diff --git a/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch
new file mode 100644
index 0000000..3ed408d
--- /dev/null
+++ b/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch
@@ -0,0 +1,103 @@
+From ce824731f4839f7812109b8c04ce704a56eeca4b Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 10 Feb 2016 11:36:32 -0800
+Subject: [PATCH 90/93] Ticket #48492 - heap corruption at schema replication.
+
+Description: 389-ds-base-1.3.2 and newer uses openldap schema parser,
+which is more strict with the definition.  For instance, the older
+389-ds-base could have a schema such as SINTAX OID in single quotes,
+which is not acceptable on the newer version.  There was a bug to
+handle the error case that caused a crash.
+
+This patch adds
+1) the null reference check to attr_syntax_free (attrsyntax.c),
+2) a null init to the output arg in parse_at_str and parse_oc_str
+   (schema.c) and
+3) an error logging to schema_berval_to_atlist & schema_berval_to_oclist
+   (schema.c) for troubleshooting.
+
+https://fedorahosted.org/389/ticket/48492
+
+Reviewed by wibrown@redhat.com and mreynolds@redhat.com (Thank you, William and Mark!)
+
+(cherry picked from commit b5bfa2a0386e168ce2196a077169382ae53a94b4)
+(cherry picked from commit 9bd53c297683e691fef174bf1aed6842f475fb9f)
+---
+ ldap/servers/slapd/attrsyntax.c |  3 +++
+ ldap/servers/slapd/schema.c     | 16 +++++++++++++++-
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
+index 4cdcf86..8b2a77a 100644
+--- a/ldap/servers/slapd/attrsyntax.c
++++ b/ldap/servers/slapd/attrsyntax.c
+@@ -189,6 +189,9 @@ attr_syntax_check_oids()
+ void
+ attr_syntax_free( struct asyntaxinfo *a )
+ {
++	if (!a) {
++		return;
++	}
+ 	cool_charray_free( a->asi_aliases );
+ 	slapi_ch_free_string(&a->asi_name );
+ 	slapi_ch_free_string(&a->asi_desc );
+diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
+index 65cbad5..dd56599 100644
+--- a/ldap/servers/slapd/schema.c
++++ b/ldap/servers/slapd/schema.c
+@@ -263,6 +263,9 @@ static PRCallOnceType schema_dse_mandatory_init_callonce = { 0, 0, 0 };
+ static int parse_at_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, size_t errorbufsize,
+         PRUint32 schema_flags, int is_user_defined, int schema_ds4x_compat, int is_remote)
+ {
++    if (asipp) {
++        *asipp = NULL;
++    }
+ #ifdef USE_OPENLDAP
+     return parse_attr_str(input, asipp, errorbuf, errorbufsize, schema_flags, is_user_defined,schema_ds4x_compat,is_remote);
+ #else
+@@ -274,6 +277,9 @@ static int parse_oc_str(const char *input, struct objclass **oc, char *errorbuf,
+ 		size_t errorbufsize, PRUint32 schema_flags, int is_user_defined,
+ 		int schema_ds4x_compat, struct objclass* private_schema )
+ {
++    if (oc) {
++        *oc = NULL;
++    }
+ #ifdef USE_OPENLDAP
+     return parse_objclass_str (input, oc, errorbuf, errorbufsize, schema_flags, is_user_defined, schema_ds4x_compat, private_schema );
+ #else
+@@ -7146,11 +7152,15 @@ schema_berval_to_oclist(struct berval **oc_berval)
+         oc_list = NULL;
+         oc_tail = NULL;
+         if (oc_berval != NULL) {
++                errorbuf[0] = '\0';
+                 for (i = 0; oc_berval[i] != NULL; i++) {
+                         /* parse the objectclass value */
+                         if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
+                                 errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
+                                 schema_ds4x_compat, oc_list))) {
++                                slapi_log_error(SLAPI_LOG_FATAL, "schema",
++                                                "parse_oc_str returned error: %s\n",
++                                                errorbuf[0]?errorbuf:"unknown");
+                                 oc_free(&oc);
+                                 rc = 1;
+                                 break;
+@@ -7184,11 +7194,15 @@ schema_berval_to_atlist(struct berval **at_berval)
+     schema_ds4x_compat = config_get_ds4_compatible_schema();
+ 
+     if (at_berval != NULL) {
++        errorbuf[0] = '\0';
+         for (i = 0; at_berval[i] != NULL; i++) {
+             /* parse the objectclass value */
+             rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
+                     DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
+-            if(rc){
++            if (rc) {
++                slapi_log_error(SLAPI_LOG_FATAL, "schema",
++                                "parse_oc_str returned error: %s\n",
++                                errorbuf[0]?errorbuf:"unknown");
+                 attr_syntax_free(at);
+                 break;
+             }
+-- 
+2.4.11
+
diff --git a/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch
new file mode 100644
index 0000000..d70e6b0
--- /dev/null
+++ b/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch
@@ -0,0 +1,218 @@
+From bc3328ebbe1b8279f77ad1020bce9fb638d4c94c Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Fri, 8 Apr 2016 14:17:12 -0700
+Subject: [PATCH 91/93] Ticket #48492 - heap corruption at schema replication.
+
+Bug Description: If nsslapd-enquote-sup-oc is on, the server is supposed to
+handle the quoted SYNTAX values although the spec is deprecated.  Currently,
+if nsslapd-enquote-sup-oc is on, it wraps SYNTAX values with quotes, but the
+information is not passed to the openldap schema parser where the parsing the
+schema fails.
+
+Fix Description: This patch passes the info (flag LDAP_SCHEMA_ALLOW_QUOTED)
+to the openldap API ldap_str2attributetype if nsslapd-enquote-sup-oc is on.
+
+Additionally, to support the old style quoted SYNTAX values in the schema
+files, loading the schema has to get the enquote information prior to the
+configuration parameters evaluated.  To pass the information, this patch
+accepts the environment variable LDAP_SCHEMA_ALLOW_QUOTED. If it is defined
+with any value, old style schema files are processed.
+
+To set the environment variable, add
+    LDAP_SCHEMA_ALLOW_QUOTED="on"
+to /etc/sysconfig/dirsrv-INSTANCE.
+
+https://fedorahosted.org/389/ticket/48492
+
+Reviewed by firstyear@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 955dc66d42511c2cc8d6ff18cf030508f6da2770)
+(cherry picked from commit 7927e4420fb185ae328d56cfd4741583ae1f667b)
+---
+ ldap/servers/slapd/schema.c | 66 ++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 51 insertions(+), 15 deletions(-)
+
+diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
+index dd56599..806c38d 100644
+--- a/ldap/servers/slapd/schema.c
++++ b/ldap/servers/slapd/schema.c
+@@ -1638,6 +1638,16 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
+ 	}
+ 
+ 	if ( !aew->schema_ds4x_compat ) {
++#if defined (USE_OPENLDAP)
++		/* 
++		 * These values in quotes are not supported by the openldap parser.
++		 * Even if nsslapd-enquote-sup-oc is on, quotes should not be added.
++		 */
++		outp += put_tagged_oid( outp, "SUP ", asip->asi_superior, NULL, 0 );
++		outp += put_tagged_oid( outp, "EQUALITY ", asip->asi_mr_equality, NULL, 0 );
++		outp += put_tagged_oid( outp, "ORDERING ", asip->asi_mr_ordering, NULL, 0 );
++		outp += put_tagged_oid( outp, "SUBSTR ", asip->asi_mr_substring, NULL, 0 );
++#else
+ 		outp += put_tagged_oid( outp, "SUP ",
+ 				asip->asi_superior, NULL, aew->enquote_sup_oc );
+ 		outp += put_tagged_oid( outp, "EQUALITY ",
+@@ -1646,6 +1656,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
+ 				asip->asi_mr_ordering, NULL, aew->enquote_sup_oc );
+ 		outp += put_tagged_oid( outp, "SUBSTR ",
+ 				asip->asi_mr_substring, NULL, aew->enquote_sup_oc );
++#endif
+ 	}
+ 
+ 	outp += put_tagged_oid( outp, "SYNTAX ", syntaxoid, syntaxlengthbuf,
+@@ -4105,7 +4116,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
+     char **attr_names = NULL;
+     unsigned long flags = SLAPI_ATTR_FLAG_OVERRIDE;
+     /* If we ever accept openldap schema directly, then make parser_flags configurable */
+-    const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
++    unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
+     int invalid_syntax_error;
+     int syntaxlength = SLAPI_SYNTAXLENGTH_NONE;
+     int num_names = 0;
+@@ -4113,6 +4124,17 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
+     int rc = 0;
+     int a, aa;
+ 
++    if (config_get_enquote_sup_oc()) {
++        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
++    } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
++        char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
++        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
++        if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
++            slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
++                            CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
++        }
++    }
++
+     /*
+      *      OpenLDAP AttributeType struct
+      *
+@@ -4159,7 +4181,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
+         /* trim any leading spaces */
+         input++;
+     }
+-    if((atype = ldap_str2attributetype(input, &rc, &errp, parser_flags )) == NULL){
++    if((atype = ldap_str2attributetype(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
+         schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at, input,
+                                "Failed to parse attribute, error(%d - %s) at (%s)", rc, ldap_scherr2str(rc), errp );
+         return invalid_syntax_error;
+@@ -4478,12 +4500,23 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
+     char **OrigRequiredAttrsArray, **OrigAllowedAttrsArray;
+     char *first_oc_name = NULL;
+     /* If we ever accept openldap schema directly, then make parser_flags configurable */
+-    const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
++    unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
+     PRUint8 flags = 0;
+     int invalid_syntax_error;
+     int i, j;
+     int rc = 0;
+ 
++    if (config_get_enquote_sup_oc()) {
++        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
++    } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
++        char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
++        parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
++        if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
++            slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
++                            CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
++        }
++    }
++
+     /*
+      *     openLDAP Objectclass struct
+      *
+@@ -4521,10 +4554,10 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
+      *  Parse the input and create the openLdap objectclass structure
+      */
+     while(isspace(*input)){
+-    	/* trim any leading spaces */
++        /* trim any leading spaces */
+         input++;
+     }
+-    if((objClass = ldap_str2objectclass(input, &rc, &errp, parser_flags )) == NULL){
++    if((objClass = ldap_str2objectclass(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
+         schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc, input,
+                                "Failed to parse objectclass, error(%d) at (%s)", rc, errp );
+         return invalid_syntax_error;
+@@ -5592,7 +5625,7 @@ get_tagged_oid( const char *tag, const char **inputp,
+ 	PR_ASSERT( NULL != *inputp );
+ 	PR_ASSERT( NULL != tag );
+ 	PR_ASSERT( '\0' != tag[ 0 ] );
+-       	if('(' !=tag[0]) 
++	if('(' !=tag[0]) 
+ 	  PR_ASSERT((' ' == tag[ strlen( tag ) - 1 ]) || ('(' == tag[ strlen( tag ) - 1 ]));
+ 
+ 	if ( NULL == strstr_fn ) {
+@@ -5611,8 +5644,8 @@ get_tagged_oid( const char *tag, const char **inputp,
+ 		/* skip past the leading single quote, if present */
+ 		if ( *startp == '\'' ) {
+ 			++startp;
+-                        /* skip past any extra white space */
+-                        startp = skipWS( startp );
++			/* skip past any extra white space */
++			startp = skipWS( startp );
+ 		}
+ 
+ 		/* locate the end of the OID */
+@@ -7155,6 +7188,7 @@ schema_berval_to_oclist(struct berval **oc_berval)
+                 errorbuf[0] = '\0';
+                 for (i = 0; oc_berval[i] != NULL; i++) {
+                         /* parse the objectclass value */
++                        oc = NULL;
+                         if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
+                                 errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
+                                 schema_ds4x_compat, oc_list))) {
+@@ -7197,12 +7231,13 @@ schema_berval_to_atlist(struct berval **at_berval)
+         errorbuf[0] = '\0';
+         for (i = 0; at_berval[i] != NULL; i++) {
+             /* parse the objectclass value */
++            at = NULL;
+             rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
+                     DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
+             if (rc) {
+                 slapi_log_error(SLAPI_LOG_FATAL, "schema",
+-                                "parse_oc_str returned error: %s\n",
+-                                errorbuf[0]?errorbuf:"unknown");
++                                "schema_berval_to_atlist: parse_at_str(%s) failed - %s\n",
++                                at_berval[i]->bv_val, errorbuf[0]?errorbuf:"unknown");
+                 attr_syntax_free(at);
+                 break;
+             }
+@@ -7217,6 +7252,7 @@ schema_berval_to_atlist(struct berval **at_berval)
+     }
+     if (rc) {
+         schema_atlist_free(head);
++        head = NULL;
+     }
+ 
+     return head;
+@@ -7319,12 +7355,12 @@ schema_attributetypes_superset_check(struct berval **remote_schema, char *type)
+ static void
+ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
+ {
+-        Slapi_PBlock *newpb;
++	Slapi_PBlock *newpb;
+ 	int op_result;
+-        CSN *schema_csn;
++	CSN *schema_csn;
+         
+-        /* allocate internal mod components: pblock*/
+-        newpb = slapi_pblock_new();
++	/* allocate internal mod components: pblock*/
++	newpb = slapi_pblock_new();
+         
+ 	slapi_modify_internal_set_pb_ext (
+ 			newpb,
+@@ -7333,7 +7369,7 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
+ 			NULL, /* Controls */
+ 			NULL,
+ 			(void *)plugin_get_default_component_id(),
+-			0);	
++			0);
+ 
+ 	/* do modify */
+ 	slapi_modify_internal_pb (newpb);
+-- 
+2.4.11
+
diff --git a/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch b/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
new file mode 100644
index 0000000..37f3621
--- /dev/null
+++ b/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
@@ -0,0 +1,39 @@
+From 39a14eaab84e7eac940d1d707cabc9610ef570c6 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 26 Apr 2016 13:53:02 -0700
+Subject: [PATCH 92/93] Ticket #48808 - Paged results search returns the blank
+ list of entries
+
+Bug Description: When a simple paged results slot in a connection is
+discarded due to an error, e.g., SIZELIMIT_EXCEEDED, the slot was not
+properly cleaned up.  Then, if the slot was reused, the leftover flag
+confused the code and ended up returning the 0 search result.
+
+Fix Description: This patch adds the clean up code when a slot is re-
+used.
+
+https://fedorahosted.org/389/ticket/48808
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 09180b25570696d24c86e3a046fb497c15549c64)
+(cherry picked from commit a8486ab3b364a9ae088d6404d025058b04ac358d)
+---
+ ldap/servers/slapd/pagedresults.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
+index d394dab..52d2158 100644
+--- a/ldap/servers/slapd/pagedresults.c
++++ b/ldap/servers/slapd/pagedresults.c
+@@ -124,6 +124,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
+             prp = conn->c_pagedresults.prl_list;
+             for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
+                 if (!prp->pr_current_be) { /* unused slot; take it */
++                    _pr_cleanup_one_slot(prp);
+                     prp->pr_current_be = be;
+                     *index = i;
+                     break;
+-- 
+2.4.11
+
diff --git a/SOURCES/0093-Ticket-48808-Add-test-case.patch b/SOURCES/0093-Ticket-48808-Add-test-case.patch
new file mode 100644
index 0000000..8c92d51
--- /dev/null
+++ b/SOURCES/0093-Ticket-48808-Add-test-case.patch
@@ -0,0 +1,370 @@
+From fc0ca25b9f143083528cc5f87dc89fe69baf38fd Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <spichugi@redhat.com>
+Date: Thu, 28 Apr 2016 11:49:24 +0200
+Subject: [PATCH 93/93] Ticket 48808 - Add test case
+
+Description: Add test case for paged results search returns the blank
+list of entries issue.
+
+Bug description: After series of actions, paged result search that
+should returns list of entries returns blank list of entries. It is
+hardly reproducible manually, but it is easy to reproduce with python
+automation.
+
+https://fedorahosted.org/389/ticket/48808
+
+Reviewed by: nhosoi and wbrown (Thanks!)
+
+(cherry picked from commit 91f3e592713ea58602412ed773a497583f2ebd6c)
+(cherry picked from commit 99b5048b09e64cea6f8bf5e7d524679960ce0a44)
+---
+ dirsrvtests/tests/tickets/ticket48808_test.py | 337 ++++++++++++++++++++++++++
+ 1 file changed, 337 insertions(+)
+ create mode 100644 dirsrvtests/tests/tickets/ticket48808_test.py
+
+diff --git a/dirsrvtests/tests/tickets/ticket48808_test.py b/dirsrvtests/tests/tickets/ticket48808_test.py
+new file mode 100644
+index 0000000..3dbceac
+--- /dev/null
++++ b/dirsrvtests/tests/tickets/ticket48808_test.py
+@@ -0,0 +1,337 @@
++import time
++import ldap
++import logging
++import pytest
++from random import sample
++from ldap.controls import SimplePagedResultsControl
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++TEST_USER_NAME = 'simplepaged_test'
++TEST_USER_DN = 'uid=%s,%s' % (TEST_USER_NAME, DEFAULT_SUFFIX)
++TEST_USER_PWD = 'simplepaged_test'
++
++
++class TopologyStandalone(object):
++    def __init__(self, standalone):
++        standalone.open()
++        self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++    # Creating standalone instance ...
++    standalone = DirSrv(verbose=False)
++    args_instance[SER_HOST] = HOST_STANDALONE
++    args_instance[SER_PORT] = PORT_STANDALONE
++    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++    args_standalone = args_instance.copy()
++    standalone.allocate(args_standalone)
++    instance_standalone = standalone.exists()
++    if instance_standalone:
++        standalone.delete()
++    standalone.create()
++    standalone.open()
++
++    # Delete each instance in the end
++    def fin():
++        standalone.delete()
++    request.addfinalizer(fin)
++
++    # Clear out the tmp dir
++    standalone.clearTmpDir(__file__)
++
++    return TopologyStandalone(standalone)
++
++
++@pytest.fixture(scope="module")
++def test_user(topology):
++    """User for binding operation"""
++
++    try:
++        topology.standalone.add_s(Entry((TEST_USER_DN, {
++                                        'objectclass': 'top person'.split(),
++                                        'objectclass': 'organizationalPerson',
++                                        'objectclass': 'inetorgperson',
++                                        'cn': TEST_USER_NAME,
++                                        'sn': TEST_USER_NAME,
++                                        'userpassword': TEST_USER_PWD,
++                                        'mail': '%s@redhat.com' % TEST_USER_NAME,
++                                        'uid': TEST_USER_NAME
++                                        })))
++    except ldap.LDAPError as e:
++        log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
++                                                           e.message['desc']))
++        raise e
++
++
++def add_users(topology, users_num):
++    """Add users to the default suffix
++    and return a list of added user DNs.
++    """
++
++    users_list = []
++    log.info('Adding %d users' % users_num)
++    for num in sample(range(1000), users_num):
++        num_ran = int(round(num))
++        USER_NAME = 'test%05d' % num_ran
++        USER_DN = 'uid=%s,%s' % (USER_NAME, DEFAULT_SUFFIX)
++        users_list.append(USER_DN)
++        try:
++            topology.standalone.add_s(Entry((USER_DN, {
++                                             'objectclass': 'top person'.split(),
++                                             'objectclass': 'organizationalPerson',
++                                             'objectclass': 'inetorgperson',
++                                             'cn': USER_NAME,
++                                             'sn': USER_NAME,
++                                             'userpassword': 'pass%s' % num_ran,
++                                             'mail': '%s@redhat.com' % USER_NAME,
++                                             'uid': USER_NAME
++                                              })))
++        except ldap.LDAPError as e:
++            log.error('Failed to add user (%s): error (%s)' % (USER_DN,
++                                                               e.message['desc']))
++            raise e
++    return users_list
++
++
++def del_users(topology, users_list):
++    """Delete users with DNs from given list"""
++
++    log.info('Deleting %d users' % len(users_list))
++    for user_dn in users_list:
++        try:
++            topology.standalone.delete_s(user_dn)
++        except ldap.LDAPError as e:
++            log.error('Failed to delete user (%s): error (%s)' % (user_dn,
++                                                                  e.message['desc']))
++            raise e
++
++
++def change_conf_attr(topology, suffix, attr_name, attr_value):
++    """Change configurational attribute in the given suffix.
++    Funtion returns previous attribute value.
++    """
++
++    try:
++        entries = topology.standalone.search_s(suffix, ldap.SCOPE_BASE,
++                                                'objectclass=top',
++                                                [attr_name])
++        attr_value_bck = entries[0].data.get(attr_name)
++        log.info('Set %s to %s. Previous value - %s. Modified suffix - %s.' % (
++                        attr_name, attr_value, attr_value_bck, suffix))
++        if attr_value is None:
++            topology.standalone.modify_s(suffix, [(ldap.MOD_DELETE,
++                                                        attr_name,
++                                                        attr_value)])
++        else:
++            topology.standalone.modify_s(suffix, [(ldap.MOD_REPLACE,
++                                                        attr_name,
++                                                        attr_value)])
++    except ldap.LDAPError as e:
++           log.error('Failed to change attr value (%s): error (%s)' % (attr_name,
++                                                                       e.message['desc']))
++           raise e
++
++    return attr_value_bck
++
++
++def paged_search(topology, controls, search_flt, searchreq_attrlist):
++    """Search at the DEFAULT_SUFFIX with ldap.SCOPE_SUBTREE
++    using Simple Paged Control(should the first item in the
++    list controls.
++    Return the list with results summarized from all pages
++    """
++
++    pages = 0
++    pctrls = []
++    all_results = []
++    req_ctrl = controls[0]
++    msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
++                                           ldap.SCOPE_SUBTREE,
++                                           search_flt,
++                                           searchreq_attrlist,
++                                           serverctrls=controls)
++    while True:
++        log.info('Getting page %d' % (pages,))
++        rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
++        all_results.extend(rdata)
++        pages += 1
++        pctrls = [
++            c
++            for c in rctrls
++            if c.controlType == SimplePagedResultsControl.controlType
++        ]
++
++        if pctrls:
++            if pctrls[0].cookie:
++                # Copy cookie from response control to request control
++                req_ctrl.cookie = pctrls[0].cookie
++                msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
++                                                       ldap.SCOPE_SUBTREE,
++                                                       search_flt,
++                                                       searchreq_attrlist,
++                                                       serverctrls=controls)
++            else:
++                break # no more pages available
++        else:
++            break
++
++    assert not pctrls[0].cookie
++    return all_results
++
++
++def test_ticket48808(topology, test_user):
++    log.info('Run multiple paging controls on a single connection')
++    users_num = 100
++    page_size = 30
++    users_list = add_users(topology, users_num)
++    search_flt = r'(uid=test*)'
++    searchreq_attrlist = ['dn', 'sn']
++
++    log.info('Set user bind')
++    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++
++    log.info('Create simple paged results control instance')
++    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
++    controls = [req_ctrl]
++
++    for ii in xrange(3):
++        log.info('Iteration %d' % ii)
++        msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
++                                                ldap.SCOPE_SUBTREE,
++                                                search_flt,
++                                                searchreq_attrlist,
++                                                serverctrls=controls)
++        rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
++        pctrls = [
++            c
++            for c in rctrls
++            if c.controlType == SimplePagedResultsControl.controlType
++        ]
++
++        req_ctrl.cookie = pctrls[0].cookie
++        msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
++                                                ldap.SCOPE_SUBTREE,
++                                                search_flt,
++                                                searchreq_attrlist,
++                                                serverctrls=controls)
++    log.info('Set Directory Manager bind back')
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++    del_users(topology, users_list)
++
++    log.info('Abandon the search')
++    users_num = 10
++    page_size = 0
++    users_list = add_users(topology, users_num)
++    search_flt = r'(uid=test*)'
++    searchreq_attrlist = ['dn', 'sn']
++
++    log.info('Set user bind')
++    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++
++    log.info('Create simple paged results control instance')
++    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
++    controls = [req_ctrl]
++
++    msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
++                                           ldap.SCOPE_SUBTREE,
++                                           search_flt,
++                                           searchreq_attrlist,
++                                           serverctrls=controls)
++    rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
++    pctrls = [
++        c
++        for c in rctrls
++        if c.controlType == SimplePagedResultsControl.controlType
++    ]
++    assert not pctrls[0].cookie
++
++    log.info('Set Directory Manager bind back')
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++    del_users(topology, users_list)
++
++    log.info("Search should fail with 'nsPagedSizeLimit = 5'"
++             "and 'nsslapd-pagedsizelimit = 15' with 10 users")
++    conf_attr = '15'
++    user_attr = '5'
++    expected_rs = ldap.SIZELIMIT_EXCEEDED
++    users_num = 10
++    page_size = 10
++    users_list = add_users(topology, users_num)
++    search_flt = r'(uid=test*)'
++    searchreq_attrlist = ['dn', 'sn']
++    conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
++                                        'nsslapd-pagedsizelimit', conf_attr)
++    user_attr_bck = change_conf_attr(topology, TEST_USER_DN,
++                                        'nsPagedSizeLimit', user_attr)
++
++    log.info('Set user bind')
++    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++
++    log.info('Create simple paged results control instance')
++    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
++    controls = [req_ctrl]
++
++    log.info('Expect to fail with SIZELIMIT_EXCEEDED')
++    with pytest.raises(expected_rs):
++        all_results = paged_search(topology, controls,
++                                   search_flt, searchreq_attrlist)
++
++    log.info('Set Directory Manager bind back')
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++    del_users(topology, users_list)
++    change_conf_attr(topology, DN_CONFIG,
++                     'nsslapd-pagedsizelimit', conf_attr_bck)
++    change_conf_attr(topology, TEST_USER_DN,
++                     'nsPagedSizeLimit', user_attr_bck)
++
++    log.info("Search should pass with 'nsPagedSizeLimit = 15'"
++             "and 'nsslapd-pagedsizelimit = 5' with 10 users")
++    conf_attr = '5'
++    user_attr = '15'
++    users_num = 10
++    page_size = 10
++    users_list = add_users(topology, users_num)
++    search_flt = r'(uid=test*)'
++    searchreq_attrlist = ['dn', 'sn']
++    conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
++                                    'nsslapd-pagedsizelimit', conf_attr)
++    user_attr_bck = change_conf_attr(topology, TEST_USER_DN,
++                                    'nsPagedSizeLimit', user_attr)
++
++    log.info('Set user bind')
++    topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++
++    log.info('Create simple paged results control instance')
++    req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
++    controls = [req_ctrl]
++
++    log.info('Search should PASS')
++    all_results = paged_search(topology, controls,
++                               search_flt, searchreq_attrlist)
++    log.info('%d results' % len(all_results))
++    assert len(all_results) == len(users_list)
++
++    log.info('Set Directory Manager bind back')
++    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++    del_users(topology, users_list)
++    change_conf_attr(topology, DN_CONFIG,
++                    'nsslapd-pagedsizelimit', conf_attr_bck)
++    change_conf_attr(topology, TEST_USER_DN,
++                    'nsPagedSizeLimit', user_attr_bck)
++
++
++if __name__ == '__main__':
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
+-- 
+2.4.11
+
diff --git a/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch b/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
new file mode 100644
index 0000000..8f1ea00
--- /dev/null
+++ b/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
@@ -0,0 +1,936 @@
+From 72562d03b0f758902e0ee858fd43d5bcfbef379b Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 7 Jun 2016 10:02:42 -0400
+Subject: [PATCH] Ticket 48862 - At startup DES to AES password conversion
+ causes timeout in start script
+
+Bug Description:  At server start all the backends are searches for entries that contain
+                  DES password attributes as defined in the plugin.  These are typically
+                  unindexed searches, and if there is a very large backend this can cause
+                  the server startup to timeout.
+
+Fix Description:  At startup only check "cn=config" for entries with DES password attributes.
+                  A new "conversion" task has been created that can be run after startup
+                  to search all backends(if a suffix is not specified), or specific backends.
+
+                      dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config
+                      objectclass: top
+                      objectclass: extensibleObject
+                      suffix: dc=example,dc=com
+                      suffix: dc=other,dc=suffix
+
+                  Another bug was discovered in pw_rever_encode() in pw.c where a "for" loop
+                  counter was accidentially reused by a second "for" loop.  This could lead
+                  to an infinite loop/hang.
+
+                  Updated the CI test to perform the conversion task.
+
+https://fedorahosted.org/389/ticket/48862
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 11f55f3dd2a2c44ddf7b5be54273401add13b1bc)
+(cherry picked from commit c0ad918939c40779e463b71c41ab106e7ee890e2)
+---
+ dirsrvtests/tickets/ticket47462_test.py | 133 ++++++++----
+ ldap/servers/slapd/daemon.c             | 195 +++++-------------
+ ldap/servers/slapd/pw.c                 |   4 +-
+ ldap/servers/slapd/task.c               | 346 +++++++++++++++++++++++++++++++-
+ 4 files changed, 493 insertions(+), 185 deletions(-)
+
+diff --git a/dirsrvtests/tickets/ticket47462_test.py b/dirsrvtests/tickets/ticket47462_test.py
+index 17854fa..2d2c507 100644
+--- a/dirsrvtests/tickets/ticket47462_test.py
++++ b/dirsrvtests/tickets/ticket47462_test.py
+@@ -32,6 +32,7 @@ AGMT_DN = ''
+ USER_DN = 'cn=test_user,' + DEFAULT_SUFFIX
+ USER1_DN = 'cn=test_user1,' + DEFAULT_SUFFIX
+ TEST_REPL_DN = 'cn=test repl,' + DEFAULT_SUFFIX
++DES2AES_TASK_DN = 'cn=convert,cn=des2aes,cn=tasks,cn=config'
+ 
+ 
+ class TopologyMaster1Master2(object):
+@@ -134,6 +135,11 @@ def topology(request):
+     # clear the tmp directory
+     master1.clearTmpDir(__file__)
+ 
++    def fin():
++        master1.delete()
++        master2.delete()
++    request.addfinalizer(fin)
++
+     return TopologyMaster1Master2(master1, master2)
+ 
+ 
+@@ -144,11 +150,9 @@ def test_ticket47462(topology):
+     """
+ 
+     #
+-    # First set config as if it's an older version.  Set DES to use libdes-plugin,
+-    # MMR to depend on DES, delete the existing AES plugin, and set a DES password
+-    # for the replication agreement.
+-    #
+-
++    # First set config as if it's an older version.  Set DES to use
++    # libdes-plugin, MMR to depend on DES, delete the existing AES plugin,
++    # and set a DES password for the replication agreement.
+     #
+     # Add an extra attribute to the DES plugin args
+     #
+@@ -168,7 +172,9 @@ def test_ticket47462(topology):
+ 
+     try:
+         topology.master1.modify_s(MMR_PLUGIN,
+-                      [(ldap.MOD_DELETE, 'nsslapd-plugin-depends-on-named', 'AES')])
++                      [(ldap.MOD_DELETE,
++                        'nsslapd-plugin-depends-on-named',
++                        'AES')])
+ 
+     except ldap.NO_SUCH_ATTRIBUTE:
+         pass
+@@ -194,7 +200,8 @@ def test_ticket47462(topology):
+     # Get the agmt dn, and set the password
+     #
+     try:
+-        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'objectclass=nsDS5ReplicationAgreement')
++        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE,
++                                          'objectclass=nsDS5ReplicationAgreement')
+         if entry:
+             agmt_dn = entry[0].dn
+             log.info('Found agmt dn (%s)' % agmt_dn)
+@@ -207,7 +214,8 @@ def test_ticket47462(topology):
+ 
+     try:
+         properties = {RA_BINDPW: "password"}
+-        topology.master1.agreement.setProperties(None, agmt_dn, None, properties)
++        topology.master1.agreement.setProperties(None, agmt_dn, None,
++                                                 properties)
+         log.info('Successfully modified replication agreement')
+     except ValueError:
+         log.error('Failed to update replica agreement: ' + AGMT_DN)
+@@ -220,12 +228,14 @@ def test_ticket47462(topology):
+         topology.master1.add_s(Entry((USER1_DN,
+                                       {'objectclass': "top person".split(),
+                                        'sn': 'sn',
++                                       'description': 'DES value to convert',
+                                        'cn': 'test_user'})))
+         loop = 0
+         ent = None
+         while loop <= 10:
+             try:
+-                ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE, "(objectclass=*)")
++                ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE,
++                                                "(objectclass=*)")
+                 break
+             except ldap.NO_SUCH_OBJECT:
+                 time.sleep(1)
+@@ -250,7 +260,8 @@ def test_ticket47462(topology):
+     # Check that the restart converted existing DES credentials
+     #
+     try:
+-        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'nsDS5ReplicaCredentials=*')
++        entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE,
++                                          'nsDS5ReplicaCredentials=*')
+         if entry:
+             val = entry[0].getValue('nsDS5ReplicaCredentials')
+             if val.startswith('{AES-'):
+@@ -259,22 +270,25 @@ def test_ticket47462(topology):
+                 log.fatal('Failed to convert credentials from DES to AES!')
+                 assert False
+         else:
+-            log.fatal('Failed to find any entries with nsDS5ReplicaCredentials ')
++            log.fatal('Failed to find entries with nsDS5ReplicaCredentials')
+             assert False
+     except ldap.LDAPError, e:
+         log.fatal('Failed to search for replica credentials: ' + e.message['desc'])
+         assert False
+ 
+     #
+-    # Check that the AES plugin exists, and has all the attributes listed in DES plugin.
+-    # The attributes might not be in the expected order so check all the attributes.
++    # Check that the AES plugin exists, and has all the attributes listed in
++    # DES plugin.  The attributes might not be in the expected order so check
++    # all the attributes.
+     #
+     try:
+-        entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
++        entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE,
++                                          'objectclass=*')
+         if not entry[0].hasValue('nsslapd-pluginarg0', 'description') and \
+            not entry[0].hasValue('nsslapd-pluginarg1', 'description') and \
+            not entry[0].hasValue('nsslapd-pluginarg2', 'description'):
+-            log.fatal('The AES plugin did not have the DES attribute copied over correctly')
++            log.fatal('The AES plugin did not have the DES attribute copied ' +
++                      'over correctly')
+             assert False
+         else:
+             log.info('The AES plugin was correctly setup')
+@@ -286,7 +300,8 @@ def test_ticket47462(topology):
+     # Check that the MMR plugin was updated
+     #
+     try:
+-        entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
++        entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE,
++                                          'objectclass=*')
+         if not entry[0].hasValue('nsslapd-plugin-depends-on-named', 'AES'):
+             log.fatal('The MMR Plugin was not correctly updated')
+             assert False
+@@ -300,7 +315,8 @@ def test_ticket47462(topology):
+     # Check that the DES plugin was correctly updated
+     #
+     try:
+-        entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
++        entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE,
++                                          'objectclass=*')
+         if not entry[0].hasValue('nsslapd-pluginPath', 'libpbe-plugin'):
+             log.fatal('The DES Plugin was not correctly updated')
+             assert False
+@@ -322,7 +338,8 @@ def test_ticket47462(topology):
+         ent = None
+         while loop <= 10:
+             try:
+-                ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE, "(objectclass=*)")
++                ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE,
++                                                "(objectclass=*)")
+                 break
+             except ldap.NO_SUCH_OBJECT:
+                 time.sleep(1)
+@@ -336,30 +353,66 @@ def test_ticket47462(topology):
+         log.fatal('Failed to add test user: ' + e.message['desc'])
+         assert False
+ 
++    # Check the entry
++    log.info('Entry before running task...')
++    try:
++        entry = topology.master1.search_s(USER1_DN,
++                                          ldap.SCOPE_BASE,
++                                          'objectclass=*')
++        if entry:
++            print(str(entry))
++        else:
++            log.fatal('Failed to find entries')
++            assert False
++    except ldap.LDAPError as e:
++        log.fatal('Failed to search for entries: ' +
++                  e.message['desc'])
++        assert False
+ 
+-def test_ticket47462_final(topology):
+-    topology.master1.delete()
+-    topology.master2.delete()
+-    log.info('Testcase PASSED')
+-
+-
+-def run_isolated():
+-    '''
+-        run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
+-        To run isolated without py.test, you need to
+-            - edit this file and comment '@pytest.fixture' line before 'topology' function.
+-            - set the installation prefix
+-            - run this program
+-    '''
+-    global installation1_prefix
+-    global installation2_prefix
+-    installation1_prefix = None
+-    installation2_prefix = None
++    #
++    # Test the DES2AES Task on USER1_DN
++    #
++    try:
++        topology.master1.add_s(Entry((DES2AES_TASK_DN,
++                                      {'objectclass': ['top',
++                                                       'extensibleObject'],
++                                       'suffix': DEFAULT_SUFFIX,
++                                       'cn': 'convert'})))
++    except ldap.LDAPError as e:
++        log.fatal('Failed to add task entry: ' + e.message['desc'])
++        assert False
+ 
+-    topo = topology(True)
+-    test_ticket47462(topo)
+-    test_ticket47462_final(topo)
++    # Wait for task
++    task_entry = Entry(DES2AES_TASK_DN)
++    (done, exitCode) = topology.master1.tasks.checkTask(task_entry, True)
++    if exitCode:
++        log.fatal("Error: des2aes task exited with %d" % (exitCode))
++        assert False
+ 
++    # Check the entry
++    try:
++        entry = topology.master1.search_s(USER1_DN,
++                                          ldap.SCOPE_BASE,
++                                          'objectclass=*')
++        if entry:
++            val = entry[0].getValue('description')
++            print(str(entry[0]))
++            if val.startswith('{AES-'):
++                log.info('Task: DES credentials have been converted to AES')
++            else:
++                log.fatal('Task: Failed to convert credentials from DES to ' +
++                          'AES! (%s)' % (val))
++                assert False
++        else:
++            log.fatal('Failed to find entries')
++            assert False
++    except ldap.LDAPError as e:
++        log.fatal('Failed to search for entries: ' +
++                  e.message['desc'])
++        assert False
+ 
+ if __name__ == '__main__':
+-    run_isolated()
++    # Run isolated
++    # -s for DEBUG mode
++    CURRENT_FILE = os.path.realpath(__file__)
++    pytest.main("-s %s" % CURRENT_FILE)
+diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
+index d702129..29562ae 100644
+--- a/ldap/servers/slapd/daemon.c
++++ b/ldap/servers/slapd/daemon.c
+@@ -692,14 +692,12 @@ convert_pbe_des_to_aes()
+     Slapi_Entry **entries = NULL;
+     struct slapdplugin *plugin = NULL;
+     char **attrs = NULL;
+-    char **backends = NULL;
+     char *val = NULL;
+     int converted_des_passwd = 0;
+-    int disable_des = 1;
+     int result = -1;
+     int have_aes = 0;
+     int have_des = 0;
+-    int i = 0, ii = 0, be_idx = 0;
++    int i = 0, ii = 0;
+ 
+     /*
+      * Check that AES plugin is enabled, and grab all the unique
+@@ -733,94 +731,56 @@ convert_pbe_des_to_aes()
+ 
+     if(have_aes && have_des){
+         /*
+-         * Build a list of all the backend dn's
++         * Find any entries in cn=config that contain DES passwords and convert
++         * them to AES
+          */
+-        Slapi_Backend *be = NULL;
+-        struct suffixlist *list;
+-        char *cookie = NULL;
+-
+-        LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes:  "
+-                "Checking for DES passwords to convert to AES...\n",0,0,0);
+-
+-        be = slapi_get_first_backend(&cookie);
+-        while (be){
+-            int suffix_idx = 0;
+-            int count = slapi_counter_get_value(be->be_suffixcounter);
+-
+-            list = be->be_suffixlist;
+-            for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) {
+-                char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix);
+-                if(charray_inlist(backends, suffix) || strlen(suffix) == 0){
+-                    list = list->next;
+-                    continue;
+-                }
+-                charray_add(&backends, slapi_ch_strdup(suffix));
+-                list = list->next;
+-            }
+-            be = slapi_get_next_backend (cookie);
+-        }
+-        slapi_ch_free ((void **)&cookie);
++        slapi_log_error(SLAPI_LOG_HOUSE,  "convert_pbe_des_to_aes",
++                "Converting DES passwords to AES...\n");
+ 
+-        /*
+-         * Search for the password attributes
+-         */
+         for (i = 0; attrs && attrs[i]; i++){
+             char *filter = PR_smprintf("%s=*", attrs[i]);
+-            /*
+-             * Loop over all the backends looking for the password attribute
+-             */
+-            for(be_idx = 0; backends && backends[be_idx]; be_idx++){
+-                pb = slapi_pblock_new();
+-                slapi_search_internal_set_pb(pb, backends[be_idx],
+-                        LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
+-                        (void *)plugin_get_default_component_id(),
+-                        SLAPI_OP_FLAG_IGNORE_UNINDEXED);
+-                slapi_search_internal_pb(pb);
+-                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
+-                if (LDAP_SUCCESS != result) {
+-                    slapi_log_error(SLAPI_LOG_TRACE, "convert_pbe_des_to_aes: ",
+-                        "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
+-                        attrs[i], result, backends[be_idx]);
+-                    slapi_free_search_results_internal(pb);
+-                    slapi_pblock_destroy(pb);
+-                    pb = NULL;
+-                    continue;
+-                }
+-                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
+-                for (ii = 0; entries && entries[ii]; ii++){
+-                    if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
+-                        if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
+-                            /*
+-                             * We have a DES encoded password, convert it AES
+-                             */
+-                            Slapi_PBlock *mod_pb = NULL;
+-                            Slapi_Value *sval = NULL;
+-                            LDAPMod mod_replace;
+-                            LDAPMod *mods[2];
+-                            char *replace_val[2];
+-                            char *passwd = NULL;
+-
+-                            /* decode the DES password */
+-                            if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
+-                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
+-                                        "Failed to decode existing DES password for (%s)\n",
+-                                        slapi_entry_get_dn(entries[ii]), 0, 0);
+-                                disable_des = 0;
+-                                goto done;
+-                            }
+ 
+-                            /* encode the password */
++            pb = slapi_pblock_new();
++            slapi_search_internal_set_pb(pb, "cn=config",
++                LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
++                (void *)plugin_get_default_component_id(),
++                SLAPI_OP_FLAG_IGNORE_UNINDEXED);
++            slapi_search_internal_pb(pb);
++            slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
++            for (ii = 0; entries && entries[ii]; ii++){
++                if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
++                    if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
++                        /*
++                         * We have a DES encoded password, convert it to AES
++                         */
++                        Slapi_PBlock *mod_pb = NULL;
++                        Slapi_Value *sval = NULL;
++                        LDAPMod mod_replace;
++                        LDAPMod *mods[2];
++                        char *replace_val[2];
++                        char *passwd = NULL;
++                        int rc = 0;
++
++                        /* decode the DES password */
++                        if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
++                            slapi_log_error(SLAPI_LOG_FATAL ,"convert_pbe_des_to_aes",
++                                    "Failed to decode existing DES password for (%s)\n",
++                                    slapi_entry_get_dn(entries[ii]));
++                            rc = -1;
++                        }
++
++                        /* encode the password */
++                        if (rc == 0){
+                             sval = slapi_value_new_string(passwd);
+                             if(pw_rever_encode(&sval, attrs[i]) == -1){
+-                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
++                                slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
+                                         "failed to encode AES password for (%s)\n",
+-                                        slapi_entry_get_dn(entries[ii]), 0, 0);
+-                                slapi_ch_free_string(&passwd);
+-                                slapi_value_free(&sval);
+-                                disable_des = 0;
+-                                goto done;
++                                        slapi_entry_get_dn(entries[ii]));
++                                rc = -1;
+                             }
++                        }
+ 
++                        if (rc == 0){
+                             /* replace the attribute in the entry */
+                             replace_val[0] = (char *)slapi_value_get_string(sval);
+                             replace_val[1] = NULL;
+@@ -837,83 +797,34 @@ convert_pbe_des_to_aes()
+ 
+                             slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
+                             if (LDAP_SUCCESS != result) {
+-                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
++                                slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes"
+                                         "Failed to convert password for (%s) error (%d)\n",
+-                                        slapi_entry_get_dn(entries[ii]), result, 0);
+-                                disable_des = 0;
++                                        slapi_entry_get_dn(entries[ii]), result);
+                             } else {
+-                                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
++                                slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes",
+                                         "Successfully converted password for (%s)\n",
+-                                         slapi_entry_get_dn(entries[ii]), result, 0);
++                                         slapi_entry_get_dn(entries[ii]));
+                                 converted_des_passwd = 1;
+                             }
+-                            slapi_ch_free_string(&passwd);
+-                            slapi_value_free(&sval);
+-                            slapi_pblock_destroy(mod_pb);
+                         }
+-                        slapi_ch_free_string(&val);
++                        slapi_ch_free_string(&passwd);
++                        slapi_value_free(&sval);
++                        slapi_pblock_destroy(mod_pb);
+                     }
++                    slapi_ch_free_string(&val);
+                 }
+-                slapi_free_search_results_internal(pb);
+-                slapi_pblock_destroy(pb);
+-                pb = NULL;
+             }
++            slapi_free_search_results_internal(pb);
++            slapi_pblock_destroy(pb);
++            pb = NULL;
+             slapi_ch_free_string(&filter);
+         }
+         if (!converted_des_passwd){
+-            slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
++            slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes",
+                 "No DES passwords found to convert.\n");
+         }
+     }
+-
+-done:
+     charray_free(attrs);
+-    charray_free(backends);
+-    slapi_free_search_results_internal(pb);
+-    slapi_pblock_destroy(pb);
+-
+-    if (have_aes && have_des){
+-        /*
+-         * If a conversion attempt did not fail then we can disable the DES plugin
+-         */
+-        if(converted_des_passwd && disable_des){
+-            /*
+-             * Disable the DES plugin - this also prevents potentially expensive
+-             * searches at every server startup.
+-             */
+-            LDAPMod mod_replace;
+-            LDAPMod *mods[2];
+-            char *replace_val[2];
+-            char *des_dn = "cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config";
+-
+-            replace_val[0] = "off";
+-            replace_val[1] = NULL;
+-            mod_replace.mod_op = LDAP_MOD_REPLACE;
+-            mod_replace.mod_type = "nsslapd-pluginEnabled";
+-            mod_replace.mod_values = replace_val;
+-            mods[0] = &mod_replace;
+-            mods[1] = 0;
+-
+-            pb = slapi_pblock_new();
+-            slapi_modify_internal_set_pb(pb, des_dn, mods, 0, 0,
+-                    (void *)plugin_get_default_component_id(), 0);
+-            slapi_modify_internal_pb(pb);
+-            slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
+-            if (LDAP_SUCCESS != result) {
+-                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
+-                        "Failed to disable DES plugin (%s), error (%d)\n",
+-                        des_dn, result, 0);
+-            } else {
+-                LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
+-                        "Successfully disabled DES plugin (%s)\n",
+-                        des_dn, 0, 0);
+-            }
+-            slapi_pblock_destroy(pb);
+-            LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
+-                      "All DES passwords have been converted to AES.\n",
+-                      0, 0, 0);
+-        }
+-    }
+ }
+ 
+ #ifdef ENABLE_NUNC_STANS
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 4e222d7..883ef80 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -516,10 +516,10 @@ pw_rever_encode(Slapi_Value **vals, char * attr_name)
+ 	for ( p = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME); p != NULL; p = p->plg_next )
+ 	{
+ 		char *L_attr = NULL;
+-		int i = 0;
++		int i = 0, ii = 0;
+ 
+ 		/* Get the appropriate encoding function */
+-		for ( L_attr = p->plg_argv[i]; i<p->plg_argc; L_attr = p->plg_argv[++i] )
++		for ( L_attr = p->plg_argv[ii]; ii<p->plg_argc; L_attr = p->plg_argv[++ii] )
+ 		{
+ 			if (slapi_attr_types_equivalent(L_attr, attr_name))
+ 			{
+diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
+index db3c222..405f0bf 100644
+--- a/ldap/servers/slapd/task.c
++++ b/ldap/servers/slapd/task.c
+@@ -53,6 +53,8 @@ static int shutting_down = 0;
+ #define TASK_TOMBSTONE_FIXUP_BACKEND "backend"
+ #define TASK_TOMBSTONE_FIXUP_SUFFIX "suffix"
+ #define TASK_TOMBSTONE_FIXUP_STRIPCSN "stripcsn"
++#define TASK_DES2AES "des2aes task"
++
+ 
+ #define LOG_BUFFER              256
+ /* if the cumul. log gets larger than this, it's truncated: */
+@@ -83,8 +85,10 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
+                               const char *default_val);
+ static Slapi_Entry *get_internal_entry(Slapi_PBlock *pb, char *dn);
+ static void modify_internal_entry(char *dn, LDAPMod **mods);
+-
+ static void fixup_tombstone_task_destructor(Slapi_Task *task);
++static void task_des2aes_thread(void *arg);
++static void des2aes_task_destructor(Slapi_Task *task);
++
+ 
+ /***********************************
+  * Public Functions
+@@ -2425,6 +2429,345 @@ fixup_tombstone_task_destructor(Slapi_Task *task)
+                     "fixup_tombstone_task_destructor <--\n" );
+ }
+ 
++/*
++ * des2aes Task
++ *
++ * Convert any DES passwords to AES
++ *
++ * dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config
++ * objectclass: top
++ * objectclass: extensibleObject
++ * suffix: dc=example,dc=com (If empty all backends are checked)
++ * suffix: dc=other,dc=suffix
++ */
++struct task_des2aes_data
++{
++    char **suffixes;
++    Slapi_Task *task;
++};
++
++static int
++task_des2aes(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
++             int *returncode, char *returntext, void *arg)
++{
++    struct task_des2aes_data *task_data = NULL;
++    PRThread *thread = NULL;
++    Slapi_Task *task = NULL;
++    char **suffix = NULL;
++    char **bases = NULL;
++    int rc = SLAPI_DSE_CALLBACK_OK;
++
++    /* Get the suffixes */
++    if((suffix = slapi_entry_attr_get_charray(e, "suffix"))){
++        int i;
++        for (i = 0; suffix && suffix[i]; i++){
++            /* Make sure "suffix" is NUL terminated string */
++            char *dn = slapi_create_dn_string("%s", suffix[i]);
++
++            if(dn){
++                if(slapi_dn_syntax_check(pb, dn, 1)){
++                    /* invalid suffix name */
++                    PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
++                        "Invalid DN syntax (%s) specified for \"suffix\"\n",
++                        suffix[i]);
++                    *returncode = LDAP_INVALID_DN_SYNTAX;
++                    slapi_ch_free_string(&dn);
++                    rc = SLAPI_DSE_CALLBACK_ERROR;
++                    goto error;
++                } else {
++                    slapi_ch_array_add(&bases, dn);
++                }
++            } else{
++                PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
++                    "Invalid DN (%s) specified for \"suffix\"\n", suffix[i]);
++                    *returncode = LDAP_INVALID_DN_SYNTAX;
++                rc = SLAPI_DSE_CALLBACK_ERROR;
++                goto error;
++            }
++        }
++    }
++
++    /* Build the task data and fire off a thread to perform the conversion */
++    task = slapi_new_task(slapi_entry_get_ndn(e));
++
++    /* register our destructor for cleaning up our private data */
++    slapi_task_set_destructor_fn(task, des2aes_task_destructor);
++    task_data = (struct task_des2aes_data *)slapi_ch_calloc(1, sizeof(struct task_des2aes_data));
++    task_data->suffixes = bases;
++    task_data->task = task;
++
++    /* Start the conversion thread */
++    thread = PR_CreateThread(PR_USER_THREAD, task_des2aes_thread,
++                             (void *)task_data, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
++                             PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE);
++    if (thread == NULL) {
++        PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
++                "unable to create des2aes thread!\n");
++        slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                        "unable to create des2aes thread!\n");
++        *returncode = LDAP_OPERATIONS_ERROR;
++        slapi_task_finish(task, *returncode);
++        rc = SLAPI_DSE_CALLBACK_ERROR;
++    }
++
++error:
++    if (rc == SLAPI_DSE_CALLBACK_ERROR){
++        slapi_ch_array_free(bases);
++        slapi_ch_array_free(suffix);
++        slapi_ch_free((void **)&task_data);
++    }
++    return rc;
++}
++
++static void
++task_des2aes_thread(void *arg)
++{
++    struct task_des2aes_data *task_data = arg;
++    Slapi_PBlock *pb = NULL;
++    Slapi_Entry **entries = NULL;
++    Slapi_Task *task = task_data->task;
++    struct slapdplugin *plugin = NULL;
++    char **attrs = NULL;
++    char **backends = NULL;
++    char *val = NULL;
++    int converted_des_passwd = 0;
++    int result = -1;
++    int have_aes = 0;
++    int have_des = 0;
++    int i = 0, ii = 0, be_idx = 0;
++    int rc = 0;
++
++    /*
++     * Check that AES plugin is enabled, and grab all the unique
++     * password attributes.
++     */
++    for ( plugin = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME);
++          plugin != NULL;
++          plugin = plugin->plg_next )
++    {
++        char *plugin_arg = NULL;
++
++        if(plugin->plg_started && strcasecmp(plugin->plg_name, "AES") == 0){
++            /* We have the AES plugin, and its enabled */
++            have_aes = 1;
++        }
++        if(plugin->plg_started && strcasecmp(plugin->plg_name, "DES") == 0){
++            /* We have the DES plugin, and its enabled */
++            have_des = 1;
++        }
++        /* Gather all the unique password attributes from all the PBE plugins */
++        for ( i = 0, plugin_arg = plugin->plg_argv[i];
++              i < plugin->plg_argc;
++              plugin_arg = plugin->plg_argv[++i] )
++        {
++            if(charray_inlist(attrs, plugin_arg)){
++                continue;
++            }
++            charray_add(&attrs, slapi_ch_strdup(plugin_arg));
++        }
++    }
++
++    if(have_aes && have_des){
++        if(task_data->suffixes == NULL){
++            /*
++             * Build a list of all the backend dn's
++             */
++            Slapi_Backend *be = NULL;
++            struct suffixlist *list;
++            char *cookie = NULL;
++
++            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                "Checking for DES passwords to convert to AES...\n");
++            slapi_task_log_notice(task,
++                "Checking for DES passwords to convert to AES...\n");
++
++            be = slapi_get_first_backend(&cookie);
++            while (be){
++                int suffix_idx = 0;
++                int count = slapi_counter_get_value(be->be_suffixcounter);
++
++                list = be->be_suffixlist;
++                for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) {
++                    char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix);
++                    if(charray_inlist(backends, suffix) || strlen(suffix) == 0){
++                        list = list->next;
++                        continue;
++                    }
++                    charray_add(&backends, slapi_ch_strdup(suffix));
++                    list = list->next;
++                }
++                be = slapi_get_next_backend (cookie);
++            }
++            slapi_ch_free ((void **)&cookie);
++        } else {
++            backends = task_data->suffixes;
++        }
++
++        /*
++         * Search for the password attributes
++         */
++        for (i = 0; attrs && attrs[i]; i++){
++            char *filter = PR_smprintf("%s=*", attrs[i]);
++            /*
++             * Loop over all the backends looking for the password attribute
++             */
++            for(be_idx = 0; backends && backends[be_idx]; be_idx++){
++                pb = slapi_pblock_new();
++                slapi_search_internal_set_pb(pb, backends[be_idx],
++                        LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
++                        (void *)plugin_get_default_component_id(),
++                        SLAPI_OP_FLAG_IGNORE_UNINDEXED);
++                slapi_search_internal_pb(pb);
++                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
++                if (LDAP_SUCCESS != result) {
++                    slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes: ",
++                        "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
++                        attrs[i], result, backends[be_idx]);
++                    slapi_task_log_notice(task,
++                        "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
++                        attrs[i], result, backends[be_idx]);
++                    slapi_free_search_results_internal(pb);
++                    slapi_pblock_destroy(pb);
++                    pb = NULL;
++                    continue;
++                }
++                slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
++                for (ii = 0; entries && entries[ii]; ii++){
++                    if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
++                        if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
++                            /*
++                             * We have a DES encoded password, convert it AES
++                             */
++                            Slapi_PBlock *mod_pb = NULL;
++                            Slapi_Value *sval = NULL;
++                            LDAPMod mod_replace;
++                            LDAPMod *mods[2];
++                            char *replace_val[2];
++                            char *passwd = NULL;
++
++                            /* Decode the DES password */
++                            if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
++                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                                        "Failed to decode existing DES password for (%s)\n",
++                                        slapi_entry_get_dn(entries[ii]));
++                                slapi_task_log_notice(task,
++                                    "Failed to decode existing DES password for (%s)\n",
++                                    slapi_entry_get_dn(entries[ii]));
++                                rc = 1;
++                                goto done;
++                            }
++
++                            /* Encode the password */
++                            sval = slapi_value_new_string(passwd);
++                            if(pw_rever_encode(&sval, attrs[i]) == -1){
++                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                                    "failed to encode AES password for (%s)\n",
++                                    slapi_entry_get_dn(entries[ii]));
++                                slapi_task_log_notice(task,
++                                    "failed to encode AES password for (%s)\n",
++                                    slapi_entry_get_dn(entries[ii]));
++                                slapi_ch_free_string(&passwd);
++                                slapi_value_free(&sval);
++                                rc = 1;
++                                goto done;
++                            }
++
++                            /* Replace the attribute in the entry */
++                            replace_val[0] = (char *)slapi_value_get_string(sval);
++                            replace_val[1] = NULL;
++                            mod_replace.mod_op = LDAP_MOD_REPLACE;
++                            mod_replace.mod_type = attrs[i];
++                            mod_replace.mod_values = replace_val;
++                            mods[0] = &mod_replace;
++                            mods[1] = 0;
++
++                            mod_pb = slapi_pblock_new();
++                            slapi_modify_internal_set_pb(mod_pb, slapi_entry_get_dn(entries[ii]),
++                                    mods, 0, 0, (void *)plugin_get_default_component_id(), 0);
++                            slapi_modify_internal_pb(mod_pb);
++
++                            slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
++                            if (LDAP_SUCCESS != result) {
++                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                                    "Failed to convert password for (%s) error (%d)\n",
++                                    slapi_entry_get_dn(entries[ii]), result);
++                                slapi_task_log_notice(task,
++                                    "Failed to convert password for (%s) error (%d)\n",
++                                    slapi_entry_get_dn(entries[ii]), result);
++                                rc = 1;
++                            } else {
++                                slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                                    "Successfully converted password for (%s)\n",
++                                     slapi_entry_get_dn(entries[ii]));
++                                slapi_task_log_notice(task,
++                                   "Successfully converted password for (%s)\n",
++                                    slapi_entry_get_dn(entries[ii]));
++                                converted_des_passwd = 1;
++                            }
++                            slapi_ch_free_string(&passwd);
++                            slapi_value_free(&sval);
++                            slapi_pblock_destroy(mod_pb);
++                        }
++                        slapi_ch_free_string(&val);
++                    }
++                }
++                slapi_free_search_results_internal(pb);
++                slapi_pblock_destroy(pb);
++                pb = NULL;
++            }
++            slapi_ch_free_string(&filter);
++        }
++        if (!converted_des_passwd){
++            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                "No DES passwords found to convert.\n");
++            slapi_task_log_notice(task, "No DES passwords found to convert.\n");
++        }
++    } else {
++        /* No AES/DES */
++        if (!have_des){
++            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                            "DES plugin not enabled\n");
++            slapi_task_log_notice(task, "DES plugin not enabled\n");
++        }
++        if (!have_aes){
++            slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++                        "AES plugin not enabled\n");
++            slapi_task_log_notice(task, "AES plugin not enabled\n");
++        }
++        slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
++            "Unable to convert passwords\n");
++        slapi_task_log_notice(task, "Unable to convert passwords\n");
++        rc = 1;
++    }
++
++done:
++    charray_free(attrs);
++    charray_free(backends);
++    slapi_free_search_results_internal(pb);
++    slapi_pblock_destroy(pb);
++    slapi_task_finish(task, rc);
++}
++
++static void
++des2aes_task_destructor(Slapi_Task *task)
++{
++    slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES,
++                    "des2aes_task_destructor -->\n" );
++    if (task) {
++        struct task_des2aes_data *task_data = (struct task_des2aes_data *)slapi_task_get_data(task);
++        while (slapi_task_get_refcount(task) > 0) {
++            /* Yield to wait for the task to finish. */
++            DS_Sleep (PR_MillisecondsToInterval(100));
++        }
++        if (task_data) {
++            slapi_ch_array_free(task_data->suffixes);
++            slapi_ch_free((void **)&task_data);
++        }
++    }
++    slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES,
++                    "des2aes_task_destructor <--\n" );
++}
++
+ /* cleanup old tasks that may still be in the DSE from a previous session
+  * (this can happen if the server crashes [no matter how unlikely we like
+  * to think that is].)
+@@ -2506,6 +2849,7 @@ void task_init(void)
+     slapi_task_register_handler("upgradedb", task_upgradedb_add);
+     slapi_task_register_handler("sysconfig reload", task_sysconfig_reload_add);
+     slapi_task_register_handler("fixup tombstones", task_fixup_tombstones_add);
++    slapi_task_register_handler("des2aes", task_des2aes);
+ }
+ 
+ /* called when the server is shutting down -- abort all existing tasks */
+-- 
+2.4.11
+
diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec
index 2777cec..b44a6b1 100644
--- a/SPECS/389-ds-base.spec
+++ b/SPECS/389-ds-base.spec
@@ -34,7 +34,7 @@
 Summary:          389 Directory Server (base)
 Name:             389-ds-base
 Version:          1.3.4.0
-Release:          %{?relprefix}30%{?prerel}%{?dist}
+Release:          %{?relprefix}32%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              http://port389.org/
 Group:            System Environment/Daemons
@@ -212,6 +212,11 @@ Patch85:          0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patc
 Patch86:          0087-Ticket-48420-change-severity-of-some-messages-relate.patch
 Patch87:          0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
 Patch88:          0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch
+Patch89:          0090-Ticket-48492-heap-corruption-at-schema-replication.patch
+Patch90:          0091-Ticket-48492-heap-corruption-at-schema-replication.patch
+Patch91:          0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
+Patch92:          0093-Ticket-48808-Add-test-case.patch
+Patch93:          0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
 
 %description
 389 Directory Server is an LDAPv3 compliant server.  The base package includes
@@ -364,6 +369,11 @@ cp %{SOURCE2} README.devel
 %patch86 -p1
 %patch87 -p1
 %patch88 -p1
+%patch89 -p1
+%patch90 -p1
+%patch91 -p1
+%patch92 -p1
+%patch93 -p1
 
 %build
 %if %{use_nunc_stans}
@@ -554,10 +564,19 @@ fi
 %{_libdir}/%{pkgname}/libslapd.so.*
 %{_libdir}/%{pkgname}/libns-dshttpd.so*
 %if %{use_nunc_stans}
-%{_libdir}/%{pkgname}/libnunc-stans.so*
+%{_libdir}/%{pkgname}/libnunc-stans.so.*
 %endif
 
 %changelog
+* Thu Jun  9 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-32
+- release 1.3.4.0-32
+- Resolves: bug 1344293 - At startup DES to AES password conversion causes timeout in start script (DS 48862)
+
+* Thu May 12 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-31
+- release 1.3.4.0-31
+- Resolves: bug 1335423 - heap corruption at schema replication. (DS 48492)
+- Resolves: bug 1335107 - Paged results search returns the blank list of entries (DS 48808)
+
 * Wed Mar 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-30
 - release 1.3.4.0-30
 - Resolves: bug 1321891 - DES to AES password conversion fails if a backend is empty (DS 48777)