB_READ|NS_JOB_PRESERVE_FD,
-@@ -1922,7 +1934,12 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- #ifdef DEBUG
- 	PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
- #else
--	NS_JOB_IS_THREAD(ns_job_get_type(job));
-+    /* This doesn't actually confirm it's in the event loop thread, but it's a start */
-+	if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) {
-+		LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_pr_read_ready: Attempt to handle read ready outside of event loop thread %" NSPRIu64 " for fd=%d\n",
-+			c->c_connid, c->c_sd);
-+		return;
-+	}
- #endif
- 
- 	PR_Lock(c->c_mutex);
--- 
-2.4.3
-
diff --git a/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch b/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch
deleted file mode 100644
index 90743ca..0000000
--- a/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 34239335f2658905a2f96865bea0503bb6ad5ec1 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Tue, 3 Nov 2015 15:59:54 +0100
-Subject: [PATCH 71/75] Ticket 47976: deadlock in mep delete post op
-
-Bug Description:
-	When deleting the original entry, some DB pages are acquired in write.
-	The deadlock occurs because when reading the parent entry of the MEP entry
-	MEP plugin requires read access to one of the page acquired by the deletion of the original entry.
-        The read access can be granted if it is using the parent txn.
-	This bug requires that the parent entry of the MEP entry is not found in the entry cache, so
-	it requires database access
-
-Fix Description:
-	Fix ldbm_delete, so that it reads id2entry db with parent txn
-
-https://fedorahosted.org/389/ticket/47976
-
-Reviewed by: Ludwig Krispenz, Rich Megginson (Thanks you !!)
-
-Platforms tested: F17
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 55434d308b4e459ba3a169eff94568312dba767c)
----
- ldap/servers/slapd/back-ldbm/ldbm_delete.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-index f31d545..100a71d 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-@@ -477,7 +477,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
- 					 * the parent.  If we fail to lock the entry, just try again.
- 					 */
- 					while(1){
--						parent = id2entry(be, pid ,NULL, &retval);
-+						parent = id2entry(be, pid ,&txn, &retval);
- 						if (parent && (cache_retry = cache_lock_entry(&inst->inst_cache, parent))) {
- 							/* Failed to obtain parent entry's entry lock */
- 							if(cache_retry == RETRY_CACHE_LOCK &&
--- 
-2.4.3
-
diff --git a/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch b/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
deleted file mode 100644
index aed49ee..0000000
--- a/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From 24129b41820b87d613e721f8530e1955f1cce0ff Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 5 Nov 2015 10:44:08 -0800
-Subject: [PATCH 72/75] Ticket #48338 - SimplePagedResults -- abandon could
- happen between the abandon check and sending results
-
-Description: An abandon request for a SimplePagedResults request could
-happened between the abandon check and the code for sending the search
-results.  The abandon frees the search results although sending result
-code still refers it.
-
-Fix description: The code (from getting search results through sending
-the search results) in op_shared_search is protected by c_mutex locking.
-
-https://fedorahosted.org/389/ticket/48338
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 390b8bd9076e8976facc0858e60985d6b4fac05c)
-(cherry picked from commit 8f49d33d30fade7b579062414250a0ddb1a66c62)
----
- ldap/servers/slapd/opshared.c     | 13 ++++++++-----
- ldap/servers/slapd/pagedresults.c | 28 ++++++++++++++++++----------
- ldap/servers/slapd/proto-slap.h   |  5 ++---
- 3 files changed, 28 insertions(+), 18 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index dcdbb04..586ca1f 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -500,7 +500,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-                       be = be_list[index];
-                   }
-               }
--              pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
-+              pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 0/*not locked*/, pr_idx);
-               estimate = pagedresults_get_search_result_set_size_estimate(pb->pb_conn, operation, pr_idx);
-               if (pagedresults_get_unindexed(pb->pb_conn, operation, pr_idx)) {
-                   opnote |= SLAPI_OP_NOTE_UNINDEXED;
-@@ -675,13 +675,15 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-        * In async paged result case, the search result might be released
-        * by other theads.  We need to double check it in the locked region.
-        */
--      pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
-+      PR_Lock(pb->pb_conn->c_mutex);
-+      pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 1/*locked*/, pr_idx);
-       if (pr_search_result) {
--        if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+        if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 1/*locked*/, pr_idx)) {
-           pagedresults_unlock(pb->pb_conn, pr_idx);
-           /* Previous operation was abandoned and the simplepaged object is not in use. */
-           send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-           rc = LDAP_SUCCESS;
-+          PR_Unlock(pb->pb_conn->c_mutex);
-           goto free_and_return;
-         } else {
-           slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-@@ -689,7 +691,8 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- 
-           /* search result could be reset in the backend/dse */
-           slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
--          pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+          pagedresults_set_search_result(pb->pb_conn, operation, sr, 1/*locked*/, pr_idx);
-+          PR_Unlock(pb->pb_conn->c_mutex);
-         }
-       } else {
-         pr_stat = PAGEDRESULTS_SEARCH_END;
-@@ -720,7 +723,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-       if (PAGEDRESULTS_SEARCH_END == pr_stat) {
-         pagedresults_lock(pb->pb_conn, pr_idx);
-         slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
--        if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+        if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 0/*not locked*/, pr_idx)) {
-           pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-         }
-         pagedresults_unlock(pb->pb_conn, pr_idx);
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 87447c4..4458cfb 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -395,20 +395,25 @@ pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int
- }
- 
- void *
--pagedresults_get_search_result(Connection *conn, Operation *op, int index)
-+pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index)
- {
-     void *sr = NULL;
-     if (!op_is_pagedresults(op)) {
-         return sr; /* noop */
-     }
--    LDAPDebug1Arg(LDAP_DEBUG_TRACE,
--                  "--> pagedresults_get_search_result: idx=%d\n", index);
-+    LDAPDebug2Args(LDAP_DEBUG_TRACE,
-+                   "--> pagedresults_get_search_result(%s): idx=%d\n",
-+                   locked?"locked":"not locked", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        if (!locked) {
-+            PR_Lock(conn->c_mutex);
-+        }
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             sr = conn->c_pagedresults.prl_list[index].pr_search_result_set;
-         }
--        PR_Unlock(conn->c_mutex);
-+        if (!locked) {
-+            PR_Unlock(conn->c_mutex);
-+        }
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_get_search_result: %p\n", sr);
-@@ -416,8 +421,7 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int index)
- }
- 
- int
--pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, 
--                               int locked, int index)
-+pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index)
- {
-     int rc = -1;
-     if (!op_is_pagedresults(op)) {
-@@ -1003,15 +1007,19 @@ pagedresults_unlock( Connection *conn, int index )
- }
- 
- int
--pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
-+pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index)
- {
-     PagedResults *prp;
-     if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-         return 1; /* not abandoned, but do not want to proceed paged results op. */
-     }
--    PR_Lock(conn->c_mutex);
-+    if (!locked) {
-+        PR_Lock(conn->c_mutex);
-+    }
-     prp = conn->c_pagedresults.prl_list + index;
--    PR_Unlock(conn->c_mutex);
-+    if (!locked) {
-+        PR_Unlock(conn->c_mutex);
-+    }
-     return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
- }
- 
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index b10c1eb..e1cb53e 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1445,8 +1445,7 @@ void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical,
-                                        int curr_search_count, int index);
- Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index);
- int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock);
--void *pagedresults_get_search_result(Connection *conn, Operation *op,
--                                     int index);
-+void *pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index);
- int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, 
-                                    int locked, int index);
- int pagedresults_get_search_result_count(Connection *conn, Operation *op,
-@@ -1487,7 +1486,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock);
- void op_set_pagedresults(Operation *op);
- void pagedresults_lock(Connection *conn, int index);
- void pagedresults_unlock(Connection *conn, int index);
--int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
-+int pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index);
- int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked);
- 
- /*
--- 
-2.4.3
-
diff --git a/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch b/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch
deleted file mode 100644
index 37db567..0000000
--- a/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 1a10e14ce3f05f961e80c4c8cf170d92945c25a1 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 6 Nov 2015 14:41:36 -0500
-Subject: [PATCH 73/75] Ticket 48325 - Replica promotion leaves RUV out of
- order
-
-Bug Description:  When promoting a consumer to a master the new RUV
-                  element is appended to the RUV.  However, when trying
-                  to replicate from the newly promoted replica the
-                  remote replica checks the first element in the RUV
-                  and sees that its the same replica ID, and aborts the
-                  replication session.  Essentailly this completely
-                  breaks replication between the two servers, and can
-                  actually corrupt other RUVs on other replicas.
-
-Fix Description:  When promoting a replica to a master, reorder the RUV
-                  so that it is the first in the list.
-
-https://fedorahosted.org/389/ticket/48325
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit b896840d270a540698f35a4aac4f7a91742952b0)
-(cherry picked from commit 6180b91c3f65e9c5e375816a72baa95678458a0a)
----
- ldap/servers/plugins/replication/repl5_replica_config.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index e85ae3e..4d7135c 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1003,6 +1003,7 @@ replica_config_change_type_and_id (Replica *r, const char *new_type,
-                 csngen_rewrite_rid(gen, rid);
-                 if(purl && type == REPLICA_TYPE_UPDATABLE){
-                     ruv_add_replica(ruv, rid, purl);
-+                    ruv_move_local_supplier_to_first(ruv, rid);
-                     replica_reset_csn_pl(r);
-                 }
-                 ruv_delete_replica(ruv, oldrid);
--- 
-2.4.3
-
diff --git a/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch b/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch
deleted file mode 100644
index 0d2fceb..0000000
--- a/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0fa9e46da9f56221b579a7729deebaed73364c27 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 10 Nov 2015 15:35:41 -0800
-Subject: [PATCH 74/75] Ticket #48344 - acl - regression - trailing ', (comma)'
- in macro matched value is not removed.
-
-Description: acl_match_macro_in_target in acl plug-in returns matched value
-with a trailing comma, e.g., "o=kaki.com,". It's used to create a group DN,
-e.g., "cn=Domain Administrators,ou=Groups,o=kaki.como=ace industry,c=us".
-
-Due to the duplicated commas, the bind unexpectedly fails with 50 (insufficient
-access).
-
-In getting the matched value from target DN, it checks if a character at the
-end position is a comma or not.  If it is, '\0' is set there.  The position
-was one byte ahead.  It was introduced by #48141 - aci with wildcard and macro
-not correctly evaluated.
-
-https://fedorahosted.org/389/ticket/48344
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 8e421fb9af2752144cc93e62090fd873524c5633)
-(cherry picked from commit 1a6390d6ffa743f38be206f7ed7bb0ac3bcfe26b)
----
- ldap/servers/plugins/acl/aclutil.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
-index 2f37107..308cf8b 100644
---- a/ldap/servers/plugins/acl/aclutil.c
-+++ b/ldap/servers/plugins/acl/aclutil.c
-@@ -935,7 +935,7 @@ acl_match_macro_in_target( const char *ndn, char * match_this,
- 
- 					matched_val_len = ndn_len-macro_suffix_len-
- 										ndn_prefix_end;
--					if (ndn[ndn_len - macro_suffix_len] == ',')
-+					if (ndn[ndn_len - macro_suffix_len - 1] == ',')
- 						matched_val_len -= 1;
- 					
- 					matched_val = (char *)slapi_ch_malloc(matched_val_len + 1);
--- 
-2.4.3
-
diff --git a/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch b/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch
deleted file mode 100644
index 7c54385..0000000
--- a/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 70cdfa2ef8bcb0e8bae1c18f69c42d99dff2b5be Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 5 Nov 2015 13:08:56 -0800
-Subject: [PATCH 75/75] Ticket #48339 - Share nsslapd-threadnumber in the case
- nunc-stans is enabled, as well.
-
-Description:  When nunc-stans is enabled, instead of getting the
-thread number from the environment variable MAX_THREADS, use the
-value of config parameter nsslapd-threadnumber.
-
-https://fedorahosted.org/389/ticket/48339
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit ab8ed9a5ebb0d15b55d7525ed1d5dbeebd8c7563)
-(cherry picked from commit a4c0a9eeba031b9304d63ca05d8b9fab9ebca1b2)
----
- ldap/servers/slapd/daemon.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index bd3bfb2..5d70647 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1199,10 +1199,7 @@ void slapd_daemon( daemon_ports_t *ports )
- #ifdef ENABLE_NUNC_STANS
- 	if (enable_nunc_stans && !g_get_shutdown()) {
- 		int ii;
--		PRInt32 maxthreads = 3;
--		if (getenv("MAX_THREADS")) {
--			maxthreads = atoi(getenv("MAX_THREADS"));
--		}
-+		PRInt32 maxthreads = (PRInt32)config_get_threadnumber();
- 		/* Set the nunc-stans thread pool config */
- 		ns_thrpool_config_init(&tp_config);
- 
--- 
-2.4.3
-
diff --git a/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch b/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
deleted file mode 100644
index 3fa78c6..0000000
--- a/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 62d2b0026e895448b9dff76f2565012340afdfcd Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 18 Nov 2015 11:44:35 -0800
-Subject: [PATCH] Ticket #48338 - SimplePagedResults -- abandon could happen
- between the abandon check and sending results
-
-Description: commit 390b8bd9076e8976facc0858e60985d6b4fac05c introduced
-a self deadlock (see also bz1282607: 389-ds-base-1.2.11.15-67.el6_7 hang)
-
-First phase of the following approach:
-  Fix design by Ludwig Krispenz and Rich Megginson (Thanks!)
-  Investigate the connection params used in the pblock access one by one and.
-  - for fields not used, either remove the access or just leave it as is
-  - With a big ASSERT to flag cases if the field is ever used, and a plan to
-    deprecate and remove the field.
-  - for fields with atomic access, like c_isreplication_session remove the mutex
-  - for filelds requiring copying, define them directly in the pblock and when
-    the pblock is created, populate them from the connection, the pblock access
-    would no longer need the c_mutex.
-Removing PR_Lock(c_mutex) from slapi_pblock_get(SLAPI_CONN_CLIENTNETADDR) since
-acquiring the lock is not necessary for the atomic reads.  This change solves
-the self deadlock.
-
-https://fedorahosted.org/389/ticket/48338#comment:11
-
-Reviewed by nkinder@redhat.com and mreynolds@redhat.com (Thank you, Nathan and Mark!)
-
-(cherry picked from commit 79ca67d1fc5d50d8a9ae6b686b9564f3960f8592)
-(cherry picked from commit 36245abd78f7abfed8219a5ac4a4cf50c1c0237c)
----
- ldap/servers/slapd/pblock.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index bf57a33..f2017be 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -223,14 +223,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			memset( value, 0, sizeof( PRNetAddr ));
- 			break;
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		/* For fields with atomic access, remove the PR_Lock(c_mutex) */
- 		if ( pblock->pb_conn->cin_addr == NULL ) {
- 			memset( value, 0, sizeof( PRNetAddr ));
- 		} else {
--			(*(PRNetAddr *)value) =
--			    *(pblock->pb_conn->cin_addr);
-+			(*(PRNetAddr *)value) = *(pblock->pb_conn->cin_addr);
- 		}
--		PR_Unlock( pblock->pb_conn->c_mutex );
- 		break;
- 	case SLAPI_CONN_SERVERNETADDR:
- 		if (pblock->pb_conn == NULL)
--- 
-2.4.3
-
diff --git a/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch b/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch
deleted file mode 100644
index d4c29f9..0000000
--- a/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch
+++ /dev/null
@@ -1,929 +0,0 @@
-From 4a52c95b2f7815c15efd84daf57ced08e7855cc2 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 7 Dec 2015 16:45:06 -0500
-Subject: [PATCH 77/78] Ticket 48370 - The 'eq' index does not get updated
- properly                when deleting and re-adding attributes in            
-    the same modify operation
-
-Bug Description:  If you delete several values of the same attribute, and
-                  add at least one of them back in the same operation, the
-                  equality index does not get updated.
-
-Fix Description:  Modify the logic of the index code to update the index if
-                  at least one of the values in the entry changes.
-
-                  Also did pep8 cleanup of create_test.py
-
-https://fedorahosted.org/389/ticket/48370
-
-Reviewed by: wibrown(Thanks!)
-
-(cherry picked from commit 63b80b5c31ebda51445c662903a28e2a79ebe60a)
-(cherry picked from commit 4a53592ec89d288f182c509dc7fcc104d8cbc4a8)
----
- dirsrvtests/create_test.py              | 393 +++++++++++++++++++-------------
- dirsrvtests/tickets/ticket48370_test.py | 236 +++++++++++++++++++
- ldap/servers/slapd/back-ldbm/index.c    |  29 +--
- 3 files changed, 480 insertions(+), 178 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket48370_test.py
-
-diff --git a/dirsrvtests/create_test.py b/dirsrvtests/create_test.py
-index 941e922..5293991 100755
---- a/dirsrvtests/create_test.py
-+++ b/dirsrvtests/create_test.py
-@@ -22,14 +22,16 @@ import optparse
- 
- 
- def displayUsage():
--    print ('\nUsage:\ncreate_ticket.py -t|--ticket <ticket number> -s|--suite <suite name> ' +
--           '[ i|--instances <number of standalone instances> [ -m|--masters <number of masters> ' +
--           '-h|--hubs <number of hubs> -c|--consumers <number of consumers> ] ' +
--           '-o|--outputfile ]\n')
--    print ('If only "-t" is provided then a single standalone instance is created.  ' +
--           'Or you can create a test suite script using "-s|--suite" instead of using "-t|--ticket".' +
--           'The "-i" option can add mulitple standalone instances(maximum 10).  ' +
--           'However, you can not mix "-i" with the replication options(-m, -h , -c).  ' +
-+    print ('\nUsage:\ncreate_ticket.py -t|--ticket <ticket number> ' +
-+           '-s|--suite <suite name> ' +
-+           '[ i|--instances <number of standalone instances> ' +
-+           '[ -m|--masters <number of masters> -h|--hubs <number of hubs> ' +
-+           '-c|--consumers <number of consumers> ] -o|--outputfile ]\n')
-+    print ('If only "-t" is provided then a single standalone instance is ' +
-+           'created.  Or you can create a test suite script using ' +
-+           '"-s|--suite" instead of using "-t|--ticket".  The "-i" option ' +
-+           'can add mulitple standalone instances(maximum 10).  However, you' +
-+           ' can not mix "-i" with the replication options(-m, -h , -c).  ' +
-            'There is a maximum of 10 masters, 10 hubs, and 10 consumers.')
-     exit(1)
- 
-@@ -59,34 +61,47 @@ if len(sys.argv) > 0:
-         displayUsage()
- 
-     if args.ticket and args.suite:
--        print 'You must choose either "-t|--ticket" or "-s|--suite", but not both.'
-+        print('You must choose either "-t|--ticket" or "-s|--suite", ' +
-+              'but not both.')
-         displayUsage()
- 
-     if int(args.masters) == 0:
-         if int(args.hubs) > 0 or int(args.consumers) > 0:
--            print 'You must use "-m|--masters" if you want to have hubs and/or consumers'
-+            print('You must use "-m|--masters" if you want to have hubs ' +
-+                  'and/or consumers')
-             displayUsage()
- 
--    if not args.masters.isdigit() or int(args.masters) > 10 or int(args.masters) < 0:
--        print 'Invalid value for "--masters", it must be a number and it can not be greater than 10'
-+    if not args.masters.isdigit() or \
-+           int(args.masters) > 10 or \
-+           int(args.masters) < 0:
-+        print('Invalid value for "--masters", it must be a number and it can' +
-+              ' not be greater than 10')
-         displayUsage()
- 
-     if not args.hubs.isdigit() or int(args.hubs) > 10 or int(args.hubs) < 0:
--        print 'Invalid value for "--hubs", it must be a number and it can not be greater than 10'
-+        print('Invalid value for "--hubs", it must be a number and it can ' +
-+              'not be greater than 10')
-         displayUsage()
- 
--    if not args.consumers.isdigit() or int(args.consumers) > 10 or int(args.consumers) < 0:
--        print 'Invalid value for "--consumers", it must be a number and it can not be greater than 10'
-+    if not args.consumers.isdigit() or \
-+           int(args.consumers) > 10 or \
-+           int(args.consumers) < 0:
-+        print('Invalid value for "--consumers", it must be a number and it ' +
-+              'can not be greater than 10')
-         displayUsage()
- 
-     if args.inst:
--        if not args.inst.isdigit() or int(args.inst) > 10 or int(args.inst) < 1:
--            print ('Invalid value for "--instances", it must be a number greater than 0 ' +
--                   'and not greater than 10')
-+        if not args.inst.isdigit() or \
-+               int(args.inst) > 10 or \
-+               int(args.inst) < 1:
-+            print('Invalid value for "--instances", it must be a number ' +
-+                  'greater than 0 and not greater than 10')
-             displayUsage()
-         if int(args.inst) > 0:
--            if int(args.masters) > 0 or int(args.hubs) > 0 or int(args.consumers) > 0:
--                print 'You can not mix "--instances" with replication.'
-+            if int(args.masters) > 0 or \
-+               int(args.hubs) > 0 or \
-+               int(args.consumers) > 0:
-+                print('You can not mix "--instances" with replication.')
-                 displayUsage()
- 
-     # Extract usable values
-@@ -120,9 +135,11 @@ if len(sys.argv) > 0:
-     #
-     # Write the imports
-     #
--    TEST.write('import os\nimport sys\nimport time\nimport ldap\nimport logging\nimport pytest\n')
--    TEST.write('from lib389 import DirSrv, Entry, tools, tasks\nfrom lib389.tools import DirSrvTools\n' +
--               'from lib389._constants import *\nfrom lib389.properties import *\n' +
-+    TEST.write('import os\nimport sys\nimport time\nimport ldap\n' +
-+               'import logging\nimport pytest\n')
-+    TEST.write('from lib389 import DirSrv, Entry, tools, tasks\nfrom ' +
-+               'lib389.tools import DirSrvTools\nfrom lib389._constants ' +
-+               'import *\nfrom lib389.properties import *\n' +
-                'from lib389.tasks import *\nfrom lib389.utils import *\n\n')
- 
-     #
-@@ -154,13 +171,16 @@ if len(sys.argv) > 0:
- 
-         for idx in range(masters):
-             TEST.write('        master' + str(idx + 1) + '.open()\n')
--            TEST.write('        self.master' + str(idx + 1) + ' = master' + str(idx + 1) + '\n')
-+            TEST.write('        self.master' + str(idx + 1) + ' = master' +
-+                       str(idx + 1) + '\n')
-         for idx in range(hubs):
-             TEST.write('        hub' + str(idx + 1) + '.open()\n')
--            TEST.write('        self.hub' + str(idx + 1) + ' = hub' + str(idx + 1) + '\n')
-+            TEST.write('        self.hub' + str(idx + 1) + ' = hub' +
-+                       str(idx + 1) + '\n')
-         for idx in range(consumers):
-             TEST.write('        consumer' + str(idx + 1) + '.open()\n')
--            TEST.write('        self.consumer' + str(idx + 1) + ' = consumer' + str(idx + 1) + '\n')
-+            TEST.write('        self.consumer' + str(idx + 1) + ' = consumer' +
-+                       str(idx + 1) + '\n')
-         TEST.write('\n\n')
-     else:
-         #
-@@ -184,7 +204,8 @@ if len(sys.argv) > 0:
-             else:
-                 idx = str(idx)
-             TEST.write('        standalone' + idx + '.open()\n')
--            TEST.write('        self.standalone' + idx + ' = standalone' + idx + '\n')
-+            TEST.write('        self.standalone' + idx + ' = standalone' +
-+                       idx + '\n')
-         TEST.write('\n\n')
- 
-     #
-@@ -194,7 +215,8 @@ if len(sys.argv) > 0:
-     TEST.write('def topology(request):\n')
-     TEST.write('    global installation1_prefix\n')
-     TEST.write('    if installation1_prefix:\n')
--    TEST.write('        args_instance[SER_DEPLOYED_DIR] = installation1_prefix\n\n')
-+    TEST.write('        args_instance[SER_DEPLOYED_DIR] = ' +
-+               'installation1_prefix\n\n')
- 
-     if repl_deployment:
-         #
-@@ -204,20 +226,25 @@ if len(sys.argv) > 0:
-             idx = str(idx + 1)
-             TEST.write('    # Creating master ' + idx + '...\n')
-             TEST.write('    master' + idx + ' = DirSrv(verbose=False)\n')
--            TEST.write('    args_instance[SER_HOST] = HOST_MASTER_' + idx + '\n')
--            TEST.write('    args_instance[SER_PORT] = PORT_MASTER_' + idx + '\n')
--            TEST.write('    args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_' + idx + '\n')
--            TEST.write('    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
-+            TEST.write('    args_instance[SER_HOST] = HOST_MASTER_' + idx +
-+                       '\n')
-+            TEST.write('    args_instance[SER_PORT] = PORT_MASTER_' + idx +
-+                       '\n')
-+            TEST.write('    args_instance[SER_SERVERID_PROP] = ' +
-+                       'SERVERID_MASTER_' + idx + '\n')
-+            TEST.write('    args_instance[SER_CREATION_SUFFIX] = ' +
-+                       'DEFAULT_SUFFIX\n')
-             TEST.write('    args_master = args_instance.copy()\n')
-             TEST.write('    master' + idx + '.allocate(args_master)\n')
--            TEST.write('    instance_master' + idx + ' = master' + idx + '.exists()\n')
-+            TEST.write('    instance_master' + idx + ' = master' + idx +
-+                       '.exists()\n')
-             TEST.write('    if instance_master' + idx + ':\n')
-             TEST.write('        master' + idx + '.delete()\n')
-             TEST.write('    master' + idx + '.create()\n')
-             TEST.write('    master' + idx + '.open()\n')
--            TEST.write('    master' + idx + '.replica.enableReplication(suffix=SUFFIX, ' +
--                                            'role=REPLICAROLE_MASTER, ' +
--                                            'replicaId=REPLICAID_MASTER_' + idx + ')\n\n')
-+            TEST.write('    master' + idx + '.replica.enableReplication' +
-+                       '(suffix=SUFFIX, role=REPLICAROLE_MASTER, ' +
-+                       'replicaId=REPLICAID_MASTER_' + idx + ')\n\n')
- 
-         for idx in range(hubs):
-             idx = str(idx + 1)
-@@ -225,37 +252,45 @@ if len(sys.argv) > 0:
-             TEST.write('    hub' + idx + ' = DirSrv(verbose=False)\n')
-             TEST.write('    args_instance[SER_HOST] = HOST_HUB_' + idx + '\n')
-             TEST.write('    args_instance[SER_PORT] = PORT_HUB_' + idx + '\n')
--            TEST.write('    args_instance[SER_SERVERID_PROP] = SERVERID_HUB_' + idx + '\n')
--            TEST.write('    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
-+            TEST.write('    args_instance[SER_SERVERID_PROP] = SERVERID_HUB_' +
-+                       idx + '\n')
-+            TEST.write('    args_instance[SER_CREATION_SUFFIX] = ' +
-+                       'DEFAULT_SUFFIX\n')
-             TEST.write('    args_hub = args_instance.copy()\n')
-             TEST.write('    hub' + idx + '.allocate(args_hub)\n')
--            TEST.write('    instance_hub' + idx + ' = hub' + idx + '.exists()\n')
-+            TEST.write('    instance_hub' + idx + ' = hub' + idx +
-+                       '.exists()\n')
-             TEST.write('    if instance_hub' + idx + ':\n')
-             TEST.write('        hub' + idx + '.delete()\n')
-             TEST.write('    hub' + idx + '.create()\n')
-             TEST.write('    hub' + idx + '.open()\n')
--            TEST.write('    hub' + idx + '.replica.enableReplication(suffix=SUFFIX, ' +
--                                            'role=REPLICAROLE_HUB, ' +
--                                            'replicaId=REPLICAID_HUB_' + idx + ')\n\n')
-+            TEST.write('    hub' + idx + '.replica.enableReplication' +
-+                       '(suffix=SUFFIX, role=REPLICAROLE_HUB, ' +
-+                       'replicaId=REPLICAID_HUB_' + idx + ')\n\n')
- 
-         for idx in range(consumers):
-             idx = str(idx + 1)
-             TEST.write('    # Creating consumer ' + idx + '...\n')
-             TEST.write('    consumer' + idx + ' = DirSrv(verbose=False)\n')
--            TEST.write('    args_instance[SER_HOST] = HOST_CONSUMER_' + idx + '\n')
--            TEST.write('    args_instance[SER_PORT] = PORT_CONSUMER_' + idx + '\n')
--            TEST.write('    args_instance[SER_SERVERID_PROP] = SERVERID_CONSUMER_' + idx + '\n')
--            TEST.write('    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
-+            TEST.write('    args_instance[SER_HOST] = HOST_CONSUMER_' + idx +
-+                       '\n')
-+            TEST.write('    args_instance[SER_PORT] = PORT_CONSUMER_' + idx +
-+                       '\n')
-+            TEST.write('    args_instance[SER_SERVERID_PROP] = ' +
-+                       'SERVERID_CONSUMER_' + idx + '\n')
-+            TEST.write('    args_instance[SER_CREATION_SUFFIX] = ' +
-+                       'DEFAULT_SUFFIX\n')
-             TEST.write('    args_consumer = args_instance.copy()\n')
-             TEST.write('    consumer' + idx + '.allocate(args_consumer)\n')
--            TEST.write('    instance_consumer' + idx + ' = consumer' + idx + '.exists()\n')
-+            TEST.write('    instance_consumer' + idx + ' = consumer' + idx +
-+                       '.exists()\n')
-             TEST.write('    if instance_consumer' + idx + ':\n')
-             TEST.write('        consumer' + idx + '.delete()\n')
-             TEST.write('    consumer' + idx + '.create()\n')
-             TEST.write('    consumer' + idx + '.open()\n')
--            TEST.write('    consumer' + idx + '.replica.enableReplication(suffix=SUFFIX, ' +
--                                            'role=REPLICAROLE_CONSUMER, ' +
--                                            'replicaId=CONSUMER_REPLICAID)\n\n')
-+            TEST.write('    consumer' + idx + '.replica.enableReplication' +
-+                       '(suffix=SUFFIX, role=REPLICAROLE_CONSUMER, ' +
-+                       'replicaId=CONSUMER_REPLICAID)\n\n')
- 
-         #
-         # Create the master agreements
-@@ -274,39 +309,61 @@ if len(sys.argv) > 0:
-                 if master_idx == idx:
-                     # skip ourselves
-                     continue
--                TEST.write('    # Creating agreement from master ' + str(master_idx) + ' to master ' + str(idx) + '\n')
--                TEST.write("    properties = {RA_NAME:      r'meTo_$host:$port',\n")
--                TEST.write("                  RA_BINDDN:    defaultProperties[REPLICATION_BIND_DN],\n")
--                TEST.write("                  RA_BINDPW:    defaultProperties[REPLICATION_BIND_PW],\n")
--                TEST.write("                  RA_METHOD:    defaultProperties[REPLICATION_BIND_METHOD],\n")
--                TEST.write("                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
--                TEST.write('    m' + str(master_idx) + '_m' + str(idx) + '_agmt = master' + str(master_idx) +
-+                TEST.write('    # Creating agreement from master ' +
-+                           str(master_idx) + ' to master ' + str(idx) + '\n')
-+                TEST.write("    properties = {RA_NAME:      " +
-+                           "r'meTo_$host:$port',\n")
-+                TEST.write("                  RA_BINDDN:    " +
-+                           "defaultProperties[REPLICATION_BIND_DN],\n")
-+                TEST.write("                  RA_BINDPW:    " +
-+                           "defaultProperties[REPLICATION_BIND_PW],\n")
-+                TEST.write("                  RA_METHOD:    " +
-+                           "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+                TEST.write("                  RA_TRANSPORT_PROT: " +
-+                           "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+                TEST.write('    m' + str(master_idx) + '_m' + str(idx) +
-+                           '_agmt = master' + str(master_idx) +
-                             '.agreement.create(suffix=SUFFIX, host=master' +
--                            str(idx) + '.host, port=master' + str(idx) + '.port, properties=properties)\n')
--                TEST.write('    if not m' + str(master_idx) + '_m' + str(idx) + '_agmt:\n')
--                TEST.write('        log.fatal("Fail to create a master -> master replica agreement")\n')
-+                            str(idx) + '.host, port=master' + str(idx) +
-+                            '.port, properties=properties)\n')
-+                TEST.write('    if not m' + str(master_idx) + '_m' + str(idx) +
-+                           '_agmt:\n')
-+                TEST.write('        log.fatal("Fail to create a master -> ' +
-+                           'master replica agreement")\n')
-                 TEST.write('        sys.exit(1)\n')
--                TEST.write('    log.debug("%s created" % m' + str(master_idx) + '_m' + str(idx) + '_agmt)\n\n')
-+                TEST.write('    log.debug("%s created" % m' + str(master_idx) +
-+                           '_m' + str(idx) + '_agmt)\n\n')
-                 agmt_count += 1
- 
-             for idx in range(hubs):
-                 idx += 1
-                 #
--                # Create agreements from each master to each hub (master -> hub)
-+                # Create agmts from each master to each hub (master -> hub)
-                 #
--                TEST.write('    # Creating agreement from master ' + str(master_idx) + ' to hub ' + str(idx) + '\n')
--                TEST.write("    properties = {RA_NAME:      r'meTo_$host:$port',\n")
--                TEST.write("                  RA_BINDDN:    defaultProperties[REPLICATION_BIND_DN],\n")
--                TEST.write("                  RA_BINDPW:    defaultProperties[REPLICATION_BIND_PW],\n")
--                TEST.write("                  RA_METHOD:    defaultProperties[REPLICATION_BIND_METHOD],\n")
--                TEST.write("                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
--                TEST.write('    m' + str(master_idx) + '_h' + str(idx) + '_agmt = master' + str(master_idx) +
--                            '.agreement.create(suffix=SUFFIX, host=hub' +
--                            str(idx) + '.host, port=hub' + str(idx) + '.port, properties=properties)\n')
--                TEST.write('    if not m' + str(master_idx) + '_h' + str(idx) + '_agmt:\n')
--                TEST.write('        log.fatal("Fail to create a master -> hub replica agreement")\n')
-+                TEST.write('    # Creating agreement from master ' +
-+                           str(master_idx) + ' to hub ' + str(idx) + '\n')
-+                TEST.write("    properties = {RA_NAME:      " +
-+                           "r'meTo_$host:$port',\n")
-+                TEST.write("                  RA_BINDDN:    " +
-+                           "defaultProperties[REPLICATION_BIND_DN],\n")
-+                TEST.write("                  RA_BINDPW:    " +
-+                           "defaultProperties[REPLICATION_BIND_PW],\n")
-+                TEST.write("                  RA_METHOD:    " +
-+                           "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+                TEST.write("                  RA_TRANSPORT_PROT: " +
-+                           "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+                TEST.write('    m' + str(master_idx) + '_h' + str(idx) +
-+                           '_agmt = master' + str(master_idx) +
-+                           '.agreement.create(suffix=SUFFIX, host=hub' +
-+                           str(idx) + '.host, port=hub' + str(idx) +
-+                           '.port, properties=properties)\n')
-+                TEST.write('    if not m' + str(master_idx) + '_h' + str(idx) +
-+                           '_agmt:\n')
-+                TEST.write('        log.fatal("Fail to create a master -> ' +
-+                           'hub replica agreement")\n')
-                 TEST.write('        sys.exit(1)\n')
--                TEST.write('    log.debug("%s created" % m' + str(master_idx) + '_h' + str(idx) + '_agmt)\n\n')
-+                TEST.write('    log.debug("%s created" % m' + str(master_idx) +
-+                           '_h' + str(idx) + '_agmt)\n\n')
-                 agmt_count += 1
- 
-         #
-@@ -322,24 +379,35 @@ if len(sys.argv) > 0:
-                 #
-                 # Create agreements from each hub to each consumer
-                 #
--                TEST.write('    # Creating agreement from hub ' + str(hub_idx) + ' to consumer ' + str(idx) + '\n')
--                TEST.write("    properties = {RA_NAME:      r'meTo_$host:$port',\n")
--                TEST.write("                  RA_BINDDN:    defaultProperties[REPLICATION_BIND_DN],\n")
--                TEST.write("                  RA_BINDPW:    defaultProperties[REPLICATION_BIND_PW],\n")
--                TEST.write("                  RA_METHOD:    defaultProperties[REPLICATION_BIND_METHOD],\n")
--                TEST.write("                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
--                TEST.write('    h' + str(hub_idx) + '_c' + str(idx) + '_agmt = hub' +
--                            str(hub_idx) + '.agreement.create(suffix=SUFFIX, host=consumer' +
--                            str(idx) + '.host, port=consumer' + str(idx) + '.port, properties=properties)\n')
--                TEST.write('    if not h' + str(hub_idx) + '_c' + str(idx) + '_agmt:\n')
--                TEST.write('        log.fatal("Fail to create a hub -> consumer replica agreement")\n')
-+                TEST.write('    # Creating agreement from hub ' + str(hub_idx)
-+                           + ' to consumer ' + str(idx) + '\n')
-+                TEST.write("    properties = {RA_NAME:      " +
-+                           "r'meTo_$host:$port',\n")
-+                TEST.write("                  RA_BINDDN:    " +
-+                           "defaultProperties[REPLICATION_BIND_DN],\n")
-+                TEST.write("                  RA_BINDPW:    " +
-+                           "defaultProperties[REPLICATION_BIND_PW],\n")
-+                TEST.write("                  RA_METHOD:    " +
-+                           "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+                TEST.write("                  RA_TRANSPORT_PROT: " +
-+                           "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+                TEST.write('    h' + str(hub_idx) + '_c' + str(idx) +
-+                           '_agmt = hub' + str(hub_idx) +
-+                           '.agreement.create(suffix=SUFFIX, host=consumer' +
-+                           str(idx) + '.host, port=consumer' + str(idx) +
-+                           '.port, properties=properties)\n')
-+                TEST.write('    if not h' + str(hub_idx) + '_c' + str(idx) +
-+                           '_agmt:\n')
-+                TEST.write('        log.fatal("Fail to create a hub -> ' +
-+                           'consumer replica agreement")\n')
-                 TEST.write('        sys.exit(1)\n')
--                TEST.write('    log.debug("%s created" % h' + str(hub_idx) + '_c' + str(idx) + '_agmt)\n\n')
-+                TEST.write('    log.debug("%s created" % h' + str(hub_idx) +
-+                           '_c' + str(idx) + '_agmt)\n\n')
-                 agmt_count += 1
- 
-         if hubs == 0:
-             #
--            # No Hubs, see if there are any consumers to create agreements to...
-+            # No Hubs, see if there are any consumers to create agreements to
-             #
-             for idx in range(masters):
-                 master_idx = idx + 1
-@@ -351,27 +419,40 @@ if len(sys.argv) > 0:
-                     #
-                     # Create agreements from each master to each consumer
-                     #
--                    TEST.write('    # Creating agreement from master ' + str(master_idx) +
--                               ' to consumer ' + str(idx) + '\n')
--                    TEST.write("    properties = {RA_NAME:      r'meTo_$host:$port',\n")
--                    TEST.write("                  RA_BINDDN:    defaultProperties[REPLICATION_BIND_DN],\n")
--                    TEST.write("                  RA_BINDPW:    defaultProperties[REPLICATION_BIND_PW],\n")
--                    TEST.write("                  RA_METHOD:    defaultProperties[REPLICATION_BIND_METHOD],\n")
--                    TEST.write("                  RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
--                    TEST.write('    m' + str(master_idx) + '_c' + str(idx) + '_agmt = master' + str(master_idx) +
--                                '.agreement.create(suffix=SUFFIX, host=consumer' +
--                                str(idx) + '.host, port=consumer' + str(idx) +
--                                '.port, properties=properties)\n')
--                    TEST.write('    if not m' + str(master_idx) + '_c' + str(idx) + '_agmt:\n')
--                    TEST.write('        log.fatal("Fail to create a hub -> consumer replica agreement")\n')
-+                    TEST.write('    # Creating agreement from master ' +
-+                               str(master_idx) + ' to consumer ' + str(idx) +
-+                               '\n')
-+                    TEST.write("    properties = {RA_NAME:      " +
-+                               "r'meTo_$host:$port',\n")
-+                    TEST.write("                  RA_BINDDN:    " +
-+                               "defaultProperties[REPLICATION_BIND_DN],\n")
-+                    TEST.write("                  RA_BINDPW:    " +
-+                               "defaultProperties[REPLICATION_BIND_PW],\n")
-+                    TEST.write("                  RA_METHOD:    " +
-+                               "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+                    TEST.write("                  RA_TRANSPORT_PROT: " +
-+                               "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+                    TEST.write('    m' + str(master_idx) + '_c' + str(idx) +
-+                               '_agmt = master' + str(master_idx) +
-+                               '.agreement.create(suffix=SUFFIX, ' +
-+                               'host=consumer' + str(idx) +
-+                               '.host, port=consumer' + str(idx) +
-+                               '.port, properties=properties)\n')
-+                    TEST.write('    if not m' + str(master_idx) + '_c' +
-+                               str(idx) + '_agmt:\n')
-+                    TEST.write('        log.fatal("Fail to create a hub -> ' +
-+                               'consumer replica agreement")\n')
-                     TEST.write('        sys.exit(1)\n')
--                    TEST.write('    log.debug("%s created" % m' + str(master_idx) + '_c' + str(idx) + '_agmt)\n\n')
-+                    TEST.write('    log.debug("%s created" % m' +
-+                               str(master_idx) + '_c' + str(idx) +
-+                               '_agmt)\n\n')
-                     agmt_count += 1
- 
-         #
-         # Add sleep that allows all the agreemnts to get situated
-         #
--        TEST.write('    # Allow the replicas to get situated with the new agreements...\n')
-+        TEST.write('    # Allow the replicas to get situated with the new ' +
-+                   'agreements...\n')
-         TEST.write('    time.sleep(5)\n\n')
- 
-         #
-@@ -388,7 +469,8 @@ if len(sys.argv) > 0:
-                 continue
-             TEST.write('    master1.agreement.init(SUFFIX, HOST_MASTER_' +
-                        str(idx) + ', PORT_MASTER_' + str(idx) + ')\n')
--            TEST.write('    master1.waitForReplInit(m1_m' + str(idx) + '_agmt)\n')
-+            TEST.write('    master1.waitForReplInit(m1_m' + str(idx) +
-+                       '_agmt)\n')
- 
-         # Hubs
-         consumers_inited = False
-@@ -396,23 +478,27 @@ if len(sys.argv) > 0:
-             idx += 1
-             TEST.write('    master1.agreement.init(SUFFIX, HOST_HUB_' +
-                    str(idx) + ', PORT_HUB_' + str(idx) + ')\n')
--            TEST.write('    master1.waitForReplInit(m1_h' + str(idx) + '_agmt)\n')
-+            TEST.write('    master1.waitForReplInit(m1_h' + str(idx) +
-+                       '_agmt)\n')
-             for idx in range(consumers):
-                 if consumers_inited:
-                     continue
-                 idx += 1
-                 TEST.write('    hub1.agreement.init(SUFFIX, HOST_CONSUMER_' +
-                            str(idx) + ', PORT_CONSUMER_' + str(idx) + ')\n')
--                TEST.write('    hub1.waitForReplInit(h1_c' + str(idx) + '_agmt)\n')
-+                TEST.write('    hub1.waitForReplInit(h1_c' + str(idx) +
-+                           '_agmt)\n')
-             consumers_inited = True
- 
-         # Consumers (master -> consumer)
-         if hubs == 0:
-             for idx in range(consumers):
-                 idx += 1
--                TEST.write('    master1.agreement.init(SUFFIX, HOST_CONSUMER_' +
--                           str(idx) + ', PORT_CONSUMER_' + str(idx) + ')\n')
--                TEST.write('    master1.waitForReplInit(m1_c' + str(idx) + '_agmt)\n')
-+                TEST.write('    master1.agreement.init(SUFFIX, ' +
-+                           'HOST_CONSUMER_' + str(idx) + ', PORT_CONSUMER_' +
-+                           str(idx) + ')\n')
-+                TEST.write('    master1.waitForReplInit(m1_c' + str(idx) +
-+                           '_agmt)\n')
- 
-         TEST.write('\n')
- 
-@@ -420,7 +506,7 @@ if len(sys.argv) > 0:
-         # Write replicaton check
-         #
-         if agmt_count > 0:
--            # Find the lowest replica type in the deployment(consumer -> master)
-+            # Find the lowest replica type (consumer -> master)
-             if consumers > 0:
-                 replica = 'consumer1'
-             elif hubs > 0:
-@@ -428,7 +514,8 @@ if len(sys.argv) > 0:
-             else:
-                 replica = 'master2'
-             TEST.write('    # Check replication is working...\n')
--            TEST.write('    if master1.testReplication(DEFAULT_SUFFIX, ' + replica + '):\n')
-+            TEST.write('    if master1.testReplication(DEFAULT_SUFFIX, ' +
-+                       replica + '):\n')
-             TEST.write("        log.info('Replication is working.')\n")
-             TEST.write('    else:\n')
-             TEST.write("        log.fatal('Replication is not working.')\n")
-@@ -465,15 +552,22 @@ if len(sys.argv) > 0:
-                 idx = str(idx)
-             TEST.write('    # Creating standalone instance ' + idx + '...\n')
-             TEST.write('    standalone' + idx + ' = DirSrv(verbose=False)\n')
--            TEST.write('    args_instance[SER_HOST] = HOST_STANDALONE' + idx + '\n')
--            TEST.write('    args_instance[SER_PORT] = PORT_STANDALONE' + idx + '\n')
--            TEST.write('    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE' + idx + '\n')
--            TEST.write('    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
--            TEST.write('    args_standalone' + idx + ' = args_instance.copy()\n')
--            TEST.write('    standalone' + idx + '.allocate(args_standalone' + idx + ')\n')
-+            TEST.write('    args_instance[SER_HOST] = HOST_STANDALONE' +
-+                       idx + '\n')
-+            TEST.write('    args_instance[SER_PORT] = PORT_STANDALONE' +
-+                       idx + '\n')
-+            TEST.write('    args_instance[SER_SERVERID_PROP] = ' +
-+                       'SERVERID_STANDALONE' + idx + '\n')
-+            TEST.write('    args_instance[SER_CREATION_SUFFIX] = ' +
-+                       'DEFAULT_SUFFIX\n')
-+            TEST.write('    args_standalone' + idx + ' = args_instance.copy' +
-+                       '()\n')
-+            TEST.write('    standalone' + idx + '.allocate(args_standalone' +
-+                       idx + ')\n')
- 
-             # Get the status of the instance and restart it if it exists
--            TEST.write('    instance_standalone' + idx + ' = standalone' + idx + '.exists()\n')
-+            TEST.write('    instance_standalone' + idx + ' = standalone' +
-+                       idx + '.exists()\n')
- 
-             # Remove the instance
-             TEST.write('    if instance_standalone' + idx + ':\n')
-@@ -503,12 +597,20 @@ if len(sys.argv) > 0:
-         TEST.write('def test_ticket' + ticket + '(topology):\n')
-         TEST.write("    '''\n")
-         if repl_deployment:
--            TEST.write('    Write your replication testcase here.\n\n')
--            TEST.write('    To access each DirSrv instance use:  topology.master1, topology.master2,\n' +
--                       '        ..., topology.hub1, ..., topology.consumer1, ...\n')
-+            TEST.write('    """Write your replication testcase here.\n\n')
-+            TEST.write('    To access each DirSrv instance use:  ' +
-+                       'topology.master1, topology.master2,\n' +
-+                       '        ..., topology.hub1, ..., topology.consumer1' +
-+                       ',...\n\n')
-+            TEST.write('    Also, if you need any testcase initialization,\n')
-+            TEST.write('    please, write additional fixture for that' +
-+                       '(include ' + 'finalizer).\n')
-         else:
--            TEST.write('    Write your testcase here...\n')
--        TEST.write("    '''\n\n")
-+            TEST.write('    """Write your testcase here...\n\n')
-+            TEST.write('    Also, if you need any testcase initialization,\n')
-+            TEST.write('    please, write additional fixture for that' +
-+                       '(include finalizer).\n')
-+        TEST.write('    """\n\n')
-         TEST.write("    log.info('Test complete')\n")
-         TEST.write("\n\n")
-     else:
-@@ -520,43 +622,11 @@ if len(sys.argv) > 0:
- 
-         # Write the first initial empty test function
-         TEST.write('def test_' + suite + '_#####(topology):\n')
--        TEST.write("    '''\n")
--        TEST.write('    Write a single test here...\n')
--        TEST.write("    '''\n\n    return\n\n\n")
--
--    #
--    # Write the final function here - delete each instance
--    #
--    if ticket:
--        TEST.write('def test_ticket' + ticket + '_final(topology):\n')
--    else:
--        # suite
--        TEST.write('def test_' + suite + '_final(topology):\n')
--    if repl_deployment:
--        for idx in range(masters):
--            idx += 1
--            TEST.write('    topology.master' + str(idx) + '.delete()\n')
--        for idx in range(hubs):
--            idx += 1
--            TEST.write('    topology.hub' + str(idx) + '.delete()\n')
--        for idx in range(consumers):
--            idx += 1
--            TEST.write('    topology.consumer' + str(idx) + '.delete()\n')
--    else:
--        for idx in range(instances):
--            idx += 1
--            if idx == 1:
--                idx = ''
--            else:
--                idx = str(idx)
--            TEST.write('    topology.standalone' + idx + '.delete()\n')
--
--    if ticket:
--        TEST.write("    log.info('Testcase PASSED')\n")
--    else:
--        # suite
--        TEST.write("    log.info('" + suite + " test suite PASSED')\n")
--    TEST.write('\n\n')
-+        TEST.write('    """Write a single test here...\n\n')
-+        TEST.write('    Also, if you need any test suite initialization,\n')
-+        TEST.write('    please, write additional fixture for that(include ' +
-+                   'finalizer).\n')
-+        TEST.write('    """\n\n    return\n\n\n')
- 
-     #
-     # Write the main function
-@@ -576,7 +646,10 @@ if len(sys.argv) > 0:
-     TEST.write('\n\n')
- 
-     TEST.write("if __name__ == '__main__':\n")
--    TEST.write('    run_isolated()\n\n')
-+    TEST.write('    # Run isolated\n')
-+    TEST.write('    # -s for DEBUG mode\n')
-+    TEST.write('    CURRENT_FILE = os.path.realpath(__file__)\n')
-+    TEST.write('    pytest.main("-s %s" % CURRENT_FILE)\n')
- 
-     #
-     # Done, close things up
-diff --git a/dirsrvtests/tickets/ticket48370_test.py b/dirsrvtests/tickets/ticket48370_test.py
-new file mode 100644
-index 0000000..f5b1f47
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48370_test.py
-@@ -0,0 +1,236 @@
-+import os
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+    def __init__(self, standalone):
-+        standalone.open()
-+        self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    global installation1_prefix
-+    if installation1_prefix:
-+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+    # Creating standalone instance ...
-+    standalone = DirSrv(verbose=False)
-+    args_instance[SER_HOST] = HOST_STANDALONE
-+    args_instance[SER_PORT] = PORT_STANDALONE
-+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+    args_standalone = args_instance.copy()
-+    standalone.allocate(args_standalone)
-+    instance_standalone = standalone.exists()
-+    if instance_standalone:
-+        standalone.delete()
-+    standalone.create()
-+    standalone.open()
-+
-+    # Delete each instance in the end
-+    def fin():
-+        standalone.delete()
-+    request.addfinalizer(fin)
-+
-+    # Clear out the tmp dir
-+    standalone.clearTmpDir(__file__)
-+
-+    return TopologyStandalone(standalone)
-+
-+
-+def test_ticket48370(topology):
-+    """
-+    Deleting attirbute values and readding a value does not properly update
-+    the pres index.  The values are not actually deleted from the index
-+    """
-+
-+    DN = 'uid=user0099,' + DEFAULT_SUFFIX
-+
-+    #
-+    # Add an entry
-+    #
-+    topology.standalone.add_s(Entry((DN, {
-+                              'objectclass': ['top', 'person',
-+                                              'organizationalPerson',
-+                                              'inetorgperson',
-+                                              'posixAccount'],
-+                              'givenname': 'test',
-+                              'sn': 'user',
-+                              'loginshell': '/bin/bash',
-+                              'uidNumber': '10099',
-+                              'gidNumber': '10099',
-+                              'gecos': 'Test User',
-+                              'mail': ['user0099@dev.null',
-+                                       'alias@dev.null',
-+                                       'user0099@redhat.com'],
-+                              'cn': 'Test User',
-+                              'homeDirectory': '/home/user0099',
-+                              'uid': 'admin2',
-+                              'userpassword': 'password'})))
-+
-+    #
-+    # Perform modify (delete & add mail attributes)
-+    #
-+    try:
-+        topology.standalone.modify_s(DN, [(ldap.MOD_DELETE,
-+                                           'mail',
-+                                           'user0099@dev.null'),
-+                                          (ldap.MOD_DELETE,
-+                                           'mail',
-+                                           'alias@dev.null'),
-+                                          (ldap.MOD_ADD,
-+                                           'mail', 'user0099@dev.null')])
-+    except ldap.LDAPError as e:
-+        log.fatal('Failedto modify user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Search using deleted attribute value- no entries should be returned
-+    #
-+    try:
-+        entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+                                             ldap.SCOPE_SUBTREE,
-+                                             'mail=alias@dev.null')
-+        if entry:
-+            log.fatal('Entry incorrectly returned')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Search using existing attribute value - the entry should be returned
-+    #
-+    try:
-+        entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+                                             ldap.SCOPE_SUBTREE,
-+                                             'mail=user0099@dev.null')
-+        if entry is None:
-+            log.fatal('Entry not found, but it should have been')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Delete the last values
-+    #
-+    try:
-+        topology.standalone.modify_s(DN, [(ldap.MOD_DELETE,
-+                                           'mail',
-+                                           'user0099@dev.null'),
-+                                          (ldap.MOD_DELETE,
-+                                           'mail',
-+                                           'user0099@redhat.com')
-+                                          ])
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to modify user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Search using deleted attribute value - no entries should be returned
-+    #
-+    try:
-+        entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+                                             ldap.SCOPE_SUBTREE,
-+                                             'mail=user0099@redhat.com')
-+        if entry:
-+            log.fatal('Entry incorrectly returned')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Make sure presence index is correctly updated - no entries should be
-+    # returned
-+    #
-+    try:
-+        entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+                                             ldap.SCOPE_SUBTREE,
-+                                             'mail=*')
-+        if entry:
-+            log.fatal('Entry incorrectly returned')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Now add the attributes back, and lets run a different set of tests with
-+    # a different number of attributes
-+    #
-+    try:
-+        topology.standalone.modify_s(DN, [(ldap.MOD_ADD,
-+                                           'mail',
-+                                           ['user0099@dev.null',
-+                                            'alias@dev.null'])])
-+    except ldap.LDAPError as e:
-+        log.fatal('Failedto modify user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Remove and readd some attibutes
-+    #
-+    try:
-+        topology.standalone.modify_s(DN, [(ldap.MOD_DELETE,
-+                                           'mail',
-+                                           'alias@dev.null'),
-+                                          (ldap.MOD_DELETE,
-+                                           'mail',
-+                                           'user0099@dev.null'),
-+                                          (ldap.MOD_ADD,
-+                                           'mail', 'user0099@dev.null')])
-+    except ldap.LDAPError as e:
-+        log.fatal('Failedto modify user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Search using deleted attribute value - no entries should be returned
-+    #
-+    try:
-+        entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+                                             ldap.SCOPE_SUBTREE,
-+                                             'mail=alias@dev.null')
-+        if entry:
-+            log.fatal('Entry incorrectly returned')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for user: ' + str(e))
-+        assert False
-+
-+    #
-+    # Search using existing attribute value - the entry should be returned
-+    #
-+    try:
-+        entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+                                             ldap.SCOPE_SUBTREE,
-+                                             'mail=user0099@dev.null')
-+        if entry is None:
-+            log.fatal('Entry not found, but it should have been')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for user: ' + str(e))
-+        assert False
-+
-+    log.info('Test PASSED')
-+
-+
-+if __name__ == '__main__':
-+    # Run isolated
-+    # -s for DEBUG mode
-+    CURRENT_FILE = os.path.realpath(__file__)
-+    pytest.main("-s %s" % CURRENT_FILE)
-diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
-index 2adf2f8..00e78a7 100644
---- a/ldap/servers/slapd/back-ldbm/index.c
-+++ b/ldap/servers/slapd/back-ldbm/index.c
-@@ -727,31 +727,24 @@ index_add_mods(
-                     flags = BE_INDEX_DEL|BE_INDEX_PRESENCE|BE_INDEX_EQUALITY;
-                 } else {
-                     flags = BE_INDEX_DEL;
--
--                    /* If the same value doesn't exist in a subtype, set
--                     * BE_INDEX_EQUALITY flag so the equality index is
--                     * removed.
--                     */
-                     curr_attr = NULL;
-                     slapi_entry_attr_find(olde->ep_entry,
--                                          mods[i]->mod_type, &curr_attr);
-+                                          mods[i]->mod_type,
-+                                          &curr_attr);
-                     if (curr_attr) {
--                        int found = 0;
-                         for (j = 0; mods_valueArray[j] != NULL; j++ ) {
--                    	    if ( slapi_valueset_find(curr_attr, all_vals, mods_valueArray[j])) {
--                                /* The same value found in evals. 
--                                 * We don't touch the equality index. */
--                                found = 1;
-+                            if ( !slapi_valueset_find(curr_attr, all_vals, mods_valueArray[j]) ) {
-+                                /*
-+                                 * If the mod del value is not found in all_vals
-+                                 * we need to update the equality index as the
-+                                 * final value(s) have changed
-+                                 */
-+                                if (!(flags & BE_INDEX_EQUALITY)) {
-+                                    flags |= BE_INDEX_EQUALITY;
-+                                }
-                                 break;
-                             }
-                         }
--                        /* 
--                         * to-be-deleted curr_attr does not exist in the 
--                         * new value set evals.  So, we can remove it.
--                         */
--                        if (!found && !(flags & BE_INDEX_EQUALITY)) {
--                            flags |= BE_INDEX_EQUALITY;
--                        }
-                     } 
-                 }
- 
--- 
-2.4.3
-
diff --git a/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch b/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
deleted file mode 100644
index 11ceecf..0000000
--- a/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From ba82865fe34c4b6f1a3df283b4848f29ee99ae05 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 9 Dec 2015 12:05:24 -0800
-Subject: [PATCH 78/78] Ticket #48375 - SimplePagedResults -- in the search
- error case, simple paged results slot was not released.
-
-Description: If a simple paged results search fails in the backend,
-the simple paged results slot was not released.  This patch adds it.
-
-https://fedorahosted.org/389/ticket/48375
-
-Reviewed by tbordaz@redhat.com (Thank you, Thierry!!)
-
-(cherry picked from commit 5a54717bfa40e3ef987bd85c5806125e49b2b278)
-(cherry picked from commit b91aad03b660aea85cb745554f27101c690f8402)
----
- ldap/servers/slapd/opshared.c | 21 ++++++++++++++++-----
- 1 file changed, 16 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 586ca1f..5cafc3c 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -814,15 +814,26 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-              * wait the end of the loop to send back this error 
-              */
-             flag_no_such_object = 1;
--            break;
-+        } else {
-+            /* err something other than LDAP_NO_SUCH_OBJECT, so the backend will
-+             * have sent the result -
-+             * Set a flag here so we don't return another result. */
-+            sent_result = 1;
-         }
--        /* err something other than LDAP_NO_SUCH_OBJECT, so the backend will
--         * have sent the result -
--         * Set a flag here so we don't return another result. */
--        sent_result = 1;
-         /* fall through */
-   
-       case -1:    /* an error occurred */            
-+        /* PAGED RESULTS */
-+        if (op_is_pagedresults(operation)) {
-+            /* cleanup the slot */
-+            PR_Lock(pb->pb_conn->c_mutex);
-+            pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
-+            rc = pagedresults_set_current_be(pb->pb_conn, NULL, pr_idx, 1);
-+            PR_Unlock(pb->pb_conn->c_mutex);
-+        }
-+        if (1 == flag_no_such_object) {
-+            break;
-+        }
-         slapi_pblock_get(pb, SLAPI_RESULT_CODE, &err);
-         if (err == LDAP_NO_SUCH_OBJECT)
-         {
--- 
-2.4.3
-
diff --git a/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch b/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch
deleted file mode 100644
index 9346196..0000000
--- a/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 818f6a27ff92bf7adb5f378f985e9c8f36193812 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Tue, 22 Sep 2015 17:51:35 +0200
-Subject: [PATCH] Ticket 48283 - many attrlist_replace errors in connection
- with cleanallruv
-
-Bug Description:  attrlist_replace error messages are logged because the
-                  list of values contains duplicate attributes
-
-Fix Description:  the duplicate values can appear because when a replica
-                  is removed from the ruv the array is compacted, but
-                  memcpy is used instead of memmove
-
-https://fedorahosted.org/389/ticket/48283
-
-Reviewed by: Rich, Thanks
-
-(cherry picked from commit 2674f5594a2eb088be34728c12c1169df36b1588)
----
- ldap/servers/slapd/dl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/dl.c b/ldap/servers/slapd/dl.c
-index 8233519..c6858f3 100644
---- a/ldap/servers/slapd/dl.c
-+++ b/ldap/servers/slapd/dl.c
-@@ -219,7 +219,7 @@ void *dl_delete (DataList *dl, const void *element, CMPFN cmpfn, FREEFN freefn)
- 
- 			if (i != dl->element_count - 1)
- 			{
--				memcpy (&dl->elements[i], &dl->elements[i+1], (dl->element_count - i - 1) * sizeof (void*));
-+				memmove (&dl->elements[i], &dl->elements[i+1], (dl->element_count - i - 1) * sizeof (void*));
- 			}
- 		
- 			dl->element_count --;
--- 
-2.4.3
-
diff --git a/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch b/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch
deleted file mode 100644
index 661eb52..0000000
--- a/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 45ea72050bfafa3dab744cec4338dd8ddca41a0c Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 7 Jan 2016 18:04:19 -0800
-Subject: [PATCH 80/81] Revert "Ticket #48338 - SimplePagedResults -- abandon
- could happen between the abandon check and sending results"
-
-This reverts commit 79ca67d1fc5d50d8a9ae6b686b9564f3960f8592.
-
-The commit caused the bug 1296694 - ns-slapd crash in ipa context -
-c_mutex lock memory corruption and self locks
-
-(cherry picked from commit 181847863bda74c2e3d77b6a7d9278350d50d4cc)
-(cherry picked from commit c8b1817896af7db6e4fab42734b827e002a7a25b)
----
- ldap/servers/slapd/pblock.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index f2017be..bf57a33 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -223,12 +223,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			memset( value, 0, sizeof( PRNetAddr ));
- 			break;
- 		}
--		/* For fields with atomic access, remove the PR_Lock(c_mutex) */
-+		PR_Lock( pblock->pb_conn->c_mutex );
- 		if ( pblock->pb_conn->cin_addr == NULL ) {
- 			memset( value, 0, sizeof( PRNetAddr ));
- 		} else {
--			(*(PRNetAddr *)value) = *(pblock->pb_conn->cin_addr);
-+			(*(PRNetAddr *)value) =
-+			    *(pblock->pb_conn->cin_addr);
- 		}
-+		PR_Unlock( pblock->pb_conn->c_mutex );
- 		break;
- 	case SLAPI_CONN_SERVERNETADDR:
- 		if (pblock->pb_conn == NULL)
--- 
-2.4.3
-
diff --git a/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch b/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
deleted file mode 100644
index cb99e65..0000000
--- a/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
+++ /dev/null
@@ -1,1510 +0,0 @@
-From ae9df61b523152e01051afa8c115c97fe59310b5 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 11 Jan 2016 15:53:28 -0800
-Subject: [PATCH 81/81] Ticket #48406 - Avoid self deadlock by
- PR_Lock(conn->c_mutex)
-
-Description:  Fixing ticket 48338 introduced a self deadlock.
-To avoid the self deadlock, tried to remove PR_Lock(conn->c_mutex)
-which looked harmless, but it introduced a crash by memory corruption.
-
-This patch replaces PR_Lock/Unlock with PR_EnterMonitor/ExitMonitor,
-respectively.
-
-https://fedorahosted.org/389/ticket/48406
-
-Reviewed by rmeggins@redhat.com, lkrispen@redhat.com, and wibrown@redhat.com.
-Thank you, Rich, Ludwig and William!
-
-(cherry picked from commit f25f804a8bce83b3790e7045dfc03230d7ece1af)
-(cherry picked from commit 84da7d05ddc5a963b0d025df08f38a6ccd7d90d2)
----
- ldap/servers/slapd/abandon.c         |   4 +-
- ldap/servers/slapd/bind.c            |   4 +-
- ldap/servers/slapd/connection.c      |  64 +++++++++++-----------
- ldap/servers/slapd/conntable.c       |  19 +++----
- ldap/servers/slapd/daemon.c          |  22 ++++----
- ldap/servers/slapd/extendop.c        |  10 ++--
- ldap/servers/slapd/operation.c       |  18 +++----
- ldap/servers/slapd/opshared.c        |  18 +++----
- ldap/servers/slapd/pagedresults.c    | 100 +++++++++++++++++------------------
- ldap/servers/slapd/pblock.c          |  72 ++++++++++++-------------
- ldap/servers/slapd/psearch.c         |  10 ++--
- ldap/servers/slapd/saslbind.c        |  26 ++++-----
- ldap/servers/slapd/slap.h            |   2 +-
- ldap/servers/slapd/start_tls_extop.c |  10 ++--
- ldap/servers/slapd/unbind.c          |   4 +-
- 15 files changed, 192 insertions(+), 191 deletions(-)
-
-diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
-index 761b895..9a39f6a 100644
---- a/ldap/servers/slapd/abandon.c
-+++ b/ldap/servers/slapd/abandon.c
-@@ -77,7 +77,7 @@ do_abandon( Slapi_PBlock *pb )
- 	 * flag and abort the operation at a convenient time.
- 	 */
- 
--	PR_Lock( pb->pb_conn->c_mutex );
-+	PR_EnterMonitor(pb->pb_conn->c_mutex);
- 	for ( o = pb->pb_conn->c_ops; o != NULL; o = o->o_next ) {
- 		if ( o->o_msgid == id && o != pb->pb_op)
- 			break;
-@@ -138,7 +138,7 @@ do_abandon( Slapi_PBlock *pb )
- 			o->o_results.r.r_search.nentries, current_time() - o->o_time );
- 	}
- 
--	PR_Unlock( pb->pb_conn->c_mutex );
-+	PR_ExitMonitor(pb->pb_conn->c_mutex);
- 	/*
- 	 * Wake up the persistent searches, so they
- 	 * can notice if they've been abandoned.
-diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
-index 474b508..f81edfb 100644
---- a/ldap/servers/slapd/bind.c
-+++ b/ldap/servers/slapd/bind.c
-@@ -258,7 +258,7 @@ do_bind( Slapi_PBlock *pb )
-         slapi_pblock_get (pb, SLAPI_PWPOLICY, &pw_response_requested);
-     }
- 
--    PR_Lock( pb->pb_conn->c_mutex );
-+    PR_EnterMonitor(pb->pb_conn->c_mutex);
- 
-     bind_credentials_clear( pb->pb_conn, PR_FALSE, /* do not lock conn */
-                             PR_FALSE /* do not clear external creds. */ );
-@@ -291,7 +291,7 @@ do_bind( Slapi_PBlock *pb )
-      * bound user can work properly
-      */
-     pb->pb_conn->c_needpw = 0;
--    PR_Unlock( pb->pb_conn->c_mutex );
-+    PR_ExitMonitor(pb->pb_conn->c_mutex);
- 
-     log_bind_access(pb, dn?dn:"empty", method, version, saslmech, NULL);
- 
-diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
-index fc3b741..a3d123e 100644
---- a/ldap/servers/slapd/connection.c
-+++ b/ldap/servers/slapd/connection.c
-@@ -147,7 +147,7 @@ connection_done(Connection *conn)
- 	}
- 	if (NULL != conn->c_mutex)
- 	{
--		PR_DestroyLock(conn->c_mutex);
-+		PR_DestroyMonitor(conn->c_mutex);
- 	}
- 	if (NULL != conn->c_pdumutex)
- 	{
-@@ -738,10 +738,10 @@ int connection_is_free (Connection *conn)
- {
-     int rc;
- 
--    PR_Lock(conn->c_mutex);
-+    PR_EnterMonitor(conn->c_mutex);
-     rc = conn->c_sd == SLAPD_INVALID_SOCKET && conn->c_refcnt == 0 &&
-          !(conn->c_flags & CONN_FLAG_CLOSING);
--    PR_Unlock(conn->c_mutex);
-+    PR_ExitMonitor(conn->c_mutex);
- 
-     return rc;
- }
-@@ -1128,7 +1128,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- 	PRInt32 syserr = 0;
- 	size_t buffer_data_avail;
- 
--	PR_Lock(conn->c_mutex);
-+	PR_EnterMonitor(conn->c_mutex);
- 	/*
- 	 * if the socket is still valid, get the ber element
- 	 * waiting for us on this connection. timeout is handled
-@@ -1317,15 +1317,15 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- 	}
- 	op->o_tag = *tag;
- done:
--	PR_Unlock(conn->c_mutex);
-+	PR_ExitMonitor(conn->c_mutex);
- 	return ret;
- }
- 
- void connection_make_readable(Connection *conn)
- {
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 	conn->c_gettingber = 0;
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- 	signal_listner();
- }
- 
-@@ -1347,7 +1347,7 @@ void connection_check_activity_level(Connection *conn)
- {
- 	int current_count = 0;
- 	int delta_count = 0;
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 	/* get the current op count */
- 	current_count = conn->c_opscompleted;
- 	/* compare to the previous op count */
-@@ -1358,7 +1358,7 @@ void connection_check_activity_level(Connection *conn)
- 	conn->c_private->previous_op_count = current_count;
- 	/* update the last checked time */
- 	conn->c_private->previous_count_check_time = current_time();
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- 	LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " activity level = %d\n",conn->c_connid,delta_count,0); 
- }
- 
-@@ -1402,7 +1402,7 @@ void connection_enter_leave_turbo(Connection *conn, int current_turbo_flag, int
- 	int connection_count = 0;
- 	int our_rank = 0;
- 	int threshold_rank = 0;
--	PR_Lock(conn->c_mutex);
-+	PR_EnterMonitor(conn->c_mutex);
- 	/* We can already be in turbo mode, or not */
- 	current_mode = current_turbo_flag;
- 	if (pagedresults_in_use_nolock(conn)) {
-@@ -1458,7 +1458,7 @@ void connection_enter_leave_turbo(Connection *conn, int current_turbo_flag, int
- 		}
- 	  }
- 	}
--	PR_Unlock(conn->c_mutex);
-+	PR_ExitMonitor(conn->c_mutex);
- 	if (current_mode != new_mode) {
- 		if (current_mode) {
- 			LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode\n",conn->c_connid,0,0); 
-@@ -1564,13 +1564,13 @@ connection_threadmain()
- 			*/
- 			PR_Sleep(PR_INTERVAL_NO_WAIT);
- 
--			PR_Lock(conn->c_mutex);
-+			PR_EnterMonitor(conn->c_mutex);
- 			/* Make our own pb in turbo mode */
- 			connection_make_new_pb(pb,conn);
- 			if (connection_call_io_layer_callbacks(conn)) {
- 				LDAPDebug0Args( LDAP_DEBUG_ANY, "Error: could not add/remove IO layers from connection\n" );
- 			}
--			PR_Unlock(conn->c_mutex);
-+			PR_ExitMonitor(conn->c_mutex);
- 			if (! config_check_referral_mode()) {
- 			  slapi_counter_increment(ops_initiated);
- 			  slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsInOps); 
-@@ -1685,7 +1685,7 @@ connection_threadmain()
-  */
- 			} else if (!enable_nunc_stans) { /* more data in conn - just put back on work_q - bypass poll */
- 				bypasspollcnt++;
--				PR_Lock(conn->c_mutex);
-+				PR_EnterMonitor(conn->c_mutex);
- 				/* don't do this if it would put us over the max threads per conn */
- 				if (conn->c_threadnumber < maxthreads) {
- 					/* for turbo, c_idlesince is set above - for !turbo and
-@@ -1700,7 +1700,7 @@ connection_threadmain()
- 					/* keep count of how many times maxthreads has blocked an operation */
- 					conn->c_maxthreadsblocked++;
- 				}
--				PR_Unlock(conn->c_mutex);
-+				PR_ExitMonitor(conn->c_mutex);
- 			}
- 		}
- 
-@@ -1736,14 +1736,14 @@ connection_threadmain()
- 
- done:	
- 		if (doshutdown) {
--			PR_Lock(conn->c_mutex);
-+			PR_EnterMonitor(conn->c_mutex);
- 			connection_remove_operation_ext(pb, conn, op);
- 			connection_make_readable_nolock(conn);
- 			conn->c_threadnumber--;
- 			slapi_counter_decrement(conns_in_maxthreads);
- 			slapi_counter_decrement(g_get_global_snmp_vars()->ops_tbl.dsConnectionsInMaxThreads);
- 			connection_release_nolock(conn);
--			PR_Unlock(conn->c_mutex);
-+			PR_ExitMonitor(conn->c_mutex);
- 			signal_listner();
- 			return;
- 		}
-@@ -1760,9 +1760,9 @@ done:
- 		slapi_counter_increment(ops_completed);
- 		/* If this op isn't a persistent search, remove it */
- 		if ( pb->pb_op->o_flags & OP_FLAG_PS ) {
--			    PR_Lock( conn->c_mutex );
-+			    PR_EnterMonitor(conn->c_mutex);
- 			    connection_release_nolock (conn); /* psearch acquires ref to conn - release this one now */
--			    PR_Unlock( conn->c_mutex );
-+			    PR_ExitMonitor(conn->c_mutex);
- 			    /* ps_add makes a shallow copy of the pb - so we
- 			     * can't free it or init it here - just memset it to 0
- 			     * ps_send_results will call connection_remove_operation_ext to free it
-@@ -1770,7 +1770,7 @@ done:
- 			    memset(pb, 0, sizeof(*pb));
- 		} else {
- 			/* delete from connection operation queue & decr refcnt */
--			PR_Lock( conn->c_mutex );
-+			PR_EnterMonitor(conn->c_mutex);
- 			connection_remove_operation_ext( pb, conn, op );
- 
- 			/* If we're in turbo mode, we keep our reference to the connection alive */
-@@ -1811,7 +1811,7 @@ done:
- 					signal_listner();
- 				}
- 			}
--			PR_Unlock( conn->c_mutex );
-+			PR_ExitMonitor(conn->c_mutex);
- 		}
- 	} /* while (1) */
- }
-@@ -2071,16 +2071,16 @@ op_copy_identity(Connection *conn, Operation *op)
-     size_t dnlen;
-     size_t typelen;
- 
--	PR_Lock( conn->c_mutex );
--	dnlen= conn->c_dn ? strlen (conn->c_dn) : 0;
--	typelen= conn->c_authtype ? strlen (conn->c_authtype) : 0;
-+    PR_EnterMonitor(conn->c_mutex);
-+    dnlen= conn->c_dn ? strlen (conn->c_dn) : 0;
-+    typelen= conn->c_authtype ? strlen (conn->c_authtype) : 0;
- 
--	slapi_sdn_done(&op->o_sdn);
--	slapi_ch_free_string(&(op->o_authtype));
-+    slapi_sdn_done(&op->o_sdn);
-+    slapi_ch_free_string(&(op->o_authtype));
-     if (dnlen <= 0 && typelen <= 0) {
-         op->o_authtype = NULL;
-     } else {
--	    slapi_sdn_set_dn_byval(&op->o_sdn,conn->c_dn);
-+        slapi_sdn_set_dn_byval(&op->o_sdn,conn->c_dn);
-         op->o_authtype = slapi_ch_strdup(conn->c_authtype);
-         /* set the thread data bind dn index */
-         slapi_td_set_dn(slapi_ch_strdup(conn->c_dn));
-@@ -2103,14 +2103,14 @@ op_copy_identity(Connection *conn, Operation *op)
-         op->o_ssf = conn->c_local_ssf;
-     }
- 
--    PR_Unlock( conn->c_mutex );
-+    PR_ExitMonitor(conn->c_mutex);
- }
- 
- /* Sets the SSL SSF in the connection struct. */
- static void
- connection_set_ssl_ssf(Connection *conn)
- {
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 
- 	if (conn->c_flags & CONN_FLAG_SSL) {
- 		SSL_SecurityStatus(conn->c_prfd, NULL, NULL, NULL, &(conn->c_ssl_ssf), NULL, NULL);
-@@ -2118,7 +2118,7 @@ connection_set_ssl_ssf(Connection *conn)
- 		conn->c_ssl_ssf = 0;
- 	}
- 
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- }
- 
- static int
-@@ -2165,9 +2165,9 @@ log_ber_too_big_error(const Connection *conn, ber_len_t ber_len,
- void
- disconnect_server( Connection *conn, PRUint64 opconnid, int opid, PRErrorCode reason, PRInt32 error )
- {
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 	disconnect_server_nomutex( conn, opconnid, opid, reason, error );
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- }
- 
- static ps_wakeup_all_fn_ptr ps_wakeup_all_fn = NULL;
-diff --git a/ldap/servers/slapd/conntable.c b/ldap/servers/slapd/conntable.c
-index d5b9058..37da9a5 100644
---- a/ldap/servers/slapd/conntable.c
-+++ b/ldap/servers/slapd/conntable.c
-@@ -85,11 +85,11 @@ connection_table_abandon_all_operations(Connection_Table *ct)
- 	int	i;
- 	for ( i = 0; i < ct->size; i++ )
- 	{
--		if ( ct->c[i].c_mutex != NULL )
-+		if ( ct->c[i].c_mutex )
- 		{
--			PR_Lock( ct->c[i].c_mutex );
-+			PR_EnterMonitor(ct->c[i].c_mutex);
- 			connection_abandon_operations( &ct->c[i] );
--			PR_Unlock( ct->c[i].c_mutex );
-+			PR_ExitMonitor(ct->c[i].c_mutex);
- 		}
- 	}
- }
-@@ -139,7 +139,7 @@ connection_table_get_connection(Connection_Table *ct, int sd)
- 		if ( c->c_mutex == NULL )
- 		{
- 			PR_Lock( ct->table_mutex );
--			c->c_mutex = PR_NewLock();
-+			c->c_mutex = PR_NewMonitor();
- 			c->c_pdumutex = PR_NewLock();
- 			PR_Unlock( ct->table_mutex );
- 			if ( c->c_mutex == NULL || c->c_pdumutex == NULL )
-@@ -360,7 +360,7 @@ connection_table_as_entry(Connection_Table *ct, Slapi_Entry *e)
- 		/* Can't take c_mutex if holding table_mutex; temporarily unlock */ 
- 		PR_Unlock( ct->table_mutex );
- 
--		PR_Lock( ct->c[i].c_mutex );
-+		PR_EnterMonitor(ct->c[i].c_mutex);
- 		if ( ct->c[i].c_sd != SLAPD_INVALID_SOCKET )
- 		{
- 			char buf2[20];
-@@ -420,7 +420,7 @@ connection_table_as_entry(Connection_Table *ct, Slapi_Entry *e)
- 			attrlist_merge( &e->e_attrs, "connection", vals );
- 			slapi_ch_free_string(&newbuf);
- 		}
--		PR_Unlock( ct->c[i].c_mutex );
-+		PR_ExitMonitor(ct->c[i].c_mutex);
- 	}
- 
- 	PR_snprintf( buf, sizeof(buf), "%d", nconns );
-@@ -458,14 +458,15 @@ void
- connection_table_dump_activity_to_errors_log(Connection_Table *ct)
- {
- 	int i;
-+
- 	for ( i = 0; i < ct->size; i++ )
- 	{
- 		Connection *c= &(ct->c[i]);
--		if ( c->c_mutex != NULL )
-+		if ( c->c_mutex )
- 		{
- 			/* Find the connection we are referring to */
- 			int j= c->c_fdi;
--			PR_Lock( c->c_mutex );
-+			PR_EnterMonitor(c->c_mutex);
- 			if ( (c->c_sd != SLAPD_INVALID_SOCKET) && 
- 			     (j >= 0) && (c->c_prfd == ct->fd[j].fd) )
- 			{
-@@ -475,7 +476,7 @@ connection_table_dump_activity_to_errors_log(Connection_Table *ct)
- 					LDAPDebug( LDAP_DEBUG_CONNS,"activity on %d%s\n", i, r ? "r" : "",0 );
- 				}
- 			}
--			PR_Unlock( c->c_mutex );
-+			PR_ExitMonitor(c->c_mutex);
- 		}
- 	}
- }
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 5d70647..355f0fc 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1612,7 +1612,7 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps
- 		}
- 		else
- 		{
--			PR_Lock( c->c_mutex );
-+			PR_EnterMonitor(c->c_mutex);
- 			if (c->c_flags & CONN_FLAG_CLOSING)
- 			{
- 				/* A worker thread has marked that this connection
-@@ -1661,7 +1661,7 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps
- 					c->c_fdi = SLAPD_INVALID_SOCKET_INDEX;
- 				}
- 			}
--			PR_Unlock( c->c_mutex );
-+			PR_ExitMonitor(c->c_mutex);
- 		}
- 		c = next;
- 	}
-@@ -1680,7 +1680,7 @@ handle_timeout( void )
- 	time_t curtime = current_time();
- 
- 	if (0 == prevtime) {
--		prevtime = time (&housekeeping_fire_time);		
-+		prevtime = time (&housekeeping_fire_time);
- 	}
- 
- 	if ( difftime(curtime, prevtime) >= 
-@@ -1740,7 +1740,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
- 	{
- 		if ( c->c_mutex != NULL )
- 		{
--			PR_Lock( c->c_mutex );
-+			PR_EnterMonitor(c->c_mutex);
- 			if ( connection_is_active_nolock (c) && c->c_gettingber == 0 )
- 			{
- 			    PRInt16 out_flags;
-@@ -1797,7 +1797,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
- 								   SLAPD_DISCONNECT_IDLE_TIMEOUT, EAGAIN );
- 				}
- 			}
--			PR_Unlock( c->c_mutex );
-+			PR_ExitMonitor(c->c_mutex);
- 		}
- 	}
- }
-@@ -1843,12 +1843,12 @@ ns_handle_closure(struct ns_job_t *job)
- 		return;
- 	}
- #endif
--	PR_Lock(c->c_mutex);
-+	PR_EnterMonitor(c->c_mutex);
- 	connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */
- 	PR_ASSERT(c->c_ns_close_jobs == 1); /* should be exactly 1 active close job - this one */
- 	c->c_ns_close_jobs--; /* this job is processing closure */
- 	do_yield = ns_handle_closure_nomutex(c);
--	PR_Unlock(c->c_mutex);
-+	PR_ExitMonitor(c->c_mutex);
- 	ns_job_done(job);
- 	if (do_yield) {
- 		/* closure not done - another reference still outstanding */
-@@ -1939,7 +1939,7 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- 	}
- #endif
- 
--	PR_Lock(c->c_mutex);
-+	PR_EnterMonitor(c->c_mutex);
- 	LDAPDebug2Args(LDAP_DEBUG_CONNS, "activity on conn %" NSPRIu64 " for fd=%d\n",
- 		       c->c_connid, c->c_sd);
- 	/* if we were called due to some i/o event, see what the state of the socket is */
-@@ -1986,7 +1986,7 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- 		LDAPDebug2Args(LDAP_DEBUG_CONNS, "queued conn %" NSPRIu64 " for fd=%d\n",
- 			       c->c_connid, c->c_sd);
- 	}
--	PR_Unlock(c->c_mutex);
-+	PR_ExitMonitor(c->c_mutex);
- 	ns_job_done(job);
- 	return;
- }
-@@ -2493,7 +2493,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
- 		PR_Close(pr_acceptfd);
- 		return -1;
- 	}
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 
- 	/*
- 	 * Set the default idletimeout and the handle.  We'll update c_idletimeout
-@@ -2592,7 +2592,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
- 		connection_table_move_connection_on_to_active_list(the_connection_table,conn);
- 	}
- 
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- 
- 	g_increment_current_conn_count();
- 
-diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c
-index 94036c6..8d0b8fb 100644
---- a/ldap/servers/slapd/extendop.c
-+++ b/ldap/servers/slapd/extendop.c
-@@ -61,7 +61,7 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid,
-         send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL);
-         return;
-     }
--	suffix = slapi_sdn_get_dn(sdn);
-+    suffix = slapi_sdn_get_dn(sdn);
-     /*    be = slapi_be_select(sdn); */
-     be = slapi_mapping_tree_find_backend_for_sdn(sdn);
-     if (be == NULL || be == defbackend_get_backend()) {
-@@ -135,10 +135,10 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid,
-     /* okay, the import is starting now -- save the backend in the
-      * connection block & mark this connection as belonging to a bulk import
-      */
--    PR_Lock(pb->pb_conn->c_mutex);
-+    PR_EnterMonitor(pb->pb_conn->c_mutex);
-     pb->pb_conn->c_flags |= CONN_FLAG_IMPORT;
-     pb->pb_conn->c_bi_backend = be;
--    PR_Unlock(pb->pb_conn->c_mutex);
-+    PR_ExitMonitor(pb->pb_conn->c_mutex);
- 
-     slapi_pblock_set(pb, SLAPI_EXT_OP_RET_OID, EXTOP_BULK_IMPORT_START_OID);
-     bv.bv_val = NULL;
-@@ -160,11 +160,11 @@ static void extop_handle_import_done(Slapi_PBlock *pb, char *extoid,
-     struct berval bv;
-     int ret;
- 
--    PR_Lock(pb->pb_conn->c_mutex);
-+    PR_EnterMonitor(pb->pb_conn->c_mutex);
-     pb->pb_conn->c_flags &= ~CONN_FLAG_IMPORT;
-     be = pb->pb_conn->c_bi_backend;
-     pb->pb_conn->c_bi_backend = NULL;
--    PR_Unlock(pb->pb_conn->c_mutex);
-+    PR_ExitMonitor(pb->pb_conn->c_mutex);
- 
-     if ((be == NULL) || (be->be_wire_import == NULL)) {
-         /* can this even happen? */
-diff --git a/ldap/servers/slapd/operation.c b/ldap/servers/slapd/operation.c
-index 869298b..6c95552 100644
---- a/ldap/servers/slapd/operation.c
-+++ b/ldap/servers/slapd/operation.c
-@@ -570,7 +570,7 @@ int slapi_connection_acquire(Slapi_Connection *conn)
- {
-     int rc;
- 
--    PR_Lock(conn->c_mutex);
-+    PR_EnterMonitor(conn->c_mutex);
-     /* rc = connection_acquire_nolock(conn); */
-     /* connection in the closing state can't be acquired */
-     if (conn->c_flags & CONN_FLAG_CLOSING)
-@@ -586,7 +586,7 @@ int slapi_connection_acquire(Slapi_Connection *conn)
-         conn->c_refcnt++;
-         rc = 0;
-     }
--    PR_Unlock(conn->c_mutex);
-+    PR_ExitMonitor(conn->c_mutex);
-     return(rc);
- }
- 
-@@ -596,7 +596,7 @@ slapi_connection_remove_operation( Slapi_PBlock *pb, Slapi_Connection *conn, Sla
- 	int rc = 0;
- 	Slapi_Operation **olist= &conn->c_ops;
- 	Slapi_Operation **tmp;
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 	/* connection_remove_operation_ext(pb, conn,op); */
- 	for ( tmp = olist; *tmp != NULL && *tmp != op; tmp = &(*tmp)->o_next )
- 		;	/* NULL */
-@@ -614,15 +614,15 @@ slapi_connection_remove_operation( Slapi_PBlock *pb, Slapi_Connection *conn, Sla
- 	if (release) {
- 		/* connection_release_nolock(conn); */
- 		if (conn->c_refcnt <= 0) {
--        		slapi_log_error(SLAPI_LOG_FATAL, "connection",
--		                "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not acquired\n",
--		                conn->c_connid, conn->c_sd);
--        		rc = -1;
-+			slapi_log_error(SLAPI_LOG_FATAL, "connection",
-+			                "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not acquired\n",
-+			                conn->c_connid, conn->c_sd);
-+			rc = -1;
- 		} else {
--        		conn->c_refcnt--;
-+			conn->c_refcnt--;
- 			rc = 0;
- 		}
- 	}
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- 	return (rc);
- }
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 5cafc3c..e76ca0f 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -675,7 +675,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-        * In async paged result case, the search result might be released
-        * by other theads.  We need to double check it in the locked region.
-        */
--      PR_Lock(pb->pb_conn->c_mutex);
-+      PR_EnterMonitor(pb->pb_conn->c_mutex);
-       pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 1/*locked*/, pr_idx);
-       if (pr_search_result) {
-         if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 1/*locked*/, pr_idx)) {
-@@ -683,7 +683,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-           /* Previous operation was abandoned and the simplepaged object is not in use. */
-           send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-           rc = LDAP_SUCCESS;
--          PR_Unlock(pb->pb_conn->c_mutex);
-+          PR_ExitMonitor(pb->pb_conn->c_mutex);
-           goto free_and_return;
-         } else {
-           slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-@@ -692,7 +692,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-           /* search result could be reset in the backend/dse */
-           slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-           pagedresults_set_search_result(pb->pb_conn, operation, sr, 1/*locked*/, pr_idx);
--          PR_Unlock(pb->pb_conn->c_mutex);
-+          PR_ExitMonitor(pb->pb_conn->c_mutex);
-         }
-       } else {
-         pr_stat = PAGEDRESULTS_SEARCH_END;
-@@ -826,10 +826,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-         /* PAGED RESULTS */
-         if (op_is_pagedresults(operation)) {
-             /* cleanup the slot */
--            PR_Lock(pb->pb_conn->c_mutex);
-+            PR_EnterMonitor(pb->pb_conn->c_mutex);
-             pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
-             rc = pagedresults_set_current_be(pb->pb_conn, NULL, pr_idx, 1);
--            PR_Unlock(pb->pb_conn->c_mutex);
-+            PR_ExitMonitor(pb->pb_conn->c_mutex);
-         }
-         if (1 == flag_no_such_object) {
-             break;
-@@ -871,11 +871,11 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-             slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-             if (PAGEDRESULTS_SEARCH_END == pr_stat) {
-               /* no more entries, but at least another backend */
--              PR_Lock(pb->pb_conn->c_mutex);
-+              PR_EnterMonitor(pb->pb_conn->c_mutex);
-               pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
-               be->be_search_results_release(&sr);
-               rc = pagedresults_set_current_be(pb->pb_conn, next_be, pr_idx, 1);
--              PR_Unlock(pb->pb_conn->c_mutex);
-+              PR_ExitMonitor(pb->pb_conn->c_mutex);
-               if (NULL == next_be) {
-                   /* no more entries && no more backends */
-                   curr_search_count = -1;
-@@ -900,9 +900,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-             next_be = NULL; /* to break the loop */
-             if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) {
-                 /* It turned out this search was abandoned. */
--                PR_Lock(pb->pb_conn->c_mutex);
-+                PR_EnterMonitor(pb->pb_conn->c_mutex);
-                 pagedresults_free_one_msgid_nolock( pb->pb_conn, operation->o_msgid);
--                PR_Unlock(pb->pb_conn->c_mutex);
-+                PR_ExitMonitor(pb->pb_conn->c_mutex);
-                 /* paged-results-request was abandoned; making an empty cookie. */
-                 pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx);
-                 send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 4458cfb..d394dab 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -98,7 +98,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
-         return LDAP_UNWILLING_TO_PERFORM;
-     }
- 
--    PR_Lock(conn->c_mutex);
-+    PR_EnterMonitor(conn->c_mutex);
-     /* the ber encoding is no longer needed */
-     ber_free(ber, 1);
-     if ( cookie.bv_len <= 0 ) {
-@@ -204,7 +204,7 @@ bail:
-             }
-         }
-     }
--    PR_Unlock(conn->c_mutex);
-+    PR_ExitMonitor(conn->c_mutex);
- 
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_parse_control_value: idx %d\n", *index);
-@@ -301,7 +301,7 @@ pagedresults_free_one( Connection *conn, Operation *op, int index )
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_free_one: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (conn->c_pagedresults.prl_count <= 0) {
-             LDAPDebug2Args(LDAP_DEBUG_TRACE, "pagedresults_free_one: "
-                            "conn=%d paged requests list count is %d\n",
-@@ -312,7 +312,7 @@ pagedresults_free_one( Connection *conn, Operation *op, int index )
-             conn->c_pagedresults.prl_count--;
-             rc = 0;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
- 
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc);
-@@ -364,11 +364,11 @@ pagedresults_get_current_be(Connection *conn, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_get_current_be: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             be = conn->c_pagedresults.prl_list[index].pr_current_be;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_get_current_be: %p\n", be);
-@@ -382,12 +382,12 @@ pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_set_current_be: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        if (!nolock) PR_Lock(conn->c_mutex);
-+        if (!nolock) PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             conn->c_pagedresults.prl_list[index].pr_current_be = be;
-         }
-         rc = 0;
--        if (!nolock) PR_Unlock(conn->c_mutex);
-+        if (!nolock) PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_set_current_be: %d\n", rc);
-@@ -406,13 +406,13 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int
-                    locked?"locked":"not locked", index);
-     if (conn && (index > -1)) {
-         if (!locked) {
--            PR_Lock(conn->c_mutex);
-+            PR_EnterMonitor(conn->c_mutex);
-         }
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             sr = conn->c_pagedresults.prl_list[index].pr_search_result_set;
-         }
-         if (!locked) {
--            PR_Unlock(conn->c_mutex);
-+            PR_ExitMonitor(conn->c_mutex);
-         }
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -431,7 +431,7 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo
-                    "--> pagedresults_set_search_result: idx=%d, sr=%p\n",
-                    index, sr);
-     if (conn && (index > -1)) {
--        if (!locked) PR_Lock(conn->c_mutex);
-+        if (!locked) PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             PagedResults *prp = conn->c_pagedresults.prl_list + index;
-             if (!(prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) || !sr) {
-@@ -440,7 +440,7 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo
-             }
-             rc = 0;
-         }
--        if (!locked) PR_Unlock(conn->c_mutex);
-+        if (!locked) PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_set_search_result: %d\n", rc);
-@@ -457,11 +457,11 @@ pagedresults_get_search_result_count(Connection *conn, Operation *op, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_get_search_result_count: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             count = conn->c_pagedresults.prl_list[index].pr_search_result_count;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_get_search_result_count: %d\n", count);
-@@ -479,11 +479,11 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op,
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_set_search_result_count: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             conn->c_pagedresults.prl_list[index].pr_search_result_count = count;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-         rc = 0;
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -504,11 +504,11 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn,
-                   "--> pagedresults_get_search_result_set_size_estimate: "
-                   "idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             count = conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_get_search_result_set_size_estimate: %d\n",
-@@ -529,11 +529,11 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn,
-                   "--> pagedresults_set_search_result_set_size_estimate: "
-                   "idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate = count;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-         rc = 0;
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -552,11 +552,11 @@ pagedresults_get_with_sort(Connection *conn, Operation *op, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_get_with_sort: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             flags = conn->c_pagedresults.prl_list[index].pr_flags&CONN_FLAG_PAGEDRESULTS_WITH_SORT;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_get_with_sort: %p\n", flags);
-@@ -574,14 +574,14 @@ pagedresults_set_with_sort(Connection *conn, Operation *op,
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_set_with_sort: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             if (flags & OP_FLAG_SERVER_SIDE_SORTING) {
-                 conn->c_pagedresults.prl_list[index].pr_flags |=
-                                                CONN_FLAG_PAGEDRESULTS_WITH_SORT;
-             }
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-         rc = 0;
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_set_with_sort: %d\n", rc);
-@@ -598,11 +598,11 @@ pagedresults_get_unindexed(Connection *conn, Operation *op, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_get_unindexed: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             flags = conn->c_pagedresults.prl_list[index].pr_flags&CONN_FLAG_PAGEDRESULTS_UNINDEXED;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_get_unindexed: %p\n", flags);
-@@ -619,12 +619,12 @@ pagedresults_set_unindexed(Connection *conn, Operation *op, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_set_unindexed: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             conn->c_pagedresults.prl_list[index].pr_flags |=
-                                                CONN_FLAG_PAGEDRESULTS_UNINDEXED;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-         rc = 0;
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -642,11 +642,11 @@ pagedresults_get_sort_result_code(Connection *conn, Operation *op, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_get_sort_result_code: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             code = conn->c_pagedresults.prl_list[index].pr_sort_result_code;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_get_sort_result_code: %d\n", code);
-@@ -664,11 +664,11 @@ pagedresults_set_sort_result_code(Connection *conn, Operation *op,
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_set_sort_result_code: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             conn->c_pagedresults.prl_list[index].pr_sort_result_code = code;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-         rc = 0;
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -687,11 +687,11 @@ pagedresults_set_timelimit(Connection *conn, Operation *op,
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_set_timelimit: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             conn->c_pagedresults.prl_list[index].pr_timelimit = timelimit;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-         rc = 0;
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_set_timelimit: %d\n", rc);
-@@ -749,7 +749,7 @@ pagedresults_cleanup(Connection *conn, int needlock)
-     }
- 
-     if (needlock) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-     }
-     for (i = 0; conn->c_pagedresults.prl_list &&
-                 i < conn->c_pagedresults.prl_maxlen; i++) {
-@@ -767,7 +767,7 @@ pagedresults_cleanup(Connection *conn, int needlock)
-     }
-     conn->c_pagedresults.prl_count = 0;
-     if (needlock) {
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_cleanup: %d\n", rc);
-     return rc;
-@@ -794,7 +794,7 @@ pagedresults_cleanup_all(Connection *conn, int needlock)
-     }
- 
-     if (needlock) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-     }
-     for (i = 0; conn->c_pagedresults.prl_list &&
-                 i < conn->c_pagedresults.prl_maxlen; i++) {
-@@ -813,7 +813,7 @@ pagedresults_cleanup_all(Connection *conn, int needlock)
-     conn->c_pagedresults.prl_maxlen = 0;
-     conn->c_pagedresults.prl_count = 0;
-     if (needlock) {
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_cleanup_all: %d\n", rc);
-     return rc;
-@@ -832,7 +832,7 @@ pagedresults_check_or_set_processing(Connection *conn, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_check_or_set_processing\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             ret = (conn->c_pagedresults.prl_list[index].pr_flags &
-                    CONN_FLAG_PAGEDRESULTS_PROCESSING);
-@@ -840,7 +840,7 @@ pagedresults_check_or_set_processing(Connection *conn, int index)
-             conn->c_pagedresults.prl_list[index].pr_flags |=
-                                               CONN_FLAG_PAGEDRESULTS_PROCESSING;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_check_or_set_processing: %d\n", ret);
-@@ -859,7 +859,7 @@ pagedresults_reset_processing(Connection *conn, int index)
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "--> pagedresults_reset_processing: idx=%d\n", index);
-     if (conn && (index > -1)) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             ret = (conn->c_pagedresults.prl_list[index].pr_flags &
-                    CONN_FLAG_PAGEDRESULTS_PROCESSING);
-@@ -867,7 +867,7 @@ pagedresults_reset_processing(Connection *conn, int index)
-             conn->c_pagedresults.prl_list[index].pr_flags &=
-                                              ~CONN_FLAG_PAGEDRESULTS_PROCESSING;
-         }
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_reset_processing: %d\n", ret);
-@@ -981,9 +981,9 @@ pagedresults_lock( Connection *conn, int index )
-     if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-         return;
-     }
--    PR_Lock(conn->c_mutex);
-+    PR_EnterMonitor(conn->c_mutex);
-     prp = conn->c_pagedresults.prl_list + index;
--    PR_Unlock(conn->c_mutex);
-+    PR_ExitMonitor(conn->c_mutex);
-     if (prp->pr_mutex) {
-         PR_Lock(prp->pr_mutex);
-     }
-@@ -997,9 +997,9 @@ pagedresults_unlock( Connection *conn, int index )
-     if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-         return;
-     }
--    PR_Lock(conn->c_mutex);
-+    PR_EnterMonitor(conn->c_mutex);
-     prp = conn->c_pagedresults.prl_list + index;
--    PR_Unlock(conn->c_mutex);
-+    PR_ExitMonitor(conn->c_mutex);
-     if (prp->pr_mutex) {
-         PR_Unlock(prp->pr_mutex);
-     }
-@@ -1014,11 +1014,11 @@ pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int inde
-         return 1; /* not abandoned, but do not want to proceed paged results op. */
-     }
-     if (!locked) {
--        PR_Lock(conn->c_mutex);
-+        PR_EnterMonitor(conn->c_mutex);
-     }
-     prp = conn->c_pagedresults.prl_list + index;
-     if (!locked) {
--        PR_Unlock(conn->c_mutex);
-+        PR_ExitMonitor(conn->c_mutex);
-     }
-     return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
- }
-@@ -1042,12 +1042,12 @@ pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked)
-     LDAPDebug2Args(LDAP_DEBUG_TRACE,
-                    "--> pagedresults_set_search_result_pb: idx=%d, sr=%p\n", index, sr);
-     if (conn && (index > -1)) {
--        if (!locked) PR_Lock(conn->c_mutex);
-+        if (!locked) PR_EnterMonitor(conn->c_mutex);
-         if (index < conn->c_pagedresults.prl_maxlen) {
-             conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-             rc = 0;
-         }
--        if (!locked) PR_Unlock(conn->c_mutex);
-+        if (!locked) PR_ExitMonitor(conn->c_mutex);
-     }
-     LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-                   "<-- pagedresults_set_search_result_pb: %d\n", rc);
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index bf57a33..d373d99 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -117,7 +117,7 @@ if ( PBLOCK ->pb_plugin->plg_type != TYPE) return( -1 )
- int
- slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- {
--    char *authtype;
-+	char *authtype;
- 	Slapi_Backend		*be;
- 
- 	PR_ASSERT( NULL != pblock );
-@@ -174,10 +174,10 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 		          "Connection is NULL and hence cannot access SLAPI_CONN_DN \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		(*(char **)value) = (NULL == pblock->pb_conn->c_dn ? NULL :
- 		    slapi_ch_strdup( pblock->pb_conn->c_dn ));
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_AUTHTYPE:/* deprecated */
- 		if (pblock->pb_conn == NULL) {
-@@ -185,9 +185,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 		          "Connection is NULL and hence cannot access SLAPI_CONN_AUTHTYPE \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
--                authtype = pblock->pb_conn->c_authtype;
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
-+		authtype = pblock->pb_conn->c_authtype;
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
-                 if (authtype == NULL) {
-                     (*(char **)value) = NULL;
-                 } else if (strcasecmp(authtype, SLAPD_AUTH_NONE) == 0) {
-@@ -212,10 +212,10 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 		          "Connection is NULL and hence cannot access SLAPI_CONN_AUTHMETHOD \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		(*(char **)value) = pblock->pb_conn->c_authtype ?
-                     slapi_ch_strdup(pblock->pb_conn->c_authtype) : NULL;
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_CLIENTNETADDR:
- 		if (pblock->pb_conn == NULL)
-@@ -223,14 +223,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			memset( value, 0, sizeof( PRNetAddr ));
- 			break;
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		if ( pblock->pb_conn->cin_addr == NULL ) {
- 			memset( value, 0, sizeof( PRNetAddr ));
- 		} else {
- 			(*(PRNetAddr *)value) =
- 			    *(pblock->pb_conn->cin_addr);
- 		}
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_SERVERNETADDR:
- 		if (pblock->pb_conn == NULL)
-@@ -238,14 +238,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			memset( value, 0, sizeof( PRNetAddr ));
- 			break;
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		if ( pblock->pb_conn->cin_destaddr == NULL ) {
- 			memset( value, 0, sizeof( PRNetAddr ));
- 		} else {
- 			(*(PRNetAddr *)value) =
- 				*(pblock->pb_conn->cin_destaddr);
- 		}
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_CLIENTIP:
- 		if (pblock->pb_conn == NULL)
-@@ -253,7 +253,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			memset( value, 0, sizeof( struct in_addr ));
- 			break;
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		if ( pblock->pb_conn->cin_addr == NULL ) {
- 			memset( value, 0, sizeof( struct in_addr ));
- 		} else {
-@@ -268,7 +268,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 				memset( value, 0, sizeof( struct in_addr ));
- 			}
- 		}
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_SERVERIP:
- 		if (pblock->pb_conn == NULL)
-@@ -276,7 +276,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			memset( value, 0, sizeof( struct in_addr ));
- 			break;
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		if ( pblock->pb_conn->cin_destaddr == NULL ) {
- 			memset( value, 0, sizeof( PRNetAddr ));
- 		} else {
-@@ -292,7 +292,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			}
- 
- 		}
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_IS_REPLICATION_SESSION:
- 		if (pblock->pb_conn == NULL) {
-@@ -300,9 +300,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 		          "Connection is NULL and hence cannot access SLAPI_CONN_IS_REPLICATION_SESSION \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		(*(int *)value) = pblock->pb_conn->c_isreplication_session;
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_IS_SSL_SESSION:
- 		if (pblock->pb_conn == NULL) {
-@@ -310,9 +310,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 		          "Connection is NULL and hence cannot access SLAPI_CONN_IS_SSL_SESSION \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		(*(int *)value) = pblock->pb_conn->c_flags & CONN_FLAG_SSL;
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_SASL_SSF:
- 		if (pblock->pb_conn == NULL) {
-@@ -320,9 +320,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			  "Connection is NULL and hence cannot access SLAPI_CONN_SASL_SSF \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		(*(int *)value) = pblock->pb_conn->c_sasl_ssf;
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_SSL_SSF:
- 		if (pblock->pb_conn == NULL) {
-@@ -330,9 +330,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			  "Connection is NULL and hence cannot access SLAPI_CONN_SSL_SSF \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		(*(int *)value) = pblock->pb_conn->c_ssl_ssf;
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_LOCAL_SSF:
- 		if (pblock->pb_conn == NULL) {
-@@ -340,9 +340,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- 			    "Connection is NULL and hence cannot access SLAPI_CONN_LOCAL_SSF \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		(*(int *)value) = pblock->pb_conn->c_local_ssf;
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_CERT:
- 		if (pblock->pb_conn == NULL) {
-@@ -1953,7 +1953,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- int
- slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- {
--    char *authtype;
-+	char *authtype;
- 
- 	PR_ASSERT( NULL != pblock );
- 
-@@ -2020,10 +2020,10 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- 		          "Connection is NULL and hence cannot access SLAPI_CONN_AUTHMETHOD \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
--                slapi_ch_free((void**)&pblock->pb_conn->c_authtype);
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
-+		slapi_ch_free((void**)&pblock->pb_conn->c_authtype);
- 		pblock->pb_conn->c_authtype = slapi_ch_strdup((char *) value);
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 	case SLAPI_CONN_IS_REPLICATION_SESSION:
- 		if (pblock->pb_conn == NULL) {
-@@ -2031,9 +2031,9 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- 		          "Connection is NULL and hence cannot access SLAPI_CONN_IS_REPLICATION_SESSION \n", 0, 0, 0 );
- 			return (-1);
- 		}
--		PR_Lock( pblock->pb_conn->c_mutex );
-+		PR_EnterMonitor(pblock->pb_conn->c_mutex);
- 		pblock->pb_conn->c_isreplication_session = *((int *) value);
--		PR_Unlock( pblock->pb_conn->c_mutex );
-+		PR_ExitMonitor(pblock->pb_conn->c_mutex);
- 		break;
- 
- 	/* stuff related to config file processing */
-@@ -3571,7 +3571,7 @@ bind_credentials_clear( Connection *conn, PRBool lock_conn,
- 		PRBool clear_externalcreds )
- {
-     if ( lock_conn ) {
--        PR_Lock( conn->c_mutex );
-+        PR_EnterMonitor(conn->c_mutex);
-     }
- 
-     if ( conn->c_dn != NULL ) {		/* a non-anonymous bind has occurred */
-@@ -3597,7 +3597,7 @@ bind_credentials_clear( Connection *conn, PRBool lock_conn,
-     }
- 
-     if ( lock_conn ) {
--        PR_Unlock( conn->c_mutex );
-+        PR_ExitMonitor(conn->c_mutex);
-     }
- 
- }
-@@ -3653,10 +3653,10 @@ void
- bind_credentials_set( Connection *conn, char *authtype, char *normdn,
- 		char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
- {
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 	bind_credentials_set_nolock(conn, authtype, normdn,
- 		extauthtype, externaldn, clientcert, bind_target_entry);
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- }
- 
- void
-diff --git a/ldap/servers/slapd/psearch.c b/ldap/servers/slapd/psearch.c
-index c9d23cf..00f13be 100644
---- a/ldap/servers/slapd/psearch.c
-+++ b/ldap/servers/slapd/psearch.c
-@@ -277,9 +277,9 @@ ps_send_results( void *arg )
- 
-     /* need to acquire a reference to this connection so that it will not
-        be released or cleaned up out from under us */
--    PR_Lock( ps->ps_pblock->pb_conn->c_mutex );
-+    PR_EnterMonitor(ps->ps_pblock->pb_conn->c_mutex);
-     conn_acq_flag = connection_acquire_nolock(ps->ps_pblock->pb_conn);    
--    PR_Unlock( ps->ps_pblock->pb_conn->c_mutex );
-+    PR_ExitMonitor(ps->ps_pblock->pb_conn->c_mutex);
- 
- 	if (conn_acq_flag) {
- 		slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search",
-@@ -397,7 +397,7 @@ ps_send_results( void *arg )
- 
-     conn = ps->ps_pblock->pb_conn; /* save to release later - connection_remove_operation_ext will NULL the pb_conn */
-     /* Clean up the connection structure */
--    PR_Lock( conn->c_mutex );
-+    PR_EnterMonitor(conn->c_mutex);
- 
- 	slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search",
- 					"conn=%" NSPRIu64 " op=%d Releasing the connection and operation\n",
-@@ -407,9 +407,9 @@ ps_send_results( void *arg )
- 
-     /* Decrement the connection refcnt */
-     if (conn_acq_flag == 0) { /* we acquired it, so release it */
--	connection_release_nolock (conn);
-+        connection_release_nolock (conn);
-     }
--    PR_Unlock( conn->c_mutex );
-+    PR_ExitMonitor(conn->c_mutex);
-     conn = NULL;
- 
-     PR_DestroyLock ( ps->ps_lock );
-diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
-index 1e3e94d..7259d78 100644
---- a/ldap/servers/slapd/saslbind.c
-+++ b/ldap/servers/slapd/saslbind.c
-@@ -659,7 +659,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb)
-     if (sasl_conn == NULL) return ret;
- 
-     /* sasl library mechanisms are connection dependent */
--    PR_Lock(pb->pb_conn->c_mutex);
-+    PR_EnterMonitor(pb->pb_conn->c_mutex);
-     if (sasl_listmech(sasl_conn, 
-                       NULL,     /* username */
-                       "", ",", "",
-@@ -672,7 +672,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb)
-         charray_free(others);
-         slapi_ch_free((void**)&dupstr);
-     }
--    PR_Unlock(pb->pb_conn->c_mutex);
-+    PR_ExitMonitor(pb->pb_conn->c_mutex);
- 
-     LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_listmech\n", 0, 0, 0 );
- 
-@@ -755,13 +755,13 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
-     PR_ASSERT(pb);
-     PR_ASSERT(pb->pb_conn);
- 
--    PR_Lock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+    PR_EnterMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-     continuing = pb->pb_conn->c_flags & CONN_FLAG_SASL_CONTINUE;
-     pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_CONTINUE; /* reset flag */
- 
-     sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn;
-     if (sasl_conn == NULL) {
--        PR_Unlock(pb->pb_conn->c_mutex);
-+        PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-         send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
-                           "sasl library unavailable", 0, NULL );
-         return;
-@@ -842,7 +842,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
-         if (sasl_conn == NULL) {
-             send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
-                           "sasl library unavailable", 0, NULL );
--            PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+            PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-             return;
-         }
-     }
-@@ -858,7 +858,7 @@ sasl_check_result:
-         /* retrieve the authenticated username */
-         if (sasl_getprop(sasl_conn, SASL_USERNAME,
-                          (const void**)&username) != SASL_OK) {
--            PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+            PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-             send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
-                              "could not obtain sasl username", 0, NULL);
-             break;
-@@ -879,7 +879,7 @@ sasl_check_result:
-             }
-         }
-         if (dn == NULL) {
--            PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+            PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-             send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
-                              "could not get auth dn from sasl", 0, NULL);
-             break;
-@@ -920,7 +920,7 @@ sasl_check_result:
-                                     slapi_ch_strdup(normdn), 
-                                     NULL, NULL, NULL, bind_target_entry);
- 
--        PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+        PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- 
-         if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){
-             break;
-@@ -995,9 +995,9 @@ sasl_check_result:
-         /* see if we negotiated a security layer */
-         if (*ssfp > 0) {
-             /* Enable SASL I/O on the connection */
--            PR_Lock(pb->pb_conn->c_mutex);
-+            PR_EnterMonitor(pb->pb_conn->c_mutex);
-             connection_set_io_layer_cb(pb->pb_conn, sasl_io_enable, NULL, NULL);
--            PR_Unlock(pb->pb_conn->c_mutex);
-+            PR_ExitMonitor(pb->pb_conn->c_mutex);
-         }
- 
-         /* send successful result */
-@@ -1010,7 +1010,7 @@ sasl_check_result:
- 
-     case SASL_CONTINUE:         /* another step needed */
-         pb->pb_conn->c_flags |= CONN_FLAG_SASL_CONTINUE;
--        PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+        PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- 
-         if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){
-             break;
-@@ -1032,7 +1032,7 @@ sasl_check_result:
- 
-     case SASL_NOMECH:
- 
--        PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+        PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-         send_ldap_result(pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
-                          "sasl mechanism not supported", 0, NULL);
-         break;
-@@ -1040,7 +1040,7 @@ sasl_check_result:
-     default:                    /* other error */
-         errstr = sasl_errdetail(sasl_conn);
- 
--        PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+        PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-         send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
-                          (char*)errstr, 0, NULL);
-         break;
-diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
-index 823568d..2641f76 100644
---- a/ldap/servers/slapd/slap.h
-+++ b/ldap/servers/slapd/slap.h
-@@ -1411,7 +1411,7 @@ typedef struct conn {
- 	PRInt32			c_opscompleted;	/* # ops completed		  */
- 	PRInt32			c_threadnumber; /* # threads used in this conn    */
- 	int				c_refcnt;	/* # ops refering to this conn    */
--	PRLock			*c_mutex;	/* protect each conn structure    */
-+	PRMonitor		*c_mutex;	/* protect each conn structure; need to be re-entrant */ 
- 	PRLock			*c_pdumutex;	/* only write one pdu at a time   */
- 	time_t			c_idlesince;	/* last time of activity on conn  */
- 	int			c_idletimeout;	/* local copy of idletimeout */
-diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c
-index 69b8607..af8d8f7 100644
---- a/ldap/servers/slapd/start_tls_extop.c
-+++ b/ldap/servers/slapd/start_tls_extop.c
-@@ -172,7 +172,7 @@ start_tls( Slapi_PBlock *pb )
- 	/* At least we know that the request was indeed an Start TLS one. */
- 
- 	conn = pb->pb_conn;
--	PR_Lock( conn->c_mutex );
-+	PR_EnterMonitor(conn->c_mutex);
- 	/* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */
- 	if ( conn->c_prfd == (PRFileDesc *) NULL ) {
- 		slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
-@@ -246,10 +246,10 @@ start_tls( Slapi_PBlock *pb )
- 	 * we send a success response back to the client. */
- 	ldapmsg = "Start TLS request accepted.Server willing to negotiate SSL.";
- unlock_and_return:
--	PR_Unlock( conn->c_mutex );
-+	PR_ExitMonitor(conn->c_mutex);
- 	slapi_send_ldap_result( pb, ldaprc, NULL, ldapmsg, 0, NULL );
- 
--	return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );	
-+	return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
- 
- }/* start_tls */
- 
-@@ -312,7 +312,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator )
- 	   */
- 	}
- 
--	PR_Lock( c->c_mutex );
-+	PR_EnterMonitor(c->c_mutex);
- 
- 	/* "Unimport" the socket from SSL, i.e. get rid of the upper layer of the 
- 	 * file descriptor stack, which represents SSL. 
-@@ -342,7 +342,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator )
- 
- 	bind_credentials_clear( c, PR_FALSE, PR_TRUE );
- 
--	PR_Unlock( c->c_mutex );
-+	PR_ExitMonitor(c->c_mutex);
- 
- 	return ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
- }    
-diff --git a/ldap/servers/slapd/unbind.c b/ldap/servers/slapd/unbind.c
-index 9b6a70f..c0dec9d 100644
---- a/ldap/servers/slapd/unbind.c
-+++ b/ldap/servers/slapd/unbind.c
-@@ -73,9 +73,9 @@ do_unbind( Slapi_PBlock *pb )
- 	}
- 
- 	/* target spec is used to decide which plugins are applicable for the operation */
--	PR_Lock( pb->pb_conn->c_mutex );
-+	PR_EnterMonitor(pb->pb_conn->c_mutex);
- 	operation_set_target_spec_str (operation, pb->pb_conn->c_dn);
--	PR_Unlock( pb->pb_conn->c_mutex );
-+	PR_ExitMonitor(pb->pb_conn->c_mutex);
- 
- 	/* ONREPL - plugins should be called and passed bind dn and, possibly, other data */
- 
--- 
-2.4.3
-
diff --git a/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch b/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
deleted file mode 100644
index 212d4ce..0000000
--- a/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-From da9f4a9942f7a41ce8d07c7a73f67a0799424266 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 15 Jan 2016 11:35:16 -0500
-Subject: [PATCH] Ticket 48412 - worker threads do not detect abnormally closed
- connections
-
-Bug Description:  If a connection is abnormally closed there can still be
-                  data in the connection buffer(bytes vs offset).  This prevents
-                  the connection from being removed from the connection table.
-                  The worker thread then goes into a loop trying to read this data
-                  on an already closed connection.  If there are enough abnormally
-                  closed conenction eventually all the worker threads are stuck,
-                  and new connections are not accepted.
-
-Fix Description:  When looking if there is more data in the buffer check if the
-                  connection was closed, and return 0 (no more data).
-
-                  Also did a little code cleanup.
-
-https://fedorahosted.org/389/ticket/48412
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 30c4852a3d9ca527b78c0f89df5909bc9a268392)
-(cherry picked from commit cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2)
----
- ldap/servers/slapd/connection.c | 46 ++++++++++++++++++++++++++++-------------
- 1 file changed, 32 insertions(+), 14 deletions(-)
-
-diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
-index a3d123e..3e435a7 100644
---- a/ldap/servers/slapd/connection.c
-+++ b/ldap/servers/slapd/connection.c
-@@ -1102,9 +1102,16 @@ connection_read_ldap_data(Connection *conn, PRInt32 *err)
- }
- 
- static size_t
--conn_buffered_data_avail_nolock(Connection *conn)
-+conn_buffered_data_avail_nolock(Connection *conn, int *conn_closed)
- {
--	return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset;
-+	if ( (conn->c_sd == SLAPD_INVALID_SOCKET) || (conn->c_flags & CONN_FLAG_CLOSING) ) {
-+		/* connection is closed - ignore the buffer */
-+		*conn_closed = 1;
-+		return 0;
-+	} else {
-+		*conn_closed = 0;
-+		return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset;
-+	}
- }
- 
- /* Upon returning from this function, we have either: 
-@@ -1127,6 +1134,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- 	PRErrorCode err = 0;
- 	PRInt32 syserr = 0;
- 	size_t buffer_data_avail;
-+	int conn_closed = 0;
- 
- 	PR_EnterMonitor(conn->c_mutex);
- 	/*
-@@ -1142,7 +1150,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- 	
- 	*tag = LBER_DEFAULT;
- 	/* First check to see if we have buffered data from "before" */
--	if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn))) {
-+	if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn, &conn_closed))) {
- 		/* If so, use that data first */
- 		if ( 0 != get_next_from_buffer( buffer
- 				+ conn->c_private->c_buffer_offset,
-@@ -1157,7 +1165,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- 	while (*tag == LBER_DEFAULT) {
- 		int ioblocktimeout_waits = config_get_ioblocktimeout() / CONN_TURBO_TIMEOUT_INTERVAL;
- 		/* We should never get here with data remaining in the buffer */
--		PR_ASSERT( !new_operation || 0 == conn_buffered_data_avail_nolock(conn) );
-+		PR_ASSERT( !new_operation || !conn_buffered_data_avail_nolock(conn, &conn_closed));
- 		/* We make a non-blocking read call */
- 		if (CONNECTION_BUFFER_OFF != conn->c_private->use_buffer) {
- 			ret = connection_read_ldap_data(conn,&err);
-@@ -1269,8 +1277,12 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- 		}
- 	}
- 	/* If there is remaining buffered data, set the flag to tell the caller */
--	if (conn_buffered_data_avail_nolock(conn)) {
-+	if (conn_buffered_data_avail_nolock(conn, &conn_closed)) {
- 		*remaining_data = 1;
-+	} else if (conn_closed){
-+		/* connection closed */
-+		ret = CONN_DONE;
-+		goto done;
- 	}
- 
- 	if ( *tag != LDAP_TAG_MESSAGE ) {
-@@ -1521,7 +1533,7 @@ connection_threadmain()
- 					continue;
- 				case CONN_SHUTDOWN:
- 					LDAPDebug( LDAP_DEBUG_TRACE, 
--					"op_thread received shutdown signal\n", 					0,  0, 0 );
-+					"op_thread received shutdown signal\n", 0, 0, 0 );
- 					g_decr_active_threadcnt();
- 					return;
- 				case CONN_FOUND_WORK_TO_DO:
-@@ -1542,8 +1554,9 @@ connection_threadmain()
- 							Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn );
- 							reslimit_update_from_dn( pb->pb_conn, anon_sdn );
- 							slapi_sdn_free( &anon_sdn );
--							if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle,
--									&idletimeout)
-+							if (slapi_reslimit_get_integer_limit(pb->pb_conn,
-+							                                     pb->pb_conn->c_idletimeout_handle,
-+							                                     &idletimeout)
- 								== SLAPI_RESLIMIT_STATUS_SUCCESS)
- 							{
- 								pb->pb_conn->c_idletimeout = idletimeout;
-@@ -1581,7 +1594,7 @@ connection_threadmain()
- 		op = pb->pb_op;
- 		maxthreads = config_get_maxthreadsperconn();
- 		more_data = 0;
--		ret = connection_read_operation(conn,op,&tag,&more_data);
-+		ret = connection_read_operation(conn, op, &tag, &more_data);
- 		if ((ret == CONN_DONE) || (ret == CONN_TIMEDOUT)) {
- 			slapi_log_error(SLAPI_LOG_CONNS, "connection_threadmain",
- 					"conn %" NSPRIu64 " read not ready due to %d - thread_turbo_flag %d more_data %d "
-@@ -1614,7 +1627,8 @@ connection_threadmain()
- 		/* turn off turbo mode immediately if any pb waiting in global queue */
- 		if (thread_turbo_flag && !WORK_Q_EMPTY) {
- 			thread_turbo_flag = 0;
--			LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n",conn->c_connid,work_q_size);
-+			LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n",
-+			               conn->c_connid,work_q_size);
- 		}
- #endif
- 		
-@@ -1639,7 +1653,8 @@ connection_threadmain()
- 				 * should call connection_make_readable after the op is removed
- 				 * connection_make_readable(conn);
- 				 */
--				LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n",conn->c_connid,ret,0);
-+				LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n",
-+				          conn->c_connid,ret,0);
- 				goto done;
- 			case CONN_SHUTDOWN:
- 				LDAPDebug( LDAP_DEBUG_TRACE, 
-@@ -1695,7 +1710,8 @@ connection_threadmain()
- 					 */
- 					conn->c_idlesince = curtime;
- 					connection_activity(conn, maxthreads);
--					LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n",conn->c_connid,0,0);
-+					LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n",
-+					          conn->c_connid,0,0);
- 				} else {
- 					/* keep count of how many times maxthreads has blocked an operation */
- 					conn->c_maxthreadsblocked++;
-@@ -1770,13 +1786,15 @@ done:
- 			    memset(pb, 0, sizeof(*pb));
- 		} else {
- 			/* delete from connection operation queue & decr refcnt */
-+			int conn_closed = 0;
- 			PR_EnterMonitor(conn->c_mutex);
- 			connection_remove_operation_ext( pb, conn, op );
- 
- 			/* If we're in turbo mode, we keep our reference to the connection alive */
- 			/* can't use the more_data var because connection could have changed in another thread */
--			more_data = conn_buffered_data_avail_nolock(conn) ? 1 : 0;
--			LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n",conn->c_connid,more_data,thread_turbo_flag);
-+			more_data = conn_buffered_data_avail_nolock(conn, &conn_closed) ? 1 : 0;
-+			LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n",
-+			          conn->c_connid,more_data,thread_turbo_flag);
- 			if (!more_data) {
- 				if (!thread_turbo_flag) {
- 					/*
--- 
-2.4.3
-
diff --git a/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch b/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch
deleted file mode 100644
index eb0047e..0000000
--- a/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 666fdac51b94450391e8fec8d16db34db09502ae Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Wed, 13 Jan 2016 13:15:53 +0100
-Subject: [PATCH] Ticket: 48341 - deadlock on connection mutex
-
-If  thread is blocked in connection_read_operation() it holds the connection mutex
-and the main thread iterating through the connection table is also blocked.
-
-But if the main thread would get the mutex it would just detect that the connection has still the
-C_gettingber flag set and immediately release the lock.
-
-The check if c_gettingber == 0 can be done without holding the mutex and so the deadlock
-can be avoided
-
-Reviewed by Rich, Thanks
-
-(cherry picked from commit a1635fc45f681ed9066f6beed9be7e1672490f9f)
----
- ldap/servers/slapd/daemon.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 355f0fc..d25c44d 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1740,6 +1740,9 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
- 	{
- 		if ( c->c_mutex != NULL )
- 		{
-+			/* this check can be done without acquiring the mutex */
-+			if (c->c_gettingber) continue;
-+
- 			PR_EnterMonitor(c->c_mutex);
- 			if ( connection_is_active_nolock (c) && c->c_gettingber == 0 )
- 			{
--- 
-2.4.3
-
diff --git a/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
deleted file mode 100644
index 5cfe33f..0000000
--- a/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From c92cbe6a93a7933abc59b2fe4bf96a32aff2c6d8 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 9 Feb 2016 16:12:07 -0800
-Subject: [PATCH 84/86] Ticket #48536 - Crash in slapi_get_object_extension
-
-Description: The crashed was caused by the combination of psearch and
-updating one of these group values: groupOfNames, groupOfUniqueNames,
-groupOfCertificates, groupOfURL.
-
-In the psearch, it creates aclpb in the acl plug-in and sets the original
-pblock address in the aclpb. Then, psearch creates a copy of the pblock and
-sets it in the psearch structure.  Now, the pblock address in aclpb and the
-pblock address in the psearch structure do not match. The original pblock
-itself is freed and the pblock area which address is stored in aclpb is not
-guaranteed what is in it.
-
-If nothing occurs, the freed pblock in aclpb is not accessed. But once one
-of the group values is updated, the acl plug-in signature is updated and it
-triggers to get aclpb from the pblock.
-
-The acl_get_aclpb call accesses the freed pblock (e.g., NULL op) and it
-crashes the server.
-
-This patch checks the current pblock address and the pblock address in aclpb.
-If they don't match, the address in aclpb is reassigned to the current pblock
-address.
-
-https://fedorahosted.org/389/ticket/48536
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 091a5f5daf3fa378f029e293c5358ae9be9f548e)
-(cherry picked from commit 8a83a93977f13db36e42798a5eed041c1b3868a9)
----
- ldap/servers/plugins/acl/acl.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index 678a999..d56bed6 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -317,6 +317,13 @@ acl_access_allowed(
- 		goto cleanup_and_ret;
- 	}
- 
-+	if (pb != aclpb->aclpb_pblock) {
-+		slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
-+		                "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+		                aclpb->aclpb_pblock, pb);
-+		aclpb->aclpb_pblock = pb;
-+	}
-+
- 	if ( !aclpb->aclpb_curr_entry_sdn ) {
- 		slapi_log_error	( SLAPI_LOG_FATAL, plugin_name,	 "NULL aclpb_curr_entry_sdn \n" );
- 		ret_val	= LDAP_OPERATIONS_ERROR;
-@@ -932,6 +939,13 @@ acl_read_access_allowed_on_entry (
- 							tnf_string,end,"aclpb error");
- 		return LDAP_OPERATIONS_ERROR;
- 	}
-+	 
-+	if (pb != aclpb->aclpb_pblock) {
-+		slapi_log_error(SLAPI_LOG_ACL, plugin_name,
-+		                "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+		                aclpb->aclpb_pblock, pb);
-+		aclpb->aclpb_pblock = pb;
-+	}
- 
- 	/*
- 	 * Am I	a anonymous dude ? then	we can use our anonympous profile
--- 
-2.4.3
-
diff --git a/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
deleted file mode 100644
index 899493b..0000000
--- a/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From ac782ed2990d5d8149c6796aa9aaf03044ad1446 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 10 Feb 2016 13:45:50 -0800
-Subject: [PATCH 85/86] Ticket #48536 - Crash in slapi_get_object_extension
-
-Description: commit 091a5f5daf3fa378f029e293c5358ae9be9f548e introduced
-a compier warning: format '%x' expects argument of type 'unsigned int',
-but argument 4 has type 'Slapi_PBlock * {aka struct slapi_pblock *}
-
-Replacing '%x' with '%p'.
-
-(cherry picked from commit b31749f2a0bed838712719b2e6533bed0a4144e0)
-(cherry picked from commit 7fb593fe56dbbce06f707bd9807bf14748273ea2)
----
- ldap/servers/plugins/acl/acl.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index d56bed6..7b7fea1 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -319,7 +319,7 @@ acl_access_allowed(
- 
- 	if (pb != aclpb->aclpb_pblock) {
- 		slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
--		                "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+		                "acl_access_allowed: Resetting aclpb_pblock %p to pblock addr %p\n",
- 		                aclpb->aclpb_pblock, pb);
- 		aclpb->aclpb_pblock = pb;
- 	}
-@@ -942,7 +942,7 @@ acl_read_access_allowed_on_entry (
- 	 
- 	if (pb != aclpb->aclpb_pblock) {
- 		slapi_log_error(SLAPI_LOG_ACL, plugin_name,
--		                "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+		                "acl_read_access_allowed_on_entry: Resetting aclpb_pblock %p to pblock addr %p\n",
- 		                aclpb->aclpb_pblock, pb);
- 		aclpb->aclpb_pblock = pb;
- 	}
--- 
-2.4.3
-
diff --git a/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch b/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
deleted file mode 100644
index a38c3c5..0000000
--- a/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 9e58aecdd4265759a1c9aac2817da858849f08a1 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Wed, 10 Feb 2016 15:17:02 +0100
-Subject: [PATCH 86/86] Ticket 48445: keep alive entries can break replication
-
-Bug Description:
-	On the consumer side, at the end of a total update the replica is enabled and the changelog recreated.
-	When the replica is enabled the keep alive entry (for that replica) is created .
-	There is a race condition (that look quite systematic in our tests) if the creation of the entry is added to the changelog
-	before the changelog is recreated.
-	In that case the ADD is erased from the CL and will never be replicated.
-
-	The keep alive entry is created (if it does not already exist) :
-		- during a total update (as supplier)
-		- when the keep alive is updated
-		- when the replica is enabled
-
-Fix Description:
-	It is not strictly necessary to create the keep alive when the replica is enabled.
-	So we can skip the creation during that step.
-
-https://fedorahosted.org/389/ticket/48445
-
-Reviewed by: Mark Reynolds (thank you Mark)
-
-Platforms tested: F23
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 71a891f0dcfd1aafeb3913279d42e33ed2355312)
-(cherry picked from commit 02af085c2a9c23536c8d276ee35794ec6efc81f5)
----
- ldap/servers/plugins/replication/repl5_replica.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 8b53f3c..31c5f0f 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -3972,7 +3972,6 @@ replica_enable_replication (Replica *r)
-         /* What to do ? */
-     }
- 
--    replica_subentry_check(r->repl_root, replica_get_rid(r));
-     /* Replica came back online, Check if the total update was terminated.
-        If flag is still set, it was not terminated, therefore the data is
-        very likely to be incorrect, and we should not restart Replication threads...
--- 
-2.4.3
-
diff --git a/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch b/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch
deleted file mode 100644
index be909d2..0000000
--- a/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 202bac76ade2dcff8318f545fbccdecaec3bdde8 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Tue, 1 Mar 2016 11:14:54 +0100
-Subject: [PATCH] Ticket 48420: change severity of some messages related to
- "keep alive" entries
-
-Bug Description:
-	"keep alive" entries are used to prevent fractional replication
-	to evaluate several times the same skipped updates. (see https://fedorahosted.org/389/ticket/48266)
-
-	This entry is created on the fly when two many evaluated
-	updates have been skipped. This is a quite common situation
-	and the creation of such entry is not a FATAL error
-
-Fix Description:
-	Change the log level to replication level
-
-https://fedorahosted.org/389/ticket/48420
-
-Reviewed by: Ludwig Krispenz (thanks Ludwig)
-
-Platforms tested: F17
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 6788445974404398bc02da8fa105b06514e8a450)
-(cherry picked from commit 17bb0688b9249693da0bda239fb7c3b35aa8e1c9)
----
- ldap/servers/plugins/replication/repl5_replica.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 31c5f0f..c7cf25f 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -492,7 +492,7 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
-                     "Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-             rc = replica_subentry_create(repl_root, rid);
-         } else {
--            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+            slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-                     "replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-             rc = 0;
-         }
--- 
-2.4.3
-
diff --git a/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch b/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
deleted file mode 100644
index 933cadf..0000000
--- a/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 3bc24e232913684830edb2e029d1695f3470308e Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 8 Mar 2016 14:52:37 -0800
-Subject: [PATCH] Ticket #48757 - License tag does not match actual license of
- code
-
-Fix Description: License tag in the spec file was updated to match the
-actual license of code.
-
-(cherry picked from commit 415d8553eddfe9b19fd9b8d8be9b934bf75a5765)
-(cherry picked from commit c9bd68813c658e1caeaba9ee2c2aef62f0cc6dd6)
----
- rpm/389-ds-base.spec.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index b7556e1..8bbd979 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -33,7 +33,7 @@ Name:             389-ds-base
- Version:          __VERSION__
- #Release:          %{?relprefix}1%{?prerel}%{?dist}
- Release:          __RELEASE__%{?dist}
--License:          GPLv2 with exceptions
-+License:          GPLv3+
- URL:              http://port389.org/
- Group:            System Environment/Daemons
- BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
--- 
-2.4.3
-
diff --git a/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch b/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch
deleted file mode 100644
index 8e36a84..0000000
--- a/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-From e40a6ef764f13b6efcf573a6181b6747bb029b90 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 24 Mar 2016 09:46:11 -0400
-Subject: [PATCH] Ticket 47888 - DES to AES password conversion fails if a
- backend is empty
-
-Bug Description:  The process of converting DES passwords to AES can incorrectly
-                  disable the DES plugin if an error is encountered.  In this case
-                  it was because a backend was defined but was missing the top entry
-                  which lead to an error 32 when searching for DES passwords.  This
-                  causes the existing DES passwords to fail to decode.
-
-Fix Description:  There are two issues here.  One, we should ignore errors when
-                  searching all the backends for passwords.  Two, we should only
-                  disable the DES plugin if all the DES passwords were successfully
-                  converted.
-
-https://fedorahosted.org/389/ticket/48777
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 6b7f980e80af3803bc395e50bd4228ded9bceb00)
-(cherry picked from commit c6eaf691c6ff3330dc1a3dcbf4dcc31af52c2919)
----
- ldap/servers/slapd/daemon.c | 53 ++++++++++++++++++++++-----------------------
- 1 file changed, 26 insertions(+), 27 deletions(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index d25c44d..d702129 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -694,7 +694,8 @@ convert_pbe_des_to_aes()
-     char **attrs = NULL;
-     char **backends = NULL;
-     char *val = NULL;
--    int converted_des = 0;
-+    int converted_des_passwd = 0;
-+    int disable_des = 1;
-     int result = -1;
-     int have_aes = 0;
-     int have_des = 0;
-@@ -739,7 +740,7 @@ convert_pbe_des_to_aes()
-         char *cookie = NULL;
- 
-         LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes:  "
--                "Converting DES passwords to AES...\n",0,0,0);
-+                "Checking for DES passwords to convert to AES...\n",0,0,0);
- 
-         be = slapi_get_first_backend(&cookie);
-         while (be){
-@@ -777,10 +778,13 @@ convert_pbe_des_to_aes()
-                 slapi_search_internal_pb(pb);
-                 slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-                 if (LDAP_SUCCESS != result) {
--                    LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                            "failed to search for password on (%s) error (%d)\n",
--                            backends[be_idx], result, 0);
--                    goto done;
-+                    slapi_log_error(SLAPI_LOG_TRACE, "convert_pbe_des_to_aes: ",
-+                        "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
-+                        attrs[i], result, backends[be_idx]);
-+                    slapi_free_search_results_internal(pb);
-+                    slapi_pblock_destroy(pb);
-+                    pb = NULL;
-+                    continue;
-                 }
-                 slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-                 for (ii = 0; entries && entries[ii]; ii++){
-@@ -799,9 +803,9 @@ convert_pbe_des_to_aes()
-                             /* decode the DES password */
-                             if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
-                                 LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                                        "failed to decode existing DES password for (%s)\n",
-+                                        "Failed to decode existing DES password for (%s)\n",
-                                         slapi_entry_get_dn(entries[ii]), 0, 0);
--                                converted_des = 0;
-+                                disable_des = 0;
-                                 goto done;
-                             }
- 
-@@ -813,7 +817,7 @@ convert_pbe_des_to_aes()
-                                         slapi_entry_get_dn(entries[ii]), 0, 0);
-                                 slapi_ch_free_string(&passwd);
-                                 slapi_value_free(&sval);
--                                converted_des = 0;
-+                                disable_des = 0;
-                                 goto done;
-                             }
- 
-@@ -834,22 +838,18 @@ convert_pbe_des_to_aes()
-                             slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-                             if (LDAP_SUCCESS != result) {
-                                 LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                                        "failed to convert password for (%s) error (%d)\n",
-+                                        "Failed to convert password for (%s) error (%d)\n",
-                                         slapi_entry_get_dn(entries[ii]), result, 0);
--                                converted_des = -1;
-+                                disable_des = 0;
-                             } else {
-                                 LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                                        "successfully converted password for (%s)\n",
-+                                        "Successfully converted password for (%s)\n",
-                                          slapi_entry_get_dn(entries[ii]), result, 0);
--                                converted_des = 1;
--
-+                                converted_des_passwd = 1;
-                             }
-                             slapi_ch_free_string(&passwd);
-                             slapi_value_free(&sval);
-                             slapi_pblock_destroy(mod_pb);
--                            if(result){
--                                goto done;
--                            }
-                         }
-                         slapi_ch_free_string(&val);
-                     }
-@@ -860,6 +860,10 @@ convert_pbe_des_to_aes()
-             }
-             slapi_ch_free_string(&filter);
-         }
-+        if (!converted_des_passwd){
-+            slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
-+                "No DES passwords found to convert.\n");
-+        }
-     }
- 
- done:
-@@ -870,9 +874,9 @@ done:
- 
-     if (have_aes && have_des){
-         /*
--         * If a conversion attempt did not fail, disable DES plugin
-+         * If a conversion attempt did not fail then we can disable the DES plugin
-          */
--        if(converted_des != -1){
-+        if(converted_des_passwd && disable_des){
-             /*
-              * Disable the DES plugin - this also prevents potentially expensive
-              * searches at every server startup.
-@@ -905,14 +909,9 @@ done:
-                         des_dn, 0, 0);
-             }
-             slapi_pblock_destroy(pb);
--        }
--        if(converted_des == 1){
--             LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                    "Finished - all DES passwords have been converted to AES.\n",
--                    0, 0, 0);
--        } else if (converted_des == 0){
--            LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes:  "
--                    "Finished - no DES passwords to convert.\n",0,0,0);
-+            LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+                      "All DES passwords have been converted to AES.\n",
-+                      0, 0, 0);
-         }
-     }
- }
--- 
-2.4.3
-
diff --git a/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch
deleted file mode 100644
index 3ed408d..0000000
--- a/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From ce824731f4839f7812109b8c04ce704a56eeca4b Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 10 Feb 2016 11:36:32 -0800
-Subject: [PATCH 90/93] Ticket #48492 - heap corruption at schema replication.
-
-Description: 389-ds-base-1.3.2 and newer uses openldap schema parser,
-which is more strict with the definition.  For instance, the older
-389-ds-base could have a schema such as SINTAX OID in single quotes,
-which is not acceptable on the newer version.  There was a bug to
-handle the error case that caused a crash.
-
-This patch adds
-1) the null reference check to attr_syntax_free (attrsyntax.c),
-2) a null init to the output arg in parse_at_str and parse_oc_str
-   (schema.c) and
-3) an error logging to schema_berval_to_atlist & schema_berval_to_oclist
-   (schema.c) for troubleshooting.
-
-https://fedorahosted.org/389/ticket/48492
-
-Reviewed by wibrown@redhat.com and mreynolds@redhat.com (Thank you, William and Mark!)
-
-(cherry picked from commit b5bfa2a0386e168ce2196a077169382ae53a94b4)
-(cherry picked from commit 9bd53c297683e691fef174bf1aed6842f475fb9f)
----
- ldap/servers/slapd/attrsyntax.c |  3 +++
- ldap/servers/slapd/schema.c     | 16 +++++++++++++++-
- 2 files changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
-index 4cdcf86..8b2a77a 100644
---- a/ldap/servers/slapd/attrsyntax.c
-+++ b/ldap/servers/slapd/attrsyntax.c
-@@ -189,6 +189,9 @@ attr_syntax_check_oids()
- void
- attr_syntax_free( struct asyntaxinfo *a )
- {
-+	if (!a) {
-+		return;
-+	}
- 	cool_charray_free( a->asi_aliases );
- 	slapi_ch_free_string(&a->asi_name );
- 	slapi_ch_free_string(&a->asi_desc );
-diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
-index 65cbad5..dd56599 100644
---- a/ldap/servers/slapd/schema.c
-+++ b/ldap/servers/slapd/schema.c
-@@ -263,6 +263,9 @@ static PRCallOnceType schema_dse_mandatory_init_callonce = { 0, 0, 0 };
- static int parse_at_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, size_t errorbufsize,
-         PRUint32 schema_flags, int is_user_defined, int schema_ds4x_compat, int is_remote)
- {
-+    if (asipp) {
-+        *asipp = NULL;
-+    }
- #ifdef USE_OPENLDAP
-     return parse_attr_str(input, asipp, errorbuf, errorbufsize, schema_flags, is_user_defined,schema_ds4x_compat,is_remote);
- #else
-@@ -274,6 +277,9 @@ static int parse_oc_str(const char *input, struct objclass **oc, char *errorbuf,
- 		size_t errorbufsize, PRUint32 schema_flags, int is_user_defined,
- 		int schema_ds4x_compat, struct objclass* private_schema )
- {
-+    if (oc) {
-+        *oc = NULL;
-+    }
- #ifdef USE_OPENLDAP
-     return parse_objclass_str (input, oc, errorbuf, errorbufsize, schema_flags, is_user_defined, schema_ds4x_compat, private_schema );
- #else
-@@ -7146,11 +7152,15 @@ schema_berval_to_oclist(struct berval **oc_berval)
-         oc_list = NULL;
-         oc_tail = NULL;
-         if (oc_berval != NULL) {
-+                errorbuf[0] = '\0';
-                 for (i = 0; oc_berval[i] != NULL; i++) {
-                         /* parse the objectclass value */
-                         if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
-                                 errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
-                                 schema_ds4x_compat, oc_list))) {
-+                                slapi_log_error(SLAPI_LOG_FATAL, "schema",
-+                                                "parse_oc_str returned error: %s\n",
-+                                                errorbuf[0]?errorbuf:"unknown");
-                                 oc_free(&oc);
-                                 rc = 1;
-                                 break;
-@@ -7184,11 +7194,15 @@ schema_berval_to_atlist(struct berval **at_berval)
-     schema_ds4x_compat = config_get_ds4_compatible_schema();
- 
-     if (at_berval != NULL) {
-+        errorbuf[0] = '\0';
-         for (i = 0; at_berval[i] != NULL; i++) {
-             /* parse the objectclass value */
-             rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
-                     DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
--            if(rc){
-+            if (rc) {
-+                slapi_log_error(SLAPI_LOG_FATAL, "schema",
-+                                "parse_oc_str returned error: %s\n",
-+                                errorbuf[0]?errorbuf:"unknown");
-                 attr_syntax_free(at);
-                 break;
-             }
--- 
-2.4.11
-
diff --git a/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch
deleted file mode 100644
index d70e6b0..0000000
--- a/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch
+++ /dev/null
@@ -1,218 +0,0 @@
-From bc3328ebbe1b8279f77ad1020bce9fb638d4c94c Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 8 Apr 2016 14:17:12 -0700
-Subject: [PATCH 91/93] Ticket #48492 - heap corruption at schema replication.
-
-Bug Description: If nsslapd-enquote-sup-oc is on, the server is supposed to
-handle the quoted SYNTAX values although the spec is deprecated.  Currently,
-if nsslapd-enquote-sup-oc is on, it wraps SYNTAX values with quotes, but the
-information is not passed to the openldap schema parser where the parsing the
-schema fails.
-
-Fix Description: This patch passes the info (flag LDAP_SCHEMA_ALLOW_QUOTED)
-to the openldap API ldap_str2attributetype if nsslapd-enquote-sup-oc is on.
-
-Additionally, to support the old style quoted SYNTAX values in the schema
-files, loading the schema has to get the enquote information prior to the
-configuration parameters evaluated.  To pass the information, this patch
-accepts the environment variable LDAP_SCHEMA_ALLOW_QUOTED. If it is defined
-with any value, old style schema files are processed.
-
-To set the environment variable, add
-    LDAP_SCHEMA_ALLOW_QUOTED="on"
-to /etc/sysconfig/dirsrv-INSTANCE.
-
-https://fedorahosted.org/389/ticket/48492
-
-Reviewed by firstyear@redhat.com (Thank you, William!!)
-
-(cherry picked from commit 955dc66d42511c2cc8d6ff18cf030508f6da2770)
-(cherry picked from commit 7927e4420fb185ae328d56cfd4741583ae1f667b)
----
- ldap/servers/slapd/schema.c | 66 ++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 51 insertions(+), 15 deletions(-)
-
-diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
-index dd56599..806c38d 100644
---- a/ldap/servers/slapd/schema.c
-+++ b/ldap/servers/slapd/schema.c
-@@ -1638,6 +1638,16 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
- 	}
- 
- 	if ( !aew->schema_ds4x_compat ) {
-+#if defined (USE_OPENLDAP)
-+		/* 
-+		 * These values in quotes are not supported by the openldap parser.
-+		 * Even if nsslapd-enquote-sup-oc is on, quotes should not be added.
-+		 */
-+		outp += put_tagged_oid( outp, "SUP ", asip->asi_superior, NULL, 0 );
-+		outp += put_tagged_oid( outp, "EQUALITY ", asip->asi_mr_equality, NULL, 0 );
-+		outp += put_tagged_oid( outp, "ORDERING ", asip->asi_mr_ordering, NULL, 0 );
-+		outp += put_tagged_oid( outp, "SUBSTR ", asip->asi_mr_substring, NULL, 0 );
-+#else
- 		outp += put_tagged_oid( outp, "SUP ",
- 				asip->asi_superior, NULL, aew->enquote_sup_oc );
- 		outp += put_tagged_oid( outp, "EQUALITY ",
-@@ -1646,6 +1656,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
- 				asip->asi_mr_ordering, NULL, aew->enquote_sup_oc );
- 		outp += put_tagged_oid( outp, "SUBSTR ",
- 				asip->asi_mr_substring, NULL, aew->enquote_sup_oc );
-+#endif
- 	}
- 
- 	outp += put_tagged_oid( outp, "SYNTAX ", syntaxoid, syntaxlengthbuf,
-@@ -4105,7 +4116,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
-     char **attr_names = NULL;
-     unsigned long flags = SLAPI_ATTR_FLAG_OVERRIDE;
-     /* If we ever accept openldap schema directly, then make parser_flags configurable */
--    const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
-+    unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
-     int invalid_syntax_error;
-     int syntaxlength = SLAPI_SYNTAXLENGTH_NONE;
-     int num_names = 0;
-@@ -4113,6 +4124,17 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
-     int rc = 0;
-     int a, aa;
- 
-+    if (config_get_enquote_sup_oc()) {
-+        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+    } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
-+        char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
-+        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+        if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
-+            slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
-+                            CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
-+        }
-+    }
-+
-     /*
-      *      OpenLDAP AttributeType struct
-      *
-@@ -4159,7 +4181,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
-         /* trim any leading spaces */
-         input++;
-     }
--    if((atype = ldap_str2attributetype(input, &rc, &errp, parser_flags )) == NULL){
-+    if((atype = ldap_str2attributetype(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
-         schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at, input,
-                                "Failed to parse attribute, error(%d - %s) at (%s)", rc, ldap_scherr2str(rc), errp );
-         return invalid_syntax_error;
-@@ -4478,12 +4500,23 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
-     char **OrigRequiredAttrsArray, **OrigAllowedAttrsArray;
-     char *first_oc_name = NULL;
-     /* If we ever accept openldap schema directly, then make parser_flags configurable */
--    const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
-+    unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
-     PRUint8 flags = 0;
-     int invalid_syntax_error;
-     int i, j;
-     int rc = 0;
- 
-+    if (config_get_enquote_sup_oc()) {
-+        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+    } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
-+        char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
-+        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+        if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
-+            slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
-+                            CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
-+        }
-+    }
-+
-     /*
-      *     openLDAP Objectclass struct
-      *
-@@ -4521,10 +4554,10 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
-      *  Parse the input and create the openLdap objectclass structure
-      */
-     while(isspace(*input)){
--    	/* trim any leading spaces */
-+        /* trim any leading spaces */
-         input++;
-     }
--    if((objClass = ldap_str2objectclass(input, &rc, &errp, parser_flags )) == NULL){
-+    if((objClass = ldap_str2objectclass(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
-         schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc, input,
-                                "Failed to parse objectclass, error(%d) at (%s)", rc, errp );
-         return invalid_syntax_error;
-@@ -5592,7 +5625,7 @@ get_tagged_oid( const char *tag, const char **inputp,
- 	PR_ASSERT( NULL != *inputp );
- 	PR_ASSERT( NULL != tag );
- 	PR_ASSERT( '\0' != tag[ 0 ] );
--       	if('(' !=tag[0]) 
-+	if('(' !=tag[0]) 
- 	  PR_ASSERT((' ' == tag[ strlen( tag ) - 1 ]) || ('(' == tag[ strlen( tag ) - 1 ]));
- 
- 	if ( NULL == strstr_fn ) {
-@@ -5611,8 +5644,8 @@ get_tagged_oid( const char *tag, const char **inputp,
- 		/* skip past the leading single quote, if present */
- 		if ( *startp == '\'' ) {
- 			++startp;
--                        /* skip past any extra white space */
--                        startp = skipWS( startp );
-+			/* skip past any extra white space */
-+			startp = skipWS( startp );
- 		}
- 
- 		/* locate the end of the OID */
-@@ -7155,6 +7188,7 @@ schema_berval_to_oclist(struct berval **oc_berval)
-                 errorbuf[0] = '\0';
-                 for (i = 0; oc_berval[i] != NULL; i++) {
-                         /* parse the objectclass value */
-+                        oc = NULL;
-                         if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
-                                 errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
-                                 schema_ds4x_compat, oc_list))) {
-@@ -7197,12 +7231,13 @@ schema_berval_to_atlist(struct berval **at_berval)
-         errorbuf[0] = '\0';
-         for (i = 0; at_berval[i] != NULL; i++) {
-             /* parse the objectclass value */
-+            at = NULL;
-             rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
-                     DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
-             if (rc) {
-                 slapi_log_error(SLAPI_LOG_FATAL, "schema",
--                                "parse_oc_str returned error: %s\n",
--                                errorbuf[0]?errorbuf:"unknown");
-+                                "schema_berval_to_atlist: parse_at_str(%s) failed - %s\n",
-+                                at_berval[i]->bv_val, errorbuf[0]?errorbuf:"unknown");
-                 attr_syntax_free(at);
-                 break;
-             }
-@@ -7217,6 +7252,7 @@ schema_berval_to_atlist(struct berval **at_berval)
-     }
-     if (rc) {
-         schema_atlist_free(head);
-+        head = NULL;
-     }
- 
-     return head;
-@@ -7319,12 +7355,12 @@ schema_attributetypes_superset_check(struct berval **remote_schema, char *type)
- static void
- modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
- {
--        Slapi_PBlock *newpb;
-+	Slapi_PBlock *newpb;
- 	int op_result;
--        CSN *schema_csn;
-+	CSN *schema_csn;
-         
--        /* allocate internal mod components: pblock*/
--        newpb = slapi_pblock_new();
-+	/* allocate internal mod components: pblock*/
-+	newpb = slapi_pblock_new();
-         
- 	slapi_modify_internal_set_pb_ext (
- 			newpb,
-@@ -7333,7 +7369,7 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
- 			NULL, /* Controls */
- 			NULL,
- 			(void *)plugin_get_default_component_id(),
--			0);	
-+			0);
- 
- 	/* do modify */
- 	slapi_modify_internal_pb (newpb);
--- 
-2.4.11
-
diff --git a/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch b/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
deleted file mode 100644
index 37f3621..0000000
--- a/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 39a14eaab84e7eac940d1d707cabc9610ef570c6 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 26 Apr 2016 13:53:02 -0700
-Subject: [PATCH 92/93] Ticket #48808 - Paged results search returns the blank
- list of entries
-
-Bug Description: When a simple paged results slot in a connection is
-discarded due to an error, e.g., SIZELIMIT_EXCEEDED, the slot was not
-properly cleaned up.  Then, if the slot was reused, the leftover flag
-confused the code and ended up returning the 0 search result.
-
-Fix Description: This patch adds the clean up code when a slot is re-
-used.
-
-https://fedorahosted.org/389/ticket/48808
-
-Reviewed by wibrown@redhat.com (Thank you, William!!)
-
-(cherry picked from commit 09180b25570696d24c86e3a046fb497c15549c64)
-(cherry picked from commit a8486ab3b364a9ae088d6404d025058b04ac358d)
----
- ldap/servers/slapd/pagedresults.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index d394dab..52d2158 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -124,6 +124,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
-             prp = conn->c_pagedresults.prl_list;
-             for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
-                 if (!prp->pr_current_be) { /* unused slot; take it */
-+                    _pr_cleanup_one_slot(prp);
-                     prp->pr_current_be = be;
-                     *index = i;
-                     break;
--- 
-2.4.11
-
diff --git a/SOURCES/0093-Ticket-48808-Add-test-case.patch b/SOURCES/0093-Ticket-48808-Add-test-case.patch
deleted file mode 100644
index 8c92d51..0000000
--- a/SOURCES/0093-Ticket-48808-Add-test-case.patch
+++ /dev/null
@@ -1,370 +0,0 @@
-From fc0ca25b9f143083528cc5f87dc89fe69baf38fd Mon Sep 17 00:00:00 2001
-From: Simon Pichugin <spichugi@redhat.com>
-Date: Thu, 28 Apr 2016 11:49:24 +0200
-Subject: [PATCH 93/93] Ticket 48808 - Add test case
-
-Description: Add test case for paged results search returns the blank
-list of entries issue.
-
-Bug description: After series of actions, paged result search that
-should returns list of entries returns blank list of entries. It is
-hardly reproducible manually, but it is easy to reproduce with python
-automation.
-
-https://fedorahosted.org/389/ticket/48808
-
-Reviewed by: nhosoi and wbrown (Thanks!)
-
-(cherry picked from commit 91f3e592713ea58602412ed773a497583f2ebd6c)
-(cherry picked from commit 99b5048b09e64cea6f8bf5e7d524679960ce0a44)
----
- dirsrvtests/tests/tickets/ticket48808_test.py | 337 ++++++++++++++++++++++++++
- 1 file changed, 337 insertions(+)
- create mode 100644 dirsrvtests/tests/tickets/ticket48808_test.py
-
-diff --git a/dirsrvtests/tests/tickets/ticket48808_test.py b/dirsrvtests/tests/tickets/ticket48808_test.py
-new file mode 100644
-index 0000000..3dbceac
---- /dev/null
-+++ b/dirsrvtests/tests/tickets/ticket48808_test.py
-@@ -0,0 +1,337 @@
-+import time
-+import ldap
-+import logging
-+import pytest
-+from random import sample
-+from ldap.controls import SimplePagedResultsControl
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+TEST_USER_NAME = 'simplepaged_test'
-+TEST_USER_DN = 'uid=%s,%s' % (TEST_USER_NAME, DEFAULT_SUFFIX)
-+TEST_USER_PWD = 'simplepaged_test'
-+
-+
-+class TopologyStandalone(object):
-+    def __init__(self, standalone):
-+        standalone.open()
-+        self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+    # Creating standalone instance ...
-+    standalone = DirSrv(verbose=False)
-+    args_instance[SER_HOST] = HOST_STANDALONE
-+    args_instance[SER_PORT] = PORT_STANDALONE
-+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+    args_standalone = args_instance.copy()
-+    standalone.allocate(args_standalone)
-+    instance_standalone = standalone.exists()
-+    if instance_standalone:
-+        standalone.delete()
-+    standalone.create()
-+    standalone.open()
-+
-+    # Delete each instance in the end
-+    def fin():
-+        standalone.delete()
-+    request.addfinalizer(fin)
-+
-+    # Clear out the tmp dir
-+    standalone.clearTmpDir(__file__)
-+
-+    return TopologyStandalone(standalone)
-+
-+
-+@pytest.fixture(scope="module")
-+def test_user(topology):
-+    """User for binding operation"""
-+
-+    try:
-+        topology.standalone.add_s(Entry((TEST_USER_DN, {
-+                                        'objectclass': 'top person'.split(),
-+                                        'objectclass': 'organizationalPerson',
-+                                        'objectclass': 'inetorgperson',
-+                                        'cn': TEST_USER_NAME,
-+                                        'sn': TEST_USER_NAME,
-+                                        'userpassword': TEST_USER_PWD,
-+                                        'mail': '%s@redhat.com' % TEST_USER_NAME,
-+                                        'uid': TEST_USER_NAME
-+                                        })))
-+    except ldap.LDAPError as e:
-+        log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
-+                                                           e.message['desc']))
-+        raise e
-+
-+
-+def add_users(topology, users_num):
-+    """Add users to the default suffix
-+    and return a list of added user DNs.
-+    """
-+
-+    users_list = []
-+    log.info('Adding %d users' % users_num)
-+    for num in sample(range(1000), users_num):
-+        num_ran = int(round(num))
-+        USER_NAME = 'test%05d' % num_ran
-+        USER_DN = 'uid=%s,%s' % (USER_NAME, DEFAULT_SUFFIX)
-+        users_list.append(USER_DN)
-+        try:
-+            topology.standalone.add_s(Entry((USER_DN, {
-+                                             'objectclass': 'top person'.split(),
-+                                             'objectclass': 'organizationalPerson',
-+                                             'objectclass': 'inetorgperson',
-+                                             'cn': USER_NAME,
-+                                             'sn': USER_NAME,
-+                                             'userpassword': 'pass%s' % num_ran,
-+                                             'mail': '%s@redhat.com' % USER_NAME,
-+                                             'uid': USER_NAME
-+                                              })))
-+        except ldap.LDAPError as e:
-+            log.error('Failed to add user (%s): error (%s)' % (USER_DN,
-+                                                               e.message['desc']))
-+            raise e
-+    return users_list
-+
-+
-+def del_users(topology, users_list):
-+    """Delete users with DNs from given list"""
-+
-+    log.info('Deleting %d users' % len(users_list))
-+    for user_dn in users_list:
-+        try:
-+            topology.standalone.delete_s(user_dn)
-+        except ldap.LDAPError as e:
-+            log.error('Failed to delete user (%s): error (%s)' % (user_dn,
-+                                                                  e.message['desc']))
-+            raise e
-+
-+
-+def change_conf_attr(topology, suffix, attr_name, attr_value):
-+    """Change configurational attribute in the given suffix.
-+    Funtion returns previous attribute value.
-+    """
-+
-+    try:
-+        entries = topology.standalone.search_s(suffix, ldap.SCOPE_BASE,
-+                                                'objectclass=top',
-+                                                [attr_name])
-+        attr_value_bck = entries[0].data.get(attr_name)
-+        log.info('Set %s to %s. Previous value - %s. Modified suffix - %s.' % (
-+                        attr_name, attr_value, attr_value_bck, suffix))
-+        if attr_value is None:
-+            topology.standalone.modify_s(suffix, [(ldap.MOD_DELETE,
-+                                                        attr_name,
-+                                                        attr_value)])
-+        else:
-+            topology.standalone.modify_s(suffix, [(ldap.MOD_REPLACE,
-+                                                        attr_name,
-+                                                        attr_value)])
-+    except ldap.LDAPError as e:
-+           log.error('Failed to change attr value (%s): error (%s)' % (attr_name,
-+                                                                       e.message['desc']))
-+           raise e
-+
-+    return attr_value_bck
-+
-+
-+def paged_search(topology, controls, search_flt, searchreq_attrlist):
-+    """Search at the DEFAULT_SUFFIX with ldap.SCOPE_SUBTREE
-+    using Simple Paged Control(should the first item in the
-+    list controls.
-+    Return the list with results summarized from all pages
-+    """
-+
-+    pages = 0
-+    pctrls = []
-+    all_results = []
-+    req_ctrl = controls[0]
-+    msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+                                           ldap.SCOPE_SUBTREE,
-+                                           search_flt,
-+                                           searchreq_attrlist,
-+                                           serverctrls=controls)
-+    while True:
-+        log.info('Getting page %d' % (pages,))
-+        rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
-+        all_results.extend(rdata)
-+        pages += 1
-+        pctrls = [
-+            c
-+            for c in rctrls
-+            if c.controlType == SimplePagedResultsControl.controlType
-+        ]
-+
-+        if pctrls:
-+            if pctrls[0].cookie:
-+                # Copy cookie from response control to request control
-+                req_ctrl.cookie = pctrls[0].cookie
-+                msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+                                                       ldap.SCOPE_SUBTREE,
-+                                                       search_flt,
-+                                                       searchreq_attrlist,
-+                                                       serverctrls=controls)
-+            else:
-+                break # no more pages available
-+        else:
-+            break
-+
-+    assert not pctrls[0].cookie
-+    return all_results
-+
-+
-+def test_ticket48808(topology, test_user):
-+    log.info('Run multiple paging controls on a single connection')
-+    users_num = 100
-+    page_size = 30
-+    users_list = add_users(topology, users_num)
-+    search_flt = r'(uid=test*)'
-+    searchreq_attrlist = ['dn', 'sn']
-+
-+    log.info('Set user bind')
-+    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+    log.info('Create simple paged results control instance')
-+    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+    controls = [req_ctrl]
-+
-+    for ii in xrange(3):
-+        log.info('Iteration %d' % ii)
-+        msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+                                                ldap.SCOPE_SUBTREE,
-+                                                search_flt,
-+                                                searchreq_attrlist,
-+                                                serverctrls=controls)
-+        rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
-+        pctrls = [
-+            c
-+            for c in rctrls
-+            if c.controlType == SimplePagedResultsControl.controlType
-+        ]
-+
-+        req_ctrl.cookie = pctrls[0].cookie
-+        msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+                                                ldap.SCOPE_SUBTREE,
-+                                                search_flt,
-+                                                searchreq_attrlist,
-+                                                serverctrls=controls)
-+    log.info('Set Directory Manager bind back')
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+    del_users(topology, users_list)
-+
-+    log.info('Abandon the search')
-+    users_num = 10
-+    page_size = 0
-+    users_list = add_users(topology, users_num)
-+    search_flt = r'(uid=test*)'
-+    searchreq_attrlist = ['dn', 'sn']
-+
-+    log.info('Set user bind')
-+    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+    log.info('Create simple paged results control instance')
-+    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+    controls = [req_ctrl]
-+
-+    msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+                                           ldap.SCOPE_SUBTREE,
-+                                           search_flt,
-+                                           searchreq_attrlist,
-+                                           serverctrls=controls)
-+    rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
-+    pctrls = [
-+        c
-+        for c in rctrls
-+        if c.controlType == SimplePagedResultsControl.controlType
-+    ]
-+    assert not pctrls[0].cookie
-+
-+    log.info('Set Directory Manager bind back')
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+    del_users(topology, users_list)
-+
-+    log.info("Search should fail with 'nsPagedSizeLimit = 5'"
-+             "and 'nsslapd-pagedsizelimit = 15' with 10 users")
-+    conf_attr = '15'
-+    user_attr = '5'
-+    expected_rs = ldap.SIZELIMIT_EXCEEDED
-+    users_num = 10
-+    page_size = 10
-+    users_list = add_users(topology, users_num)
-+    search_flt = r'(uid=test*)'
-+    searchreq_attrlist = ['dn', 'sn']
-+    conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
-+                                        'nsslapd-pagedsizelimit', conf_attr)
-+    user_attr_bck = change_conf_attr(topology, TEST_USER_DN,
-+                                        'nsPagedSizeLimit', user_attr)
-+
-+    log.info('Set user bind')
-+    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+    log.info('Create simple paged results control instance')
-+    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+    controls = [req_ctrl]
-+
-+    log.info('Expect to fail with SIZELIMIT_EXCEEDED')
-+    with pytest.raises(expected_rs):
-+        all_results = paged_search(topology, controls,
-+                                   search_flt, searchreq_attrlist)
-+
-+    log.info('Set Directory Manager bind back')
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+    del_users(topology, users_list)
-+    change_conf_attr(topology, DN_CONFIG,
-+                     'nsslapd-pagedsizelimit', conf_attr_bck)
-+    change_conf_attr(topology, TEST_USER_DN,
-+                     'nsPagedSizeLimit', user_attr_bck)
-+
-+    log.info("Search should pass with 'nsPagedSizeLimit = 15'"
-+             "and 'nsslapd-pagedsizelimit = 5' with 10 users")
-+    conf_attr = '5'
-+    user_attr = '15'
-+    users_num = 10
-+    page_size = 10
-+    users_list = add_users(topology, users_num)
-+    search_flt = r'(uid=test*)'
-+    searchreq_attrlist = ['dn', 'sn']
-+    conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
-+                                    'nsslapd-pagedsizelimit', conf_attr)
-+    user_attr_bck = change_conf_attr(topology, TEST_USER_DN,
-+                                    'nsPagedSizeLimit', user_attr)
-+
-+    log.info('Set user bind')
-+    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+    log.info('Create simple paged results control instance')
-+    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+    controls = [req_ctrl]
-+
-+    log.info('Search should PASS')
-+    all_results = paged_search(topology, controls,
-+                               search_flt, searchreq_attrlist)
-+    log.info('%d results' % len(all_results))
-+    assert len(all_results) == len(users_list)
-+
-+    log.info('Set Directory Manager bind back')
-+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+    del_users(topology, users_list)
-+    change_conf_attr(topology, DN_CONFIG,
-+                    'nsslapd-pagedsizelimit', conf_attr_bck)
-+    change_conf_attr(topology, TEST_USER_DN,
-+                    'nsPagedSizeLimit', user_attr_bck)
-+
-+
-+if __name__ == '__main__':
-+    # Run isolated
-+    # -s for DEBUG mode
-+    CURRENT_FILE = os.path.realpath(__file__)
-+    pytest.main("-s %s" % CURRENT_FILE)
--- 
-2.4.11
-
diff --git a/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch b/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
deleted file mode 100644
index 8f1ea00..0000000
--- a/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
+++ /dev/null
@@ -1,936 +0,0 @@
-From 72562d03b0f758902e0ee858fd43d5bcfbef379b Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 7 Jun 2016 10:02:42 -0400
-Subject: [PATCH] Ticket 48862 - At startup DES to AES password conversion
- causes timeout in start script
-
-Bug Description:  At server start all the backends are searches for entries that contain
-                  DES password attributes as defined in the plugin.  These are typically
-                  unindexed searches, and if there is a very large backend this can cause
-                  the server startup to timeout.
-
-Fix Description:  At startup only check "cn=config" for entries with DES password attributes.
-                  A new "conversion" task has been created that can be run after startup
-                  to search all backends(if a suffix is not specified), or specific backends.
-
-                      dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config
-                      objectclass: top
-                      objectclass: extensibleObject
-                      suffix: dc=example,dc=com
-                      suffix: dc=other,dc=suffix
-
-                  Another bug was discovered in pw_rever_encode() in pw.c where a "for" loop
-                  counter was accidentially reused by a second "for" loop.  This could lead
-                  to an infinite loop/hang.
-
-                  Updated the CI test to perform the conversion task.
-
-https://fedorahosted.org/389/ticket/48862
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 11f55f3dd2a2c44ddf7b5be54273401add13b1bc)
-(cherry picked from commit c0ad918939c40779e463b71c41ab106e7ee890e2)
----
- dirsrvtests/tickets/ticket47462_test.py | 133 ++++++++----
- ldap/servers/slapd/daemon.c             | 195 +++++-------------
- ldap/servers/slapd/pw.c                 |   4 +-
- ldap/servers/slapd/task.c               | 346 +++++++++++++++++++++++++++++++-
- 4 files changed, 493 insertions(+), 185 deletions(-)
-
-diff --git a/dirsrvtests/tickets/ticket47462_test.py b/dirsrvtests/tickets/ticket47462_test.py
-index 17854fa..2d2c507 100644
---- a/dirsrvtests/tickets/ticket47462_test.py
-+++ b/dirsrvtests/tickets/ticket47462_test.py
-@@ -32,6 +32,7 @@ AGMT_DN = ''
- USER_DN = 'cn=test_user,' + DEFAULT_SUFFIX
- USER1_DN = 'cn=test_user1,' + DEFAULT_SUFFIX
- TEST_REPL_DN = 'cn=test repl,' + DEFAULT_SUFFIX
-+DES2AES_TASK_DN = 'cn=convert,cn=des2aes,cn=tasks,cn=config'
- 
- 
- class TopologyMaster1Master2(object):
-@@ -134,6 +135,11 @@ def topology(request):
-     # clear the tmp directory
-     master1.clearTmpDir(__file__)
- 
-+    def fin():
-+        master1.delete()
-+        master2.delete()
-+    request.addfinalizer(fin)
-+
-     return TopologyMaster1Master2(master1, master2)
- 
- 
-@@ -144,11 +150,9 @@ def test_ticket47462(topology):
-     """
- 
-     #
--    # First set config as if it's an older version.  Set DES to use libdes-plugin,
--    # MMR to depend on DES, delete the existing AES plugin, and set a DES password
--    # for the replication agreement.
--    #
--
-+    # First set config as if it's an older version.  Set DES to use
-+    # libdes-plugin, MMR to depend on DES, delete the existing AES plugin,
-+    # and set a DES password for the replication agreement.
-     #
-     # Add an extra attribute to the DES plugin args
-     #
-@@ -168,7 +172,9 @@ def test_ticket47462(topology):
- 
-     try:
-         topology.master1.modify_s(MMR_PLUGIN,
--                      [(ldap.MOD_DELETE, 'nsslapd-plugin-depends-on-named', 'AES')])
-+                      [(ldap.MOD_DELETE,
-+                        'nsslapd-plugin-depends-on-named',
-+                        'AES')])
- 
-     except ldap.NO_SUCH_ATTRIBUTE:
-         pass
-@@ -194,7 +200,8 @@ def test_ticket47462(topology):
-     # Get the agmt dn, and set the password
-     #
-     try:
--        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'objectclass=nsDS5ReplicationAgreement')
-+        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE,
-+                                          'objectclass=nsDS5ReplicationAgreement')
-         if entry:
-             agmt_dn = entry[0].dn
-             log.info('Found agmt dn (%s)' % agmt_dn)
-@@ -207,7 +214,8 @@ def test_ticket47462(topology):
- 
-     try:
-         properties = {RA_BINDPW: "password"}
--        topology.master1.agreement.setProperties(None, agmt_dn, None, properties)
-+        topology.master1.agreement.setProperties(None, agmt_dn, None,
-+                                                 properties)
-         log.info('Successfully modified replication agreement')
-     except ValueError:
-         log.error('Failed to update replica agreement: ' + AGMT_DN)
-@@ -220,12 +228,14 @@ def test_ticket47462(topology):
-         topology.master1.add_s(Entry((USER1_DN,
-                                       {'objectclass': "top person".split(),
-                                        'sn': 'sn',
-+                                       'description': 'DES value to convert',
-                                        'cn': 'test_user'})))
-         loop = 0
-         ent = None
-         while loop <= 10:
-             try:
--                ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE, "(objectclass=*)")
-+                ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE,
-+                                                "(objectclass=*)")
-                 break
-             except ldap.NO_SUCH_OBJECT:
-                 time.sleep(1)
-@@ -250,7 +260,8 @@ def test_ticket47462(topology):
-     # Check that the restart converted existing DES credentials
-     #
-     try:
--        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'nsDS5ReplicaCredentials=*')
-+        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE,
-+                                          'nsDS5ReplicaCredentials=*')
-         if entry:
-             val = entry[0].getValue('nsDS5ReplicaCredentials')
-             if val.startswith('{AES-'):
-@@ -259,22 +270,25 @@ def test_ticket47462(topology):
-                 log.fatal('Failed to convert credentials from DES to AES!')
-                 assert False
-         else:
--            log.fatal('Failed to find any entries with nsDS5ReplicaCredentials ')
-+            log.fatal('Failed to find entries with nsDS5ReplicaCredentials')
-             assert False
-     except ldap.LDAPError, e:
-         log.fatal('Failed to search for replica credentials: ' + e.message['desc'])
-         assert False
- 
-     #
--    # Check that the AES plugin exists, and has all the attributes listed in DES plugin.
--    # The attributes might not be in the expected order so check all the attributes.
-+    # Check that the AES plugin exists, and has all the attributes listed in
-+    # DES plugin.  The attributes might not be in the expected order so check
-+    # all the attributes.
-     #
-     try:
--        entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
-+        entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE,
-+                                          'objectclass=*')
-         if not entry[0].hasValue('nsslapd-pluginarg0', 'description') and \
-            not entry[0].hasValue('nsslapd-pluginarg1', 'description') and \
-            not entry[0].hasValue('nsslapd-pluginarg2', 'description'):
--            log.fatal('The AES plugin did not have the DES attribute copied over correctly')
-+            log.fatal('The AES plugin did not have the DES attribute copied ' +
-+                      'over correctly')
-             assert False
-         else:
-             log.info('The AES plugin was correctly setup')
-@@ -286,7 +300,8 @@ def test_ticket47462(topology):
-     # Check that the MMR plugin was updated
-     #
-     try:
--        entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
-+        entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE,
-+                                          'objectclass=*')
-         if not entry[0].hasValue('nsslapd-plugin-depends-on-named', 'AES'):
-             log.fatal('The MMR Plugin was not correctly updated')
-             assert False
-@@ -300,7 +315,8 @@ def test_ticket47462(topology):
-     # Check that the DES plugin was correctly updated
-     #
-     try:
--        entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
-+        entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE,
-+                                          'objectclass=*')
-         if not entry[0].hasValue('nsslapd-pluginPath', 'libpbe-plugin'):
-             log.fatal('The DES Plugin was not correctly updated')
-             assert False
-@@ -322,7 +338,8 @@ def test_ticket47462(topology):
-         ent = None
-         while loop <= 10:
-             try:
--                ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE, "(objectclass=*)")
-+                ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE,
-+                                                "(objectclass=*)")
-                 break
-             except ldap.NO_SUCH_OBJECT:
-                 time.sleep(1)
-@@ -336,30 +353,66 @@ def test_ticket47462(topology):
-         log.fatal('Failed to add test user: ' + e.message['desc'])
-         assert False
- 
-+    # Check the entry
-+    log.info('Entry before running task...')
-+    try:
-+        entry = topology.master1.search_s(USER1_DN,
-+                                          ldap.SCOPE_BASE,
-+                                          'objectclass=*')
-+        if entry:
-+            print(str(entry))
-+        else:
-+            log.fatal('Failed to find entries')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for entries: ' +
-+                  e.message['desc'])
-+        assert False
- 
--def test_ticket47462_final(topology):
--    topology.master1.delete()
--    topology.master2.delete()
--    log.info('Testcase PASSED')
--
--
--def run_isolated():
--    '''
--        run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
--        To run isolated without py.test, you need to
--            - edit this file and comment '@pytest.fixture' line before 'topology' function.
--            - set the installation prefix
--            - run this program
--    '''
--    global installation1_prefix
--    global installation2_prefix
--    installation1_prefix = None
--    installation2_prefix = None
-+    #
-+    # Test the DES2AES Task on USER1_DN
-+    #
-+    try:
-+        topology.master1.add_s(Entry((DES2AES_TASK_DN,
-+                                      {'objectclass': ['top',
-+                                                       'extensibleObject'],
-+                                       'suffix': DEFAULT_SUFFIX,
-+                                       'cn': 'convert'})))
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to add task entry: ' + e.message['desc'])
-+        assert False
- 
--    topo = topology(True)
--    test_ticket47462(topo)
--    test_ticket47462_final(topo)
-+    # Wait for task
-+    task_entry = Entry(DES2AES_TASK_DN)
-+    (done, exitCode) = topology.master1.tasks.checkTask(task_entry, True)
-+    if exitCode:
-+        log.fatal("Error: des2aes task exited with %d" % (exitCode))
-+        assert False
- 
-+    # Check the entry
-+    try:
-+        entry = topology.master1.search_s(USER1_DN,
-+                                          ldap.SCOPE_BASE,
-+                                          'objectclass=*')
-+        if entry:
-+            val = entry[0].getValue('description')
-+            print(str(entry[0]))
-+            if val.startswith('{AES-'):
-+                log.info('Task: DES credentials have been converted to AES')
-+            else:
-+                log.fatal('Task: Failed to convert credentials from DES to ' +
-+                          'AES! (%s)' % (val))
-+                assert False
-+        else:
-+            log.fatal('Failed to find entries')
-+            assert False
-+    except ldap.LDAPError as e:
-+        log.fatal('Failed to search for entries: ' +
-+                  e.message['desc'])
-+        assert False
- 
- if __name__ == '__main__':
--    run_isolated()
-+    # Run isolated
-+    # -s for DEBUG mode
-+    CURRENT_FILE = os.path.realpath(__file__)
-+    pytest.main("-s %s" % CURRENT_FILE)
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index d702129..29562ae 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -692,14 +692,12 @@ convert_pbe_des_to_aes()
-     Slapi_Entry **entries = NULL;
-     struct slapdplugin *plugin = NULL;
-     char **attrs = NULL;
--    char **backends = NULL;
-     char *val = NULL;
-     int converted_des_passwd = 0;
--    int disable_des = 1;
-     int result = -1;
-     int have_aes = 0;
-     int have_des = 0;
--    int i = 0, ii = 0, be_idx = 0;
-+    int i = 0, ii = 0;
- 
-     /*
-      * Check that AES plugin is enabled, and grab all the unique
-@@ -733,94 +731,56 @@ convert_pbe_des_to_aes()
- 
-     if(have_aes && have_des){
-         /*
--         * Build a list of all the backend dn's
-+         * Find any entries in cn=config that contain DES passwords and convert
-+         * them to AES
-          */
--        Slapi_Backend *be = NULL;
--        struct suffixlist *list;
--        char *cookie = NULL;
--
--        LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes:  "
--                "Checking for DES passwords to convert to AES...\n",0,0,0);
--
--        be = slapi_get_first_backend(&cookie);
--        while (be){
--            int suffix_idx = 0;
--            int count = slapi_counter_get_value(be->be_suffixcounter);
--
--            list = be->be_suffixlist;
--            for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) {
--                char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix);
--                if(charray_inlist(backends, suffix) || strlen(suffix) == 0){
--                    list = list->next;
--                    continue;
--                }
--                charray_add(&backends, slapi_ch_strdup(suffix));
--                list = list->next;
--            }
--            be = slapi_get_next_backend (cookie);
--        }
--        slapi_ch_free ((void **)&cookie);
-+        slapi_log_error(SLAPI_LOG_HOUSE,  "convert_pbe_des_to_aes",
-+                "Converting DES passwords to AES...\n");
- 
--        /*
--         * Search for the password attributes
--         */
-         for (i = 0; attrs && attrs[i]; i++){
-             char *filter = PR_smprintf("%s=*", attrs[i]);
--            /*
--             * Loop over all the backends looking for the password attribute
--             */
--            for(be_idx = 0; backends && backends[be_idx]; be_idx++){
--                pb = slapi_pblock_new();
--                slapi_search_internal_set_pb(pb, backends[be_idx],
--                        LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
--                        (void *)plugin_get_default_component_id(),
--                        SLAPI_OP_FLAG_IGNORE_UNINDEXED);
--                slapi_search_internal_pb(pb);
--                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
--                if (LDAP_SUCCESS != result) {
--                    slapi_log_error(SLAPI_LOG_TRACE, "convert_pbe_des_to_aes: ",
--                        "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
--                        attrs[i], result, backends[be_idx]);
--                    slapi_free_search_results_internal(pb);
--                    slapi_pblock_destroy(pb);
--                    pb = NULL;
--                    continue;
--                }
--                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
--                for (ii = 0; entries && entries[ii]; ii++){
--                    if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
--                        if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
--                            /*
--                             * We have a DES encoded password, convert it AES
--                             */
--                            Slapi_PBlock *mod_pb = NULL;
--                            Slapi_Value *sval = NULL;
--                            LDAPMod mod_replace;
--                            LDAPMod *mods[2];
--                            char *replace_val[2];
--                            char *passwd = NULL;
--
--                            /* decode the DES password */
--                            if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
--                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                                        "Failed to decode existing DES password for (%s)\n",
--                                        slapi_entry_get_dn(entries[ii]), 0, 0);
--                                disable_des = 0;
--                                goto done;
--                            }
- 
--                            /* encode the password */
-+            pb = slapi_pblock_new();
-+            slapi_search_internal_set_pb(pb, "cn=config",
-+                LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
-+                (void *)plugin_get_default_component_id(),
-+                SLAPI_OP_FLAG_IGNORE_UNINDEXED);
-+            slapi_search_internal_pb(pb);
-+            slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+            for (ii = 0; entries && entries[ii]; ii++){
-+                if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
-+                    if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
-+                        /*
-+                         * We have a DES encoded password, convert it to AES
-+                         */
-+                        Slapi_PBlock *mod_pb = NULL;
-+                        Slapi_Value *sval = NULL;
-+                        LDAPMod mod_replace;
-+                        LDAPMod *mods[2];
-+                        char *replace_val[2];
-+                        char *passwd = NULL;
-+                        int rc = 0;
-+
-+                        /* decode the DES password */
-+                        if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
-+                            slapi_log_error(SLAPI_LOG_FATAL ,"convert_pbe_des_to_aes",
-+                                    "Failed to decode existing DES password for (%s)\n",
-+                                    slapi_entry_get_dn(entries[ii]));
-+                            rc = -1;
-+                        }
-+
-+                        /* encode the password */
-+                        if (rc == 0){
-                             sval = slapi_value_new_string(passwd);
-                             if(pw_rever_encode(&sval, attrs[i]) == -1){
--                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+                                slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
-                                         "failed to encode AES password for (%s)\n",
--                                        slapi_entry_get_dn(entries[ii]), 0, 0);
--                                slapi_ch_free_string(&passwd);
--                                slapi_value_free(&sval);
--                                disable_des = 0;
--                                goto done;
-+                                        slapi_entry_get_dn(entries[ii]));
-+                                rc = -1;
-                             }
-+                        }
- 
-+                        if (rc == 0){
-                             /* replace the attribute in the entry */
-                             replace_val[0] = (char *)slapi_value_get_string(sval);
-                             replace_val[1] = NULL;
-@@ -837,83 +797,34 @@ convert_pbe_des_to_aes()
- 
-                             slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-                             if (LDAP_SUCCESS != result) {
--                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+                                slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes"
-                                         "Failed to convert password for (%s) error (%d)\n",
--                                        slapi_entry_get_dn(entries[ii]), result, 0);
--                                disable_des = 0;
-+                                        slapi_entry_get_dn(entries[ii]), result);
-                             } else {
--                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+                                slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes",
-                                         "Successfully converted password for (%s)\n",
--                                         slapi_entry_get_dn(entries[ii]), result, 0);
-+                                         slapi_entry_get_dn(entries[ii]));
-                                 converted_des_passwd = 1;
-                             }
--                            slapi_ch_free_string(&passwd);
--                            slapi_value_free(&sval);
--                            slapi_pblock_destroy(mod_pb);
-                         }
--                        slapi_ch_free_string(&val);
-+                        slapi_ch_free_string(&passwd);
-+                        slapi_value_free(&sval);
-+                        slapi_pblock_destroy(mod_pb);
-                     }
-+                    slapi_ch_free_string(&val);
-                 }
--                slapi_free_search_results_internal(pb);
--                slapi_pblock_destroy(pb);
--                pb = NULL;
-             }
-+            slapi_free_search_results_internal(pb);
-+            slapi_pblock_destroy(pb);
-+            pb = NULL;
-             slapi_ch_free_string(&filter);
-         }
-         if (!converted_des_passwd){
--            slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
-+            slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes",
-                 "No DES passwords found to convert.\n");
-         }
-     }
--
--done:
-     charray_free(attrs);
--    charray_free(backends);
--    slapi_free_search_results_internal(pb);
--    slapi_pblock_destroy(pb);
--
--    if (have_aes && have_des){
--        /*
--         * If a conversion attempt did not fail then we can disable the DES plugin
--         */
--        if(converted_des_passwd && disable_des){
--            /*
--             * Disable the DES plugin - this also prevents potentially expensive
--             * searches at every server startup.
--             */
--            LDAPMod mod_replace;
--            LDAPMod *mods[2];
--            char *replace_val[2];
--            char *des_dn = "cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config";
--
--            replace_val[0] = "off";
--            replace_val[1] = NULL;
--            mod_replace.mod_op = LDAP_MOD_REPLACE;
--            mod_replace.mod_type = "nsslapd-pluginEnabled";
--            mod_replace.mod_values = replace_val;
--            mods[0] = &mod_replace;
--            mods[1] = 0;
--
--            pb = slapi_pblock_new();
--            slapi_modify_internal_set_pb(pb, des_dn, mods, 0, 0,
--                    (void *)plugin_get_default_component_id(), 0);
--            slapi_modify_internal_pb(pb);
--            slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
--            if (LDAP_SUCCESS != result) {
--                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                        "Failed to disable DES plugin (%s), error (%d)\n",
--                        des_dn, result, 0);
--            } else {
--                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                        "Successfully disabled DES plugin (%s)\n",
--                        des_dn, 0, 0);
--            }
--            slapi_pblock_destroy(pb);
--            LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
--                      "All DES passwords have been converted to AES.\n",
--                      0, 0, 0);
--        }
--    }
- }
- 
- #ifdef ENABLE_NUNC_STANS
-diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
-index 4e222d7..883ef80 100644
---- a/ldap/servers/slapd/pw.c
-+++ b/ldap/servers/slapd/pw.c
-@@ -516,10 +516,10 @@ pw_rever_encode(Slapi_Value **vals, char * attr_name)
- 	for ( p = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME); p != NULL; p = p->plg_next )
- 	{
- 		char *L_attr = NULL;
--		int i = 0;
-+		int i = 0, ii = 0;
- 
- 		/* Get the appropriate encoding function */
--		for ( L_attr = p->plg_argv[i]; i<p->plg_argc; L_attr = p->plg_argv[++i] )
-+		for ( L_attr = p->plg_argv[ii]; ii<p->plg_argc; L_attr = p->plg_argv[++ii] )
- 		{
- 			if (slapi_attr_types_equivalent(L_attr, attr_name))
- 			{
-diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
-index db3c222..405f0bf 100644
---- a/ldap/servers/slapd/task.c
-+++ b/ldap/servers/slapd/task.c
-@@ -53,6 +53,8 @@ static int shutting_down = 0;
- #define TASK_TOMBSTONE_FIXUP_BACKEND "backend"
- #define TASK_TOMBSTONE_FIXUP_SUFFIX "suffix"
- #define TASK_TOMBSTONE_FIXUP_STRIPCSN "stripcsn"
-+#define TASK_DES2AES "des2aes task"
-+
- 
- #define LOG_BUFFER              256
- /* if the cumul. log gets larger than this, it's truncated: */
-@@ -83,8 +85,10 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
-                               const char *default_val);
- static Slapi_Entry *get_internal_entry(Slapi_PBlock *pb, char *dn);
- static void modify_internal_entry(char *dn, LDAPMod **mods);
--
- static void fixup_tombstone_task_destructor(Slapi_Task *task);
-+static void task_des2aes_thread(void *arg);
-+static void des2aes_task_destructor(Slapi_Task *task);
-+
- 
- /***********************************
-  * Public Functions
-@@ -2425,6 +2429,345 @@ fixup_tombstone_task_destructor(Slapi_Task *task)
-                     "fixup_tombstone_task_destructor <--\n" );
- }
- 
-+/*
-+ * des2aes Task
-+ *
-+ * Convert any DES passwords to AES
-+ *
-+ * dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config
-+ * objectclass: top
-+ * objectclass: extensibleObject
-+ * suffix: dc=example,dc=com (If empty all backends are checked)
-+ * suffix: dc=other,dc=suffix
-+ */
-+struct task_des2aes_data
-+{
-+    char **suffixes;
-+    Slapi_Task *task;
-+};
-+
-+static int
-+task_des2aes(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
-+             int *returncode, char *returntext, void *arg)
-+{
-+    struct task_des2aes_data *task_data = NULL;
-+    PRThread *thread = NULL;
-+    Slapi_Task *task = NULL;
-+    char **suffix = NULL;
-+    char **bases = NULL;
-+    int rc = SLAPI_DSE_CALLBACK_OK;
-+
-+    /* Get the suffixes */
-+    if((suffix = slapi_entry_attr_get_charray(e, "suffix"))){
-+        int i;
-+        for (i = 0; suffix && suffix[i]; i++){
-+            /* Make sure "suffix" is NUL terminated string */
-+            char *dn = slapi_create_dn_string("%s", suffix[i]);
-+
-+            if(dn){
-+                if(slapi_dn_syntax_check(pb, dn, 1)){
-+                    /* invalid suffix name */
-+                    PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+                        "Invalid DN syntax (%s) specified for \"suffix\"\n",
-+                        suffix[i]);
-+                    *returncode = LDAP_INVALID_DN_SYNTAX;
-+                    slapi_ch_free_string(&dn);
-+                    rc = SLAPI_DSE_CALLBACK_ERROR;
-+                    goto error;
-+                } else {
-+                    slapi_ch_array_add(&bases, dn);
-+                }
-+            } else{
-+                PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+                    "Invalid DN (%s) specified for \"suffix\"\n", suffix[i]);
-+                    *returncode = LDAP_INVALID_DN_SYNTAX;
-+                rc = SLAPI_DSE_CALLBACK_ERROR;
-+                goto error;
-+            }
-+        }
-+    }
-+
-+    /* Build the task data and fire off a thread to perform the conversion */
-+    task = slapi_new_task(slapi_entry_get_ndn(e));
-+
-+    /* register our destructor for cleaning up our private data */
-+    slapi_task_set_destructor_fn(task, des2aes_task_destructor);
-+    task_data = (struct task_des2aes_data *)slapi_ch_calloc(1, sizeof(struct task_des2aes_data));
-+    task_data->suffixes = bases;
-+    task_data->task = task;
-+
-+    /* Start the conversion thread */
-+    thread = PR_CreateThread(PR_USER_THREAD, task_des2aes_thread,
-+                             (void *)task_data, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-+                             PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE);
-+    if (thread == NULL) {
-+        PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+                "unable to create des2aes thread!\n");
-+        slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                        "unable to create des2aes thread!\n");
-+        *returncode = LDAP_OPERATIONS_ERROR;
-+        slapi_task_finish(task, *returncode);
-+        rc = SLAPI_DSE_CALLBACK_ERROR;
-+    }
-+
-+error:
-+    if (rc == SLAPI_DSE_CALLBACK_ERROR){
-+        slapi_ch_array_free(bases);
-+        slapi_ch_array_free(suffix);
-+        slapi_ch_free((void **)&task_data);
-+    }
-+    return rc;
-+}
-+
-+static void
-+task_des2aes_thread(void *arg)
-+{
-+    struct task_des2aes_data *task_data = arg;
-+    Slapi_PBlock *pb = NULL;
-+    Slapi_Entry **entries = NULL;
-+    Slapi_Task *task = task_data->task;
-+    struct slapdplugin *plugin = NULL;
-+    char **attrs = NULL;
-+    char **backends = NULL;
-+    char *val = NULL;
-+    int converted_des_passwd = 0;
-+    int result = -1;
-+    int have_aes = 0;
-+    int have_des = 0;
-+    int i = 0, ii = 0, be_idx = 0;
-+    int rc = 0;
-+
-+    /*
-+     * Check that AES plugin is enabled, and grab all the unique
-+     * password attributes.
-+     */
-+    for ( plugin = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME);
-+          plugin != NULL;
-+          plugin = plugin->plg_next )
-+    {
-+        char *plugin_arg = NULL;
-+
-+        if(plugin->plg_started && strcasecmp(plugin->plg_name, "AES") == 0){
-+            /* We have the AES plugin, and its enabled */
-+            have_aes = 1;
-+        }
-+        if(plugin->plg_started && strcasecmp(plugin->plg_name, "DES") == 0){
-+            /* We have the DES plugin, and its enabled */
-+            have_des = 1;
-+        }
-+        /* Gather all the unique password attributes from all the PBE plugins */
-+        for ( i = 0, plugin_arg = plugin->plg_argv[i];
-+              i < plugin->plg_argc;
-+              plugin_arg = plugin->plg_argv[++i] )
-+        {
-+            if(charray_inlist(attrs, plugin_arg)){
-+                continue;
-+            }
-+            charray_add(&attrs, slapi_ch_strdup(plugin_arg));
-+        }
-+    }
-+
-+    if(have_aes && have_des){
-+        if(task_data->suffixes == NULL){
-+            /*
-+             * Build a list of all the backend dn's
-+             */
-+            Slapi_Backend *be = NULL;
-+            struct suffixlist *list;
-+            char *cookie = NULL;
-+
-+            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                "Checking for DES passwords to convert to AES...\n");
-+            slapi_task_log_notice(task,
-+                "Checking for DES passwords to convert to AES...\n");
-+
-+            be = slapi_get_first_backend(&cookie);
-+            while (be){
-+                int suffix_idx = 0;
-+                int count = slapi_counter_get_value(be->be_suffixcounter);
-+
-+                list = be->be_suffixlist;
-+                for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) {
-+                    char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix);
-+                    if(charray_inlist(backends, suffix) || strlen(suffix) == 0){
-+                        list = list->next;
-+                        continue;
-+                    }
-+                    charray_add(&backends, slapi_ch_strdup(suffix));
-+                    list = list->next;
-+                }
-+                be = slapi_get_next_backend (cookie);
-+            }
-+            slapi_ch_free ((void **)&cookie);
-+        } else {
-+            backends = task_data->suffixes;
-+        }
-+
-+        /*
-+         * Search for the password attributes
-+         */
-+        for (i = 0; attrs && attrs[i]; i++){
-+            char *filter = PR_smprintf("%s=*", attrs[i]);
-+            /*
-+             * Loop over all the backends looking for the password attribute
-+             */
-+            for(be_idx = 0; backends && backends[be_idx]; be_idx++){
-+                pb = slapi_pblock_new();
-+                slapi_search_internal_set_pb(pb, backends[be_idx],
-+                        LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
-+                        (void *)plugin_get_default_component_id(),
-+                        SLAPI_OP_FLAG_IGNORE_UNINDEXED);
-+                slapi_search_internal_pb(pb);
-+                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-+                if (LDAP_SUCCESS != result) {
-+                    slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes: ",
-+                        "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
-+                        attrs[i], result, backends[be_idx]);
-+                    slapi_task_log_notice(task,
-+                        "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
-+                        attrs[i], result, backends[be_idx]);
-+                    slapi_free_search_results_internal(pb);
-+                    slapi_pblock_destroy(pb);
-+                    pb = NULL;
-+                    continue;
-+                }
-+                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+                for (ii = 0; entries && entries[ii]; ii++){
-+                    if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
-+                        if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
-+                            /*
-+                             * We have a DES encoded password, convert it AES
-+                             */
-+                            Slapi_PBlock *mod_pb = NULL;
-+                            Slapi_Value *sval = NULL;
-+                            LDAPMod mod_replace;
-+                            LDAPMod *mods[2];
-+                            char *replace_val[2];
-+                            char *passwd = NULL;
-+
-+                            /* Decode the DES password */
-+                            if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
-+                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                                        "Failed to decode existing DES password for (%s)\n",
-+                                        slapi_entry_get_dn(entries[ii]));
-+                                slapi_task_log_notice(task,
-+                                    "Failed to decode existing DES password for (%s)\n",
-+                                    slapi_entry_get_dn(entries[ii]));
-+                                rc = 1;
-+                                goto done;
-+                            }
-+
-+                            /* Encode the password */
-+                            sval = slapi_value_new_string(passwd);
-+                            if(pw_rever_encode(&sval, attrs[i]) == -1){
-+                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                                    "failed to encode AES password for (%s)\n",
-+                                    slapi_entry_get_dn(entries[ii]));
-+                                slapi_task_log_notice(task,
-+                                    "failed to encode AES password for (%s)\n",
-+                                    slapi_entry_get_dn(entries[ii]));
-+                                slapi_ch_free_string(&passwd);
-+                                slapi_value_free(&sval);
-+                                rc = 1;
-+                                goto done;
-+                            }
-+
-+                            /* Replace the attribute in the entry */
-+                            replace_val[0] = (char *)slapi_value_get_string(sval);
-+                            replace_val[1] = NULL;
-+                            mod_replace.mod_op = LDAP_MOD_REPLACE;
-+                            mod_replace.mod_type = attrs[i];
-+                            mod_replace.mod_values = replace_val;
-+                            mods[0] = &mod_replace;
-+                            mods[1] = 0;
-+
-+                            mod_pb = slapi_pblock_new();
-+                            slapi_modify_internal_set_pb(mod_pb, slapi_entry_get_dn(entries[ii]),
-+                                    mods, 0, 0, (void *)plugin_get_default_component_id(), 0);
-+                            slapi_modify_internal_pb(mod_pb);
-+
-+                            slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-+                            if (LDAP_SUCCESS != result) {
-+                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                                    "Failed to convert password for (%s) error (%d)\n",
-+                                    slapi_entry_get_dn(entries[ii]), result);
-+                                slapi_task_log_notice(task,
-+                                    "Failed to convert password for (%s) error (%d)\n",
-+                                    slapi_entry_get_dn(entries[ii]), result);
-+                                rc = 1;
-+                            } else {
-+                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                                    "Successfully converted password for (%s)\n",
-+                                     slapi_entry_get_dn(entries[ii]));
-+                                slapi_task_log_notice(task,
-+                                   "Successfully converted password for (%s)\n",
-+                                    slapi_entry_get_dn(entries[ii]));
-+                                converted_des_passwd = 1;
-+                            }
-+                            slapi_ch_free_string(&passwd);
-+                            slapi_value_free(&sval);
-+                            slapi_pblock_destroy(mod_pb);
-+                        }
-+                        slapi_ch_free_string(&val);
-+                    }
-+                }
-+                slapi_free_search_results_internal(pb);
-+                slapi_pblock_destroy(pb);
-+                pb = NULL;
-+            }
-+            slapi_ch_free_string(&filter);
-+        }
-+        if (!converted_des_passwd){
-+            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                "No DES passwords found to convert.\n");
-+            slapi_task_log_notice(task, "No DES passwords found to convert.\n");
-+        }
-+    } else {
-+        /* No AES/DES */
-+        if (!have_des){
-+            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                            "DES plugin not enabled\n");
-+            slapi_task_log_notice(task, "DES plugin not enabled\n");
-+        }
-+        if (!have_aes){
-+            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+                        "AES plugin not enabled\n");
-+            slapi_task_log_notice(task, "AES plugin not enabled\n");
-+        }
-+        slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+            "Unable to convert passwords\n");
-+        slapi_task_log_notice(task, "Unable to convert passwords\n");
-+        rc = 1;
-+    }
-+
-+done:
-+    charray_free(attrs);
-+    charray_free(backends);
-+    slapi_free_search_results_internal(pb);
-+    slapi_pblock_destroy(pb);
-+    slapi_task_finish(task, rc);
-+}
-+
-+static void
-+des2aes_task_destructor(Slapi_Task *task)
-+{
-+    slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES,
-+                    "des2aes_task_destructor -->\n" );
-+    if (task) {
-+        struct task_des2aes_data *task_data = (struct task_des2aes_data *)slapi_task_get_data(task);
-+        while (slapi_task_get_refcount(task) > 0) {
-+            /* Yield to wait for the task to finish. */
-+            DS_Sleep (PR_MillisecondsToInterval(100));
-+        }
-+        if (task_data) {
-+            slapi_ch_array_free(task_data->suffixes);
-+            slapi_ch_free((void **)&task_data);
-+        }
-+    }
-+    slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES,
-+                    "des2aes_task_destructor <--\n" );
-+}
-+
- /* cleanup old tasks that may still be in the DSE from a previous session
-  * (this can happen if the server crashes [no matter how unlikely we like
-  * to think that is].)
-@@ -2506,6 +2849,7 @@ void task_init(void)
-     slapi_task_register_handler("upgradedb", task_upgradedb_add);
-     slapi_task_register_handler("sysconfig reload", task_sysconfig_reload_add);
-     slapi_task_register_handler("fixup tombstones", task_fixup_tombstones_add);
-+    slapi_task_register_handler("des2aes", task_des2aes);
- }
- 
- /* called when the server is shutting down -- abort all existing tasks */
--- 
-2.4.11
-
diff --git a/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch b/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch
deleted file mode 100644
index c6fda99..0000000
--- a/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch
+++ /dev/null
@@ -1,744 +0,0 @@
-From a39e2b7cba91b9f13fe54123b7e8b510bf5bcee8 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Wed, 8 Jun 2016 11:28:07 +0200
-Subject: [PATCH 95/99] Ticket 48766 - Replication changelog can incorrectly
- skip over updates
-
-Bug Description:
-      The changelog iterator uses a buffer to load and send changes, when the buffer is empty
-      there were scenarios when the straing point for reloading the buffer was incorrectly set
-      and changes were skipped
-
-Fix Description: reworked clcach buffer code following design at
-      http://www.port389.org/docs/389ds/design/changelog-processing-in-repl-state-sending-updates.html
-
-https://fedorahosted.org/389/ticket/48766
-
-Reviewed by: Mark and Thierry, thanks
-
-(cherry picked from commit b08df71aa9eb18572f58e55e8d6b9ef7fe181773)
-(cherry picked from commit ec15a75ccdba713e4d74dcd760e3244ba43b6191)
----
- ldap/servers/plugins/replication/cl5_api.c     | 171 +++------------
- ldap/servers/plugins/replication/cl5_clcache.c | 292 +++++++++++++++----------
- ldap/servers/plugins/replication/cl5_clcache.h |   2 +-
- 3 files changed, 214 insertions(+), 251 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
-index ae23353..3adaf86 100644
---- a/ldap/servers/plugins/replication/cl5_api.c
-+++ b/ldap/servers/plugins/replication/cl5_api.c
-@@ -5489,18 +5489,13 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- {
- 	CLC_Buffer *clcache = NULL;
- 	CL5DBFile *file;
--    int i;
--    CSN **csns = NULL;
-     CSN *startCSN = NULL;
--    CSN *minCSN = NULL;
-     char csnStr [CSN_STRSIZE];
-     int rc = CL5_SUCCESS;
-     Object *supplierRuvObj = NULL;
-     RUV *supplierRuv = NULL;
--    PRBool newReplica;
-     PRBool haveChanges = PR_FALSE;
- 	char *agmt_name;
--	ReplicaId rid;
- 
-     PR_ASSERT (consumerRuv && replica && fileObj && iterator);
- 	csnStr[0] = '\0';
-@@ -5528,111 +5523,32 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- 		ruv_dump (supplierRuv, agmt_name, NULL);
- 	}
-    
--	/*
--	 * get the sorted list of SupplierMinCSN (if no ConsumerMaxCSN)
--	 * and ConsumerMaxCSN for those RIDs where consumer is not
--	 * up-to-date.
--	 */
--    csns = cl5BuildCSNList (consumerRuv, supplierRuv);
--    if (csns == NULL)
--    {
--        rc = CL5_NOTFOUND;
--        goto done;
--    }
- 
--	/* iterate over elements of consumer's (and/or supplier's) ruv */
--    for (i = 0; csns[i]; i++)
--    {
--        CSN *consumerMaxCSN = NULL;
--
--		rid = csn_get_replicaid(csns[i]);
--
--		/*
--		 * Skip CSN that is originated from the consumer.
--		 * If RID==65535, the CSN is originated from a
--		 * legacy consumer. In this case the supplier
--		 * and the consumer may have the same RID.
--		 */
--		if ((rid == consumerRID && rid != MAX_REPLICA_ID) || (is_cleaned_rid(rid)) )
--			continue;
-+	/* initialize the changelog buffer and do the initial load */
- 
--        startCSN = csns[i];
-+	rc = clcache_get_buffer ( &clcache, file->db, consumerRID, consumerRuv, supplierRuv );
-+	if ( rc != 0 ) goto done;
- 
--		rc = clcache_get_buffer ( &clcache, file->db, consumerRID, consumerRuv, supplierRuv );
--		if ( rc != 0 ) goto done;
--
--	    /* This is the first loading of this iteration. For replicas
--		 * already known to the consumer, we exclude the last entry
--		 * sent to the consumer by using DB_NEXT. However, for
--		 * replicas new to the consumer, we include the first change
--		 * ever generated by that replica.
--		 */
--		newReplica = ruv_get_largest_csn_for_replica (consumerRuv, rid, &consumerMaxCSN);
--		csn_free(&consumerMaxCSN);
--		rc = clcache_load_buffer (clcache, startCSN, (newReplica ? DB_SET : DB_NEXT));
--
--		/* there is a special case which can occur just after migration - in this case,
--		the consumer RUV will contain the last state of the supplier before migration,
--		but the supplier will have an empty changelog, or the supplier changelog will
--		not contain any entries within the consumer min and max CSN - also, since
--		the purge RUV contains no CSNs, the changelog has never been purged
--		ASSUMPTIONS - it is assumed that the supplier had no pending changes to send
--		to any consumers; that is, we can assume that no changes were lost due to
--		either changelog purging or database reload - bug# 603061 - richm@netscape.com
--		*/
--        if ((rc == DB_NOTFOUND) && !ruv_has_csns(file->purgeRUV))
--        {
--            char mincsnStr[CSN_STRSIZE];
--
--            /* use the supplier min csn for the buffer start csn - we know
--               this csn is in our changelog */
--            if ((RUV_SUCCESS == ruv_get_min_csn_ext(supplierRuv, &minCSN, 1 /* ignore cleaned rids */)) &&
--                minCSN)
--            { /* must now free startCSN */
--                if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
--                    csn_as_string(startCSN, PR_FALSE, csnStr);
--                    csn_as_string(minCSN, PR_FALSE, mincsnStr);
--                    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, 
--                                    "%s: CSN %s not found and no purging, probably a reinit\n",
--                                    agmt_name, csnStr);
--                    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, 
--                                    "%s: Will try to use supplier min CSN %s to load changelog\n",
--                                    agmt_name, mincsnStr);
--                }
--                startCSN = minCSN;
--                rc = clcache_load_buffer (clcache, startCSN, DB_SET);
--            }
--            else
--            {
--                if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
--                    csn_as_string(startCSN, PR_FALSE, csnStr); 
--                    slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
--                                    "%s: CSN %s not found and no purging, probably a reinit\n",
--                                    agmt_name, csnStr);
--                    slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
--                                    "%s: Could not get the min csn from the supplier RUV\n",
--                                    agmt_name);
--                }
--                rc = CL5_RUV_ERROR;
--                goto done;
--            }
--        }
-+	rc = clcache_load_buffer (clcache, &startCSN);
- 
-         if (rc == 0) {
--            haveChanges = PR_TRUE;
--            rc = CL5_SUCCESS;
--            if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
--                csn_as_string(startCSN, PR_FALSE, csnStr); 
--                slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, 
--                                "%s: CSN %s found, position set for replay\n", agmt_name, csnStr);
--            }
--            if (startCSN != csns[i]) {
--                csn_free(&startCSN);
--            }
--            break;
-+		haveChanges = PR_TRUE;
-+		rc = CL5_SUCCESS;
-+		if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+			csn_as_string(startCSN, PR_FALSE, csnStr);
-+			slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+				"%s: CSN %s found, position set for replay\n", agmt_name, csnStr);
-+		}
-         }
--        else if (rc == DB_NOTFOUND)  /* entry not found */
--        {
-+        else if (rc == DB_NOTFOUND)   {
-+	    /* buffer not loaded.
-+	     * either because no changes have to be sent ==> startCSN is NULL
-+	     * or the calculated startCSN cannot be found in the changelog
-+	     */
-+	    if (startCSN == NULL) {
-+		rc = CL5_NOTFOUND;
-+		goto done;
-+	    }
-             /* check whether this csn should be present */
-             rc = _cl5CheckMissingCSN (startCSN, supplierRuv, file);
-             if (rc == CL5_MISSING_DATA)  /* we should have had the change but we don't */
-@@ -5650,17 +5566,6 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
-                                 "%s: CSN %s not found, we aren't as up to date, or we purged\n", 
-                                 agmt_name, csnStr);
-             }
--            if (startCSN != csns[i]) {
--                csn_free(&startCSN);
--            }
--            if (rc == CL5_MISSING_DATA)  /* we should have had the change but we don't */
--            {
--                break;
--            }
--            else /* we are not as up to date or we purged */
--            {
--                continue;
--            } 
-         }
-         else
-         {
-@@ -5669,34 +5574,29 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
-                             "%s: Failed to retrieve change with CSN %s; db error - %d %s\n", 
-                             agmt_name, csnStr, rc, db_strerror(rc));
--            if (startCSN != csns[i]) {
--                csn_free(&startCSN);
--            }
- 
-             rc = CL5_DB_ERROR;
--            break;
--        }
-+    }
- 
--    } /* end for */
- 
-     /* setup the iterator */
-     if (haveChanges)
-     {
--	    *iterator = (CL5ReplayIterator*) slapi_ch_calloc (1, sizeof (CL5ReplayIterator));
-+	*iterator = (CL5ReplayIterator*) slapi_ch_calloc (1, sizeof (CL5ReplayIterator));
- 
--	    if (*iterator == NULL)
--	    {
--		    slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
-+        if (*iterator == NULL)
-+	{
-+            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
- 						"%s: _cl5PositionCursorForReplay: failed to allocate iterator\n", agmt_name);
--		    rc = CL5_MEMORY_ERROR;
--		    goto done;
--	    }
-+            rc = CL5_MEMORY_ERROR;
-+	    goto done;
-+	}
- 
-         /* ONREPL - should we make a copy of both RUVs here ?*/
--		(*iterator)->fileObj = fileObj;
--		(*iterator)->clcache = clcache; clcache = NULL;
--		(*iterator)->consumerRID = consumerRID;
--	    (*iterator)->consumerRuv = consumerRuv;
-+	(*iterator)->fileObj = fileObj;
-+	(*iterator)->clcache = clcache; clcache = NULL;
-+	(*iterator)->consumerRID = consumerRID;
-+	(*iterator)->consumerRuv = consumerRuv;
-         (*iterator)->supplierRuvObj = supplierRuvObj;
-     }
-     else if (rc == CL5_SUCCESS)
-@@ -5706,11 +5606,8 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
-     }
- 
- done:
--	if ( clcache )
--		clcache_return_buffer ( &clcache );
--
--    if (csns)
--        cl5DestroyCSNList (&csns);
-+    if ( clcache )
-+	clcache_return_buffer ( &clcache );
- 
-     if (rc != CL5_SUCCESS)
-     {
-diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
-index b53d7c0..2d3bb28 100644
---- a/ldap/servers/plugins/replication/cl5_clcache.c
-+++ b/ldap/servers/plugins/replication/cl5_clcache.c
-@@ -39,6 +39,7 @@
- #define DEFAULT_CLC_BUFFER_COUNT_MAX		0
- #define DEFAULT_CLC_BUFFER_PAGE_COUNT		32
- #define DEFAULT_CLC_BUFFER_PAGE_SIZE		1024
-+#define WORK_CLC_BUFFER_PAGE_SIZE 8*DEFAULT_CLC_BUFFER_PAGE_SIZE
- 
- enum {
- 	CLC_STATE_READY = 0,		/* ready to iterate */
-@@ -56,8 +57,9 @@ struct csn_seq_ctrl_block {
- 	ReplicaId	rid;				/* RID this block serves */
- 	CSN			*consumer_maxcsn;	/* Don't send CSN <= this */
- 	CSN			*local_maxcsn;		/* Don't send CSN > this */
--	CSN			*prev_local_maxcsn;	/* */
--	int			state;				/* CLC_STATE_* */
-+	CSN			*prev_local_maxcsn;	/* Copy of last state at buffer loading */
-+	CSN			*local_mincsn;		/* Used to determin anchor csn*/
-+	int			state;			/* CLC_STATE_* */
- };
- 
- /*
-@@ -70,6 +72,8 @@ struct clc_buffer {
- 	ReplicaId	 buf_consumer_rid;	/* help checking threshold csn */
- 	const RUV	*buf_consumer_ruv;	/* used to skip change */
- 	const RUV	*buf_local_ruv;		/* used to refresh local_maxcsn */
-+	int		buf_ignoreConsumerRID;	/* how to handle updates from consumer */
-+	int	 	buf_load_cnt;		/* number of loads for session */
- 
- 	/*
- 	 * fields for retriving data from DB
-@@ -90,7 +94,6 @@ struct clc_buffer {
- 	int			 buf_max_cscbs;
- 
- 	/* fields for debugging stat */
--	int		 	 buf_load_cnt;		/* number of loads for session */
- 	int		 	 buf_record_cnt;	/* number of changes for session */
- 	int		 	 buf_record_skipped;	/* number of changes skipped */
- 	int		 	 buf_skipped_new_rid;	/* number of changes skipped due to new_rid */
-@@ -133,7 +136,8 @@ struct clc_pool {
- static struct clc_pool *_pool = NULL;	/* process's buffer pool */
- 
- /* static prototypes */
--static int	clcache_adjust_anchorcsn ( CLC_Buffer *buf );
-+static int	clcache_initial_anchorcsn ( CLC_Buffer *buf, int *flag );
-+static int	clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag );
- static void	clcache_refresh_consumer_maxcsns ( CLC_Buffer *buf );
- static int	clcache_refresh_local_maxcsns ( CLC_Buffer *buf );
- static int	clcache_skip_change ( CLC_Buffer *buf );
-@@ -251,8 +255,23 @@ clcache_get_buffer ( CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV
- 	}
- 
- 	if ( NULL != *buf ) {
-+		CSN *c_csn = NULL;
-+		CSN *l_csn = NULL;
- 		(*buf)->buf_consumer_ruv = consumer_ruv;
- 		(*buf)->buf_local_ruv = local_ruv;
-+		(*buf)->buf_load_flag = DB_MULTIPLE_KEY;
-+		ruv_get_largest_csn_for_replica (consumer_ruv, consumer_rid, &c_csn);
-+		ruv_get_largest_csn_for_replica (local_ruv, consumer_rid, &l_csn);
-+		if (l_csn && csn_compare(l_csn, c_csn) > 0) {
-+			/* the supplier has updates for the consumer RID and
-+			 * these updates are newer than on the consumer
-+			 */
-+			(*buf)->buf_ignoreConsumerRID = 0;
-+		} else {
-+			(*buf)->buf_ignoreConsumerRID = 1;
-+		}
-+		csn_free(&c_csn);
-+		csn_free(&l_csn);
- 	}
- 	else {
- 		slapi_log_error ( SLAPI_LOG_FATAL, get_thread_private_agmtname(),
-@@ -305,36 +324,25 @@ clcache_return_buffer ( CLC_Buffer **buf )
-  *		       historic reason.
-  */
- int
--clcache_load_buffer ( CLC_Buffer *buf, CSN *anchorcsn, int flag )
-+clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN )
- {
- 	int rc = 0;
-+        int flag = DB_NEXT;
- 
-+	if (anchorCSN) *anchorCSN = NULL;
- 	clcache_refresh_local_maxcsns ( buf );
- 
--	/* Set the loading key */
--	if ( anchorcsn ) {
-+	if (buf->buf_load_cnt == 0 ) {
- 		clcache_refresh_consumer_maxcsns ( buf );
--		buf->buf_load_flag = DB_MULTIPLE_KEY;
--		csn_as_string ( anchorcsn, 0, (char*)buf->buf_key.data );
--		slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
--				"session start: anchorcsn=%s\n", (char*)buf->buf_key.data );
--	}
--	else if ( csn_get_time(buf->buf_current_csn) == 0 ) {
--		/* time == 0 means this csn has never been set */
--		rc = DB_NOTFOUND;
--	}
--	else if ( clcache_adjust_anchorcsn ( buf ) != 0 ) {
--		rc = DB_NOTFOUND;
--	}
--	else {
--		csn_as_string ( buf->buf_current_csn, 0, (char*)buf->buf_key.data );
--		slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
--				"load next: anchorcsn=%s\n", (char*)buf->buf_key.data );
-+		rc = clcache_initial_anchorcsn ( buf, &flag );
-+        } else {
-+		rc = clcache_adjust_anchorcsn ( buf, &flag );
- 	}
- 
- 	if ( rc == 0 ) {
- 
- 		buf->buf_state = CLC_STATE_READY;
-+		if (anchorCSN) *anchorCSN = buf->buf_current_csn;
- 		rc = clcache_load_buffer_bulk ( buf, flag );
- 
- 		/* Reset some flag variables */
-@@ -344,21 +352,15 @@ clcache_load_buffer ( CLC_Buffer *buf, CSN *anchorcsn, int flag )
- 				buf->buf_cscbs[i]->state = CLC_STATE_READY;
- 			}
- 		}
--		else if ( anchorcsn ) {
--			/* Report error only when the missing is persistent */
--			if ( buf->buf_missing_csn && csn_compare (buf->buf_missing_csn, anchorcsn) == 0 ) {
--				if (!buf->buf_prev_missing_csn || csn_compare (buf->buf_prev_missing_csn, anchorcsn)) {
--					slapi_log_error ( SLAPI_LOG_FATAL, buf->buf_agmt_name,
--						"Can't locate CSN %s in the changelog (DB rc=%d). If replication stops, the consumer may need to be reinitialized.\n",
--						(char*)buf->buf_key.data, rc );
--					csn_dup_or_init_by_csn (&buf->buf_prev_missing_csn, anchorcsn);
--				}
--			}
--			else {
--				csn_dup_or_init_by_csn (&buf->buf_missing_csn, anchorcsn);
--			}
-+		else {
-+			slapi_log_error ( SLAPI_LOG_FATAL, buf->buf_agmt_name,
-+					"Can't locate CSN %s in the changelog (DB rc=%d). If replication stops, the consumer may need to be reinitialized.\n",
-+					(char*)buf->buf_key.data, rc );
- 		}
-+	} else if (rc == CLC_STATE_DONE) {
-+		rc = DB_NOTFOUND;
- 	}
-+
- 	if ( rc != 0 ) {
- 		slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
- 				"clcache_load_buffer: rc=%d\n", rc );
-@@ -483,7 +485,7 @@ clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **da
- 		 * We're done with the current buffer. Now load the next chunk.
- 		 */
- 		if ( NULL == *key && CLC_STATE_READY == buf->buf_state ) {
--			rc = clcache_load_buffer ( buf, NULL, DB_NEXT );
-+			rc = clcache_load_buffer ( buf, NULL );
- 			if ( 0 == rc && buf->buf_record_ptr ) {
- 				DB_MULTIPLE_KEY_NEXT ( buf->buf_record_ptr, &buf->buf_data,
- 								   *key, *keylen, *data, *datalen );
-@@ -521,7 +523,6 @@ clcache_refresh_consumer_maxcsns ( CLC_Buffer *buf )
- 	int i;
- 
- 	for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
--		csn_free(&buf->buf_cscbs[i]->consumer_maxcsn);
- 		ruv_get_largest_csn_for_replica (
- 				buf->buf_consumer_ruv,
- 				buf->buf_cscbs[i]->rid,
-@@ -538,14 +539,11 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data )
- 	int i;
- 
- 	rid = csn_get_replicaid ( rid_data->csn );
--
--	/*
--	 * No need to create cscb for consumer's RID.
--	 * If RID==65535, the CSN is originated from a
--	 * legacy consumer. In this case the supplier
--	 * and the consumer may have the same RID.
-+	/* we do not handle updates originated at the consumer if not required
-+	 * and we ignore RID which have been cleaned
- 	 */
--	if ( rid == buf->buf_consumer_rid && rid != MAX_REPLICA_ID )
-+	if ( (rid == buf->buf_consumer_rid && buf->buf_ignoreConsumerRID) ||
-+		is_cleaned_rid(rid) )
- 		return rc;
- 
- 	for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-@@ -564,9 +562,20 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data )
- 		}
- 		buf->buf_cscbs[i]->rid = rid;
- 		buf->buf_num_cscbs++;
-+		/* this is the first time we have a local change for the RID
-+		 * we need to check what the consumer knows about it.
-+		 */
-+		ruv_get_largest_csn_for_replica (
-+				buf->buf_consumer_ruv,
-+				buf->buf_cscbs[i]->rid,
-+				&buf->buf_cscbs[i]->consumer_maxcsn );
- 	}
- 
-+	if (buf->buf_cscbs[i]->local_maxcsn)
-+	    csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->prev_local_maxcsn, buf->buf_cscbs[i]->local_maxcsn );
-+
- 	csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->local_maxcsn, rid_data->csn );
-+	csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->local_mincsn, rid_data->min_csn );
- 
- 	if ( buf->buf_cscbs[i]->consumer_maxcsn &&
- 		 csn_compare (buf->buf_cscbs[i]->consumer_maxcsn, rid_data->csn) >= 0 ) {
-@@ -580,88 +589,147 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data )
- static int
- clcache_refresh_local_maxcsns ( CLC_Buffer *buf )
- {
--	int i;
- 
--	for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
--		csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->prev_local_maxcsn,
--								  buf->buf_cscbs[i]->local_maxcsn );
--	}
- 	return ruv_enumerate_elements ( buf->buf_local_ruv, clcache_refresh_local_maxcsn, buf );
- }
- 
- /*
-  * Algorithm:
-  *
-- *	1. Snapshot local RUVs;
-- *	2. Load buffer;
-- *	3. Send to the consumer only those CSNs that are covered
-- *	   by the RUVs snapshot taken in the first step;
-- *	   All CSNs that are covered by the RUVs snapshot taken in the
-- *	   first step are guaranteed in consecutive order for the respected
-- *	   RIDs because of the the CSN pending list control;
-- *	   A CSN that is not covered by the RUVs snapshot may be out of order
-- *	   since it is possible that a smaller CSN might not have committed 
-- *	   yet by the time the buffer was loaded.
-- *	4. Determine anchorcsn for each RID:
-- *
-- *	   Case|  Local vs. Buffer | New Local |       Next
-- *	       | MaxCSN     MaxCSN |    MaxCSN | Anchor-CSN
-- *	   ----+-------------------+-----------+----------------
-- *       1 |   Cl    >=   Cb   |     *     | Cb
-- *       2 |   Cl    <    Cb   |     Cl    | Cb
-- *       3 |   Cl    <    Cb   |     Cl2   | Cl 
-- *
-- *	5. Determine anchorcsn for next load:
-+ *	1. Determine anchorcsn for each RID:
-+ *	2. Determine anchorcsn for next load:
-  *	   Anchor-CSN = min { all Next-Anchor-CSN, Buffer-MaxCSN }
-  */
- static int
--clcache_adjust_anchorcsn ( CLC_Buffer *buf )
-+clcache_initial_anchorcsn ( CLC_Buffer *buf, int *flag )
- {
- 	PRBool hasChange = PR_FALSE;
- 	struct csn_seq_ctrl_block *cscb;
- 	int i;
-+	CSN *anchorcsn = NULL;
- 
- 	if ( buf->buf_state == CLC_STATE_READY ) {
- 		for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-+			CSN *rid_anchor = NULL;
-+			int rid_flag = DB_NEXT;
- 			cscb = buf->buf_cscbs[i];
- 
--			if ( cscb->state == CLC_STATE_UP_TO_DATE )
--				continue;
-+			if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+				char prevmax[CSN_STRSIZE];
-+				char local[CSN_STRSIZE];
-+				char curr[CSN_STRSIZE];
-+				char conmaxcsn[CSN_STRSIZE];
-+				csn_as_string(cscb->prev_local_maxcsn, 0, prevmax);
-+				csn_as_string(cscb->local_maxcsn, 0, local);
-+				csn_as_string(buf->buf_current_csn, 0, curr);
-+				csn_as_string(cscb->consumer_maxcsn, 0, conmaxcsn);
-+				slapi_log_error(SLAPI_LOG_REPL, "clcache_initial_anchorcsn" ,
-+								"%s - (cscb %d - state %d) - csnPrevMax (%s) "
-+								"csnMax (%s) csnBuf (%s) csnConsumerMax (%s)\n",
-+								buf->buf_agmt_name, i, cscb->state, prevmax, local,
-+								curr, conmaxcsn);
-+			}
- 
--			/*
--			 * Case 3 unsafe ruv change: next buffer load should start
--			 * from where the maxcsn in the old ruv was. Since each
--			 * cscb has remembered the maxcsn sent to the consumer,
--			 * CSNs that may be loaded again could easily be skipped.
--			 */
--			if ( cscb->prev_local_maxcsn &&
--				 csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) < 0 &&
--				 csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) != 0 ) {
-+			if (cscb->consumer_maxcsn == NULL) {
-+				/* the consumer hasn't seen changes for this RID */
-+				rid_anchor = cscb->local_mincsn;
-+				rid_flag = DB_SET;
-+			} else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
-+				rid_anchor = cscb->consumer_maxcsn;
-+			}
-+
-+			if (rid_anchor && (anchorcsn == NULL ||
-+			    ( csn_compare(rid_anchor, anchorcsn) < 0))) {
-+				anchorcsn = rid_anchor;
-+				*flag = rid_flag;
- 				hasChange = PR_TRUE;
--				cscb->state = CLC_STATE_READY;
--				csn_init_by_csn ( buf->buf_current_csn, cscb->prev_local_maxcsn );
--				csn_as_string ( cscb->prev_local_maxcsn, 0, (char*)buf->buf_key.data );
--				slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
--						"adjust anchor csn upon %s\n",
--						( cscb->state == CLC_STATE_CSN_GT_RUV ? "out of sequence csn" : "unsafe ruv change") );
--				continue;
- 			}
- 
--			/*
--			 * check if there are still changes to send for this RID
--			 * Assume we had compared the local maxcsn and the consumer
--			 * max csn before this function was called and hence the
--			 * cscb->state had been set accordingly.
--			 */ 
--			if ( hasChange == PR_FALSE &&
--				 csn_compare (cscb->local_maxcsn, buf->buf_current_csn) > 0 ) {
-+
-+		}
-+	}
-+
-+	if ( !hasChange ) {
-+		buf->buf_state = CLC_STATE_DONE;
-+	} else {
-+		csn_init_by_csn(buf->buf_current_csn, anchorcsn);
-+		csn_as_string(buf->buf_current_csn, 0, (char *)buf->buf_key.data);
-+		slapi_log_error(SLAPI_LOG_REPL, "clcache_initial_anchorcsn",
-+						"anchor is now: %s\n", (char *)buf->buf_key.data);
-+	}
-+
-+	return buf->buf_state;
-+}
-+
-+static int
-+clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag )
-+{
-+	PRBool hasChange = PR_FALSE;
-+	struct csn_seq_ctrl_block *cscb;
-+	int i;
-+	CSN *anchorcsn = NULL;
-+
-+	if ( buf->buf_state == CLC_STATE_READY ) {
-+		for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-+			CSN *rid_anchor = NULL;
-+			int rid_flag = DB_NEXT;
-+			cscb = buf->buf_cscbs[i];
-+
-+			if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+				char prevmax[CSN_STRSIZE];
-+				char local[CSN_STRSIZE];
-+				char curr[CSN_STRSIZE];
-+				char conmaxcsn[CSN_STRSIZE];
-+				csn_as_string(cscb->prev_local_maxcsn, 0, prevmax);
-+				csn_as_string(cscb->local_maxcsn, 0, local);
-+				csn_as_string(buf->buf_current_csn, 0, curr);
-+				csn_as_string(cscb->consumer_maxcsn, 0, conmaxcsn);
-+				slapi_log_error(SLAPI_LOG_REPL, "clcache_adjust_anchorcsn" ,
-+								"%s - (cscb %d - state %d) - csnPrevMax (%s) "
-+								"csnMax (%s) csnBuf (%s) csnConsumerMax (%s)\n",
-+								buf->buf_agmt_name, i, cscb->state, prevmax, local,
-+								curr, conmaxcsn);
-+			}
-+
-+			if (csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
-+			    csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) > 0 ) {
-+				if (csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
-+					rid_anchor = buf->buf_current_csn;
-+				}
-+			} else {
-+				/* prev local max csn < csnBuffer AND different from local maxcsn */
-+				if (cscb->prev_local_maxcsn == NULL) {
-+					if (cscb->consumer_maxcsn == NULL) {
-+						/* the consumer hasn't seen changes for this RID */
-+						rid_anchor = cscb->local_mincsn;
-+						rid_flag = DB_SET;
-+					} else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
-+						rid_anchor = cscb->consumer_maxcsn;
-+					}
-+				} else {
-+					/* csnPrevMaxSup > 0 */
-+					rid_anchor = cscb->consumer_maxcsn;
-+				}
-+			}
-+
-+			if (rid_anchor && (anchorcsn == NULL ||
-+			    ( csn_compare(rid_anchor, anchorcsn) < 0))) {
-+				anchorcsn = rid_anchor;
-+				*flag = rid_flag;
- 				hasChange = PR_TRUE;
- 			}
-+
-+
- 		}
- 	}
- 
- 	if ( !hasChange ) {
- 		buf->buf_state = CLC_STATE_DONE;
-+	} else {
-+		csn_init_by_csn(buf->buf_current_csn, anchorcsn);
-+		csn_as_string(buf->buf_current_csn, 0, (char *)buf->buf_key.data);
-+		slapi_log_error(SLAPI_LOG_REPL, "clcache_adjust_anchorcsn",
-+						"anchor is now: %s\n", (char *)buf->buf_key.data);
- 	}
- 
- 	return buf->buf_state;
-@@ -675,7 +743,6 @@ clcache_skip_change ( CLC_Buffer *buf )
- 	int skip = 1;
- 	int i;
- 	char buf_cur_csn_str[CSN_STRSIZE];
--	char oth_csn_str[CSN_STRSIZE];
- 
- 	do {
- 
-@@ -688,25 +755,14 @@ clcache_skip_change ( CLC_Buffer *buf )
- 		 * legacy consumer. In this case the supplier
- 		 * and the consumer may have the same RID.
- 		 */
--		if (rid == buf->buf_consumer_rid && rid != MAX_REPLICA_ID){
--			CSN *cons_maxcsn = NULL;
--
--			ruv_get_max_csn(buf->buf_consumer_ruv, &cons_maxcsn);
--			if ( csn_compare ( buf->buf_current_csn, cons_maxcsn) > 0 ) {
--				/*
--				 *  The consumer must have been "restored" and needs this newer update.
--				 */
--				skip = 0;
--			} else if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+		if (rid == buf->buf_consumer_rid && buf->buf_ignoreConsumerRID){
-+			if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
- 				csn_as_string(buf->buf_current_csn, 0, buf_cur_csn_str);
--				csn_as_string(cons_maxcsn, 0, oth_csn_str);
- 				slapi_log_error(SLAPI_LOG_REPL, buf->buf_agmt_name,
--					"Skipping update because the changelog buffer current csn [%s] is "
--				        "less than or equal to the consumer max csn [%s]\n",
--				        buf_cur_csn_str, oth_csn_str);
-+					"Skipping update because the consumer with Rid: [%d] is "
-+				        "ignored\n", rid);
- 				buf->buf_skipped_csn_gt_cons_maxcsn++;
- 			}
--			csn_free(&cons_maxcsn);
- 			break;
- 		}
- 
-@@ -821,6 +877,7 @@ clcache_free_cscb ( struct csn_seq_ctrl_block ** cscb )
- 	csn_free ( & (*cscb)->consumer_maxcsn );
- 	csn_free ( & (*cscb)->local_maxcsn );
- 	csn_free ( & (*cscb)->prev_local_maxcsn );
-+	csn_free ( & (*cscb)->local_mincsn );
- 	slapi_ch_free ( (void **) cscb );
- }
- 
-@@ -1003,6 +1060,15 @@ clcache_cursor_get ( DBC *cursor, CLC_Buffer *buf, int flag )
- {
- 	int rc;
- 
-+	if (buf->buf_data.ulen > WORK_CLC_BUFFER_PAGE_SIZE) {
-+		/*
-+		 * The buffer size had to be increased,
-+		 * reset it to a smaller working size,
-+		 * if not sufficient it will be increased again
-+		 */
-+		buf->buf_data.ulen = WORK_CLC_BUFFER_PAGE_SIZE;
-+	}
-+
- 	rc = cursor->c_get ( cursor,
- 						 & buf->buf_key,
- 						 & buf->buf_data,
-diff --git a/ldap/servers/plugins/replication/cl5_clcache.h b/ldap/servers/plugins/replication/cl5_clcache.h
-index 4c459ab..75b2817 100644
---- a/ldap/servers/plugins/replication/cl5_clcache.h
-+++ b/ldap/servers/plugins/replication/cl5_clcache.h
-@@ -23,7 +23,7 @@ typedef struct clc_buffer CLC_Buffer;
- int	 clcache_init ( DB_ENV **dbenv );
- void clcache_set_config ();
- int	 clcache_get_buffer ( CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV *consumer_ruv, const RUV *local_ruv );
--int	 clcache_load_buffer ( CLC_Buffer *buf, CSN *startCSN, int flag );
-+int	 clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN );
- void clcache_return_buffer ( CLC_Buffer **buf );
- int	 clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn );
- void clcache_destroy ();
--- 
-2.4.11
-
diff --git a/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch b/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch
deleted file mode 100644
index 2367de5..0000000
--- a/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch
+++ /dev/null
@@ -1,446 +0,0 @@
-From 09cff2c4c01bbcaf45df553869d0b6cb8acfad2b Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Sun, 17 Jan 2016 18:25:43 -0500
-Subject: [PATCH 96/99] Ticket 47788 - Supplier can skip a failing update,
- although  it should retry
-
-Bug Description:  If a replicated update fails on the consumer,
-                  the update is never tried.  This is due to the
-                  replication async result thread missing the failure
-                  before another update is replicated and it succeeds.
-
-                  This second update that succeeds updates the consumer
-                  RUV.  This makes it appear that the consumer is caught
-                  up, and the supplier never resends that original
-                  failed update.
-
-Fix Description:  When a replicated update fails, and its an error we can
-                  not ignore, the connection is closed.  Which stops the
-                  replication session, and prevents any further updates
-                  coming in and updating the consumer RUV.  This allows
-                  the supplier to correctly retry the operation that
-                  failed on the next replication session.
-
-https://fedorahosted.org/389/ticket/47788
-
-Reviewed by: nhosoi, wibrown, and rmeggins (Thanks!!!)
-
-(cherry picked from commit ab6501a963c94b2b6b5fa8d1924519ef1c26b0bd)
-(cherry picked from commit 407c545f07c06520f8378649fc0ac8fe20748dc7)
----
- ldap/servers/plugins/replication/repl5.h           |   1 +
- .../servers/plugins/replication/repl5_connection.c |  19 +--
- .../plugins/replication/repl5_inc_protocol.c       | 182 ++++++++++++---------
- ldap/servers/plugins/replication/repl5_plugins.c   |  60 ++++++-
- ldap/servers/plugins/replication/urp.c             |   2 +-
- 5 files changed, 168 insertions(+), 96 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index df92ca0..307da82 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -608,6 +608,7 @@ void replica_incr_agmt_count(Replica *r);
- void replica_decr_agmt_count(Replica *r);
- PRUint64 replica_get_precise_purging(Replica *r);
- void replica_set_precise_purging(Replica *r, PRUint64 on_off);
-+PRBool ignore_error_and_keep_going(int error);
- 
- /* The functions below handles the state flag */
- /* Current internal state flags */
-diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
-index 1515ca1..d193938 100644
---- a/ldap/servers/plugins/replication/repl5_connection.c
-+++ b/ldap/servers/plugins/replication/repl5_connection.c
-@@ -480,17 +480,17 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
- 					conn->last_ldap_error = rc;
- 					close_connection_internal(conn); /* we already have the lock */
- 					return_value = CONN_NOT_CONNECTED;
-+					goto done;
- 				}
- 				else if (IS_DISCONNECT_ERROR(err))
- 				{
- 					conn->last_ldap_error = err;
- 					close_connection_internal(conn); /* we already have the lock */
- 					return_value = CONN_NOT_CONNECTED;
-+					goto done;
- 				}
- 				/* Got a result */
--				if ((rc == LDAP_SUCCESS) && (err == LDAP_BUSY))
--				    	return_value = CONN_BUSY;
--				else if (retoidp)
-+				if (retoidp /* total update */)
- 				{
- 					if (!((rc == LDAP_SUCCESS) && (err == LDAP_BUSY)))
- 					{
-@@ -519,16 +519,11 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
- 					}
- 					return_value = LDAP_SUCCESS == conn->last_ldap_error ? CONN_OPERATION_SUCCESS : CONN_OPERATION_FAILED;
- 				}
--				/*
--				 * XXXggood do I need to free matched, referrals,
--				 * anything else? Or can I pass NULL for the args
--				 * I'm not interested in?
--				 */
--				/* Good question! Meanwhile, as RTM aproaches, let's free them... */
--				slapi_ch_free((void **) &errmsg);
--				slapi_ch_free((void **) &matched);
--				charray_free(referrals);
- 				conn->status = STATUS_CONNECTED;
-+done:
-+				slapi_ch_free_string(&errmsg);
-+				slapi_ch_free_string(&matched);
-+				charray_free(referrals);
- 			}
- 			if (res) ldap_msgfree(res);
- 			PR_Unlock(conn->lock); /* release the conn lock */
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 244bbb2..927f835 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -146,7 +146,6 @@ static void protocol_sleep(Private_Repl_Protocol *prp, PRIntervalTime duration);
- static int send_updates(Private_Repl_Protocol *prp, RUV *ruv, PRUint32 *num_changes_sent);
- static void repl5_inc_backoff_expired(time_t timer_fire_time, void *arg);
- static int examine_update_vector(Private_Repl_Protocol *prp, RUV *ruv);
--static PRBool ignore_error_and_keep_going(int error);
- static const char* state2name (int state);
- static const char* event2name (int event);
- static const char* op2string (int op);
-@@ -450,11 +449,13 @@ repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd)
-     PR_Unlock(rd->lock);
- }
- 
--static void
-+static int
- repl5_inc_waitfor_async_results(result_data *rd)
- {
- 	int done = 0;
- 	int loops = 0;
-+	int rc = UPDATE_NO_MORE_UPDATES;
-+
- 	/* Keep pulling results off the LDAP connection until we catch up to the last message id stored in the rd */
- 	while (!done && !slapi_is_shutting_down())
- 	{
-@@ -470,6 +471,10 @@ repl5_inc_waitfor_async_results(result_data *rd)
- 		} else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) {
- 			done = 1; /* no connection == no more results */
- 		}
-+		/*
-+		 * Return the last operation result
-+		 */
-+		rc = rd->result;
- 		PR_Unlock(rd->lock);
- 		if (!done) {
- 			/* If not then sleep a bit */
-@@ -487,6 +492,7 @@ repl5_inc_waitfor_async_results(result_data *rd)
- 			done = 1;
- 		}
- 	}
-+	return rc;
- }
- 
- /*
-@@ -1467,78 +1473,84 @@ static int
- repl5_inc_update_from_op_result(Private_Repl_Protocol *prp, ConnResult replay_crc, int connection_error, char *csn_str, char *uniqueid, ReplicaId replica_id, int* finished, PRUint32 *num_changes_sent)
- {
- 	int return_value = 0;
--	
--	/* Indentation is wrong here so we can get a sensible cvs diff */
--				if (CONN_OPERATION_SUCCESS != replay_crc)
--				{
--					/* Figure out what to do next */
--					if (CONN_OPERATION_FAILED == replay_crc)
--					{
--						/* Map ldap error code to return value */
--						if (!ignore_error_and_keep_going(connection_error))
--						{
--							return_value = UPDATE_TRANSIENT_ERROR;
--							*finished = 1;
--						}
--						else
--						{
--							agmt_inc_last_update_changecount (prp->agmt, replica_id, 1 /*skipped*/);
--						}
--						slapi_log_error(*finished ? SLAPI_LOG_FATAL : slapi_log_urp, repl_plugin_name,
--							"%s: Consumer failed to replay change (uniqueid %s, CSN %s): %s (%d). %s.\n",
--							agmt_get_long_name(prp->agmt),
--							uniqueid, csn_str,
--							ldap_err2string(connection_error), connection_error,
--							*finished ? "Will retry later" : "Skipping");
--					}
--					else if (CONN_NOT_CONNECTED == replay_crc)
--					{
--						/* We lost the connection - enter backoff state */
- 
--						return_value = UPDATE_CONNECTION_LOST;
--						*finished = 1;
--						slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
--							"%s: Consumer failed to replay change (uniqueid %s, CSN %s): "
--							"%s(%d). Will retry later.\n",
--							agmt_get_long_name(prp->agmt),
--							uniqueid, csn_str,
--							connection_error ? ldap_err2string(connection_error) : "Connection lost",
--							connection_error);
--					}
--					else if (CONN_TIMEOUT == replay_crc)
--					{
--						return_value = UPDATE_TIMEOUT;
--						*finished = 1;
--						slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
--							"%s: Consumer timed out to replay change (uniqueid %s, CSN %s): "
--							"%s.\n",
--							agmt_get_long_name(prp->agmt),
--							uniqueid, csn_str,
--							connection_error ? ldap_err2string(connection_error) : "Timeout");
--					}
--					else if (CONN_LOCAL_ERROR == replay_crc)
--					{
--						/*
--						 * Something bad happened on the local server - enter 
--						 * backoff state.
--						 */
--						return_value = UPDATE_TRANSIENT_ERROR;
--						*finished = 1;
--						slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
--							"%s: Failed to replay change (uniqueid %s, CSN %s): "
--							"Local error. Will retry later.\n",
--							agmt_get_long_name(prp->agmt),
--							uniqueid, csn_str);
--					}
--						
--				}
--				else
--				{
--					/* Positive response received */
--					(*num_changes_sent)++;
--					agmt_inc_last_update_changecount (prp->agmt, replica_id, 0 /*replayed*/);
--				}
--				return return_value;
-+	if (CONN_OPERATION_SUCCESS != replay_crc)
-+	{
-+		/* Figure out what to do next */
-+		if (CONN_OPERATION_FAILED == replay_crc)
-+		{
-+			/* Map ldap error code to return value */
-+			if (!ignore_error_and_keep_going(connection_error))
-+			{
-+				return_value = UPDATE_TRANSIENT_ERROR;
-+				*finished = 1;
-+			}
-+			else
-+			{
-+				agmt_inc_last_update_changecount (prp->agmt, replica_id, 1 /*skipped*/);
-+			}
-+			slapi_log_error(*finished ? SLAPI_LOG_FATAL : slapi_log_urp, repl_plugin_name,
-+				"%s: Consumer failed to replay change (uniqueid %s, CSN %s): %s (%d). %s.\n",
-+				agmt_get_long_name(prp->agmt),
-+				uniqueid, csn_str,
-+				ldap_err2string(connection_error), connection_error,
-+				*finished ? "Will retry later" : "Skipping");
-+		}
-+		else if (CONN_NOT_CONNECTED == replay_crc)
-+		{
-+			/* We lost the connection - enter backoff state */
-+
-+			return_value = UPDATE_CONNECTION_LOST;
-+			*finished = 1;
-+			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+				"%s: Consumer failed to replay change (uniqueid %s, CSN %s): "
-+				"%s(%d). Will retry later.\n",
-+				agmt_get_long_name(prp->agmt),
-+				uniqueid, csn_str,
-+				connection_error ? ldap_err2string(connection_error) : "Connection lost",
-+				connection_error);
-+		}
-+		else if (CONN_TIMEOUT == replay_crc)
-+		{
-+			return_value = UPDATE_TIMEOUT;
-+			*finished = 1;
-+			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+				"%s: Consumer timed out to replay change (uniqueid %s, CSN %s): "
-+				"%s.\n",
-+				agmt_get_long_name(prp->agmt),
-+				uniqueid, csn_str,
-+				connection_error ? ldap_err2string(connection_error) : "Timeout");
-+		}
-+		else if (CONN_LOCAL_ERROR == replay_crc)
-+		{
-+			/*
-+			 * Something bad happened on the local server - enter
-+			 * backoff state.
-+			 */
-+			return_value = UPDATE_TRANSIENT_ERROR;
-+			*finished = 1;
-+			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+				"%s: Failed to replay change (uniqueid %s, CSN %s): "
-+				"Local error. Will retry later.\n",
-+				agmt_get_long_name(prp->agmt),
-+				uniqueid, csn_str);
-+		}
-+		if (*finished){
-+			/*
-+			 * A serious error has occurred, the consumer might have closed
-+			 * the connection already, but we need to close the conn on the
-+			 * supplier side to properly set the conn structure as closed.
-+			 */
-+			conn_disconnect(prp->conn);
-+		}
-+	}
-+	else
-+	{
-+		/* Positive response received */
-+		(*num_changes_sent)++;
-+		agmt_inc_last_update_changecount (prp->agmt, replica_id, 0 /*replayed*/);
-+	}
-+	return return_value;
- }
- 
- /*
-@@ -1556,7 +1568,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- {
- 	CL5Entry entry;
- 	slapi_operation_parameters op;
--	int return_value;
-+	int return_value = 0;
- 	int rc;
- 	CL5ReplayIterator *changelog_iterator;
- 	int message_id = 0;
-@@ -1929,9 +1941,23 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 		{
- 			/* We need to ensure that we wait until all the responses have been received from our operations */
- 			if (return_value != UPDATE_CONNECTION_LOST) {
--				rd->WaitForAsyncResults = agmt_get_WaitForAsyncResults(prp->agmt);
--				/* if connection was lost/closed, there will be nothing to read */
--				repl5_inc_waitfor_async_results(rd);
-+				/*
-+				 * If we already have an error, there is no need to check the
-+				 * async result thread anymore.
-+				 */
-+				if (return_value == UPDATE_NO_MORE_UPDATES)
-+				{
-+					/*
-+					 * We need to double check that an error hasn't popped up from
-+					 * the async result thread since our last check.
-+					 */
-+					int final_result;
-+
-+					rd->WaitForAsyncResults = agmt_get_WaitForAsyncResults(prp->agmt);
-+					if((final_result = repl5_inc_waitfor_async_results(rd))){
-+						return_value = final_result;
-+					}
-+				}
- 			}
- 
- 			rc = repl5_inc_destroy_async_result_thread(rd);
-@@ -2220,7 +2246,7 @@ examine_update_vector(Private_Repl_Protocol *prp, RUV *remote_ruv)
-  * We stop if there's some indication that the server just completely
-  * failed to process the operation, e.g. LDAP_OPERATIONS_ERROR.
-  */
--static PRBool
-+PRBool
- ignore_error_and_keep_going(int error)
- {
- 	int return_value = PR_FALSE;
-diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
-index 8992055..c2fa214 100644
---- a/ldap/servers/plugins/replication/repl5_plugins.c
-+++ b/ldap/servers/plugins/replication/repl5_plugins.c
-@@ -1231,12 +1231,13 @@ write_changelog_and_ruv (Slapi_PBlock *pb)
- static int
- process_postop (Slapi_PBlock *pb)
- {
--    int rc = LDAP_SUCCESS;
--    Slapi_Operation *op;
-+	Slapi_Operation *op;
- 	Slapi_Backend *be;
--    int is_replicated_operation = 0;
-+	int is_replicated_operation = 0;
- 	CSN *opcsn = NULL;
- 	char sessionid[REPL_SESSION_ID_SIZE];
-+	int retval = LDAP_SUCCESS;
-+	int rc = 0;
- 
-     /* we just let fixup operations through */
-     slapi_pblock_get( pb, SLAPI_OPERATION, &op );
-@@ -1260,8 +1261,8 @@ process_postop (Slapi_PBlock *pb)
- 
- 	get_repl_session_id (pb, sessionid, &opcsn);
- 
--	slapi_pblock_get(pb, SLAPI_RESULT_CODE, &rc);
--	if (rc == LDAP_SUCCESS)
-+	slapi_pblock_get(pb, SLAPI_RESULT_CODE, &retval);
-+	if (retval == LDAP_SUCCESS)
- 	{
- 		agmtlist_notify_all(pb);
- 		rc = SLAPI_PLUGIN_SUCCESS;
-@@ -1306,6 +1307,55 @@ process_postop (Slapi_PBlock *pb)
- 			slapi_ch_free((void **) &op_params->p.p_modrdn.modrdn_newsuperior_address.uniqueid);
- 		}
- 	}
-+	if (!ignore_error_and_keep_going(retval)){
-+		/*
-+		 * We have an error we can't ignore.  Release the replica and close
-+		 * the connection to stop the replication session.
-+		 */
-+		consumer_connection_extension *connext = NULL;
-+		Slapi_Connection *conn = NULL;
-+		char csn_str[CSN_STRSIZE] = {'\0'};
-+		PRUint64 connid = 0;
-+		int opid = 0;
-+
-+		slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-+		slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
-+		slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
-+		if (conn)
-+		{
-+			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+				"process_postop: Failed to apply update (%s) error (%d).  "
-+				"Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
-+				csn_as_string(opcsn, PR_FALSE, csn_str), retval,
-+				connid, opid);
-+			/*
-+			 * Release this replica so new sessions can begin
-+			 */
-+			connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
-+			if (connext && connext->replica_acquired)
-+			{
-+				int zero = 0;
-+				Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
-+
-+				replica_relinquish_exclusive_access(r, connid, opid);
-+				object_release ((Object*)connext->replica_acquired);
-+				connext->replica_acquired = NULL;
-+				connext->isreplicationsession = 0;
-+				slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
-+			}
-+			if (connext){
-+				consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
-+			}
-+
-+			/*
-+			 * Close the connection to end the current session with the
-+			 * supplier.  This prevents new updates from coming in and
-+			 * updating the consumer RUV - which would cause this failed
-+			 * update to be never be replayed.
-+			 */
-+			slapi_disconnect_server(conn);
-+		}
-+	}
- 	if (NULL == opcsn)
- 		opcsn = operation_get_csn(op);
- 	if (opcsn)
-diff --git a/ldap/servers/plugins/replication/urp.c b/ldap/servers/plugins/replication/urp.c
-index 5fe6f55..8d0d735 100644
---- a/ldap/servers/plugins/replication/urp.c
-+++ b/ldap/servers/plugins/replication/urp.c
-@@ -122,7 +122,7 @@ urp_add_operation( Slapi_PBlock *pb )
- 		slapi_log_error(slapi_log_urp, sessionid,
- 		          "urp_add (%s): an entry with this uniqueid already exists.\n",
- 		          slapi_entry_get_dn_const(existing_uniqueid_entry));
--		op_result= LDAP_UNWILLING_TO_PERFORM;
-+		op_result= LDAP_ALREADY_EXISTS;
- 		slapi_pblock_set(pb, SLAPI_RESULT_CODE, &op_result);
- 		rc = SLAPI_PLUGIN_NOOP; /* Ignore this Operation */
- 		PROFILE_POINT; /* Add Conflict; UniqueID Exists;  Ignore */
--- 
-2.4.11
-
diff --git a/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch b/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch
deleted file mode 100644
index 1a0eb59..0000000
--- a/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From a9135e8b535bc58a986d4b19b05e6ce2718c07aa Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 11 Feb 2016 16:18:00 -0500
-Subject: [PATCH 97/99] Ticket 47788 - Only check postop result if its a
- replication operation
-
-Bug Description:  With IPA tests, without using replication, an error is
-                  being triggered that is stoipping nomral updates from
-                  going through.
-
-Fix Description:  Move the error checking up into the code block above
-                  which only executes for replicated operations.
-
-https://fedorahosted.org/389/ticket/47788
-
-Reviewed by: nhosoi & tbordaz(Thanks!!)
-
-(cherry picked from commit d7b598da2eff95070936bf7c3e01bcd11c44ed60)
-(cherry picked from commit bd254a2eea380ade90700b22567e1d9063890f02)
----
- ldap/servers/plugins/replication/repl5_plugins.c | 87 ++++++++++++------------
- 1 file changed, 44 insertions(+), 43 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
-index c2fa214..bb43b9b 100644
---- a/ldap/servers/plugins/replication/repl5_plugins.c
-+++ b/ldap/servers/plugins/replication/repl5_plugins.c
-@@ -1306,54 +1306,55 @@ process_postop (Slapi_PBlock *pb)
- 			slapi_pblock_get( pb, SLAPI_OPERATION_PARAMETERS, &op_params );
- 			slapi_ch_free((void **) &op_params->p.p_modrdn.modrdn_newsuperior_address.uniqueid);
- 		}
--	}
--	if (!ignore_error_and_keep_going(retval)){
--		/*
--		 * We have an error we can't ignore.  Release the replica and close
--		 * the connection to stop the replication session.
--		 */
--		consumer_connection_extension *connext = NULL;
--		Slapi_Connection *conn = NULL;
--		char csn_str[CSN_STRSIZE] = {'\0'};
--		PRUint64 connid = 0;
--		int opid = 0;
- 
--		slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
--		slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
--		slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
--		if (conn)
--		{
--			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
--				"process_postop: Failed to apply update (%s) error (%d).  "
--				"Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
--				csn_as_string(opcsn, PR_FALSE, csn_str), retval,
--				connid, opid);
-+		if (!ignore_error_and_keep_going(retval)){
- 			/*
--			 * Release this replica so new sessions can begin
-+			 * We have an error we can't ignore.  Release the replica and close
-+			 * the connection to stop the replication session.
- 			 */
--			connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
--			if (connext && connext->replica_acquired)
-+			consumer_connection_extension *connext = NULL;
-+			Slapi_Connection *conn = NULL;
-+			char csn_str[CSN_STRSIZE] = {'\0'};
-+			PRUint64 connid = 0;
-+			int opid = 0;
-+
-+			slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-+			slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
-+			slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
-+			if (conn)
- 			{
--				int zero = 0;
--				Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
--
--				replica_relinquish_exclusive_access(r, connid, opid);
--				object_release ((Object*)connext->replica_acquired);
--				connext->replica_acquired = NULL;
--				connext->isreplicationsession = 0;
--				slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
--			}
--			if (connext){
--				consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
--			}
-+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+					"process_postop: Failed to apply update (%s) error (%d).  "
-+					"Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
-+					csn_as_string(opcsn, PR_FALSE, csn_str), retval,
-+					connid, opid);
-+				/*
-+				 * Release this replica so new sessions can begin
-+				 */
-+				connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
-+				if (connext && connext->replica_acquired)
-+				{
-+					int zero = 0;
-+					Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
-+
-+					replica_relinquish_exclusive_access(r, connid, opid);
-+					object_release ((Object*)connext->replica_acquired);
-+					connext->replica_acquired = NULL;
-+					connext->isreplicationsession = 0;
-+					slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
-+				}
-+				if (connext){
-+					consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
-+				}
- 
--			/*
--			 * Close the connection to end the current session with the
--			 * supplier.  This prevents new updates from coming in and
--			 * updating the consumer RUV - which would cause this failed
--			 * update to be never be replayed.
--			 */
--			slapi_disconnect_server(conn);
-+				/*
-+				 * Close the connection to end the current session with the
-+				 * supplier.  This prevents new updates from coming in and
-+				 * updating the consumer RUV - which would cause this failed
-+				 * update to be never be replayed.
-+				 */
-+				slapi_disconnect_server(conn);
-+			}
- 		}
- 	}
- 	if (NULL == opcsn)
--- 
-2.4.11
-
diff --git a/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch b/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch
deleted file mode 100644
index 488b619..0000000
--- a/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch
+++ /dev/null
@@ -1,690 +0,0 @@
-From 94377fba9dbcfc2fe47a32cc7cb85766813ad482 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 8 Jun 2016 13:06:46 -0400
-Subject: [PATCH 98/99] Ticket 48636 - Improve replication convergence
-
-Bug Description:  In a busy MMR environment where multiple masters are being
-                  updated at the same time the replica sessions stay open for
-                  a very long time.  This causes other masters to wait to send
-                  their updates.  This causes lop-sided convergence.  Where
-                  entries added to the MMR environment, but on different masters,
-                  take a very different amount of time until they are each seen
-                  on all the replicas.
-
-Fix Description:  A new configuratoin setting was added (nsds5ReplicaReleaseTimeout)
-                  to the replica configuration entry.  So when replica A tries
-                  to acquire a replica B, replica B send a control back to the
-                  master(master C) that is updating replica B to abort the session.
-                  Master C will continue sending updates for the amount of time
-                  specified in the the "release timeout", then it will "yield" its
-                  current session so other replicas can acquire that replica.
-
-https://fedorahosted.org/389/ticket/48636
-
-Reviewed by: lkrispen & nhosoi(Thanks!!)
-
-(cherry picked from commit a1545cdae48e4b4e1fc87a168e4d8f959626f112)
-(cherry picked from commit a085b0cd6b39fc85821777b7bcd2a8a2482a48bf)
----
- ldap/schema/01core389.ldif                         |   3 +-
- ldap/servers/plugins/replication/repl5.h           |  14 ++-
- .../plugins/replication/repl5_inc_protocol.c       | 102 ++++++++++++----
- ldap/servers/plugins/replication/repl5_plugins.c   |   3 +-
- ldap/servers/plugins/replication/repl5_replica.c   | 135 +++++++++++++++++----
- .../plugins/replication/repl5_replica_config.c     |  22 ++++
- ldap/servers/plugins/replication/repl_globals.c    |   1 +
- 7 files changed, 229 insertions(+), 51 deletions(-)
-
-diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
-index aebdb5a..14143ed 100644
---- a/ldap/schema/01core389.ldif
-+++ b/ldap/schema/01core389.ldif
-@@ -278,6 +278,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPause'
- attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactdb-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncResults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
-+attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- #
- # objectclasses
- #
-@@ -287,7 +288,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined
- objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Netscape defined objectclass' SUP top  MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape defined objectclass' SUP top  MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top  MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
--objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top  MUST ( nsDS5ReplicaRoot $  nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax ) X-ORIGIN 'Netscape Directory Server' )
-+objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top  MUST ( nsDS5ReplicaRoot $  nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 307da82..6f6c81a 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -69,6 +69,10 @@
- #define REPL_ABORT_CLEANRUV_OID "2.16.840.1.113730.3.6.6"
- #define REPL_CLEANRUV_GET_MAXCSN_OID "2.16.840.1.113730.3.6.7"
- #define REPL_CLEANRUV_CHECK_STATUS_OID "2.16.840.1.113730.3.6.8"
-+#define REPL_ABORT_SESSION_OID "2.16.840.1.113730.3.6.9"
-+#define SESSION_ACQUIRED 0
-+#define ABORT_SESSION 1
-+#define SESSION_ABORTED 2
- 
- #define CLEANRUV_ACCEPTED "accepted"
- #define CLEANRUV_REJECTED "rejected"
-@@ -141,6 +145,7 @@ extern const char *type_nsds5ReplicaStripAttrs;
- extern const char *type_nsds5ReplicaFlowControlWindow;
- extern const char *type_nsds5ReplicaFlowControlPause;
- extern const char *type_replicaProtocolTimeout;
-+extern const char *type_replicaReleaseTimeout;
- extern const char *type_replicaBackoffMin;
- extern const char *type_replicaBackoffMax;
- extern const char *type_replicaPrecisePurge;
-@@ -526,9 +531,9 @@ Replica *replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_
- void replica_destroy(void **arg);
- int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid);
- int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid);
--PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid,
--									const char *locking_purl,
--									char **current_purl);
-+PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid,
-+                                    int opid, const char *locking_purl,
-+                                    char **current_purl);
- void replica_relinquish_exclusive_access(Replica *r, PRUint64 connid, int opid);
- PRBool replica_get_tombstone_reap_active(const Replica *r);
- const Slapi_DN *replica_get_root(const Replica *r);
-@@ -598,6 +603,8 @@ void replica_update_state (time_t when, void *arg);
- void replica_reset_csn_pl(Replica *r);
- PRUint64 replica_get_protocol_timeout(Replica *r);
- void replica_set_protocol_timeout(Replica *r, PRUint64 timeout);
-+PRUint64 replica_get_release_timeout(Replica *r);
-+void replica_set_release_timeout(Replica *r, PRUint64 timeout);
- void replica_set_groupdn_checkinterval(Replica *r, int timeout);
- PRUint64 replica_get_backoff_min(Replica *r);
- PRUint64 replica_get_backoff_max(Replica *r);
-@@ -609,6 +616,7 @@ void replica_decr_agmt_count(Replica *r);
- PRUint64 replica_get_precise_purging(Replica *r);
- void replica_set_precise_purging(Replica *r, PRUint64 on_off);
- PRBool ignore_error_and_keep_going(int error);
-+void replica_check_release_timeout(Replica *r, Slapi_PBlock *pb);
- 
- /* The functions below handles the state flag */
- /* Current internal state flags */
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 927f835..d6fb898 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -36,6 +36,11 @@ Perhaps these events should be properties of the main protocol.
- #include "repl5_prot_private.h"
- #include "cl5_api.h"
- 
-+#include "repl5.h"
-+#include "repl5_prot_private.h"
-+#include "cl5_api.h"
-+#include "slapi-plugin.h"
-+
- extern int slapi_log_urp;
- 
- /*** from proto-slap.h ***/
-@@ -82,6 +87,7 @@ typedef struct result_data
- 	int flowcontrol_detection;
- 	int result; /* The UPDATE_TRANSIENT_ERROR etc */
- 	int WaitForAsyncResults;
-+	time_t abort_time;
- } result_data;
- 
- /* Various states the incremental protocol can pass through */
-@@ -121,6 +127,7 @@ typedef struct result_data
- #define EXAMINE_RUV_PARAM_ERROR 405
- 
- #define MAX_CHANGES_PER_SESSION	10000
-+
- /*
-  * Maximum time to wait between replication sessions. If we
-  * don't see any updates for a period equal to this interval,
-@@ -240,19 +247,21 @@ repl5_inc_result_threadmain(void *param)
- 	Repl_Connection *conn = rd->prp->conn;
- 	int finished = 0;
- 	int message_id = 0;
-+	int yield_session = 0;
- 
- 	slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain starting\n");
- 	while (!finished) 
- 	{
-+		LDAPControl **returned_controls = NULL;
- 		repl5_inc_operation *op = NULL;
--		int connection_error = 0;
-+		ReplicaId replica_id = 0;
- 		char *csn_str = NULL; 
- 		char *uniqueid = NULL;
--		ReplicaId replica_id = 0;
--		int operation_code = 0;
- 		char *ldap_error_string = NULL;
- 		time_t time_now = 0;
- 		time_t start_time = time( NULL );
-+		int connection_error = 0;
-+		int operation_code = 0;
- 		int backoff_time = 1;
- 
- 		/* Read the next result */
-@@ -264,7 +273,7 @@ repl5_inc_result_threadmain(void *param)
- 
- 		while (!finished)
- 		{
--			conres = conn_read_result_ex(conn, NULL, NULL, NULL, LDAP_RES_ANY, &message_id, 0);
-+			conres = conn_read_result_ex(conn, NULL, NULL, &returned_controls, LDAP_RES_ANY, &message_id, 0);
- 			slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: read result for message_id %d\n", message_id);
- 			/* Timeout here means that we didn't block, not a real timeout */
- 			if (CONN_TIMEOUT == conres)
-@@ -292,9 +301,19 @@ repl5_inc_result_threadmain(void *param)
- 					finished = 1;
- 				}
- 				PR_Unlock(rd->lock);
--			} else
--			{
--				/* Something other than a timeout, so we exit the loop */
-+			} else {
-+				/*
-+				 * Something other than a timeout, so we exit the loop.
-+				 * First check if we were told to abort the session
-+				 */;
-+				Replica *r = (Replica*)object_get_data(rd->prp->replica_object);
-+				if (replica_get_release_timeout(r) &&
-+				    slapi_control_present(returned_controls,
-+				                          REPL_ABORT_SESSION_OID,
-+				                          NULL, NULL))
-+				{
-+					yield_session = 1;
-+				}
- 				break;
- 			}
- 		}
-@@ -318,21 +337,29 @@ repl5_inc_result_threadmain(void *param)
- 			}
- 
- 			conn_get_error_ex(conn, &operation_code, &connection_error, &ldap_error_string);
--			slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: result %d, %d, %d, %d, %s\n", operation_code,connection_error,conres,message_id,ldap_error_string);
--			return_value = repl5_inc_update_from_op_result(rd->prp, conres, connection_error, csn_str, uniqueid, replica_id, &should_finish, &(rd->num_changes_sent));
-+			slapi_log_error(SLAPI_LOG_REPL, NULL,
-+			                "repl5_inc_result_threadmain: result %d, %d, %d, %d, %s\n",
-+			                operation_code,connection_error,conres,message_id,ldap_error_string);
-+			return_value = repl5_inc_update_from_op_result(rd->prp, conres, connection_error,
-+			                                               csn_str, uniqueid, replica_id, &should_finish,
-+			                                               &(rd->num_changes_sent));
- 			if (return_value || should_finish)
- 			{
--				slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: got op result %d should finish %d\n", return_value, should_finish);
-+				slapi_log_error(SLAPI_LOG_REPL, NULL,
-+				                "repl5_inc_result_threadmain: got op result %d should finish %d\n",
-+				                return_value, should_finish);
- 				/* If so then we need to take steps to abort the update process */
- 				PR_Lock(rd->lock);
- 				rd->result = return_value;
--				rd->abort = 1;
-+				rd->abort = ABORT_SESSION;
- 				PR_Unlock(rd->lock);
--				/* We also need to log the error, including details stored from when the operation was sent */
--				/* we cannot finish yet - we still need to waitfor the pending results, then
--				   the main repl code will shut down this thread */
--				/* we can finish if we have disconnected - in that case, there will be nothing
--				   to read */
-+				/*
-+				 * We also need to log the error, including details stored from
-+				 * when the operation was sent.  We cannot finish yet - we still
-+				 * need to wait for the pending results, then the main repl code
-+				 * will shut down this thread.  We can finish if we have
-+				 * disconnected - in that case, there will be nothing to read
-+				 */
- 				if (return_value == UPDATE_CONNECTION_LOST) {
- 					finished = 1;
- 				}
-@@ -341,8 +368,16 @@ repl5_inc_result_threadmain(void *param)
- 				rd->result = return_value;
- 			}
- 		}
-+
- 		/* Should we stop ? */
- 		PR_Lock(rd->lock);
-+		if (!finished && yield_session && rd->abort != SESSION_ABORTED && rd->abort_time == 0) {
-+			rd->abort_time = time( NULL );
-+			rd->abort = SESSION_ABORTED;  /* only set the abort time once */
-+			slapi_log_error(SLAPI_LOG_REPL, "repl5_inc_result_threadmain",
-+			                "Abort control detected, setting abort time...(%s)\n",
-+			                agmt_get_long_name(rd->prp->agmt));
-+		}
- 		if (rd->stop_result_thread) 
- 		{
- 			finished = 1;
-@@ -468,7 +503,8 @@ repl5_inc_waitfor_async_results(result_data *rd)
- 		if (rd->last_message_id_received >= rd->last_message_id_sent) {
- 			/* If so then we're done */
- 			done = 1;
--		} else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) {
-+		} else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST))
-+		{
- 			done = 1; /* no connection == no more results */
- 		}
- 		/*
-@@ -846,10 +882,10 @@ repl5_inc_run(Private_Repl_Protocol *prp)
-                   if (!busywaittime){
-                       busywaittime = repl5_get_backoff_min(prp);
-                   }
--                  prp_priv->backoff = backoff_new(BACKOFF_FIXED, busywaittime, busywaittime);
-+                  prp_priv->backoff = backoff_new(BACKOFF_FIXED, busywaittime , busywaittime);
-               } else {
-                   prp_priv->backoff = backoff_new(BACKOFF_EXPONENTIAL, repl5_get_backoff_min(prp),
--                		  repl5_get_backoff_max(prp));
-+                                                  repl5_get_backoff_max(prp));
-               }
-               next_state = STATE_BACKOFF;
-               backoff_reset(prp_priv->backoff, repl5_inc_backoff_expired, (void *)prp);
-@@ -1055,6 +1091,7 @@ repl5_inc_run(Private_Repl_Protocol *prp)
-                       } else if (rc == UPDATE_YIELD){
-                           dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_YIELD -> STATE_BACKOFF_START");
-                           agmt_set_last_update_status(prp->agmt, 0, 0, "Incremental update succeeded and yielded");
-+                          use_busy_backoff_timer = PR_TRUE;
-                           next_state = STATE_BACKOFF_START;
-                       } else if (rc == UPDATE_TRANSIENT_ERROR){
-                           dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TRANSIENT_ERROR -> STATE_BACKOFF_START");
-@@ -1099,6 +1136,7 @@ repl5_inc_run(Private_Repl_Protocol *prp)
-               ruv_destroy(&ruv); ruv = NULL;
-           }
-           agmt_update_done(prp->agmt, 0);
-+
-           /* If timed out, close the connection after released the replica */
-           release_replica(prp);
-           if (rc == UPDATE_TIMEOUT) {
-@@ -1681,12 +1719,14 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 	}
- 	else
- 	{
--		int finished = 0;
- 		ConnResult replay_crc;
--		char csn_str[CSN_STRSIZE];
-+		Replica *replica = (Replica*) object_get_data(prp->replica_object);
- 		PRBool subentry_update_needed = PR_FALSE;
-+		PRUint64 release_timeout = replica_get_release_timeout(replica);
-+		char csn_str[CSN_STRSIZE];
- 		int skipped_updates = 0;
- 		int fractional_repl;
-+		int finished = 0;
- #define FRACTIONAL_SKIPPED_THRESHOLD 100
- 
- 		/* Start the results reading thread */
-@@ -1906,7 +1946,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 			}
- 			PR_Lock(rd->lock);
- 			/* See if the result thread has hit a problem */
--			if (!finished && rd->abort)
-+
-+			if(!finished && rd->abort_time){
-+				time_t current_time = time ( NULL );
-+				if ((current_time - rd->abort_time) >= release_timeout){
-+					rd->result = UPDATE_YIELD;
-+					return_value = UPDATE_YIELD;
-+					finished = 1;
-+					slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+					                "Aborting send_updates...(%s)\n",
-+					                agmt_get_long_name(rd->prp->agmt));
-+				}
-+			}
-+
-+			if (!finished && rd->abort == ABORT_SESSION)
- 			{
- 				return_value = rd->result;
- 				finished = 1;
-@@ -1916,10 +1969,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 
- 		if (fractional_repl && subentry_update_needed)
- 		{
--			Replica *replica;
- 			ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
- 			Slapi_DN *replarea_sdn = NULL;
--			replica = (Replica*) object_get_data(prp->replica_object);
-+
- 			if (replica)
- 			{
- 				rid = replica_get_rid(replica);
-@@ -1945,7 +1997,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- 				 * If we already have an error, there is no need to check the
- 				 * async result thread anymore.
- 				 */
--				if (return_value == UPDATE_NO_MORE_UPDATES)
-+				if (return_value == UPDATE_NO_MORE_UPDATES || return_value == UPDATE_YIELD)
- 				{
- 					/*
- 					 * We need to double check that an error hasn't popped up from
-diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
-index bb43b9b..9f38d05 100644
---- a/ldap/servers/plugins/replication/repl5_plugins.c
-+++ b/ldap/servers/plugins/replication/repl5_plugins.c
-@@ -1077,6 +1077,8 @@ write_changelog_and_ruv (Slapi_PBlock *pb)
- 	r = (Replica*)object_get_data (repl_obj);
- 	PR_ASSERT (r);
- 
-+	replica_check_release_timeout(r, pb);
-+
- 	if (replica_is_flag_set (r, REPLICA_LOG_CHANGES) &&
- 		(cl5GetState () == CL5_STATE_OPEN))
- 	{
-@@ -1365,7 +1367,6 @@ process_postop (Slapi_PBlock *pb)
- 	return rc;
- }
- 
--
- /*
-  * Cancel an operation CSN. This removes it from any CSN pending lists.
-  * This function is called when a previously-generated CSN will not
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index c7cf25f..6d2452a 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -23,8 +23,8 @@
- 
- #define RUV_SAVE_INTERVAL (30 * 1000) /* 30 seconds */
- 
--#define REPLICA_RDN				 "cn=replica"
--#define CHANGELOG_RDN            "cn=legacy changelog"
-+#define REPLICA_RDN "cn=replica"
-+#define CHANGELOG_RDN "cn=legacy changelog"
- 
- /*
-  * A replica is a locally-held copy of a portion of the DIT.
-@@ -68,6 +68,8 @@ struct replica {
- 	Slapi_Counter *backoff_max;		/* backoff retry maximum */
- 	Slapi_Counter *precise_purging;		/* Enable precise tombstone purging */
- 	PRUint64 agmt_count;			/* Number of agmts */
-+	Slapi_Counter *release_timeout;		/* The amount of time to wait before releasing active replica */
-+	PRUint64 abort_session;			/* Abort the current replica session */
- };
- 
- 
-@@ -201,6 +203,7 @@ replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_operation
- 
- 	/* init the slapi_counter/atomic settings */
- 	r->protocol_timeout = slapi_counter_new();
-+	r->release_timeout = slapi_counter_new();
- 	r->backoff_min = slapi_counter_new();
- 	r->backoff_max = slapi_counter_new();
- 
-@@ -408,6 +411,7 @@ replica_destroy(void **arg)
- 	}
- 
- 	slapi_counter_destroy(&r->protocol_timeout);
-+	slapi_counter_destroy(&r->release_timeout);
- 	slapi_counter_destroy(&r->backoff_min);
- 	slapi_counter_destroy(&r->backoff_max);
- 
-@@ -585,8 +589,7 @@ replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid)
-  */
- PRBool
- replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid,
--							 const char *locking_purl,
--							 char **current_purl)
-+							 const char *locking_purl, char **current_purl)
- {
- 	PRBool rval = PR_TRUE;
- 
-@@ -609,6 +612,15 @@ replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opi
- 		{
- 			*current_purl = slapi_ch_strdup(r->locking_purl);
- 		}
-+		if (!(r->repl_state_flags & REPLICA_TOTAL_IN_PROGRESS) &&
-+		    replica_get_release_timeout(r))
-+		{
-+			/*
-+			 * We are not doing a total update, so abort the current session
-+			 * so other replicas can acquire this server.
-+			 */
-+			r->abort_session = ABORT_SESSION;
-+		}
- 	}
- 	else
- 	{
-@@ -617,14 +629,17 @@ replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opi
- 						connid, opid,
- 						slapi_sdn_get_dn(r->repl_root));
- 		r->repl_state_flags |= REPLICA_IN_USE;
-+		r->abort_session = SESSION_ACQUIRED;
- 		if (isInc && *isInc) 
- 		{
- 			r->repl_state_flags |= REPLICA_INCREMENTAL_IN_PROGRESS;
- 		}
- 		else
- 		{ 
--			/* if connid or opid != 0, it's a total update */
--			/* Both set to 0 means we're disabling replication */
-+			/*
-+			 * If connid or opid != 0, it's a total update.
-+			 * Both set to 0 means we're disabling replication
-+			 */
- 			if (connid || opid)
- 			{
- 				r->repl_state_flags |= REPLICA_TOTAL_IN_PROGRESS;
-@@ -652,13 +667,13 @@ replica_relinquish_exclusive_access(Replica *r, PRUint64 connid, int opid)
- 	/* check to see if the replica is in use and log a warning if not */
- 	if (!(r->repl_state_flags & REPLICA_IN_USE))
- 	{
--        slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, 
-+		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- 					"conn=%" NSPRIu64 " op=%d repl=\"%s\": "
- 					"Replica not in use\n",
- 					connid, opid,
- 					slapi_sdn_get_dn(r->repl_root));
- 	} else {
--		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, 
-+		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- 					"conn=%" NSPRIu64 " op=%d repl=\"%s\": "
- 					"Released replica held by locking_purl=%s\n",
- 					connid, opid,
-@@ -970,6 +985,24 @@ replica_get_protocol_timeout(Replica *r)
- 	}
- }
- 
-+PRUint64
-+replica_get_release_timeout(Replica *r)
-+{
-+	if(r){
-+		return slapi_counter_get_value(r->release_timeout);
-+	} else {
-+		return 0;
-+	}
-+}
-+
-+void
-+replica_set_release_timeout(Replica *r, PRUint64 limit)
-+{
-+	if(r){
-+		slapi_counter_set_value(r->release_timeout, limit);
-+	}
-+}
-+
- void
- replica_set_protocol_timeout(Replica *r, PRUint64 timeout)
- {
-@@ -977,6 +1010,7 @@ replica_set_protocol_timeout(Replica *r, PRUint64 timeout)
- 		slapi_counter_set_value(r->protocol_timeout, timeout);
- 	}
- }
-+
- void
- replica_set_groupdn_checkinterval(Replica *r, int interval)
- {
-@@ -1064,11 +1098,7 @@ replica_get_legacy_purl (const Replica *r)
-     char *purl;
- 
-     replica_lock(r->repl_lock);
--
--    PR_ASSERT (r->legacy_consumer);
--
-     purl = slapi_ch_strdup(r->legacy_purl);
--
-     replica_unlock(r->repl_lock);
- 
-     return purl;
-@@ -1924,6 +1954,7 @@ _replica_init_from_config (Replica *r, Slapi_Entry *e, char *errortext)
-     int backoff_min;
-     int backoff_max;
-     int ptimeout = 0;
-+    int release_timeout = 0;
-     int rc;
- 
-     PR_ASSERT (r && e);
-@@ -2008,6 +2039,14 @@ _replica_init_from_config (Replica *r, Slapi_Entry *e, char *errortext)
-         slapi_counter_set_value(r->protocol_timeout, ptimeout);
-     }
- 
-+    /* Get the release timeout */
-+    release_timeout = slapi_entry_attr_get_int(e, type_replicaReleaseTimeout);
-+    if(release_timeout <= 0){
-+        slapi_counter_set_value(r->release_timeout, 0);
-+    } else {
-+        slapi_counter_set_value(r->release_timeout, release_timeout);
-+    }
-+
-     /* check for precise tombstone purging */
-     precise_purging = slapi_entry_attr_get_charptr(e, type_replicaPrecisePurge);
-     if(precise_purging){
-@@ -4029,21 +4068,21 @@ replica_disable_replication (Replica *r, Object *r_obj)
- 	ruv_get_first_id_and_purl(repl_ruv, &junkrid, &p_locking_purl);
- 	locking_purl = slapi_ch_strdup(p_locking_purl);
- 	p_locking_purl = NULL;
--	repl_ruv = NULL;	
--    while (!replica_get_exclusive_access(r, &isInc, 0, 0, "replica_disable_replication",
-+	repl_ruv = NULL;
-+	while (!replica_get_exclusive_access(r, &isInc, 0, 0, "replica_disable_replication",
- 										 &current_purl)) {
--        if (!isInc) /* already locked, but not by inc update - break */
--            break;
--        isInc = PR_FALSE;
--        slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+		if (!isInc) /* already locked, but not by inc update - break */
-+			break;
-+		isInc = PR_FALSE;
-+		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- 						"replica_disable_replication: "
- 						"replica %s is already locked by (%s) for incoming "
- 						"incremental update; sleeping 100ms\n",
--                        slapi_sdn_get_ndn (replica_get_root (r)),
-+						slapi_sdn_get_ndn (replica_get_root (r)),
- 						current_purl ? current_purl : "unknown");
- 		slapi_ch_free_string(&current_purl);
--        DS_Sleep(PR_MillisecondsToInterval(100));
--    }
-+		DS_Sleep(PR_MillisecondsToInterval(100));
-+	}
- 
- 	slapi_ch_free_string(&current_purl);
- 	slapi_ch_free_string(&locking_purl);
-@@ -4281,3 +4320,57 @@ replica_decr_agmt_count(Replica *r)
- 		}
- 	}
- }
-+
-+/*
-+ * Add the "Abort Replication Session" control to the pblock
-+ */
-+static void
-+replica_add_session_abort_control(Slapi_PBlock *pb)
-+{
-+	LDAPControl ctrl = {0};
-+	BerElement *ber;
-+	struct berval *bvp;
-+	int rc;
-+
-+	/* Build the BER payload */
-+	if ( (ber = der_alloc()) == NULL ) {
-+		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+			"add_session_abort_control: Failed to create ber\n");
-+		return;
-+	}
-+	rc = ber_printf( ber, "{}");
-+	if (rc != -1) {
-+		rc = ber_flatten( ber, &bvp );
-+	}
-+	ber_free( ber, 1 );
-+	if ( rc == -1 ) {
-+		slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+			"add_session_abort_control: Failed to flatten ber\n");
-+		return;
-+	}
-+
-+	ctrl.ldctl_oid = slapi_ch_strdup( REPL_ABORT_SESSION_OID );
-+	ctrl.ldctl_value = *bvp;
-+	bvp->bv_val = NULL;
-+	ber_bvfree( bvp );
-+	slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, &ctrl);
-+
-+	slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+		"add_session_abort_control: abort control successfully added to result\n");
-+}
-+
-+/*
-+ * Check if we have exceeded the failed replica acquire limit,
-+ * if so, end the replication session.
-+ */
-+void
-+replica_check_release_timeout(Replica *r, Slapi_PBlock *pb)
-+{
-+	replica_lock(r->repl_lock);
-+	if(r->abort_session  == ABORT_SESSION){
-+		/* Need to abort this session (just send the control once) */
-+		replica_add_session_abort_control(pb);
-+		r->abort_session = SESSION_ABORTED;
-+	}
-+	replica_unlock(r->repl_lock);
-+}
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 4d7135c..71b3c92 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -406,6 +406,11 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
-                     if (apply_mods)
-                         replica_set_precise_purging(r, 0);
-                     }
-+                else if (strcasecmp (config_attr, type_replicaReleaseTimeout) == 0 )
-+                {
-+                    if (apply_mods)
-+                        replica_set_release_timeout(r, 0);
-+                    }
-                 else
-                 {
-                     *returncode = LDAP_UNWILLING_TO_PERFORM;
-@@ -592,6 +597,23 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
-                         }
-                     }
-                 }
-+                else if (strcasecmp (config_attr, type_replicaReleaseTimeout) == 0 )
-+                {
-+                    if (apply_mods)
-+                    {
-+                        PRUint64 val = atoll(config_attr_value);
-+
-+                        if(val < 0){
-+                            *returncode = LDAP_UNWILLING_TO_PERFORM;
-+                            PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE,
-+                                    "attribute %s value (%s) is invalid, must be a number zero or greater.\n",
-+                                    config_attr, config_attr_value);
-+                            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext);
-+                            break;
-+                        }
-+                        replica_set_release_timeout(r, val);
-+                    }
-+                }
-                 else
-                 {
-                     *returncode = LDAP_UNWILLING_TO_PERFORM;
-diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c
-index 331f839..8b891fb 100644
---- a/ldap/servers/plugins/replication/repl_globals.c
-+++ b/ldap/servers/plugins/replication/repl_globals.c
-@@ -87,6 +87,7 @@ const char *type_ruvElementUpdatetime = "nsruvReplicaLastModified";
- const char *type_replicaCleanRUV = "nsds5ReplicaCleanRUV";
- const char *type_replicaAbortCleanRUV = "nsds5ReplicaAbortCleanRUV";
- const char *type_replicaProtocolTimeout = "nsds5ReplicaProtocolTimeout";
-+const char *type_replicaReleaseTimeout = "nsds5ReplicaReleaseTimeout";
- const char *type_replicaBackoffMin = "nsds5ReplicaBackoffMin";
- const char *type_replicaBackoffMax = "nsds5ReplicaBackoffMax";
- const char *type_replicaPrecisePurge = "nsds5ReplicaPreciseTombstonePurging";
--- 
-2.4.11
-
diff --git a/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch b/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch
deleted file mode 100644
index cc60631..0000000
--- a/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From f9a4b8153a1b46da5052ffda60723596048b20fb Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 14 Jun 2016 17:19:48 -0400
-Subject: [PATCH 99/99] Ticket 48636 - Fix config validation check
-
-Bug Description: We were previous checking if an unsigfned int was less than zero
-
-Fix Description:  Improve config validation by using long instead of PRUint64
-
-https://fedorahosted.org/389/ticket/48636
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 43d5ac680f7781f95205db94e5ff2958d39b78a4)
-(cherry picked from commit b8239e0da865f33cae930088dd2a746a49f2d32a)
----
- ldap/servers/plugins/replication/repl5_replica_config.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 71b3c92..866a712 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -601,17 +601,20 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
-                 {
-                     if (apply_mods)
-                     {
--                        PRUint64 val = atoll(config_attr_value);
-+                        long val = atol(config_attr_value);
- 
--                        if(val < 0){
-+                        if (val < 0){
-                             *returncode = LDAP_UNWILLING_TO_PERFORM;
--                            PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE,
-+                            PR_snprintf(errortext, SLAPI_DSE_RETURNTEXT_SIZE,
-                                     "attribute %s value (%s) is invalid, must be a number zero or greater.\n",
-                                     config_attr, config_attr_value);
--                            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext);
-+                            slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+                                            "replica_config_modify: %s\n", errortext);
-                             break;
-+                        } else {
-+                            /* Set the timeout */
-+                            replica_set_release_timeout(r, val);
-                         }
--                        replica_set_release_timeout(r, val);
-                     }
-                 }
-                 else
--- 
-2.4.11
-
diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec
index 5adf500..e700853 100644
--- a/SPECS/389-ds-base.spec
+++ b/SPECS/389-ds-base.spec
@@ -13,13 +13,13 @@
 %global use_Socket6 0
 # nunc-stans only builds on x86_64 for now
 %ifarch x86_64
-# To build without nunc-stans, set 0 to use_nunc_stans.
+# To build without nunc-stans, set use_nunc_stans to 0.
 %global use_nunc_stans 1
 %else
 %global use_nunc_stans 0
 %endif 
 
-%global nunc_stans_ver 0.1.5
+%global nunc_stans_ver 0.1.8
 
 # fedora 15 and later uses tmpfiles.d
 # otherwise, comment this out
@@ -33,10 +33,10 @@
 
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
-Version:          1.3.4.0
-Release:          %{?relprefix}33%{?prerel}%{?dist}
+Version:          1.3.5.10
+Release:          %{?relprefix}11%{?prerel}%{?dist}
 License:          GPLv3+
-URL:              http://port389.org/
+URL:              https://port389.org/
 Group:            System Environment/Daemons
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Obsoletes:        %{name}-selinux
@@ -46,7 +46,7 @@ Provides:         ldif2ldbm
 
 BuildRequires:    nspr-devel
 BuildRequires:    nss-devel
-BuildRequires:    svrcore-devel
+BuildRequires:    svrcore-devel >= 4.1.2
 %if %{use_openldap}
 BuildRequires:    openldap-devel
 %else
@@ -74,9 +74,12 @@ BuildRequires:    tcp_wrappers
 # the following is for the pam passthru auth plug-in
 BuildRequires:    pam-devel
 BuildRequires:    systemd-units
+BuildRequires:    systemd-devel
 
 # this is needed for using semanage from our setup scripts
 Requires:         policycoreutils-python
+Requires:         /usr/sbin/semanage
+Requires:         libsemanage-python 
 
 # the following are needed for some of our scripts
 %if %{use_openldap}
@@ -114,114 +117,72 @@ Requires(postun): systemd-units
 # for setup-ds.pl to support ipv6 
 %if %{use_Socket6}
 Requires:         perl-Socket6
-%else Requires:         perl-Socket
+%else 
+Requires:         perl-Socket
 %endif
 Requires:         perl-NetAddr-IP
+Requires:         systemd-libs
+Requires:         svrcore >= 4.1.2
 
-Source0:          http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
+# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+Obsoletes:        %{name} <= 1.3.5.4
+
+Source0:          https://port389.org/binaries/%{name}-%{version}%{?prerel}.tar.bz2
 # 389-ds-git.sh should be used to generate the source tarball from git
 Source1:          %{name}-git.sh
 Source2:          %{name}-devel.README
 Source3:          https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2
-Patch0:           0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
-Patch1:           0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
-Patch2:           0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
-Patch3:           0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
-Patch4:           0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
-Patch5:           0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
-Patch6:           0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch7:           0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
-Patch8:           0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
-Patch9:           0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
-Patch10:          0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
-Patch11:          0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
-Patch12:          0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
-Patch13:          0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
-Patch14:          0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
-Patch15:          0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
-Patch16:          0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
-Patch17:          0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
-Patch18:          0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
-Patch19:          0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
-Patch20:          0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
-Patch21:          0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
-Patch22:          0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
-Patch23:          0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
-Patch24:          0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
-Patch25:          0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
-Patch26:          0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
-Patch27:          0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
-Patch28:          0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
-Patch29:          0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
-Patch30:          0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
-Patch31:          0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
-Patch32:          0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
-Patch33:          0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
-Patch34:          0035-Ticket-48215-update-dbverify-usage.patch
-Patch35:          0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
-Patch36:          0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
-Patch37:          0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
-Patch38:          0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
-Patch39:          0040-Ticket-47931-Fix-coverity-issues.patch
-Patch40:          0041-Ticket-47686-removing-chaining-database-links-trigge.patch
-Patch41:          0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
-Patch42:          0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
-Patch43:          0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
-Patch44:          0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
-Patch45:          0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
-Patch46:          0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
-Patch47:          0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
-Patch48:          0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
-Patch49:          0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
-Patch50:          0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
-Patch51:          0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
-Patch52:          0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
-Patch53:          0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
-Patch54:          0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
-Patch55:          0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
-Patch56:          0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
-Patch57:          0058-Ticket-48266-coverity-issue.patch
-Patch58:          0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
-Patch59:          0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
-Patch60:          0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
-Patch61:          0062-Ticket-48266-coverity-unused-variable-init_retry.patch
-Patch62:          0063-Ticket-48266-Online-init-crashes-consumer.patch
-Patch63:          0064-Ticket-48284-free-entry-when-internal-add-fails.patch
-Patch64:          0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
-Patch65:          0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
-Patch66:          0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch67:          0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
-Patch68:          0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
-Patch69:          0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
-Patch70:          0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch
-Patch71:          0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
-Patch72:          0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch
-Patch73:          0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch
-Patch74:          0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch
-Patch75:          0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
-Patch76:          0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch
-Patch77:          0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
-Patch78:          0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch
-Patch79:          0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch
-Patch80:          0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
-Patch81:          0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
-Patch82:          0083-Ticket-48341-deadlock-on-connection-mutex.patch
-Patch83:          0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
-Patch84:          0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
-Patch85:          0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
-Patch86:          0087-Ticket-48420-change-severity-of-some-messages-relate.patch
-Patch87:          0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
-Patch88:          0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch
-Patch89:          0090-Ticket-48492-heap-corruption-at-schema-replication.patch
-Patch90:          0091-Ticket-48492-heap-corruption-at-schema-replication.patch
-Patch91:          0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
-Patch92:          0093-Ticket-48808-Add-test-case.patch
-Patch93:          0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
-Patch94:          0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch
-Patch95:          0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch
-Patch96:          0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch
-Patch97:          0098-Ticket-48636-Improve-replication-convergence.patch
-Patch98:          0099-Ticket-48636-Fix-config-validation-check.patch
+Patch0:           0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch
+Patch1:           0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch
+Patch2:           0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch
+Patch3:           0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch
+Patch4:           0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch
+Patch5:           0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch
+Patch6:           0006-Ticket-48767-flow-control-in-replication-also-blocks.patch
+Patch7:           0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch
+Patch8:           0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
+Patch9:           0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
+Patch10:          0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch11:          0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch12:          0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch
+Patch13:          0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
+Patch14:          0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
+Patch15:          0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
+Patch16:          0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
+Patch17:          0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch
+Patch18:          0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
+Patch19:          0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
+Patch20:          0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch
+Patch21:          0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch
+Patch22:          0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch
+Patch23:          0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
+Patch24:          0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch
+Patch25:          0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch
+Patch26:          0026-Ticket-48936-Duplicate-collation-entries.patch
+Patch27:          0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch
+Patch28:          0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch29:          0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch30:          0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
+Patch31:          0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch
+Patch32:          0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
+Patch33:          0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch
+Patch34:          0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch
+Patch35:          0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch
+Patch36:          0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch
+Patch37:          0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch
+Patch38:          0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch
+Patch39:          0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch
+Patch40:          0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
+Patch41:          0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
+Patch42:          0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
+Patch43:          0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch
+Patch44:          0044-Ticket-48957-set-proper-update-status-to-replication.patch
+Patch45:          0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch
+Patch46:          0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch
+Patch47:          0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch
+Patch48:          0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch
+Patch49:          0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
+Patch50:          0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch
 
 %description
 389 Directory Server is an LDAPv3 compliant server.  The base package includes
@@ -232,7 +193,7 @@ Summary:          Core libraries for 389 Directory Server
 Group:            System Environment/Daemons
 BuildRequires:    nspr-devel
 BuildRequires:    nss-devel
-BuildRequires:    svrcore-devel
+BuildRequires:    svrcore-devel >= 4.1.2
 %if %{use_openldap}
 BuildRequires:    openldap-devel
 %else
@@ -251,6 +212,7 @@ BuildRequires:    libtalloc-devel
 BuildRequires:    libevent-devel
 BuildRequires:    libtevent-devel
 %endif
+BuildRequires:    systemd-devel
 
 %description      libs
 Core libraries for the 389 Directory Server base package.  These libraries
@@ -264,7 +226,7 @@ Requires:         %{name}-libs = %{version}-%{release}
 Requires:         pkgconfig
 Requires:         nspr-devel
 Requires:         nss-devel
-Requires:         svrcore-devel
+Requires:         svrcore-devel >= 4.1.2
 %if %{use_openldap}
 Requires:         openldap-devel
 %else
@@ -275,10 +237,31 @@ Requires:         libtalloc
 Requires:         libevent
 Requires:         libtevent
 %endif
+Requires:         systemd-libs
 
 %description      devel
 Development Libraries and headers for the 389 Directory Server base package.
 
+%package          snmp
+Summary:          SNMP Agent for 389 Directory Server
+Group:            System Environment/Daemons
+Requires:         %{name} = %{version}-%{release}
+
+# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+Obsoletes:        %{name} <= 1.3.5.4
+
+%description      snmp
+SNMP Agent for the 389 Directory Server base package.
+
+%package          tests
+Summary:          The lib389 Continuous Integration Tests
+Group:            Development/Libraries
+Requires:         python-lib389
+BuildArch:        noarch
+
+%description      tests
+The lib389 CI tests that can be run against the Directory Server.
+
 %prep
 %setup -q -n %{name}-%{version}%{?prerel}
 %if %{use_nunc_stans}
@@ -336,61 +319,13 @@ cp %{SOURCE2} README.devel
 %patch48 -p1
 %patch49 -p1
 %patch50 -p1
-%patch51 -p1
-%patch52 -p1
-%patch53 -p1
-%patch54 -p1
-%patch55 -p1
-%patch56 -p1
-%patch57 -p1
-%patch58 -p1
-%patch59 -p1
-%patch60 -p1
-%patch61 -p1
-%patch62 -p1
-%patch63 -p1
-%patch64 -p1
-%patch65 -p1
-%patch66 -p1
-%patch67 -p1
-%patch68 -p1
-%patch69 -p1
-%patch70 -p1
-%patch71 -p1
-%patch72 -p1
-%patch73 -p1
-%patch74 -p1
-%patch75 -p1
-%patch76 -p1
-%patch77 -p1
-%patch78 -p1
-%patch79 -p1
-%patch80 -p1
-%patch81 -p1
-%patch82 -p1
-%patch83 -p1
-%patch84 -p1
-%patch85 -p1
-%patch86 -p1
-%patch87 -p1
-%patch88 -p1
-%patch89 -p1
-%patch90 -p1
-%patch91 -p1
-%patch92 -p1
-%patch93 -p1
-%patch94 -p1
-%patch95 -p1
-%patch96 -p1
-%patch97 -p1
-%patch98 -p1
 
 %build
 %if %{use_nunc_stans}
 pushd ../nunc-stans-%{nunc_stans_ver}
 %configure --with-fhs --libdir=%{_libdir}/%{pkgname}
 make %{?_smp_mflags}
-mkdir lib
+mkdir -p lib
 cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so
 mkdir -p include/nunc-stans
 cp nunc-stans.h include/nunc-stans/nunc-stans.h
@@ -404,12 +339,14 @@ OPENLDAP_FLAG="--with-openldap"
 # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
 NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
 %if %{use_nunc_stans}
-NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}" 
+NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
 %endif
 %configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
            --with-systemdsystemunitdir=%{_unitdir} \
            --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
-           --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS
+           --with-perldir=/usr/bin \
+           --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
+           --with-systemd
 
 # Generate symbolic info for debuggers
 export XCFLAGS=$RPM_OPT_FLAGS
@@ -422,14 +359,14 @@ make %{?_smp_mflags}
 
 
 %install
-rm -rf $RPM_BUILD_ROOT 
-
 %if %{use_nunc_stans}
 pushd ../nunc-stans-%{nunc_stans_ver}
 make DESTDIR="$RPM_BUILD_ROOT" install
 rm -rf $RPM_BUILD_ROOT%{_includedir} $RPM_BUILD_ROOT%{_datadir} \
     $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/pkgconfig
 popd
+%else
+rm -rf $RPM_BUILD_ROOT
 %endif
 
 make DESTDIR="$RPM_BUILD_ROOT" install
@@ -441,28 +378,31 @@ mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
 # for systemd
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
 
-#remove libtool and static libs
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
+#remove libtool archives and static libs
+find %{buildroot} -type f -name "*.la" -delete
+find %{buildroot} -type f -name "*.a" -delete
 
-# make sure perl scripts have a proper shebang 
+# make sure perl scripts have a proper shebang
 sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl
 
+# Why are we not making this a proper python package?
+pushd ../%{name}-%{version}%{?prerel}
+cp -r dirsrvtests $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}
+find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyc' -delete
+find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyo' -delete
+find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type d -name '__pycache__' -delete
+popd
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
 %post
 output=/dev/null
 output2=/dev/null
-%systemd_post %{pkgname}-snmp.service
 # reload to pick up any changes to systemd files
 /bin/systemctl daemon-reload >$output 2>&1 || :
 # reload to pick up any shared lib changes
 /sbin/ldconfig
-# restart the snmp subagent if needed
-/bin/systemctl try-restart %{pkgname}-snmp.service > $output 2>&1 || :
 # find all instances
 instances="" # instances that require a restart after upgrade
 ninst=0 # number of instances found in total
@@ -470,14 +410,31 @@ if [ -n "$DEBUGPOSTTRANS" ] ; then
    output=$DEBUGPOSTTRANS
    output2=${DEBUGPOSTTRANS}.upgrade
 fi
-echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
-instbase="%{_sysconfdir}/%{pkgname}"
-for dir in $instbase/slapd-* ; do
-    echo dir = $dir >> $output 2>&1 || :
-    if [ ! -d "$dir" ] ; then continue ; fi
-    case "$dir" in *.removed) continue ;; esac
-    basename=`basename $dir`
-    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
+
+has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/passwd` || :
+if [ "$has_dirsrv" = "" ]; then
+  dirsrv_uid=389
+  while [ "`getent passwd | awk -F: '{print $3}' | grep $dirsrv_uid`" != "" ]; do
+    dirsrv_uid=`expr $dirsrv_uid + 1`
+  done
+  echo "User dirsrv does not exist, create it with uid %dirsrv_uid." >> $output 2>&1 || :
+  /usr/sbin/useradd -c "389-ds-base" -u $dirsrv_uid \
+    -s /sbin/nologin -r -d /usr/share/dirsrv dirsrv 2> /dev/null || :
+fi
+has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/group` || :
+if [ "$has_dirsrv" = "" ]; then
+  dirsrv_gid=389
+  while [ "`getent group | grep $dirsrv_gid`" != "" ]; do
+    dirsrv_gid=`expr $dirsrv_gid + 1`
+  done
+  echo "Group dirsrv does not exist, create it with uid %dirsrv_gid." >> $output 2>&1 || :
+  /usr/sbin/groupadd -g $dirsrv_gid -r dirsrv 2> /dev/null || :
+fi
+
+echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
+for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
+    if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
+    inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
     echo found instance $inst - getting status  >> $output 2>&1 || :
     if /bin/systemctl -q is-active $inst ; then
        echo instance $inst is running >> $output 2>&1 || :
@@ -517,8 +474,6 @@ exit 0
 
 %preun
 if [ $1 -eq 0 ]; then # Final removal
-    # Package removal, not upgrade
-    %systemd_preun %{pkgname}-snmp.service %{groupname}
     # remove instance specific service files/links
     rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
 fi
@@ -529,6 +484,15 @@ if [ $1 = 0 ]; then # Final removal
     rm -rf /var/run/%{pkgname}
 fi
 
+%post snmp
+%systemd_post %{pkgname}-snmp.service
+
+%preun snmp
+%systemd_preun %{pkgname}-snmp.service %{groupname}
+
+%postun snmp
+%systemd_postun_with_restart %{pkgname}-snmp.service
+
 %files
 %defattr(-,root,root,-)
 %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
@@ -539,7 +503,6 @@ fi
 %dir %{_sysconfdir}/systemd/system/%{groupname}.wants
 %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
 %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
 %config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
 %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
 %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
@@ -556,12 +519,15 @@ fi
 %ghost %dir %{_localstatedir}/lock/%{pkgname}
 %{_mandir}/man1/*
 %{_mandir}/man8/*
+%exclude %{_sbindir}/ldap-agent*
+%exclude %{_mandir}/man1/ldap-agent.1.gz
 
 %files devel
 %defattr(-,root,root,-)
 %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
 %{_includedir}/%{pkgname}
 %{_libdir}/%{pkgname}/libslapd.so
+%{_libdir}/%{pkgname}/libns-dshttpd.so
 %if %{use_nunc_stans}
 %{_libdir}/%{pkgname}/libnunc-stans.so
 %endif
@@ -572,77 +538,232 @@ fi
 %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
 %dir %{_libdir}/%{pkgname}
 %{_libdir}/%{pkgname}/libslapd.so.*
-%{_libdir}/%{pkgname}/libns-dshttpd.so*
+%{_libdir}/%{pkgname}/libns-dshttpd.so.*
 %if %{use_nunc_stans}
 %{_libdir}/%{pkgname}/libnunc-stans.so.*
 %endif
 
+%files snmp
+%defattr(-,root,root,-)
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
+%{_sbindir}/ldap-agent*
+%{_mandir}/man1/ldap-agent.1.gz
+
+%files tests
+%defattr(-,root,root,-)
+%doc LICENSE LICENSE.GPLv3+
+%{_sysconfdir}/%{pkgname}/dirsrvtests
+
 %changelog
-* Thu Jun 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-33
-- release 1.3.4.0-33
-- Resolves: bug 1351323 - Improve MMR replication convergence (DS 48636)
-- Resolves: bug 1351447 - Supplier can skip a failing update, although it should retry. (DS 47788)
-- Resolves: bug 1350707 - Replication changelog can incorrectly skip over updates (DS 48766)
-
-* Thu Jun  9 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-32
-- release 1.3.4.0-32
-- Resolves: bug 1344293 - At startup DES to AES password conversion causes timeout in start script (DS 48862)
-
-* Thu May 12 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-31
-- release 1.3.4.0-31
-- Resolves: bug 1335423 - heap corruption at schema replication. (DS 48492)
-- Resolves: bug 1335107 - Paged results search returns the blank list of entries (DS 48808)
-
-* Wed Mar 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-30
-- release 1.3.4.0-30
-- Resolves: bug 1321891 - DES to AES password conversion fails if a backend is empty (DS 48777)
-
-* Thu Mar 10 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-29
-- release 1.3.4.0-29
-- Resolves: bug 1316552 - License tag does not match actual license of code (DS 48757)
-
-* Tue Mar  8 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-28
-- release 1.3.4.0-28
-- Resolves: bug 1315181 - change severity of some messages related to "keep alive" entries (DS 48420)
-
-* Fri Feb 19 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-27
-- release 1.3.4.0-27
-- Resolves: bug 1309963 - keep alive entries can break replication (DS 48445)
-- Resolves: bug 1309964 - Crash in slapi_get_object_extension (DS 48536)
-
-* Mon Jan 25 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-26
-- release 1.3.4.0-26
-- Resolves: bug 1299346 - deadlock on connection mutex (DS 48341)
-
-* Thu Jan 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-25
-- release 1.3.4.0-25
-- Resolves: bug 1299757 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS
-
-* Wed Jan 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-24
-- release 1.3.4.0-24
-- Resolves: bug 1298105 - 389-ds hanging after a few minutes of operation (DS 48406)
-
-* Tue Jan  5 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-23
-- release 1.3.4.0-23
-- Resolves: bug 1295684 - many attrlist_replace errors in connection with cleanallruv (DS 48283)
-
-* Fri Dec 11 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-22
-- release 1.3.4.0-22
-- Resolves: bug 1290725 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375)
-- Resolves: bug 1290726 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same modify operation (DS 48370)
-
-* Wed Nov 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-21
-- release 1.3.4.0-21
-- Resolves: bug 1278730 - SimplePagedResults -- abandon could happen between the abandon check and sending results -- Fixing a regression introduced in 1.3.4.0-20 (DS 48338)
-
-* Thu Nov 12 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-20
-- release 1.3.4.0-20
-- Resolves: bug 1278729 - Share nsslapd-threadnumber in the case nunc-stans is enabled (DS 48339)
-- Resolves: bug 1278730 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338)
-- Resolves: bug 1279572 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325)
-- Resolves: bug 1279573 - nunc-stans: Attempt to release connection that is not acquired (DS 48311)
-- Resolves: bug 1280210 - deadlock in mep delete post op (DS 47976)
-- Resolves: bug 1281522 - acl - regression - trailing ', (comma)' in macro matched value is not removed (DS 48344)
+* Tue Sep 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-11
+- Release 1.3.5.10-11
+- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates
+
+* Thu Sep  1 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-10
+- Release 1.3.5.10-10
+- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957)
+- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969)
+
+* Tue Aug 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-9
+- Release 1.3.5.10-9
+- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950)
+- Resolves: bug 1366828 - audit on failure doesn't work if attribute nsslapd-auditlog-logging-enabled is NOT enabled (DS 48958)
+- Resolves: bug 1368520 - Crash in import_wait_for_space_in_fifo() (DS 48960)
+- Resolves: bug 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option
+- Resolves: bug 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password (DS 48967)
+- Resolves: bug 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends (DS 48964)
+- Resolves: bug 1369425 - ACI behaves erratically (DS 48972)
+- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957)
+- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969)
+- Resolves: bug 1371283 - Server Side Sorting crashes the server. (DS 48970)
+- Resolves: bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password (DS 48975)
+
+* Thu Aug 18 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-8
+- Release 1.3.5.10-8
+- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48954)
+- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950)
+- Resolves: bug 1366561 - ns-accountstatus.pl giving error even "No such object (32)" (DS 48956)
+
+* Mon Aug  8 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-7
+- Release 1.3.5.10-7
+- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
+- Resolves: bug 1360976 - fixing a compiler warning
+
+* Thu Aug  4 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-6
+- Release 1.3.5.10-6
+- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48928)
+- Resolves: bug 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd (DS 48939)
+- Resolves: bug 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified (DS 48934)
+- Resolves: bug 1349815 - DS logs have warning:ancestorid not indexed for all CS subsystems (DS 48940)
+- Resolves: bug 1329061 - 389-ds-base-1.3.4.0-29.el7_2 "hang" (DS 48882)
+- Resolves: bug 1360976 - EMBARGOED CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack
+- Resolves: bug 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password (DS 48943) 
+- Resolves: bug 1361321 - Duplicate collation entries (DS 48936)
+- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
+- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat
+
+* Thu Jul 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-5
+- Release 1.3.5.10-5
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919)
+
+* Thu Jul 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-4
+- Release 1.3.5.10-4
+- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919)
+- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat
+- Resolves: bug 1354660 - flow control in replication also blocks receiving results (DS 48767)
+- Resolves: bug 1356261 - Fixup tombstone task needs to set proper flag when updating (DS 48924)
+- Resolves: bug 1355760 - ns-slapd crashes during the deletion of backend (DS 48922)
+- Resolves: bug 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup (DS 48916)
+- Resolves: bug 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280 (DS 48925)
+
+* Mon Jul 11 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-3
+- Release 1.3.5.10-3
+- Resolves: bug 1354374 - Fixing the tarball version in the sources file.
+
+* Mon Jul 11 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-2
+- Release 1.3.5.10-2
+- Resolves: bug 1353714 - If a cipher is disabled do not attempt to look it up (DS 48743)
+- Resolves: bug 1353592 - Setup-ds.pl --update fails - regression (DS 48755)
+- Resolves: bug 1353544 - db2bak.pl task enters infinitive loop when bak fs is almost full (DS 48914)
+- Resolves: bug 1354374 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp (DS 48918)
+
+* Wed Jun 29 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-1
+- Release 1.3.5.10-1
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48905)
+
+* Wed Jun 29 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.9-1
+- Release 1.3.5.9-1
+- Resolves: bug 1349571 - Improve MMR replication convergence (DS 48636)
+- Resolves: bug 1304682 - "stale" automember rule (associated to a removed group) causes discrepancies in the database (DS 48637)
+- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755)
+- Resolves: bug 1316731 - syncrepl search returning error 329; plugin sending a bad error code (DS 48904)
+- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule  (DS 48891)
+- Resolves: bug 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. (DS 48899)
+- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT (DS 48898)
+- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538)
+- Resolves: bug 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack. (DS 48902)
+
+* Tue Jun 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.8-1
+- Release 1.3.5.8-1
+- Resolves: bug 1290101 - proxyauth support does not work when bound as directory  manager (DS 48366)
+
+* Tue Jun 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.7-1
+- Release 1.3.5.7-1
+- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109)
+- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449)
+- Resolves: bug 1290101 - proxyauth support does not work when bound as directory  manager (DS 48366)
+- Resolves: bug 1338872 - Wrong result code display in audit-failure log (DS 48892)
+- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538)
+- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule  (DS 48891)
+- Resolves: bug 1347407 - By default aci can be read by anonymous (DS 48354)
+- Resolves: bug 1347412 - cn=SNMP,cn=config entry can be read by anonymous (DS 48893)
+
+* Tue Jun 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.6-1
+- Release 1.3.5.6-1
+- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982)
+- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48766, DS 48636)
+- Resolves: bug 1233926 - "matching rules" in ACI's "bind rules not fully evaluated (DS 48234)
+- Resolves: bug 1346165 - 389-ds-base-1.3.5.5-1.el7.x86_64 requires policycoreutils-py 
+
+* Mon Jun 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.5-1
+- Release 1.3.5.5-1
+- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 48833)
+- Resolves: bug 1344414 - [RFE] adding pre/post extop ability (DS 48880)
+- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449)
+- Resolves: bug 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel (DS 48404)
+- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755)
+- Resolves: bug 1342609 - At startup DES to AES password conversion causes timeout in start script (DS 48862)
+- Resolves: bug 1316328 - search returns no entry when OR filter component contains non readable attribute (DS 48275)
+- Resolves: bug 1280456 - setup-ds should detect if port is already defined (DS 48336)
+- Resolves: bug 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured (DS 48747)
+- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48752)
+- Resolves: bug 1340307 - Running db2index with no options breaks replication (DS 48854)
+- Resolves: bug 1337195 - Regression introduced in matching rules by DS 48746 (DS 48844)
+- Resolves: bug 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations (DS 48834)
+- Resolves: bug 1316741 - ldctl should support -H with ldap uris (DS 48754)
+
+* Wed May 18 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.4-1
+- release 1.3.5.4-1
+- Resolves: bug 1334455 - db2ldif is not taking into account multiple suffixes or backends (DS 48828)
+- Resolves: bug 1241563 - The "repl-monitor" web page does not display "year" in date. (DS 48220)
+- Resolves: bug 1335618 - Server ram sanity checks work in isolation (DS 48617)
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48837)
+
+* Sat May  7 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.3-1
+- release 1.3.5.3-1
+- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
+- Resolves: bug 1332533 - ns-accountstatus.pl gives error message on execution along with results. (DS 48815)
+- Resolves: bug 1332709 - password history is not updated when an admin resets the password (DS 48813)
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48822)
+- Resolves: bug 1333515 - Enable DS to offer weaker DH params in NSS  (DS 48798)
+
+* Tue May  3 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.2-1
+- release 1.3.5.2-1
+- Resolves: bug 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3 
+- Resolves: bug 1288229 - many attrlist_replace errors in connection with cleanallruv (DS 48283)
+- Resolves: bug 1315893 - License tag does not match actual license of code (DS 48757)
+- Resolves: bug 1320715 - DES to AES password conversion fails if a backend is empty (DS 48777)
+- Resolves: bug 190862  - [RFE] Default password syntax settings don't work with fine-grained policies (DS 142)
+- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 548)
+- Resolves: bug 1143066 - The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid (DS 48285)
+- Resolves: bug 1153758 - [RFE] Support SASL/GSSAPI when ns-slapd is behind a load-balancer (DS 48332)
+- Resolves: bug 1160902 - search, matching rules and filter error "unsupported type 0xA9" (DS 48016)
+- Resolves: bug 1186512 - High memory fragmentation observed in ns-slapd; OOM-Killer invoked (DS 48377, 48129)
+- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109)
+- Resolves: bug 1209094 - [RFE] Allow logging of rejected changes (DS 48145, 48280)
+- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
+- Resolves: bug 1210842 - [RFE] Add PIDFile option to systemd service file (DS 47951)
+- Resolves: bug 1223510 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb (DS 48326)
+- Resolves: bug 1229799 - ldclt-bin killed by SIGSEGV (DS 48289)
+- Resolves: bug 1249908 - No validation check for the value for nsslapd-db-locks. (DS 48244)
+- Resolves: bug 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers (DS 48290)
+- Resolves: bug 1255557 - db2index creates index entry from deleted records (DS 48252)
+- Resolves: bug 1258610 - total update request must not be lost (DS 48255)
+- Resolves: bug 1258611 - dna plugin needs to handle binddn groups for authorization (DS 48258)
+- Resolves: bug 1259624 - [RFE] Provide a utility to detect accounts locked due to inactivity (DS 48269)
+- Resolves: bug 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute (DS 48267)
+- Resolves: bug 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links (DS 48295)
+- Resolves: bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation (DS 48294)
+- Resolves: bug 1267750 - pagedresults - when timed out, search results could have been already freed. (DS 48299)
+- Resolves: bug 1269378 - ds-logpipe.py with wrong arguments - python exception in the output (DS 48302)
+- Resolves: bug 1271330 - nunc-stans: Attempt to release connection that is not acquired (DS 48311)
+- Resolves: bug 1272677 - nunc stans: ns-slapd killed by SIGTERM
+- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT
+- Resolves: bug 1273142 - crash in Managed Entry plugin (DS 48312)
+- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982)
+- Resolves: bug 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock (DS 47978)
+- Resolves: bug 1273555 - deadlock in mep delete post op (DS 47976)
+- Resolves: bug 1273584 - lower password history minimum to 1 (DS 48394)
+- Resolves: bug 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts (DS 47840)
+- Resolves: bug 1276072 - [RFE] Allow RHDS to be setup using a DNS CNAME alias for General.FullMachineName (DS 48328)
+- Resolves: bug 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338)
+- Resolves: bug 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. (DS 48339)
+- Resolves: bug 1278755 - deadlock on connection mutex (DS 48341)
+- Resolves: bug 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325)
+- Resolves: bug 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed. (DS 48344)
+- Resolves: bug 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes (DS 48363)
+- Resolves: bug 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart (DS 48362)
+- Resolves: bug 1290242 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375)
+- Resolves: bug 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation (DS 48370)
+- Resolves: bug 1295947 - 389-ds hanging after a few minutes of operation (DS 48406, revert 48338)
+- Resolves: bug 1296310 - ldclt - segmentation fault error while binding (DS 48400)
+- Resolves: bug 1299758 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS [rhel-7.3]
+- Resolves: bug 1301097 - logconv.pl displays negative operation speeds (DS 48446)
+- Resolves: bug 1302823 - Crash in slapi_get_object_extension (DS 48536)
+- Resolves: bug 1303641 - heap corruption at schema replication. (DS 48492)
+- Resolves: bug 1307151 - keep alive entries can break replication (DS 48445)
+- Resolves: bug 1310848 - Supplier can skip a failing update, although it should retry. (DS 47788)
+- Resolves: bug 1314557 - change severity of some messages related to "keep alive" enties (DS 48420)
+- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
+- Resolves: bug 1316742 - no plugin calls in tombstone purging (DS 48759)
+- Resolves: bug 1319329 - [RFE] add nsslapd-auditlog-logging-enabled: off to template-dse.ldif (DS 48145)
+- Resolves: bug 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. (DS 48775)
+- Resolves: bug 1326520 - db2index uses a buffer size derived from dbcachesize (DS 48383)
+- Resolves: bug 1328936 - objectclass values could be dropped on the consumer (DS 48799)
+- Resolves: bug 1287475 - [RFE] response control for password age should be sent by default by RHDS (DS 48369)
+- Resolves: bug 1331343 - Paged results search returns the blank list of entries (DS 48808)
 
 * Mon Oct  5 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-19
 - release 1.3.4.0-19