diff --git a/backport-ITS-7165-back-mdb-check-for-stale-readers-on-MDB_REA.patch b/backport-ITS-7165-back-mdb-check-for-stale-readers-on-MDB_REA.patch
deleted file mode 100644
index 51b04e4af3acea36463bafeef67ddb026ad58aa0..0000000000000000000000000000000000000000
--- a/backport-ITS-7165-back-mdb-check-for-stale-readers-on-MDB_REA.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 205e2f1a3e351941a0694e7295e1b3a9b71e5272 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Fri, 13 May 2022 16:32:41 +0100
-Subject: [PATCH] ITS#7165 back-mdb: check for stale readers on
- MDB_READERS_FULL
-
-retry opening a read txn if we cleared any stale readers
----
- servers/slapd/back-mdb/id2entry.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/servers/slapd/back-mdb/id2entry.c b/servers/slapd/back-mdb/id2entry.c
-index a7ba23a94..aa6067a0e 100644
---- a/servers/slapd/back-mdb/id2entry.c
-+++ b/servers/slapd/back-mdb/id2entry.c
-@@ -779,7 +779,17 @@ mdb_opinfo_get( Operation *op, struct mdb_info *mdb, int rdonly, mdb_op_info **m
- 			return rc;
- 		}
- 		if ( ldap_pvt_thread_pool_getkey( ctx, mdb->mi_dbenv, &data, NULL ) ) {
-+			int retried = 0;
-+retry:
- 			rc = mdb_txn_begin( mdb->mi_dbenv, NULL, MDB_RDONLY, &moi->moi_txn );
-+			if (rc == MDB_READERS_FULL && !retried) {
-+				int dead;
-+				/* if any stale readers were cleared, a slot should be available */
-+				if (!mdb_reader_check( mdb->mi_dbenv, &dead ) && dead) {
-+					retried = 1;
-+					goto retry;
-+				}
-+			}
- 			if (rc) {
- 				Debug( LDAP_DEBUG_ANY, "mdb_opinfo_get: err %s(%d)\n",
- 					mdb_strerror(rc), rc );
--- 
-2.33.0
-
diff --git a/backport-ITS-8039-Free-resinfo-even-if-opcookie-is-the-last-o.patch b/backport-ITS-8039-Free-resinfo-even-if-opcookie-is-the-last-o.patch
deleted file mode 100644
index 441a7fd76856a88e9700903368f32753b0eadf07..0000000000000000000000000000000000000000
--- a/backport-ITS-8039-Free-resinfo-even-if-opcookie-is-the-last-o.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 6ccc0974e1c9429f7407241b3705230109613278 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Thu, 13 Jan 2022 09:21:21 +0000
-Subject: [PATCH] ITS#8039 Free resinfo even if opcookie is the last owner
-
----
- servers/slapd/overlays/syncprov.c | 27 +++++++++++++++++----------
- 1 file changed, 17 insertions(+), 10 deletions(-)
-
-diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
-index 7a5a637dc..41a409dcd 100644
---- a/servers/slapd/overlays/syncprov.c
-+++ b/servers/slapd/overlays/syncprov.c
-@@ -843,24 +843,27 @@ again:
- static void free_resinfo( syncres *sr )
- {
- 	syncres **st;
-+	resinfo *ri = sr->s_info;
- 	int freeit = 0;
--	ldap_pvt_thread_mutex_lock( &sr->s_info->ri_mutex );
-+
-+	ldap_pvt_thread_mutex_lock( &ri->ri_mutex );
- 	for (st = &sr->s_info->ri_list; *st; st = &(*st)->s_rilist) {
- 		if (*st == sr) {
- 			*st = sr->s_rilist;
-+			if ( !sr->s_info->ri_list )
-+				freeit = 1;
-+			sr->s_info = NULL;
- 			break;
- 		}
- 	}
--	if ( !sr->s_info->ri_list )
--		freeit = 1;
--	ldap_pvt_thread_mutex_unlock( &sr->s_info->ri_mutex );
-+	ldap_pvt_thread_mutex_unlock( &ri->ri_mutex );
- 	if ( freeit ) {
--		ldap_pvt_thread_mutex_destroy( &sr->s_info->ri_mutex );
--		if ( sr->s_info->ri_e )
--			entry_free( sr->s_info->ri_e );
--		if ( !BER_BVISNULL( &sr->s_info->ri_cookie ))
--			ch_free( sr->s_info->ri_cookie.bv_val );
--		ch_free( sr->s_info );
-+		ldap_pvt_thread_mutex_destroy( &ri->ri_mutex );
-+		if ( ri->ri_e )
-+			entry_free( ri->ri_e );
-+		if ( !BER_BVISNULL( &ri->ri_cookie ))
-+			ch_free( ri->ri_cookie.bv_val );
-+		ch_free( ri );
- 	}
- }
- 
-@@ -1546,6 +1549,10 @@ syncprov_op_cleanup( Operation *op, SlapReply *rs )
- 	if ( !BER_BVISNULL( &opc->sdn ))
- 		op->o_tmpfree( opc->sdn.bv_val, op->o_tmpmemctx );
- 	op->o_callback = cb->sc_next;
-+
-+	if ( opc->ssres.s_info ) {
-+		free_resinfo( &opc->ssres );
-+	}
- 	op->o_tmpfree(cb, op->o_tmpmemctx);
- 
- 	return 0;
--- 
-2.33.0
-
diff --git a/backport-ITS-8245-Do-not-try-to-release-a-NULL-entry.patch b/backport-ITS-8245-Do-not-try-to-release-a-NULL-entry.patch
deleted file mode 100644
index 9664c06c0ca4a747032d85e2cbf497b0fb9e5318..0000000000000000000000000000000000000000
--- a/backport-ITS-8245-Do-not-try-to-release-a-NULL-entry.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 81b5ca9113d05190af6aff965b63e82730e00f55 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Fri, 10 Jun 2022 09:39:18 +0100
-Subject: [PATCH] ITS#8245 Do not try to release a NULL entry
-
----
- servers/slapd/overlays/unique.c | 32 ++++++++++++++++++--------------
- 1 file changed, 18 insertions(+), 14 deletions(-)
-
-diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c
-index 9e8bbeaba..e71fabfd2 100644
---- a/servers/slapd/overlays/unique.c
-+++ b/servers/slapd/overlays/unique.c
-@@ -1229,13 +1229,15 @@ unique_modify(
- 		return rc;
- 	}
- 
--	if ( SLAPD_SYNC_IS_SYNCCONN( op->o_connid ) || (
--			get_relax(op) > SLAP_CONTROL_IGNORED
--			&& overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
--			&& e
--			&& access_allowed( op, e,
--				slap_schema.si_ad_entry, NULL,
--				ACL_MANAGE, NULL ) ) ) {
-+	if ( SLAPD_SYNC_IS_SYNCCONN( op->o_connid ) ) {
-+		return rc;
-+	}
-+	if ( get_relax(op) > SLAP_CONTROL_IGNORED
-+		&& overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) == LDAP_SUCCESS
-+		&& e
-+		&& access_allowed( op, e,
-+			slap_schema.si_ad_entry, NULL,
-+			ACL_MANAGE, NULL ) ) {
- 		overlay_entry_release_ov( op, e, 0, on );
- 		return rc;
- 	}
-@@ -1367,13 +1369,15 @@ unique_modrdn(
- 	Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
- 		op->o_req_dn.bv_val, op->orr_newrdn.bv_val );
- 
--	if ( SLAPD_SYNC_IS_SYNCCONN( op->o_connid ) || (
--			get_relax(op) > SLAP_CONTROL_IGNORED
--			&& overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
--			&& e
--			&& access_allowed( op, e,
--				slap_schema.si_ad_entry, NULL,
--				ACL_MANAGE, NULL ) ) ) {
-+	if ( SLAPD_SYNC_IS_SYNCCONN( op->o_connid ) ) {
-+		return rc;
-+	}
-+	if ( get_relax(op) > SLAP_CONTROL_IGNORED
-+		&& overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) == LDAP_SUCCESS
-+		&& e
-+		&& access_allowed( op, e,
-+			slap_schema.si_ad_entry, NULL,
-+			ACL_MANAGE, NULL ) ) {
- 		overlay_entry_release_ov( op, e, 0, on );
- 		return rc;
- 	}
--- 
-2.33.0
-
diff --git a/backport-ITS-9759-Honour-requested-insert-position-in-olcRetc.patch b/backport-ITS-9759-Honour-requested-insert-position-in-olcRetc.patch
deleted file mode 100644
index 98786560736d29fd8d4400df906c418ecd4ad2d1..0000000000000000000000000000000000000000
--- a/backport-ITS-9759-Honour-requested-insert-position-in-olcRetc.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d094cf2cb5ffd28195ac42dbe631db43c47762af Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Tue, 7 Dec 2021 12:06:15 +0000
-Subject: [PATCH] ITS#9759 Honour requested insert position in olcRetcodeItem
-
----
- servers/slapd/overlays/retcode.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/overlays/retcode.c b/servers/slapd/overlays/retcode.c
-index e0f5b8e04..8b94b4711 100644
---- a/servers/slapd/overlays/retcode.c
-+++ b/servers/slapd/overlays/retcode.c
-@@ -1237,10 +1237,14 @@ rc_cf_gen( ConfigArgs *c )
- 		}
- 		*--next = '\0';
- 		
--		for ( rdip = &rd->rd_item; *rdip; rdip = &(*rdip)->rdi_next )
--			/* go to last */ ;
-+		/* We're marked X-ORDERED 'VALUES', valx might be valid */
-+		for ( i = 0, rdip = &rd->rd_item;
-+			*rdip && (c->valx < 0 || i < c->valx);
-+			rdip = &(*rdip)->rdi_next, i++ )
-+			/* go to position */ ;
- 
- 		
-+		rdi.rdi_next = *rdip;
- 		*rdip = ( retcode_item_t * )ch_malloc( sizeof( retcode_item_t ) );
- 		*(*rdip) = rdi;
- 
--- 
-2.33.0
-
diff --git a/backport-ITS-9763-Maintain-values-in-order-of-insertion.patch b/backport-ITS-9763-Maintain-values-in-order-of-insertion.patch
deleted file mode 100644
index aea72ea23a7da5af869be985e0704ee5e01e7951..0000000000000000000000000000000000000000
--- a/backport-ITS-9763-Maintain-values-in-order-of-insertion.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From e87569f983ef751057c3a80eba3e30a2e14907a2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Wed, 8 Dec 2021 17:14:50 +0000
-Subject: [PATCH] ITS#9763 Maintain values in order of insertion
-
----
- servers/slapd/overlays/refint.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/overlays/refint.c b/servers/slapd/overlays/refint.c
-index 20f9ef1e9..2e49a94be 100644
---- a/servers/slapd/overlays/refint.c
-+++ b/servers/slapd/overlays/refint.c
-@@ -249,8 +249,11 @@ refint_cf_gen(ConfigArgs *c)
- 					ip = ch_malloc (
- 						sizeof ( refint_attrs ) );
- 					ip->attr = ad;
--					ip->next = dd->attrs;
--					dd->attrs = ip;
-+
-+					for ( pipp = &dd->attrs; *pipp; pipp = &(*pipp)->next )
-+						/* Get to the end */ ;
-+					ip->next = *pipp;
-+					*pipp = ip;
- 				} else {
- 					snprintf( c->cr_msg, sizeof( c->cr_msg ),
- 						"%s <%s>: %s", c->argv[0], c->argv[i], text );
--- 
-2.33.0
-
diff --git a/backport-ITS-9763-Warn-for-unsupported-configs.patch b/backport-ITS-9763-Warn-for-unsupported-configs.patch
deleted file mode 100644
index c058a5fd6dc3397aa3aee62a2ad6d6a5033b1fd1..0000000000000000000000000000000000000000
--- a/backport-ITS-9763-Warn-for-unsupported-configs.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 303d3d4028e9fd0e5939bb5d7d1bb9c3fd5f5002 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Tue, 4 Jan 2022 14:05:51 +0000
-Subject: [PATCH] ITS#9763 Warn for unsupported configs
-
----
- servers/slapd/overlays/refint.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/servers/slapd/overlays/refint.c b/servers/slapd/overlays/refint.c
-index 04aa1f7ad..6f966a7ea 100644
---- a/servers/slapd/overlays/refint.c
-+++ b/servers/slapd/overlays/refint.c
-@@ -242,6 +242,14 @@ refint_cf_gen(ConfigArgs *c)
- 		switch ( c->type ) {
- 		case REFINT_ATTRS:
- 			rc = 0;
-+			if ( c->op != SLAP_CONFIG_ADD && c->argc > 2 ) {
-+				/* We wouldn't know how to delete these values later */
-+				Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-+					"Supplying multiple names in a single %s value is "
-+					"unsupported and will be disallowed in a future version\n",
-+					c->argv[0] );
-+			}
-+
- 			for ( i=1; i < c->argc; ++i ) {
- 				ad = NULL;
- 				if ( slap_str2ad ( c->argv[i], &ad, &text )
--- 
-2.33.0
-
diff --git a/backport-ITS-9770-slapo-constraint-Maintain-values-in-order-o.patch b/backport-ITS-9770-slapo-constraint-Maintain-values-in-order-o.patch
deleted file mode 100644
index cffea7a3d85f120ee86653cdebabe142f8e31e72..0000000000000000000000000000000000000000
--- a/backport-ITS-9770-slapo-constraint-Maintain-values-in-order-o.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 3ca8d6d388ddda5d8f1cfb3e6b354493bc4e3d72 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Fri, 10 Dec 2021 11:46:50 +0000
-Subject: [PATCH] ITS#9770 slapo-constraint: Maintain values in order of
- insertion
-
----
- servers/slapd/overlays/constraint.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
-index 246769f67..c4ae8fffc 100644
---- a/servers/slapd/overlays/constraint.c
-+++ b/servers/slapd/overlays/constraint.c
-@@ -537,8 +537,8 @@ constraint_cf_gen( ConfigArgs *c )
- 
- done:;
- 			if ( rc == LDAP_SUCCESS ) {
--				constraint *a2 = ch_calloc( sizeof(constraint), 1 );
--				a2->ap_next = on->on_bi.bi_private;
-+				constraint **app, *a2 = ch_calloc( sizeof(constraint), 1 );
-+
- 				a2->ap = ap.ap;
- 				a2->type = ap.type;
- 				a2->re = ap.re;
-@@ -556,7 +556,12 @@ done:;
- 				a2->restrict_ndn = ap.restrict_ndn;
- 				a2->restrict_filter = ap.restrict_filter;
- 				a2->restrict_val = ap.restrict_val;
--				on->on_bi.bi_private = a2;
-+
-+				for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
-+					/* Get to the end */ ;
-+
-+				a2->ap_next = *app;
-+				*app = a2;
- 
- 			} else {
- 				Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
--- 
-2.33.0
-
diff --git a/backport-ITS-9772-Allow-objectClass-edits-that-don-t-actually.patch b/backport-ITS-9772-Allow-objectClass-edits-that-don-t-actually.patch
deleted file mode 100644
index e6104dfd782fb0fe86f8868b9b8ffe1cb740b29d..0000000000000000000000000000000000000000
--- a/backport-ITS-9772-Allow-objectClass-edits-that-don-t-actually.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 2443e986d1bee1266412ee324b821ab356301e72 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Thu, 13 Jan 2022 11:03:47 +0000
-Subject: [PATCH] ITS#9772 Allow objectClass edits that don't actually change
- them
-
----
- servers/slapd/bconfig.c | 45 +++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 43 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
-index 3b1a4b3bc..7b6840be3 100644
---- a/servers/slapd/bconfig.c
-+++ b/servers/slapd/bconfig.c
-@@ -5895,8 +5895,49 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
- 	if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
- 
- 	for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
--		if (ml->sml_desc == slap_schema.si_ad_objectClass)
--			return rc;
-+		if (ml->sml_desc == slap_schema.si_ad_objectClass) {
-+			/* We'd be fine comparing the structural objectclass before and
-+			 * after, but AUXILIARY ocs exist so we have to check them all */
-+			unsigned int i, j;
-+
-+			if ( ml->sml_numvals != oc_at->a_numvals ) {
-+				snprintf( ca->cr_msg, sizeof(ca->cr_msg),
-+					"objectclass modification disallowed" );
-+				return LDAP_UNWILLING_TO_PERFORM;
-+			}
-+
-+			for ( i = 0; i < oc_at->a_numvals; i++ ) {
-+				ObjectClass *new_oc, *old_oc = oc_bvfind( &oc_at->a_vals[i] );
-+				int found = 0;
-+
-+				if ( old_oc == NULL ) {
-+					snprintf( ca->cr_msg, sizeof(ca->cr_msg),
-+						"no objectClass named %s",
-+						oc_at->a_vals[i].bv_val );
-+					return LDAP_OBJECT_CLASS_VIOLATION;
-+				}
-+				for ( j = 0; j < ml->sml_numvals; j++ ) {
-+					new_oc = oc_bvfind( &ml->sml_values[j] );
-+					if ( new_oc == NULL ) {
-+						snprintf( ca->cr_msg, sizeof(ca->cr_msg),
-+							"no objectClass named %s",
-+							ml->sml_values[j].bv_val );
-+						return LDAP_OBJECT_CLASS_VIOLATION;
-+					}
-+
-+					if ( old_oc == new_oc ) {
-+						found = 1;
-+						break;
-+					}
-+				}
-+
-+				if ( !found ) {
-+					snprintf( ca->cr_msg, sizeof(ca->cr_msg),
-+						"objectclass modification disallowed" );
-+					return LDAP_UNWILLING_TO_PERFORM;
-+				}
-+			}
-+		}
- 	}
- 
- 	colst = count_ocs( oc_at, &nocs );
--- 
-2.33.0
-
diff --git a/backport-ITS-9781-Relax-refcount-assertion-for-referrals.patch b/backport-ITS-9781-Relax-refcount-assertion-for-referrals.patch
deleted file mode 100644
index e82933c26b15e79b987336e8820bf844834999d6..0000000000000000000000000000000000000000
--- a/backport-ITS-9781-Relax-refcount-assertion-for-referrals.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From f4e74d51f5cb02769c02230d1d78692c859c5fb0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Wed, 19 Jan 2022 10:26:45 +0000
-Subject: [PATCH] ITS#9781 Relax refcount assertion for referrals
-
----
- libraries/libldap/request.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c
-index b72b875b4..95e402a70 100644
---- a/libraries/libldap/request.c
-+++ b/libraries/libldap/request.c
-@@ -1667,9 +1667,9 @@ ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid )
- 
- 	lr = ldap_tavl_find( ld->ld_requests, &needle, ldap_req_cmp );
- 	if ( lr != NULL && lr->lr_status != LDAP_REQST_COMPLETED ) {
--		/* try_read1msg is the only user at the moment and we would free it
--		 * multiple times if retrieving the request again */
--		assert( lr->lr_refcnt == 0 );
-+		/* lr_refcnt is only negative when we removed it from ld_requests
-+		 * already, it is positive if we have sub-requests (referrals) */
-+		assert( lr->lr_refcnt >= 0 );
- 		lr->lr_refcnt++;
- 		Debug3( LDAP_DEBUG_TRACE, "ldap_find_request_by_msgid: "
- 				"msgid %d, lr %p lr->lr_refcnt = %d\n",
--- 
-2.33.0
-
diff --git a/backport-ITS-9799-Clear-c_n_ops_pending-after-we-ve-flushed-c.patch b/backport-ITS-9799-Clear-c_n_ops_pending-after-we-ve-flushed-c.patch
deleted file mode 100644
index 31dd1b0fb5453a7ec813448f86706633768b1843..0000000000000000000000000000000000000000
--- a/backport-ITS-9799-Clear-c_n_ops_pending-after-we-ve-flushed-c.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 0806f69c8c6ac6946c88356f65d9120bf43bdfa4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <okuznik@symas.com>
-Date: Thu, 10 Feb 2022 17:30:17 +0000
-Subject: [PATCH] ITS#9799 Clear c_n_ops_pending after we've flushed
- c_pending_ops
-
----
- servers/slapd/connection.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
-index c739614fe..44ec5b42e 100644
---- a/servers/slapd/connection.c
-+++ b/servers/slapd/connection.c
-@@ -734,6 +734,7 @@ static void connection_abandon( Connection *c )
- 		LDAP_STAILQ_NEXT(o, o_next) = NULL;
- 		slap_op_free( o, NULL );
- 	}
-+	c->c_n_ops_pending = 0;
- }
- 
- static void
--- 
-2.33.0
-
diff --git a/backport-ITS-9799-Drop-a-bind-connection-if-there-s-a-timeout.patch b/backport-ITS-9799-Drop-a-bind-connection-if-there-s-a-timeout.patch
deleted file mode 100644
index 9576f8558d5303f1751514cdbb1df02857ff37c4..0000000000000000000000000000000000000000
--- a/backport-ITS-9799-Drop-a-bind-connection-if-there-s-a-timeout.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 34ebfac7efd2493f8f4db700b19145986f5112fe Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Wed, 2 Mar 2022 11:44:01 +0000
-Subject: [PATCH] ITS#9799 Drop a bind connection if there's a timeout
-
----
- servers/lloadd/operation.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/servers/lloadd/operation.c b/servers/lloadd/operation.c
-index 3414d1d6e..0f875bb8e 100644
---- a/servers/lloadd/operation.c
-+++ b/servers/lloadd/operation.c
-@@ -616,19 +616,20 @@ connection_timeout( LloadConnection *upstream, void *arg )
-                                                LDAP_ADMINLIMIT_EXCEEDED,
-                 "upstream did not respond in time", 0 );
- 
--        if ( rc == LDAP_SUCCESS ) {
-+        if ( upstream->c_type != LLOAD_C_BIND && rc == LDAP_SUCCESS ) {
-             rc = operation_send_abandon( op, upstream );
-         }
-         operation_unlink( op );
-     }
- 
--    /* TODO: if operation_send_abandon failed, we need to kill the upstream */
-     if ( rc == LDAP_SUCCESS ) {
-         connection_write_cb( -1, 0, upstream );
-     }
- 
-     CONNECTION_LOCK(upstream);
--    if ( upstream->c_state == LLOAD_C_CLOSING && !upstream->c_ops ) {
-+    /* ITS#9799: If a Bind timed out, connection is in an unknown state */
-+    if ( upstream->c_type == LLOAD_C_BIND || rc != LDAP_SUCCESS ||
-+            ( upstream->c_state == LLOAD_C_CLOSING && !upstream->c_ops ) ) {
-         CONNECTION_DESTROY(upstream);
-     } else {
-         CONNECTION_UNLOCK(upstream);
--- 
-2.33.0
-
diff --git a/backport-ITS-9802-Fix-argv-handling.patch b/backport-ITS-9802-Fix-argv-handling.patch
deleted file mode 100644
index a6d798d8c4611d2dc61ca2586f2d9d167171c7e4..0000000000000000000000000000000000000000
--- a/backport-ITS-9802-Fix-argv-handling.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 1f5f97d69e76d1db20861fcf28cd0d330352c4bf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Tue, 19 Apr 2022 11:02:10 +0100
-Subject: [PATCH] ITS#9802 Fix argv handling
-
----
- servers/slapd/back-meta/config.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
-index c38dce1cf..6b1e60779 100644
---- a/servers/slapd/back-meta/config.c
-+++ b/servers/slapd/back-meta/config.c
-@@ -2664,7 +2664,6 @@ idassert-authzFrom	"dn:<rootdn>"
- 				assert( rc == 0 );
- 				ch_free( ca.tline );
- 			}
--			ch_free( ca.argv );
- 		}
- 		argc = c->argc;
- 		argv = c->argv;
-@@ -2730,7 +2729,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 	case LDAP_BACK_CFG_MAP: {
- 	/* objectclass/attribute mapping */
- 		ConfigArgs ca = { 0 };
--		char *argv[5];
-+		char *argv[5], **argvp;
- 		struct ldapmap rwm_oc;
- 		struct ldapmap rwm_at;
- 		int cnt = 0, ix = c->valx;
-@@ -2763,7 +2762,8 @@ idassert-authzFrom	"dn:<rootdn>"
- 				argv[2] = ca.argv[1];
- 				argv[3] = ca.argv[2];
- 				argv[4] = ca.argv[3];
--				ch_free( ca.argv );
-+
-+				argvp = ca.argv;
- 				ca.argv = argv;
- 				ca.argc++;
- 				rc = ldap_back_map_config( &ca, &mt->mt_rwmap.rwm_oc,
-@@ -2771,7 +2771,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 
- 				ch_free( ca.tline );
- 				ca.tline = NULL;
--				ca.argv = NULL;
-+				ca.argv = argvp;
- 
- 				/* in case of failure, restore
- 				 * the existing mapping */
-@@ -2788,7 +2788,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 		}
- 
- 		if ( ix < cnt ) {
--			for ( ; i<cnt ; cnt++ ) {
-+			for ( ; i<cnt ; i++ ) {
- 				ca.line = mt->mt_rwmap.rwm_bva_map[ i ].bv_val;
- 				ca.argc = 0;
- 				config_fp_parse_line( &ca );
-@@ -2798,7 +2798,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 				argv[3] = ca.argv[2];
- 				argv[4] = ca.argv[3];
- 
--				ch_free( ca.argv );
-+				argvp = ca.argv;
- 				ca.argv = argv;
- 				ca.argc++;
- 				rc = ldap_back_map_config( &ca, &mt->mt_rwmap.rwm_oc,
-@@ -2806,7 +2806,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 
- 				ch_free( ca.tline );
- 				ca.tline = NULL;
--				ca.argv = NULL;
-+				ca.argv = argvp;
- 
- 				/* in case of failure, restore
- 				 * the existing mapping */
-@@ -2814,6 +2814,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 					goto map_fail;
- 				}
- 			}
-+			ch_free( ca.argv );
- 		}
- 
- 		/* save the map info */
-@@ -2825,7 +2826,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 			/* move it to the right slot */
- 			if ( ix < cnt ) {
- 				for ( i=cnt; i>ix; i-- )
--					mt->mt_rwmap.rwm_bva_map[i+1] = mt->mt_rwmap.rwm_bva_map[i];
-+					mt->mt_rwmap.rwm_bva_map[i] = mt->mt_rwmap.rwm_bva_map[i-1];
- 				mt->mt_rwmap.rwm_bva_map[i] = bv;
- 
- 				/* destroy old mapping */
-@@ -2841,6 +2842,7 @@ map_fail:;
- 			meta_back_map_free( &mt->mt_rwmap.rwm_at );
- 			mt->mt_rwmap.rwm_oc = rwm_oc;
- 			mt->mt_rwmap.rwm_at = rwm_at;
-+			ch_free( ca.argv );
- 		}
- 		} break;
- 
--- 
-2.33.0
-
diff --git a/backport-ITS-9802-slapd-ldap-meta-async-meta-plug-memleak-in-.patch b/backport-ITS-9802-slapd-ldap-meta-async-meta-plug-memleak-in-.patch
deleted file mode 100644
index 1595e791bad7ffc657ee179df58b22a71a3972c6..0000000000000000000000000000000000000000
--- a/backport-ITS-9802-slapd-ldap-meta-async-meta-plug-memleak-in-.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From f0a6465f2369696f02dbf2453a6a50089b1558a5 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 21 Mar 2022 12:59:07 +0000
-Subject: [PATCH] ITS#9802 slapd-ldap/meta/async-meta: plug memleak in
- keepalive config
-
----
- servers/slapd/back-asyncmeta/config.c | 8 +++++---
- servers/slapd/back-ldap/config.c      | 8 +++++---
- servers/slapd/back-meta/config.c      | 8 +++++---
- 3 files changed, 15 insertions(+), 9 deletions(-)
-
-diff --git a/servers/slapd/back-asyncmeta/config.c b/servers/slapd/back-asyncmeta/config.c
-index 69f134b2b..e4cc5eab7 100644
---- a/servers/slapd/back-asyncmeta/config.c
-+++ b/servers/slapd/back-asyncmeta/config.c
-@@ -2498,9 +2498,11 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
- 		break;
- #endif /* SLAPD_META_CLIENT_PR */
- 
--	case LDAP_BACK_CFG_KEEPALIVE:
--		slap_keepalive_parse( ber_bvstrdup(c->argv[1]),
--				 &mt->mt_tls.sb_keepalive, 0, 0, 0);
-+	case LDAP_BACK_CFG_KEEPALIVE: {
-+		struct berval bv;
-+		ber_str2bv( c->argv[1], 0, 1, &bv );
-+		slap_keepalive_parse( &bv, &mt->mt_tls.sb_keepalive, 0, 0, 0 );
-+		}
- 		break;
- 
- 	case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
-diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
-index 07fe8e9f1..fb97e8ea3 100644
---- a/servers/slapd/back-ldap/config.c
-+++ b/servers/slapd/back-ldap/config.c
-@@ -2051,9 +2051,11 @@ done_url:;
- 		}
- 		break;
- 
--	case LDAP_BACK_CFG_KEEPALIVE:
--		slap_keepalive_parse( ber_bvstrdup(c->argv[1]),
--				 &li->li_tls.sb_keepalive, 0, 0, 0);
-+	case LDAP_BACK_CFG_KEEPALIVE: {
-+		struct berval bv;
-+		ber_str2bv( c->argv[1], 0, 1, &bv );
-+		slap_keepalive_parse( &bv, &li->li_tls.sb_keepalive, 0, 0, 0 );
-+		}
- 		break;
- 
- 	case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
-diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
-index 0f876e77f..c38dce1cf 100644
---- a/servers/slapd/back-meta/config.c
-+++ b/servers/slapd/back-meta/config.c
-@@ -2913,9 +2913,11 @@ map_fail:;
- 		break;
- #endif /* SLAPD_META_CLIENT_PR */
- 
--	case LDAP_BACK_CFG_KEEPALIVE:
--		slap_keepalive_parse( ber_bvstrdup(c->argv[1]),
--				 &mt->mt_tls.sb_keepalive, 0, 0, 0);
-+	case LDAP_BACK_CFG_KEEPALIVE: {
-+		struct berval bv;
-+		ber_str2bv( c->argv[ 1 ], 0, 1, &bv );
-+		slap_keepalive_parse( &bv, &mt->mt_tls.sb_keepalive, 0, 0, 0 );
-+		}
- 		break;
- 
- 	case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
--- 
-2.33.0
-
diff --git a/backport-ITS-9802-slapd-meta-fix-rewrite-config-SEGV.patch b/backport-ITS-9802-slapd-meta-fix-rewrite-config-SEGV.patch
deleted file mode 100644
index efe675f2bbd97c0fd6699c4d6b03a51bd561a397..0000000000000000000000000000000000000000
--- a/backport-ITS-9802-slapd-meta-fix-rewrite-config-SEGV.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From d878ebc3d264dcecb211cf7aacd9d079bd5c5a50 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Tue, 15 Mar 2022 16:46:09 +0000
-Subject: [PATCH] ITS#9802 slapd-meta: fix rewrite config SEGV
-
----
- servers/slapd/back-meta/config.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
-index 51d090ff0..ad7fbce44 100644
---- a/servers/slapd/back-meta/config.c
-+++ b/servers/slapd/back-meta/config.c
-@@ -2662,9 +2662,9 @@ idassert-authzFrom	"dn:<rootdn>"
- 						c->fname, c->lineno, ca.argc, ca.argv );
- 				}
- 				assert( rc == 0 );
--				ch_free( ca.argv );
- 				ch_free( ca.tline );
- 			}
-+			ch_free( ca.argv );
- 		}
- 		argc = c->argc;
- 		argv = c->argv;
-@@ -2699,9 +2699,9 @@ idassert-authzFrom	"dn:<rootdn>"
- 						c->fname, c->lineno, ca.argc, argv );
- 				}
- 				assert( rc == 0 );
--				ch_free( ca.argv );
- 				ch_free( ca.tline );
- 			}
-+			ch_free( ca.argv );
- 		}
- 
- 		/* save the rule info */
--- 
-2.33.0
-
diff --git a/backport-ITS-9802-slapd-meta-fix-rewrite-config-ordering.patch b/backport-ITS-9802-slapd-meta-fix-rewrite-config-ordering.patch
deleted file mode 100644
index adc605af7b5308fc1426c1776597a15377caac56..0000000000000000000000000000000000000000
--- a/backport-ITS-9802-slapd-meta-fix-rewrite-config-ordering.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From e9b11154ee6526d8b1b56004f8ec9a4b82a333fe Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Tue, 15 Mar 2022 16:46:09 +0000
-Subject: [PATCH] ITS#9802 slapd-meta: fix rewrite config ordering
-
----
- servers/slapd/back-meta/config.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
-index ad7fbce44..0f876e77f 100644
---- a/servers/slapd/back-meta/config.c
-+++ b/servers/slapd/back-meta/config.c
-@@ -2718,7 +2718,7 @@ idassert-authzFrom	"dn:<rootdn>"
- 			/* move it to the right slot */
- 			if ( ix < cnt ) {
- 				for ( i=cnt; i>ix; i-- )
--					mt->mt_rwmap.rwm_bva_rewrite[i+1] = mt->mt_rwmap.rwm_bva_rewrite[i];
-+					mt->mt_rwmap.rwm_bva_rewrite[i] = mt->mt_rwmap.rwm_bva_rewrite[i-1];
- 				mt->mt_rwmap.rwm_bva_rewrite[i] = bv;
- 
- 				/* destroy old rules */
--- 
-2.33.0
-
diff --git a/backport-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch b/backport-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch
deleted file mode 100644
index 8f0779c3e8f658a9924ec10810b637f86080b260..0000000000000000000000000000000000000000
--- a/backport-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From e8813b12b6188d5ba5f174ff8726c438c8ca4bfd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Mon, 7 Mar 2022 10:06:49 +0000
-Subject: [PATCH] ITS#9803 Drop connection when receiving non-LDAP data
-
----
- libraries/libldap/result.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c
-index c1b4a457f..40ff1c172 100644
---- a/libraries/libldap/result.c
-+++ b/libraries/libldap/result.c
-@@ -506,6 +506,16 @@ nextresp3:
- 		lc->lconn_ber = NULL;
- 		break;
- 
-+	default:
-+		/*
-+		 * We read a BerElement that isn't LDAP or the stream has desync'd.
-+		 * In either case, anything we read from now on is probably garbage,
-+		 * just drop the connection.
-+		 */
-+		ber_free( ber, 1 );
-+		lc->lconn_ber = NULL;
-+		/* FALLTHRU */
-+
- 	case LBER_DEFAULT:
- fail:
- 		err = sock_errno();
-@@ -521,10 +531,6 @@ fail:
- 		}
- 		lc->lconn_status = 0;
- 		return -1;
--
--	default:
--		ld->ld_errno = LDAP_LOCAL_ERROR;
--		return -1;
- 	}
- 
- 	/* message id */
--- 
-2.33.0
-
diff --git a/backport-ITS-9809-pcache-mdb-fix-SEGV-in-monitor-shutdown.patch b/backport-ITS-9809-pcache-mdb-fix-SEGV-in-monitor-shutdown.patch
deleted file mode 100644
index b0855fb1fd80ee44e28af3fc3bc3b90ae6a56e9c..0000000000000000000000000000000000000000
--- a/backport-ITS-9809-pcache-mdb-fix-SEGV-in-monitor-shutdown.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From e29ba72c5675b7465c3fca95e1c3f3360efa3a97 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Thu, 10 Mar 2022 15:26:04 +0000
-Subject: [PATCH] ITS#9809: pcache, mdb: fix SEGV in monitor shutdown
-
----
- servers/slapd/back-mdb/monitor.c | 3 ++-
- servers/slapd/overlays/pcache.c  | 5 +++--
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/servers/slapd/back-mdb/monitor.c b/servers/slapd/back-mdb/monitor.c
-index 7f26074f5..fc77bc60e 100644
---- a/servers/slapd/back-mdb/monitor.c
-+++ b/servers/slapd/back-mdb/monitor.c
-@@ -578,10 +578,11 @@ mdb_monitor_db_close( BackendDB *be )
- 		monitor_extra_t		*mbe;
- 
- 		if ( mi && mi->bi_extra ) {
-+			struct berval dummy = BER_BVNULL;
- 			mbe = mi->bi_extra;
- 			mbe->unregister_entry_callback( &mdb->mi_monitor.mdm_ndn,
- 				(monitor_callback_t *)mdb->mi_monitor.mdm_cb,
--				NULL, 0, NULL );
-+				&dummy, 0, &dummy );
- 		}
- 
- 		memset( &mdb->mi_monitor, 0, sizeof( mdb->mi_monitor ) );
-diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c
-index fa70d5d2d..fcf29c60b 100644
---- a/servers/slapd/overlays/pcache.c
-+++ b/servers/slapd/overlays/pcache.c
-@@ -5660,15 +5660,16 @@ pcache_monitor_db_close( BackendDB *be )
- 	slap_overinst *on = (slap_overinst *)be->bd_info;
- 	cache_manager *cm = on->on_bi.bi_private;
- 
--	if ( cm->monitor_cb != NULL ) {
-+	if ( !BER_BVISNULL( &cm->monitor_ndn )) {
- 		BackendInfo		*mi = backend_info( "monitor" );
- 		monitor_extra_t		*mbe;
- 
- 		if ( mi && mi->bi_extra ) {
-+			struct berval dummy = BER_BVNULL;
- 			mbe = mi->bi_extra;
- 			mbe->unregister_entry_callback( &cm->monitor_ndn,
- 				(monitor_callback_t *)cm->monitor_cb,
--				NULL, 0, NULL );
-+				&dummy, 0, &dummy );
- 		}
- 	}
- 
--- 
-2.33.0
-
diff --git a/backport-ITS-9811-Allow-newlines-at-end-of-included-file.patch b/backport-ITS-9811-Allow-newlines-at-end-of-included-file.patch
deleted file mode 100644
index 94a022ca9689bb74d7e52957d4d6f42e0ac0f5d1..0000000000000000000000000000000000000000
--- a/backport-ITS-9811-Allow-newlines-at-end-of-included-file.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 0dae0704c01adb8b336d35647e75b45c0c21cc10 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Fri, 18 Mar 2022 14:51:45 +0000
-Subject: [PATCH] ITS#9811 Allow newlines at end of included file
-
----
- libraries/libldap/ldif.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libraries/libldap/ldif.c b/libraries/libldap/ldif.c
-index 7ca5e32cf..900a97960 100644
---- a/libraries/libldap/ldif.c
-+++ b/libraries/libldap/ldif.c
-@@ -796,6 +796,7 @@ ldif_read_record(
- 		 * back to a previous file. (return from an include)
- 		 */
- 		while ( feof( lfp->fp )) {
-+pop:
- 			if ( lfp->prev ) {
- 				LDIFFP *tmp = lfp->prev;
- 				fclose( lfp->fp );
-@@ -808,6 +809,10 @@ ldif_read_record(
- 		}
- 		if ( !stop ) {
- 			if ( fgets( line, sizeof( line ), lfp->fp ) == NULL ) {
-+				if ( !found_entry && !ferror( lfp->fp ) ) {
-+					/* ITS#9811 Reached the end looking for an entry, try again */
-+					goto pop;
-+				}
- 				stop = 1;
- 				len = 0;
- 			} else {
--- 
-2.33.0
-
diff --git a/backport-ITS-9818-Duplicate-substring-filters-correctly.patch b/backport-ITS-9818-Duplicate-substring-filters-correctly.patch
deleted file mode 100644
index 5dacb6fd09eb33226f1ad2707dab93b88bbf7cb7..0000000000000000000000000000000000000000
--- a/backport-ITS-9818-Duplicate-substring-filters-correctly.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From f7bdf7aaf40b9b9c7825fc614fb09e836f8df8d5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Mon, 11 Apr 2022 16:57:59 +0100
-Subject: [PATCH] ITS#9818 Duplicate substring filters correctly
-
----
- servers/slapd/overlays/translucent.c | 24 +++++++++++++++++++++++-
- tests/scripts/test034-translucent    |  8 ++++++++
- 2 files changed, 31 insertions(+), 1 deletion(-)
-
-diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c
-index 01786bf10..d0402fe14 100644
---- a/servers/slapd/overlays/translucent.c
-+++ b/servers/slapd/overlays/translucent.c
-@@ -1000,7 +1000,6 @@ trans_filter_dup(Operation *op, Filter *f, AttributeName *an)
- 	case LDAP_FILTER_GE:
- 	case LDAP_FILTER_LE:
- 	case LDAP_FILTER_APPROX:
--	case LDAP_FILTER_SUBSTRINGS:
- 	case LDAP_FILTER_EXT:
- 		if ( !f->f_av_desc || ad_inlist( f->f_av_desc, an )) {
- 			AttributeAssertion *nava;
-@@ -1017,6 +1016,29 @@ trans_filter_dup(Operation *op, Filter *f, AttributeName *an)
- 		}
- 		break;
- 
-+	case LDAP_FILTER_SUBSTRINGS:
-+		if ( !f->f_av_desc || ad_inlist( f->f_av_desc, an )) {
-+			SubstringsAssertion *nsub;
-+
-+			n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
-+			n->f_choice = f->f_choice;
-+
-+			nsub = op->o_tmpalloc( sizeof(SubstringsAssertion), op->o_tmpmemctx );
-+			*nsub = *f->f_sub;
-+			n->f_sub = nsub;
-+
-+			if ( !BER_BVISNULL( &f->f_sub_initial ))
-+				ber_dupbv_x( &n->f_sub_initial, &f->f_sub_initial, op->o_tmpmemctx );
-+
-+			ber_bvarray_dup_x( &n->f_sub_any, f->f_sub_any, op->o_tmpmemctx );
-+
-+			if ( !BER_BVISNULL( &f->f_sub_final ))
-+				ber_dupbv_x( &n->f_sub_final, &f->f_sub_final, op->o_tmpmemctx );
-+
-+			n->f_next = NULL;
-+		}
-+		break;
-+
- 	case LDAP_FILTER_AND:
- 	case LDAP_FILTER_OR:
- 	case LDAP_FILTER_NOT: {
-diff --git a/tests/scripts/test034-translucent b/tests/scripts/test034-translucent
-index 511ebeddc..8b834d989 100755
---- a/tests/scripts/test034-translucent
-+++ b/tests/scripts/test034-translucent
-@@ -755,6 +755,14 @@ if test -z "$ATTR" ; then
- 	exit 1
- fi
- 
-+$LDAPSEARCH -H $URI2 -b "o=translucent" "(employeeType=consult*)" > $SEARCHOUT 2>&1
-+ATTR=`grep dn: $SEARCHOUT` > $NOWHERE 2>&1
-+if test -z "$ATTR" ; then
-+	echo "got no result, should have found entry"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit 1
-+fi
-+
- echo "Testing search: unconfigured remote filter..."
- $LDAPSEARCH -H $URI2 -b "o=translucent" "(|(employeeType=foo)(carlicense=right))" > $SEARCHOUT 2>&1
- 
--- 
-2.33.0
-
diff --git a/backport-ITS-9823-Check-minCSN-when-setting-up-delta-log-repl.patch b/backport-ITS-9823-Check-minCSN-when-setting-up-delta-log-repl.patch
deleted file mode 100644
index f2ea15941eaa61463cbf8ad6846d94d53be7a493..0000000000000000000000000000000000000000
--- a/backport-ITS-9823-Check-minCSN-when-setting-up-delta-log-repl.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From c64e663518988afbe5c5414ebb1a06a1864cf414 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Fri, 22 Apr 2022 14:14:16 +0100
-Subject: [PATCH] ITS#9823 Check minCSN when setting up delta-log replay
-
----
- servers/slapd/overlays/syncprov.c | 59 ++++++++++++++++++++++++++-----
- 1 file changed, 51 insertions(+), 8 deletions(-)
-
-diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
-index 4b6358fdd..f6ab09949 100644
---- a/servers/slapd/overlays/syncprov.c
-+++ b/servers/slapd/overlays/syncprov.c
-@@ -3342,7 +3336,55 @@ no_change:	if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
- 					numcsns, sids, &mincsn, minsid ) ) {
- 				do_present = SS_PRESENT;
- 			}
-+		} else if ( si->si_nopres && si->si_usehint ) {
-+			/* We are instructed to trust minCSN if it exists. */
-+			Entry *e;
-+			Attribute *a = NULL;
-+			int rc;
-+
-+			/*
-+			 * ITS#9580 FIXME: when we've figured out and split the
-+			 * sessionlog/deltalog tracking, use the appropriate attribute
-+			 */
-+			rc = overlay_entry_get_ov( op, &op->o_bd->be_nsuffix[0], NULL,
-+					ad_minCSN, 0, &e, on );
-+			if ( rc == LDAP_SUCCESS && e != NULL ) {
-+				a = attr_find( e->e_attrs, ad_minCSN );
-+			}
-+
-+			if ( a != NULL ) {
-+				int *minsids;
-+
-+				minsids = slap_parse_csn_sids( a->a_vals, a->a_numvals, op->o_tmpmemctx );
-+				slap_sort_csn_sids( a->a_vals, minsids, a->a_numvals, op->o_tmpmemctx );
-+
-+				for ( i=0, j=0; i < a->a_numvals; i++ ) {
-+					while ( j < numcsns && minsids[i] > sids[j] ) j++;
-+					if ( j < numcsns && minsids[i] == sids[j] &&
-+							ber_bvcmp( &a->a_vals[i], &srs->sr_state.ctxcsn[j] ) <= 0 ) {
-+						/* minCSN for this serverID is contained, keep going */
-+						continue;
-+					}
-+					/*
-+					 * Log DB's minCSN claims we can only replay from a certain
-+					 * CSN for this serverID, but consumer's cookie hasn't met that
-+					 * threshold: they need to refresh
-+					 */
-+					Debug( LDAP_DEBUG_SYNC, "%s syncprov_op_search: "
-+						"consumer not within recorded mincsn for DB's mincsn=%s\n",
-+						op->o_log_prefix, a->a_vals[i].bv_val );
-+					rs->sr_err = LDAP_SYNC_REFRESH_REQUIRED;
-+					rs->sr_text = "sync cookie is stale";
-+					slap_sl_free( minsids, op->o_tmpmemctx );
-+					overlay_entry_release_ov( op, e, 0, on );
-+					goto bailout;
-+				}
-+				slap_sl_free( minsids, op->o_tmpmemctx );
-+			}
-+			if ( e != NULL )
-+				overlay_entry_release_ov( op, e, 0, on );
- 		}
-+
- 		/*
- 		 * If sessionlog wasn't useful, see if we can find at least one entry
- 		 * that hasn't changed based on the cookie.
-@@ -3787,6 +3829,7 @@ sp_cf_gen(ConfigArgs *c)
- 		break;
- 	case SP_USEHINT:
- 		si->si_usehint = c->value_int;
-+		rc = syncprov_setup_accesslog();
- 		break;
- 	case SP_LOGDB:
- 		if ( si->si_logs ) {
--- 
-2.33.0
-
diff --git a/backport-ITS-9823-Only-request-minCSN-if-accesslog-is-around.patch b/backport-ITS-9823-Only-request-minCSN-if-accesslog-is-around.patch
deleted file mode 100644
index a1c2ccd0d704aea2716dd8ffe13551f541896af8..0000000000000000000000000000000000000000
--- a/backport-ITS-9823-Only-request-minCSN-if-accesslog-is-around.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 207604c0b5a5f22562285b889f8687a6bc9a272b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Thu, 7 Jul 2022 21:31:03 +0100
-Subject: [PATCH] ITS#9823 Only request minCSN if accesslog is around
-
----
- servers/slapd/overlays/syncprov.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
-index f6ab09949..5fc39bf17 100644
---- a/servers/slapd/overlays/syncprov.c
-+++ b/servers/slapd/overlays/syncprov.c
-@@ -3336,7 +3336,7 @@ no_change:	if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
- 					numcsns, sids, &mincsn, minsid ) ) {
- 				do_present = SS_PRESENT;
- 			}
--		} else if ( si->si_nopres && si->si_usehint ) {
-+		} else if ( ad_minCSN != NULL && si->si_nopres && si->si_usehint ) {
- 			/* We are instructed to trust minCSN if it exists. */
- 			Entry *e;
- 			Attribute *a = NULL;
-@@ -3829,7 +3829,10 @@ sp_cf_gen(ConfigArgs *c)
- 		break;
- 	case SP_USEHINT:
- 		si->si_usehint = c->value_int;
--		rc = syncprov_setup_accesslog();
-+		if ( si->si_usehint ) {
-+			/* Consider we might be a delta provider, but it's ok if not */
-+			(void)syncprov_setup_accesslog();
-+		}
- 		break;
- 	case SP_LOGDB:
- 		if ( si->si_logs ) {
--- 
-2.33.0
-
diff --git a/backport-ITS-9831-Advance-connections-index-correctly.patch b/backport-ITS-9831-Advance-connections-index-correctly.patch
deleted file mode 100644
index e028a52b287abb1d125f277dfe111104d4271087..0000000000000000000000000000000000000000
--- a/backport-ITS-9831-Advance-connections-index-correctly.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 15573c72fc3f373624bff05d8b29e57f6eb82a58 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Mon, 25 Apr 2022 16:53:25 +0100
-Subject: [PATCH] ITS#9831 Advance connections[index] correctly
-
----
- servers/slapd/connection.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
-index e2f3a811e..9b363fe13 100644
---- a/servers/slapd/connection.c
-+++ b/servers/slapd/connection.c
-@@ -871,13 +871,14 @@ Connection* connection_next( Connection *c, ber_socket_t *index )
- 
- 	for(; *index < dtblsize; (*index)++) {
- 		if( connections[*index].c_sb ) {
--			c = &connections[(*index)++];
-+			c = &connections[*index];
- 			ldap_pvt_thread_mutex_lock( &c->c_mutex );
- 			if ( c->c_conn_state == SLAP_C_INVALID ) {
- 				ldap_pvt_thread_mutex_unlock( &c->c_mutex );
- 				c = NULL;
- 				continue;
- 			}
-+			(*index)++;
- 			break;
- 		}
- 	}
--- 
-2.33.0
-
diff --git a/backport-ITS-9858-back-mdb-delay-indexer-task-startup.patch b/backport-ITS-9858-back-mdb-delay-indexer-task-startup.patch
deleted file mode 100644
index 41d5d7a9e687633d6e99374ab67100891b6d4dc5..0000000000000000000000000000000000000000
--- a/backport-ITS-9858-back-mdb-delay-indexer-task-startup.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 9e5701cdd76154fb8ffb2f7594927c30ee9f896d Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Thu, 2 Jun 2022 15:55:06 +0100
-Subject: [PATCH] ITS#9858 back-mdb: delay indexer task startup
-
-until after monitor backend is set up.
----
- servers/slapd/back-mdb/config.c    | 14 +++++++++++---
- servers/slapd/back-mdb/init.c      |  6 +++++-
- servers/slapd/back-mdb/proto-mdb.h |  3 ++-
- 3 files changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/servers/slapd/back-mdb/config.c b/servers/slapd/back-mdb/config.c
-index 54361a5ea..1b3cf98fe 100644
---- a/servers/slapd/back-mdb/config.c
-+++ b/servers/slapd/back-mdb/config.c
-@@ -400,20 +400,20 @@ done:
- 	return rc;
- }
- 
--void
-+int
- mdb_resume_index( BackendDB *be, MDB_txn *txn )
- {
- 	struct mdb_info *mdb = be->be_private;
- 	MDB_cursor *curs;
- 	MDB_val key, data;
--	int i, rc;
-+	int i, rc, do_task = 0;
- 	unsigned short *s;
- 	slap_mask_t *mask;
- 	AttributeDescription *ad;
- 
- 	rc = mdb_cursor_open( txn, mdb->mi_idxckp, &curs );
- 	if ( rc )
--		return;
-+		return 0;
- 
- 	while(( rc = mdb_cursor_get( curs, &key, &data, MDB_NEXT )) == 0) {
- 		s = key.mv_data;
-@@ -425,11 +425,19 @@ mdb_resume_index( BackendDB *be, MDB_txn *txn )
- 				mask = data.mv_data;
- 				mdb->mi_attrs[i]->ai_indexmask = mask[0];
- 				mdb->mi_attrs[i]->ai_newmask = mask[1];
-+				do_task = 1;
- 				break;
- 			}
- 		}
- 	}
- 	mdb_cursor_close( curs );
-+	return do_task;
-+}
-+
-+void
-+mdb_start_index_task( BackendDB *be )
-+{
-+	struct mdb_info *mdb = be->be_private;
- 	ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- 	mdb->mi_index_task = ldap_pvt_runqueue_insert( &slapd_rq, 36000,
- 		mdb_online_index, be,
-diff --git a/servers/slapd/back-mdb/init.c b/servers/slapd/back-mdb/init.c
-index 0a0137470..615f912e3 100644
---- a/servers/slapd/back-mdb/init.c
-+++ b/servers/slapd/back-mdb/init.c
-@@ -91,6 +91,7 @@ mdb_db_open( BackendDB *be, ConfigReply *cr )
- 	unsigned flags;
- 	char *dbhome;
- 	MDB_txn *txn;
-+	int do_index = 0;
- 
- 	if ( be->be_suffix == NULL ) {
- 		Debug( LDAP_DEBUG_ANY,
-@@ -291,7 +292,7 @@ mdb_db_open( BackendDB *be, ConfigReply *cr )
- 		MDB_stat st;
- 		rc = mdb_stat( txn, mdb->mi_idxckp, &st );
- 		if ( st.ms_entries )
--			mdb_resume_index( be, txn );
-+			do_index = mdb_resume_index( be, txn );
- 	}
- 
- 	rc = mdb_txn_commit(txn);
-@@ -311,6 +312,9 @@ mdb_db_open( BackendDB *be, ConfigReply *cr )
- 
- 	mdb->mi_flags |= MDB_IS_OPEN;
- 
-+	if ( do_index )
-+		mdb_start_index_task( be );
-+
- 	return 0;
- 
- fail:
-diff --git a/servers/slapd/back-mdb/proto-mdb.h b/servers/slapd/back-mdb/proto-mdb.h
-index a0806dd9d..58191e186 100644
---- a/servers/slapd/back-mdb/proto-mdb.h
-+++ b/servers/slapd/back-mdb/proto-mdb.h
-@@ -64,7 +64,8 @@ void mdb_ad_unwind( struct mdb_info *mdb, int prev_ads );
-  */
- 
- int mdb_back_init_cf( BackendInfo *bi );
--void mdb_resume_index( BackendDB *be, MDB_txn *txn );
-+int mdb_resume_index( BackendDB *be, MDB_txn *txn );
-+void mdb_start_index_task( BackendDB *be );
- 
- /*
-  * dn2entry.c
--- 
-2.33.0
-
diff --git a/backport-ITS-9858-back-mdb-fix-index-reconfig.patch b/backport-ITS-9858-back-mdb-fix-index-reconfig.patch
deleted file mode 100644
index 84cd366d0bb311f5a31a8c04d8d3d12f70b0a560..0000000000000000000000000000000000000000
--- a/backport-ITS-9858-back-mdb-fix-index-reconfig.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 395e9b250a1a430e788487f73b292c08fc28540c Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Fri, 3 Jun 2022 00:48:50 +0100
-Subject: [PATCH] ITS#9858 back-mdb: fix index reconfig
-
----
- servers/slapd/back-mdb/attr.c   |  6 +++++-
- servers/slapd/back-mdb/config.c | 24 ++++++++++++------------
- 2 files changed, 17 insertions(+), 13 deletions(-)
-
-diff --git a/servers/slapd/back-mdb/attr.c b/servers/slapd/back-mdb/attr.c
-index 9567fb522..7219705b2 100644
---- a/servers/slapd/back-mdb/attr.c
-+++ b/servers/slapd/back-mdb/attr.c
-@@ -446,7 +446,11 @@ fail:
- 					/* If this is leftover from a previous add, commit it */
- 					if ( b->ai_newmask )
- 						b->ai_indexmask = b->ai_newmask;
--					b->ai_newmask = a->ai_newmask;
-+					/* If the mask changed, remember it */
-+					if ( b->ai_indexmask != a->ai_newmask )
-+						b->ai_newmask = a->ai_newmask;
-+					else	/* else ignore it */
-+						b->ai_newmask = 0;
- 					ch_free( a );
- 					rc = 0;
- 					continue;
-diff --git a/servers/slapd/back-mdb/config.c b/servers/slapd/back-mdb/config.c
-index 1b3cf98fe..48143ef4d 100644
---- a/servers/slapd/back-mdb/config.c
-+++ b/servers/slapd/back-mdb/config.c
-@@ -349,7 +349,7 @@ mdb_setup_indexer( struct mdb_info *mdb )
- 	MDB_txn *txn;
- 	MDB_cursor *curs;
- 	MDB_val key, data;
--	int i, rc;
-+	int i, rc, changed = 0;
- 	unsigned short s;
- 
- 	rc = mdb_txn_begin( mdb->mi_dbenv, NULL, 0, &txn );
-@@ -364,17 +364,6 @@ mdb_setup_indexer( struct mdb_info *mdb )
- 	key.mv_size = sizeof( s );
- 	key.mv_data = &s;
- 
--	/* set indexer task to start at first entry */
--	{
--		ID id = 0;
--		s = 0;			/* key 0 records next entryID to index */
--		data.mv_size = sizeof( ID );
--		data.mv_data = &id;
--		rc = mdb_cursor_put( curs, &key, &data, 0 );
--		if ( rc )
--			goto done;
--	}
--
- 	/* record current and new index masks for all new index definitions */
- 	{
- 		slap_mask_t mask[2];
-@@ -389,8 +378,19 @@ mdb_setup_indexer( struct mdb_info *mdb )
- 			rc = mdb_cursor_put( curs, &key, &data, 0 );
- 			if ( rc )
- 				goto done;
-+			changed = 1;
- 		}
- 	}
-+
-+	/* set indexer task to start at first entry */
-+	if ( changed ) {
-+		ID id = 0;
-+		s = 0;			/* key 0 records next entryID to index */
-+		data.mv_size = sizeof( ID );
-+		data.mv_data = &id;
-+		rc = mdb_cursor_put( curs, &key, &data, 0 );
-+	}
-+
- done:
- 	mdb_cursor_close( curs );
- 	if ( !rc )
--- 
-2.33.0
-
diff --git a/backport-ITS-9863-Forward-lastbind-updates-if-configured.patch b/backport-ITS-9863-Forward-lastbind-updates-if-configured.patch
deleted file mode 100644
index d3f6a25af2fff90b5da104663d38a8cc64056505..0000000000000000000000000000000000000000
--- a/backport-ITS-9863-Forward-lastbind-updates-if-configured.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From fb1151573f8f597bb724df80de7a1664d1e646a4 Mon Sep 17 00:00:00 2001
-From: Quanah Gibson-Mount <quanah@openldap.org>
-Date: Thu, 23 Jun 2022 17:03:07 +0000
-Subject: [PATCH] ITS#9863 - Forward lastbind updates if configured
-
-Mark lastbind operations as being on the frontendDB so that chaining configurations are honored.
-
-Make pwdLastSuccess flag SLAP_AT_MANAGEABLE
----
- servers/slapd/back-ldap/bind.c | 2 +-
- servers/slapd/bind.c           | 5 ++---
- servers/slapd/schema_prep.c    | 2 +-
- 3 files changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
-index cad7cfe69..02fb60ea3 100644
---- a/servers/slapd/back-ldap/bind.c
-+++ b/servers/slapd/back-ldap/bind.c
-@@ -1417,7 +1417,7 @@ retry_lock:;
- 				sb->sb_realm.bv_val,
- 				sb->sb_authcId.bv_val,
- 				sb->sb_cred.bv_val,
--				NULL );
-+				sb->sb_authzId.bv_val );
- 		if ( defaults == NULL ) {
- 			rs->sr_err = LDAP_OTHER;
- 			LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
-diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
-index 1a74a8cd4..4b8eda69b 100644
---- a/servers/slapd/bind.c
-+++ b/servers/slapd/bind.c
-@@ -472,9 +472,6 @@ fe_op_lastbind( Operation *op )
- 	op2.o_dn = op->o_bd->be_rootdn;
- 	op2.o_ndn = op->o_bd->be_rootndn;
- 
--	/*
--	 * TODO: this is core+frontend, not everything works the same way?
--	 */
- 	/*
- 	 * Code for forwarding of updates adapted from ppolicy.c of slapo-ppolicy
- 	 *
-@@ -485,6 +482,8 @@ fe_op_lastbind( Operation *op )
- 	 * must be configured appropriately for this to be useful.
- 	 */
- 	if ( SLAP_SHADOW( op->o_bd ) ) {
-+		op2.o_bd = frontendDB;
-+
- 		/* Must use Relax control since these are no-user-mod */
- 		op2.o_relax = SLAP_CONTROL_CRITICAL;
- 		op2.o_ctrls = ca;
-diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c
-index 2c557905c..b8793f50f 100644
---- a/servers/slapd/schema_prep.c
-+++ b/servers/slapd/schema_prep.c
-@@ -1028,7 +1028,7 @@ static struct slap_schema_ad_map {
- 			"SINGLE-VALUE "
- 			"NO-USER-MODIFICATION "
- 			"USAGE directoryOperation )",
--		NULL, 0,
-+		NULL, SLAP_AT_MANAGEABLE,
- 		NULL, NULL,
- 		NULL, NULL, NULL, NULL, NULL,
- 		offsetof(struct slap_internal_schema, si_ad_pwdLastSuccess) },
--- 
-2.33.0
-
diff --git a/backport-ITS-9863-Regression-test-case-for-pwdLastSuccess.patch b/backport-ITS-9863-Regression-test-case-for-pwdLastSuccess.patch
deleted file mode 100644
index 890e197aa91d25637e9616af9e255fd06ad7ea5e..0000000000000000000000000000000000000000
--- a/backport-ITS-9863-Regression-test-case-for-pwdLastSuccess.patch
+++ /dev/null
@@ -1,897 +0,0 @@
-From cfa6c07c0ef15fd218013859903401f04f953965 Mon Sep 17 00:00:00 2001
-From: Quanah Gibson-Mount <quanah@openldap.org>
-Date: Mon, 27 Jun 2022 22:21:51 +0000
-Subject: [PATCH] ITS#9863 - Regression test case for pwdLastSuccess
-
-Define a regression test case for modifying pwdLastSuccess that also
-uses SASL/EXTERNAL for the chain database
----
- tests/data/regressions/its9863/db.ldif        |  39 +++
- tests/data/regressions/its9863/its9863        | 292 ++++++++++++++++++
- .../regressions/its9863/slapd-consumer.ldif   | 154 +++++++++
- .../regressions/its9863/slapd-provider.ldif   | 117 +++++++
- tests/data/tls/certs/ldap-server.crt          |  32 ++
- tests/data/tls/create-crt.sh                  |  64 +++-
- tests/data/tls/private/ldap-server.key        |  52 ++++
- tests/run.in                                  |   3 +-
- tests/scripts/defines.sh                      |   1 +
- 9 files changed, 740 insertions(+), 14 deletions(-)
- create mode 100644 tests/data/regressions/its9863/db.ldif
- create mode 100755 tests/data/regressions/its9863/its9863
- create mode 100644 tests/data/regressions/its9863/slapd-consumer.ldif
- create mode 100644 tests/data/regressions/its9863/slapd-provider.ldif
- create mode 100644 tests/data/tls/certs/ldap-server.crt
- create mode 100644 tests/data/tls/private/ldap-server.key
-
-diff --git a/tests/data/regressions/its9863/db.ldif b/tests/data/regressions/its9863/db.ldif
-new file mode 100644
-index 000000000..c7c478bb8
---- /dev/null
-+++ b/tests/data/regressions/its9863/db.ldif
-@@ -0,0 +1,39 @@
-+dn: dc=example,dc=com
-+objectClass: top
-+objectClass: organization
-+objectClass: dcObject
-+o: example
-+dc: example
-+
-+dn: cn=replicator,dc=example,dc=com
-+objectClass: top
-+objectClass: organizationalRole
-+objectClass: simpleSecurityObject
-+cn: replicator
-+description: Replication user
-+userPassword: secret
-+
-+dn: cn=ldap-server,dc=example,dc=com
-+objectClass: top
-+objectClass: organizationalRole
-+objectClass: simpleSecurityObject
-+cn: ldap-server
-+description: ldap-server sasl object
-+userPassword: secret
-+authzTo: {0}dn.regex:^(.+,)+dc=example,dc=com$
-+
-+dn: ou=people,dc=example,dc=com
-+objectClass: top
-+objectClass: organizationalUnit
-+ou: people
-+
-+dn: uid=test,ou=people,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: inetOrgPerson
-+cn: test test
-+uid: test
-+sn: Test
-+givenName: Test
-+userPassword: secret
-+
-diff --git a/tests/data/regressions/its9863/its9863 b/tests/data/regressions/its9863/its9863
-new file mode 100755
-index 000000000..d6b479515
---- /dev/null
-+++ b/tests/data/regressions/its9863/its9863
-@@ -0,0 +1,292 @@
-+#! /bin/sh
-+# $OpenLDAP$
-+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-+##
-+## Copyright 2022 The OpenLDAP Foundation.
-+## All rights reserved.
-+##
-+## Redistribution and use in source and binary forms, with or without
-+## modification, are permitted only as authorized by the OpenLDAP
-+## Public License.
-+##
-+## A copy of this license is available in the file LICENSE in the
-+## top-level directory of the distribution or, alternatively, at
-+## <http://www.OpenLDAP.org/license.html>.
-+
-+echo "running defines.sh"
-+. $SRCDIR/scripts/defines.sh
-+
-+ITS=9863
-+ITSDIR=$DATADIR/regressions/its$ITS
-+
-+if test $BACKLDAP = "ldapno" ; then
-+	echo "LDAP backend not available, test skipped"
-+	exit 0
-+fi
-+if test $SYNCPROV = "syncprovno" ; then
-+	echo "syncprov overlay not available, test skipped"
-+	exit 0
-+fi
-+if test $AUDITLOG = "auditlogno" ; then
-+	echo "auditlog overlay not available, test skipped"
-+	exit 0
-+fi
-+if test $UNIQUE = "uniqueno" ; then
-+	echo "unique overlay not available, test skipped"
-+	exit 0
-+fi
-+if test $CONSTRAINT = "constraintno" ; then
-+	echo "constraint overlay not available, test skipped"
-+	exit 0
-+fi
-+
-+echo "This test checks slapo-chain behavior when forwarding lastbind"
-+echo "information to a provider as the rootdn when using a SASL mechanism"
-+echo "and authzto to allow identity assumption"
-+echo "Test #1 ensures that authzid in IDAssertBind is working correctly."
-+echo "Test #2 ensures that ACLbind works correctly."
-+
-+PDIR=$TESTDIR/prov
-+CDIR=$TESTDIR/cons
-+mkdir -p $TESTDIR $PDIR/db $PDIR/slapd.d
-+mkdir -p $CDIR/db $CDIR/slapd.d
-+
-+$SLAPPASSWD -g -n >$CONFIGPWF
-+
-+cp -r $DATADIR/tls $TESTDIR
-+cp $ITSDIR/db.ldif $TESTDIR
-+
-+#
-+# Start slapd that acts as a remote LDAP server that will be proxied
-+#
-+echo "Running slapadd to build database on the provider..."
-+. $CONFFILTER $BACKEND <  $ITSDIR/slapd-provider.ldif > $CONFLDIF
-+$SLAPADD -F $PDIR/slapd.d -n 0 -l $CONFLDIF
-+$SLAPADD -F $PDIR/slapd.d -q -b $BASEDN -l $TESTDIR/db.ldif
-+RC=$?
-+if test $RC != 0 ; then
-+	echo "slapadd failed ($RC)!"
-+	exit $RC
-+fi
-+
-+echo "Starting slapd provider on TCP/IP port $PORT1 and ${PORT2}..."
-+$SLAPD -F $PDIR/slapd.d -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 &
-+PROVPID=$!
-+if test $WAIT != 0 ; then
-+	echo PROVPID $PROVPID
-+	read foo
-+fi
-+KILLPIDS="$KILLPIDS $PROVPID"
-+
-+echo "Using ldapsearch to check that slapd is running..."
-+for i in 0 1 2 3 4 5; do
-+	$LDAPSEARCH -s base -b "$MONITORDN" -H $URI1 \
-+		-D $MANAGERDN \
-+		-w $PASSWD \
-+		'objectclass=*' > /dev/null 2>&1
-+	RC=$?
-+	if test $RC = 0 ; then
-+		break
-+	fi
-+	echo "Waiting $SLEEP0 seconds for slapd to start..."
-+	sleep $SLEEP0
-+done
-+
-+if test $RC != 0 ; then
-+	echo "ldapsearch failed ($RC)!"
-+	test $KILLSERVERS != no && kill -HUP $PROVPID
-+	exit $RC
-+fi
-+
-+#
-+# Start slapd consumer
-+#
-+echo "Starting slapd consumer on TCP/IP port $PORT3 and ${PORT4}..."
-+. $CONFFILTER $BACKEND < $ITSDIR/slapd-consumer.ldif > $CONF2
-+$SLAPADD -F $CDIR/slapd.d -n 0 -l $CONF2
-+$SLAPD -F $CDIR/slapd.d -h "$URI3 $SURI4" -d $LVL > $LOG2 2>&1 &
-+CONSPID=$!
-+if test $WAIT != 0 ; then
-+	echo CONSPID $CONSPID
-+	read foo
-+fi
-+KILLPIDS="$KILLPIDS $CONSPID"
-+
-+echo "Using ldapsearch to check that slapd is running..."
-+for i in 0 1 2 3 4 5; do
-+	$LDAPSEARCH -s base -b "$MONITORDN" -H $URI3 \
-+		-D $MANAGERDN \
-+		-w $PASSWD \
-+		'objectclass=*' > /dev/null 2>&1
-+	RC=$?
-+	if test $RC = 0 ; then
-+		break
-+	fi
-+	echo "Waiting $SLEEP0 seconds for slapd to start..."
-+	sleep $SLEEP0
-+done
-+
-+if test $RC != 0 ; then
-+	echo "ldapsearch failed ($RC)!"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit $RC
-+fi
-+
-+$LDAPWHOAMI -H $URI3 -x -D "cn=replicator,dc=example,dc=com" -w secret >/dev/null
-+RC=$?
-+if test $RC != 0 ; then
-+	echo "ldapwhoami failed ($RC)!"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit $RC
-+fi
-+
-+echo "Sleeping $SLEEP1 seconds for replication of pwdLastSuccess attribute..."
-+sleep $SLEEP1
-+
-+$LDAPSEARCH -H $URI3 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" "(cn=replicator)" pwdLastSuccess > $SEARCHOUT 2>&1
-+PWDLASTSUCCESS=`grep "pwdLastSuccess:" $SEARCHOUT | wc -l`
-+
-+if test $PWDLASTSUCCESS != 1 ; then
-+	echo "Failure: pwdLastSuccess failed to replicate"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit 1
-+fi
-+
-+echo "Reconfiguring for ACL bind test..."
-+$LDAPMODIFY -H $URI3 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
-+dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
-+changetype: modify
-+replace: olcDbIDAssertBind
-+olcDbIDAssertBind: mode=self flags=override,prescriptive,proxy-authz-critical 
-+ bindmethod=sasl saslmech=external tls_cert=$TESTDIR/tls/certs/ldap-server.crt 
-+ tls_key=$TESTDIR/tls/private/ldap-server.key 
-+ tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt
-+-
-+add: olcDbACLBind
-+olcDbACLBind: bindmethod=sasl saslmech=external tls_cert=$TESTDIR/tls/certs/ldap-server.crt 
-+ tls_key=$TESTDIR/tls/private/ldap-server.key 
-+ tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt 
-+ authzid="dn:cn=manager,dc=example,dc=com"
-+EOF
-+
-+RC=$?
-+if test $RC != 0; then
-+        echo "ldapmodify failed ($RC)!"
-+        test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+        exit $RC
-+fi
-+
-+echo "Stopping consumer to test recovery..."
-+kill -HUP $CONSPID
-+wait $CONSPID
-+
-+KILLPIDS="$PROVPID"
-+
-+echo "Starting slapd consumer on TCP/IP port $PORT3 and ${PORT4}..."
-+$SLAPD -F $CDIR/slapd.d -h "$URI3 $SURI4" -d $LVL > $LOG2 2>&1 &
-+CONSPID=$!
-+if test $WAIT != 0 ; then
-+	echo CONSPID $CONSPID
-+	read foo
-+fi
-+KILLPIDS="$KILLPIDS $CONSPID"
-+
-+echo "Using ldapsearch to check that slapd is running..."
-+for i in 0 1 2 3 4 5; do
-+	$LDAPSEARCH -s base -b "$MONITORDN" -H $URI3 \
-+		-D $MANAGERDN \
-+		-w $PASSWD \
-+		'objectclass=*' > /dev/null 2>&1
-+	RC=$?
-+	if test $RC = 0 ; then
-+		break
-+	fi
-+	echo "Waiting $SLEEP0 seconds for slapd to start..."
-+	sleep $SLEEP0
-+done
-+
-+if test $RC != 0 ; then
-+	echo "ldapsearch failed ($RC)!"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit $RC
-+fi
-+
-+$LDAPMODIFY -H $URI1 -D "$MANAGERDN" -w $PASSWD -e \!relax <<EOF >>$TESTOUT 2>&1
-+dn: cn=replicator,dc=example,dc=com
-+changetype: modify
-+delete: pwdLastSuccess
-+EOF
-+
-+RC=$?
-+if test $RC != 0; then
-+        echo "ldapmodify failed ($RC)!"
-+        test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+        exit $RC
-+fi
-+
-+echo "Sleeping $SLEEP1 seconds for replication of delete for pwdLastSuccess attribute..."
-+sleep $SLEEP1
-+
-+$LDAPSEARCH -H $URI3 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" "(cn=replicator)" pwdLastSuccess > $SEARCHOUT 2>&1
-+PWDLASTSUCCESS=`grep "pwdLastSuccess:" $SEARCHOUT | wc -l`
-+
-+if test $PWDLASTSUCCESS != 0 ; then
-+	echo "Failure: pwdLastSuccess failed to delete"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit 1
-+fi
-+
-+$LDAPWHOAMI -H $URI3 -x -D "cn=replicator,dc=example,dc=com" -w secret >/dev/null
-+RC=$?
-+if test $RC != 0 ; then
-+	echo "ldapwhoami failed ($RC)!"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit $RC
-+fi
-+
-+echo "Sleeping $SLEEP1 seconds for replication of pwdLastSuccess attribute..."
-+sleep $SLEEP1
-+
-+$LDAPSEARCH -H $URI3 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" "(cn=replicator)" pwdLastSuccess > $SEARCHOUT 2>&1
-+PWDLASTSUCCESS=`grep "pwdLastSuccess:" $SEARCHOUT | wc -l`
-+
-+if test $PWDLASTSUCCESS != 1 ; then
-+	echo "Failure: pwdLastSuccess failed to replicate"
-+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+	exit 1
-+fi
-+
-+USER="uid=test,ou=people,dc=example,dc=com"
-+echo "Changing password for $USER to test proxied user modifications work..."
-+$LDAPPASSWD -H $URI3 \
-+    -w secret -s secret \
-+    -D "$USER" >> $TESTOUT 2>&1
-+RC=$?
-+if test $RC != 0 ; then
-+    echo "ldappasswd failed ($RC)!"
-+    test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+    exit $RC
-+fi
-+
-+echo "Changing cn for $USER to test disallowed proxied user modifications should fail..."
-+$LDAPMODIFY -H $URI3 -D "$USER" -w $PASSWD <<EOF >>$TESTOUT 2>&1
-+dn: $USER
-+changetype: modify
-+replace: cn
-+cn: blahblahblah
-+EOF
-+
-+RC=$?
-+if test $RC != 50; then
-+        echo "ldapmodify should have failed with result code 50, got ($RC)!"
-+        test $KILLSERVERS != no && kill -HUP $KILLPIDS
-+        exit $RC
-+fi
-+
-+test $KILLSERVERS != no && kill -HUP $KILLPIDS 2>/dev/null
-+
-+echo ">>>>> Test succeeded"
-+
-+test $KILLSERVERS != no && wait
-+
-+exit 0
-diff --git a/tests/data/regressions/its9863/slapd-consumer.ldif b/tests/data/regressions/its9863/slapd-consumer.ldif
-new file mode 100644
-index 000000000..8f7b0fd84
---- /dev/null
-+++ b/tests/data/regressions/its9863/slapd-consumer.ldif
-@@ -0,0 +1,154 @@
-+dn: cn=config
-+objectClass: olcGlobal
-+cn: config
-+olcLogLevel: Sync
-+olcLogLevel: Stats
-+olcTLSCACertificateFile: @TESTDIR@/tls/ca/certs/testsuiteCA.crt
-+olcTLSCertificateKeyFile: @TESTDIR@/tls/private/localhost.key
-+olcTLSCertificateFile: @TESTDIR@/tls/certs/localhost.crt
-+olcTLSVerifyClient: hard
-+olcIndexHash64: TRUE
-+olcAuthzPolicy: to
-+olcAuthzRegexp: {0}"cn=ldap-server,ou=OpenLDAP Test Suite,o=OpenLDAP Foundation,ST=CA,C=US" "cn=ldap-server,dc=example,dc=com"
-+olcPidFile: @TESTDIR@/slapd.2.pid
-+olcArgsFile: @TESTDIR@/slapd.2.args
-+
-+dn: cn=schema,cn=config
-+objectClass: olcSchemaConfig
-+cn: schema
-+
-+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
-+
-+#mod#dn: cn=module{0},cn=config
-+#mod#objectClass: olcModuleList
-+#mod#cn: module{0}
-+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
-+#mod#olcModuleLoad: {0}back_@BACKEND@.la
-+
-+#mod#dn: cn=module{1},cn=config
-+#mod#objectClass: olcModuleList
-+#mod#cn: module{1}
-+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-ldap/
-+#mod#olcModuleLoad: {0}back_ldap.la
-+
-+dn: cn=module{2},cn=config
-+objectClass: olcModuleList
-+cn: module{2}
-+olcModulePath: @TESTWD@/../servers/slapd/overlays
-+olcModuleLoad: {0}syncprov.la
-+olcModuleLoad: {1}unique.la
-+olcModuleLoad: {2}constraint.la
-+
-+#mdb#dn: olcBackend={0}mdb,cn=config
-+#mdb#objectClass: olcBackendConfig
-+#mdb#objectClass: olcMdbBkConfig
-+#mdb#olcBackend: {0}mdb
-+#mdb#olcBkMdbIdlExp: 18
-+
-+dn: olcDatabase={-1}frontend,cn=config
-+objectClass: olcDatabaseConfig
-+objectClass: olcFrontendConfig
-+olcDatabase: {-1}frontend
-+olcAccess: {0}to dn.base=""  by * read
-+olcAccess: {1}to dn.base="cn=Subschema"  by * read
-+
-+dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcChainConfig
-+olcOverlay: {0}chain
-+olcChainCacheURI: FALSE
-+olcChainMaxReferralDepth: 1
-+olcChainReturnError: TRUE
-+
-+dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
-+objectClass: olcLDAPConfig
-+objectClass: olcChainDatabase
-+olcDatabase: {0}ldap
-+olcDbIDAssertBind: mode=self flags=override,prescriptive,proxy-authz-critical 
-+ bindmethod=sasl saslmech=external tls_cert=@TESTDIR@/tls/certs/ldap-server.crt 
-+ tls_key=@TESTDIR@/tls/private/ldap-server.key 
-+ tls_cacert=@TESTDIR@/tls/ca/certs/testsuiteCA.crt 
-+ authzid="dn:cn=manager,dc=example,dc=com"
-+olcDbRebindAsUser: TRUE
-+olcDbChaseReferrals: TRUE
-+olcDbProxyWhoAmI: FALSE
-+olcDbProtocolVersion: 3
-+olcDbSingleConn: FALSE
-+olcDbCancel: abandon
-+olcDbUseTemporaryConn: FALSE
-+olcDbConnectionPoolMax: 8
-+olcDbSessionTrackingRequest: TRUE
-+olcDbNoRefs: FALSE
-+olcDbNoUndefFilter: FALSE
-+olcDbURI: @SURIP2@
-+
-+dn: olcDatabase={0}config,cn=config
-+objectClass: olcDatabaseConfig
-+olcDatabase: {0}config
-+olcRootPW:< file://@TESTDIR@/configpw
-+olcAccess: {0}to *  by * none
-+
-+dn: olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcDatabaseConfig
-+objectClass: olc@BACKEND@Config
-+olcDatabase: {1}@BACKEND@
-+olcSuffix: dc=example,dc=com
-+olcRootDN: cn=manager,dc=example,dc=com
-+olcRootPW: secret
-+olcLastBindPrecision: 3600
-+olcLastBind: TRUE
-+#~null~#olcDbDirectory: @TESTDIR@/cons/db
-+#indexdb#olcDbIndex: default eq
-+#indexdb#olcDbIndex: objectClass
-+#indexdb#olcDbIndex: cn
-+#indexdb#olcDbIndex: entryUUID
-+#indexdb#olcDbIndex: entryCSN
-+#indexdb#olcDbIndex: mail
-+#indexdb#olcDbIndex: uid
-+#indexdb#olcDbIndex: uidNumber
-+#indexdb#olcDbIndex: gidNumber
-+#mdb#olcDbMaxSize: 33554432
-+#mdb#olcDbMultival: default 100,10
-+olcLimits: {0}dn.exact="cn=replicator,dc=example,dc=com" time.soft=unlimited 
-+  time.hard=unlimited size.soft=unlimited size.hard=unlimited
-+olcAccess: {0}to attrs=userPassword  by self write  by dn.exact="cn=replicator,dc=example,dc=com" read  by anonymous auth
-+olcAccess: {1}to attrs=authzto  by dn.exact="cn=replicator,dc=example,dc=com" read  by * auth
-+olcAccess: {2}to *  by * read
-+olcSyncrepl: {0}rid=100 provider=@SURIP2@ bindmethod=sasl 
-+ saslmech=external authzid="dn:cn=replicator,dc=example,dc=com" 
-+ searchbase="dc=example,dc=com" 
-+ type=refreshAndPersist keepalive=60:5:2 retry="5 6 60 +" 
-+ tls_cert=@TESTDIR@/tls/certs/ldap-server.crt 
-+ tls_key=@TESTDIR@/tls/private/ldap-server.key 
-+ tls_cacert=@TESTDIR@/tls/ca/certs/testsuiteCA.crt 
-+ timeout=3
-+olcUpdateRef: @SURIP2@
-+
-+dn: olcOverlay={0}syncprov,olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcSyncProvConfig
-+olcOverlay: {0}syncprov
-+olcSpCheckpoint: 20 10
-+
-+dn: olcOverlay={1}unique,olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcUniqueConfig
-+olcOverlay: {1}unique
-+olcUniqueURI: ldap:///?uid?sub?
-+olcUniqueURI: ldap:///?uidNumber?sub?
-+olcUniqueURI: ldap:///?mail?sub?
-+
-+dn: olcOverlay={2}constraint,olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcConstraintConfig
-+olcOverlay: {2}constraint
-+olcConstraintAttribute: gidNumber regex ^[0-9]{4,5}$
-+
-+dn: olcDatabase={2}monitor,cn=config
-+objectClass: olcDatabaseConfig
-+olcDatabase: {2}monitor
-+olcAccess: {0}to dn.subtree="cn=monitor"  by * read
-diff --git a/tests/data/regressions/its9863/slapd-provider.ldif b/tests/data/regressions/its9863/slapd-provider.ldif
-new file mode 100644
-index 000000000..aeeac571e
---- /dev/null
-+++ b/tests/data/regressions/its9863/slapd-provider.ldif
-@@ -0,0 +1,117 @@
-+dn: cn=config
-+objectClass: olcGlobal
-+cn: config
-+olcLogLevel: Sync
-+olcLogLevel: Stats
-+olcTLSCACertificateFile: @TESTDIR@/tls/ca/certs/testsuiteCA.crt
-+olcTLSCertificateKeyFile: @TESTDIR@/tls/private/localhost.key
-+olcTLSCertificateFile: @TESTDIR@/tls/certs/localhost.crt
-+olcTLSVerifyClient: hard
-+olcIndexHash64: TRUE
-+olcAuthzPolicy: to
-+olcAuthzRegexp: {0}"cn=ldap-server,ou=OpenLDAP Test Suite,o=OpenLDAP Foundation,ST=CA,C=US" "cn=ldap-server,dc=example,dc=com"
-+olcPidFile: @TESTDIR@/slapd.1.pid
-+olcArgsFile: @TESTDIR@/slapd.1.args
-+
-+dn: cn=schema,cn=config
-+objectClass: olcSchemaConfig
-+cn: schema
-+
-+include: file://@TESTWD@/@SCHEMADIR@/core.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/cosine.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/inetorgperson.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/misc.ldif
-+include: file://@TESTWD@/@SCHEMADIR@/nis.ldif
-+
-+#mod#dn: cn=module{0},cn=config
-+#mod#objectClass: olcModuleList
-+#mod#cn: module{0}
-+#mod#olcModulePath: @TESTWD@/../servers/slapd/back-@BACKEND@/
-+#mod#olcModuleLoad: {0}back_@BACKEND@.la
-+
-+dn: cn=module{1},cn=config
-+objectClass: olcModuleList
-+cn: module{1}
-+olcModulePath: @TESTWD@/../servers/slapd/overlays
-+olcModuleLoad: {0}syncprov.la
-+olcModuleLoad: {1}auditlog.la
-+olcModuleLoad: {2}unique.la
-+olcModuleLoad: {3}constraint.la
-+
-+#mdb#dn: olcBackend={0}mdb,cn=config
-+#mdb#objectClass: olcBackendConfig
-+#mdb#objectClass: olcMdbBkConfig
-+#mdb#olcBackend: {0}mdb
-+#mdb#olcBkMdbIdlExp: 18
-+
-+dn: olcDatabase={-1}frontend,cn=config
-+objectClass: olcDatabaseConfig
-+objectClass: olcFrontendConfig
-+olcDatabase: {-1}frontend
-+olcAccess: {0}to dn.base=""  by * read
-+olcAccess: {1}to dn.base="cn=Subschema"  by * read
-+
-+dn: olcDatabase={0}config,cn=config
-+objectClass: olcDatabaseConfig
-+olcDatabase: {0}config
-+olcRootPW:< file://@TESTDIR@/configpw
-+olcAccess: {0}to *  by * none
-+
-+dn: olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcDatabaseConfig
-+objectClass: olc@BACKEND@Config
-+olcDatabase: {1}@BACKEND@
-+olcSuffix: dc=example,dc=com
-+olcRootDN: cn=Manager,dc=example,dc=com
-+olcRootPW: secret
-+olcLastBindPrecision: 3600
-+olcLastBind: FALSE
-+olcLimits: {0}dn.exact="cn=replicator,dc=example,dc=com" time.soft=unlimited
-+  time.hard=unlimited size.soft=unlimited size.hard=unlimited
-+olcAccess: {0}to attrs=userPassword  by self write  by dn.exact="cn=replicator,dc=example,dc=com" read  by anonymous auth
-+olcAccess: {1}to attrs=authzto  by dn.exact="cn=replicator,dc=example,dc=com" read  by * auth
-+olcAccess: {2}to *  by * read
-+#~null~#olcDbDirectory: @TESTDIR@/prov/db
-+#indexdb#olcDbIndex: default eq
-+#indexdb#olcDbIndex: objectClass
-+#indexdb#olcDbIndex: cn
-+#indexdb#olcDbIndex: entryUUID
-+#indexdb#olcDbIndex: entryCSN
-+#indexdb#olcDbIndex: mail
-+#indexdb#olcDbIndex: uid
-+#indexdb#olcDbIndex: uidNumber
-+#indexdb#olcDbIndex: gidNumber
-+#mdb#olcDbMaxSize: 33554432
-+#mdb#olcDbMultival: default 100,10
-+
-+dn: olcOverlay={0}syncprov,olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcSyncProvConfig
-+olcOverlay: {0}syncprov
-+olcSpCheckpoint: 20 10
-+olcSpSessionlog: 150000
-+
-+dn: olcOverlay={1}auditlog,olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcAuditlogConfig
-+olcOverlay: {1}auditlog
-+olcAuditlogFile: @TESTDIR@/audit.log
-+
-+dn: olcOverlay={2}unique,olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcUniqueConfig
-+olcOverlay: {2}unique
-+olcUniqueURI: ldap:///?uid?sub?
-+olcUniqueURI: ldap:///?uidNumber?sub?
-+olcUniqueURI: ldap:///?mail?sub?
-+
-+dn: olcOverlay={3}constraint,olcDatabase={1}@BACKEND@,cn=config
-+objectClass: olcOverlayConfig
-+objectClass: olcConstraintConfig
-+olcOverlay: {3}constraint
-+olcConstraintAttribute: gidNumber regex ^[0-9]{4,5}$
-+
-+dn: olcDatabase={2}monitor,cn=config
-+objectClass: olcDatabaseConfig
-+olcDatabase: {2}monitor
-+olcAccess: {0}to dn.subtree="cn=monitor"  by * read
-diff --git a/tests/data/tls/certs/ldap-server.crt b/tests/data/tls/certs/ldap-server.crt
-new file mode 100644
-index 000000000..ead23b9f1
---- /dev/null
-+++ b/tests/data/tls/certs/ldap-server.crt
-@@ -0,0 +1,32 @@
-+-----BEGIN CERTIFICATE-----
-+MIIFhzCCA2+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEL
-+MAkGA1UECAwCQ0ExHDAaBgNVBAoME09wZW5MREFQIEZvdW5kYXRpb24xHDAaBgNV
-+BAsME09wZW5MREFQIFRlc3QgU3VpdGUwIBcNMjIwNjI3MjE1MDE2WhgPMjUyMzA3
-+MTEyMTUwMTZaMGwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEcMBoGA1UECgwT
-+T3BlbkxEQVAgRm91bmRhdGlvbjEcMBoGA1UECwwTT3BlbkxEQVAgVGVzdCBTdWl0
-+ZTEUMBIGA1UEAwwLbGRhcC1zZXJ2ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-+ggIKAoICAQDgxEKurztQjO6n/4YV+VY0D1VH2E24TtfIWsAzwD0jnFCELVYreRaC
-+WX4E6Bj/lXn1j/sMNBd7JidukgRqyx+AtTAtbmmOfZVzZZcNc65DuL/41Yviitvg
-+nIiJcRjYEzVIeb5ixtvfEKhlREWS2TncBdK9U3yvr10z9xe2LvY1514r9Gf9u0Qn
-+BNuogZDcs2w17ZmI9hzGcLWkE/6FBofIaiI779YcYb2dA9HFiKb9/CdJYY5pioUG
-+CbTGKYINkDCblLEFV5j2mLosV6ueE6q6liK1fi+62LEOkPvieEMQBMIJaw2YrKD5
-+TiGRJ67Ji97blifwG4JNSJLGxqZxQZNRruQOOjNjS/AgtWDmY+krmRAjfJiM7lhA
-+BrlxLOTZKciEUmSbpvT0PPwBF90dOU9clQyOESQjkZEZeRdjQOapuzhJqlEI8rUD
-+UiGKT0FeGLIQasvuGdKxZKm3DckI5/ABYP6byXJPGwAZMHcGeCznaUwreaQ4v9UZ
-+5SyrIsRQbO6wMx6NIfPlvJyubeiTf8I/soO3VJfjyvuHWPd55R00gTNN9EXeaJUh
-+8SBG+QClJ1NTt8/jN+ci6koTCi4/DynMZiKa5PwBHlayrtP8+sl4LsIispnWxUiO
-+x7Xbco7ciXsrdm/FZVnugDiDF/pmW1nqcGVMXaf3L1QLPVrV0pOi7wIDAQABo0gw
-+RjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAsBgNVHREEJTAjgglsb2NhbGhvc3SH
-+BH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggIBAAcVPBdG
-+rNC9ttlri4Ane9i+1Q6UGdbuXwBS+RQsfkmKY6ayHL+sWEeX7MinBiAmEEGkmYYw
-+Ns4MLDldLqjQKITb5pCf+tIdVeCF7YpmC752grWmpQuvgOxvvxyrwSlt76X5OTAy
-+ho8tl/bs0rbEmFUWR/FEBWIYNbYArYYgQjWyrZxyMjTzZSUO+tuXFV1bk8qM7bn0
-+P9EcDyhtQrsOAXem/CDhWfwMLOGihb3Bw61n+dpypR/9Jaue10K9fsiIYcar+lHY
-+QD4WEn5mH0wO2ExuGObyk3Vhs9cL7cVi4gSMH9yFbHG1hKUiOnZgj6FPIAlVz4Md
-+LhkOdm7C6fkvhElvtHQPKOTSNqvDVwuHi2GeESg6LAY/IUhNqdK++KRsRRVLtMBe
-+fFp34trd2q1VXa379rl5NCoV290nSNgpx6m9BUq3sZpjdo/dLZCwrN24IAN4okNN
-+EE5h/7F5uSopkZYmwYjRYoEWig8UNtqqidYxVo60p372tBwgHb/U9FkUS0L91XKS
-+xwPnlS9Hice7TgauQHtNO6E8Un960r0uhsO/+cW16/3A2WZWT91WLpTV3y4ALLBX
-+H7qxCGvGoZgzE7uXQCtaZqaZuaciVe2Z2JTP+7IeiGZI/eKA3UVSiduBWLR+SbzI
-+RxokaAYxcjCWjN6Hgp4RR1DCBZmNNKNzlwlZ
-+-----END CERTIFICATE-----
-diff --git a/tests/data/tls/create-crt.sh b/tests/data/tls/create-crt.sh
-index 739f8eaf1..7c05093c4 100755
---- a/tests/data/tls/create-crt.sh
-+++ b/tests/data/tls/create-crt.sh
-@@ -8,9 +8,10 @@ fi
- KEY_BITS=4096
- KEY_TYPE=rsa:$KEY_BITS
- 
--USAGE="$0 [-s] [-u <user@domain.com>]"
-+USAGE="$0 [-s] [-l] [-u <user@domain.com>]"
- SERVER=0
- USER=0
-+LDAP_USER=0
- EMAIL=
- 
- while test $# -gt 0 ; do
-@@ -26,6 +27,9 @@ while test $# -gt 0 ; do
- 			USER=1;
- 			EMAIL="$2";
- 			shift; shift;;
-+		-l | -ldap)
-+			LDAP_USER=1;
-+			shift;;
- 		-)
- 			shift;;
- 		-*)
-@@ -36,23 +40,40 @@ while test $# -gt 0 ; do
- 	esac
- done
- 
--if [ $SERVER = 0 -a $USER = 0 ]; then
-+if [ $SERVER = 0 -a $USER = 0 -a $LDAP_USER = 0 ]; then
- 	echo "$USAGE";
- 	exit 1;
- fi
- 
--rm -rf ./openssl.cnf cruft
--mkdir -p private certs cruft/private cruft/certs
-+cleanup() {
-+
-+	rm -rf ./openssl.cnf cruft
-+	if [ $SERVER = 1 ]; then
-+		rm -f localhost.csr
-+	fi
-+	if [ $USER = 1 ]; then
-+		rm -f $EMAIL.csr
-+	fi
-+	if [ $LDAP_USER = 1 ]; then
-+		rm -f ldap-server.csr
-+	fi
-+
-+}
-+
-+setup() {
-+	mkdir -p private certs cruft/private cruft/certs
- 
--echo "00" > cruft/serial
--touch cruft/index.txt
--touch cruft/index.txt.attr
--hn=$(hostname -f)
--sed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf >  ./openssl.cnf
-+	echo "00" > cruft/serial
-+	touch cruft/index.txt
-+	touch cruft/index.txt.attr
-+	hn=$(hostname -f)
-+	sed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf >  ./openssl.cnf
-+}
- 
- if [ $SERVER = 1 ]; then
--	rm -rf private/localhost.key certs/localhost.crt
- 
-+	$(cleanup)
-+	$(setup)
- 	$openssl req -new -nodes -out localhost.csr -keyout private/localhost.key \
- 		-newkey $KEY_TYPE -config ./openssl.cnf \
- 		-subj "/CN=localhost/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \
-@@ -62,11 +83,12 @@ if [ $SERVER = 1 ]; then
- 		-keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \
- 		-batch >/dev/null 2>&1
- 
--	rm -rf ./openssl.cnf ./localhost.csr cruft
- fi
- 
- if [ $USER = 1 ]; then
--	rm -f certs/$EMAIL.crt private/$EMAIL.key $EMAIL.csr
-+
-+	$(cleanup)
-+	$(setup)
- 
- 	$openssl req -new -nodes -out $EMAIL.csr -keyout private/$EMAIL.key \
- 		-newkey $KEY_TYPE -config ./openssl.cnf \
-@@ -77,5 +99,21 @@ if [ $USER = 1 ]; then
- 		-keyfile ca/private/testsuiteCA.key -extensions req_distinguished_name \
- 		-cert ca/certs/testsuiteCA.crt -batch >/dev/null 2>&1
- 
--	rm -rf ./openssl.cnf ./$EMAIL.csr cruft
- fi
-+
-+if [ $LDAP_USER = 1 ]; then
-+
-+	$(cleanup)
-+	$(setup)
-+
-+	$openssl req -new -nodes -out ldap-server.csr -keyout private/ldap-server.key \
-+		-newkey $KEY_TYPE -config ./openssl.cnf \
-+		-subj "/CN=ldap-server/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \
-+		-batch > /dev/null 2>&1
-+
-+	$openssl ca -out certs/ldap-server.crt -notext -config ./openssl.cnf -days 183000 -in ldap-server.csr \
-+		-keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \
-+		-batch >/dev/null 2>&1
-+fi
-+
-+$(cleanup)
-diff --git a/tests/data/tls/private/ldap-server.key b/tests/data/tls/private/ldap-server.key
-new file mode 100644
-index 000000000..3dbe24f3e
---- /dev/null
-+++ b/tests/data/tls/private/ldap-server.key
-@@ -0,0 +1,52 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDgxEKurztQjO6n
-+/4YV+VY0D1VH2E24TtfIWsAzwD0jnFCELVYreRaCWX4E6Bj/lXn1j/sMNBd7Jidu
-+kgRqyx+AtTAtbmmOfZVzZZcNc65DuL/41YviitvgnIiJcRjYEzVIeb5ixtvfEKhl
-+REWS2TncBdK9U3yvr10z9xe2LvY1514r9Gf9u0QnBNuogZDcs2w17ZmI9hzGcLWk
-+E/6FBofIaiI779YcYb2dA9HFiKb9/CdJYY5pioUGCbTGKYINkDCblLEFV5j2mLos
-+V6ueE6q6liK1fi+62LEOkPvieEMQBMIJaw2YrKD5TiGRJ67Ji97blifwG4JNSJLG
-+xqZxQZNRruQOOjNjS/AgtWDmY+krmRAjfJiM7lhABrlxLOTZKciEUmSbpvT0PPwB
-+F90dOU9clQyOESQjkZEZeRdjQOapuzhJqlEI8rUDUiGKT0FeGLIQasvuGdKxZKm3
-+DckI5/ABYP6byXJPGwAZMHcGeCznaUwreaQ4v9UZ5SyrIsRQbO6wMx6NIfPlvJyu
-+beiTf8I/soO3VJfjyvuHWPd55R00gTNN9EXeaJUh8SBG+QClJ1NTt8/jN+ci6koT
-+Ci4/DynMZiKa5PwBHlayrtP8+sl4LsIispnWxUiOx7Xbco7ciXsrdm/FZVnugDiD
-+F/pmW1nqcGVMXaf3L1QLPVrV0pOi7wIDAQABAoICAGjz+9cpx96jEEWuEWRtWw1Q
-+I5g6rn/jgOrzRVBk8aeRNB+kM9p03kfblfagkhu2Jo69vpJCOLyuYjdFQ37CfmFR
-+Ob/dELkSdxi9VT1YyQSiXjHJNVqBUI6fSTo0b09mGLlQ78+b38tXMeqnaH1bpaLR
-+rUfulghLMJA1TwMpBprBAL4xj+Vw7i/yGseiSIxl05+S5OCJW4Jl2stU8sIW/Ixe
-+0sF+ClKSaUHKKMe+OYvblFS1kxRBNEBPg/QMKcg/jhL36Xj/IFP1mOlfvqk/sbcS
-+p/5rf8oVqQeON6/WTCpMrnZLYLvrz/bZvt7S0tEV2OhcQyXhEoUX4EGlPM8hubHI
-+bIZ01RCMXQudnt+5PLpuA7yCw65JOY9pRjrLcnBtV3iZphLc1RAdFfg5BU3a4ncP
-+unpwWxOihROeWtyJDz5767Pnu7mSMjgmWG3ua4raOCSrDL8zlSmMCTt5z65S2qfK
-+7VwUBJiRykxkWJdE8zY8wjbF5EpJ/ID9zJqMSlOavonpG239DDZpDV9TA/sOf2zd
-+KOoi7g+PVnzTXP5z1VhGON1LCWI6k6sPrpy+P0nYbZBML+YMnT1QufgT2D7UbCuH
-+IQsa+fT6xwZsYkwljWGhwilqt2btDIimVASijuoFsq4wPykiijyNgCcy4dJ856/7
-+3P/Wh29G2bxWZafK2pVBAoIBAQD5/2qbcfFEp25A6FAnNrqCznvcF3mcPHksICt5
-+/uo22H2nuNxewtUKy316NrmfcnwbcHImi6rMdg6gaS3RxOytMlrOUGbTeb9RzDnP
-+xR7g9kHDRAbHTPd9R+20wJxLh8zwEgfuAfN3SF6oGda9u+tXpEwfCHdYby2sam1F
-+CzQPODNMdknY+fa25OVzkysqLJ/+a9Pg9O/prdoJP0I1qfw4kC8osZ56gbd1wbS9
-+1vRZm3HAgHYqFvW10ESoWoHpR1yPE6oeF8IX4EdDV+bOMRZ+z4RptdcliYllwCUm
-+/Ab1HusqBaOsGDIiqvsscQ5IhBYgjmkmJmGVYf5amMcNEgPxAoIBAQDmKcOU425e
-+gXcfGxEB/AKsXXDDFd8hHyJmCY2PlekPv8ZG1O85rIjAES7Qruodu7u7d3M+sHbI
-+R0+upfyEIYZaA3VUorYu3CW69kOB90aMP/2s0p8xSqxbxcZPjbOlYiSRI2V793BI
-+QlfIBFkw/iIy8k/zxW5D/SU8+nRmxovvidgjQyHE3f9f5kKs6J9XdE0ZFUSCV2RE
-+TMn0vQENS6rCqb/yym491UN4hyPiJ25iWBeOrGGONlpcr6xNg1dRZLAGmlc4YqYU
-+5r21INToeIhgXEOpo4VADL0dUu3FKTlKb+19Rjt5nhkfueVA1seyPwJgOj0EA7PU
-+7iioc2dsqXTfAoIBAQCL7l5ysb11Sy5YYHB08ppFG2SS1gT44ZSFkWAkgf4BQv5a
-+ggu/ctiimTIb1UPjLsau6SrLzoOEvFQFj7nY35wGedgAAVr85fmjxGdbl59oFg7L
-+SGlu5vLkif1Qnjsdv96DReRwYWEwlC5/cy8StnvNa6Y7/JYoxtpO1qdg7RtvpWp5
-+UwCU1Z011DtmjKqtiZroYtyO3yrmpqwTXvglZ4dI9dOfuIPXWIIjBJCxbf8JpQtv
-+z7fUaVOROAkmHrr2oz34y+39uBipGp1o4WvMYAeSZX9dWC4b0bc5X+qrvof6bhr9
-+Q3jQnB577y52OrXe+ygTgwLyGqumXNptRXStKTdRAoIBAA5gwYUFiBmDQOvChxd2
-+pLwbwjWNojixdzakliFIHh0Lv9kg6CjULF7DNAd5RcrBtYKKfbqGz4THX6TrXZDr
-+fzcUTDoTSAo5WmoJhEIULmYIgVJQff1YStgYzMCfe39zWBFxAp/x3yPEcTNfgirb
-+VUuVc4Uo6jB5GeBrTOY2tPsrw0LAqNVhgNh+y999UKbn7wEIIRV7XBogKeWOAQjR
-+l0M9023ZU3WtYt+eoZE5IV4nXqFdB2MY5iAwITVeZRACmDRxY81z7CgWGfe8q1Ay
-+Z2KNoPRx8JsFsLKqQYw1fQy3XUCcKI76X1tqA3Y/dI4f/YgBW1pq2MsObZ/IRce1
-+9kUCggEAHvDh4YlD24SKn+2vRrBNp47eG9fn9zd3dfY9k9eeG7rOP6vKS/AKdFGc
-+GCllEcC/Woi5DWq5Umx16OsgQpREssQ3hEUjuNOYyuDL27E4D8KjQROGdhQw+itx
-+IzEPnTytpSqEFu+eypDInTA/cTVxojM3U3k1qL+ercwztlMEH63fCK4+aHWjw62B
-+1fQ+8bYnWP5sp599dly8+NrOEZ4kCCNrqL9MOB7CbFYhl0UihuRueaBTMvt9YwS1
-+LF+mKHPZcvPkdzpR3pwDfV2ixyUmqRIG8VCREW8y05WU3HYcXM2uApln2DMtY6Pm
-+g7XvX+klu0IVdEI/JQfstyDExiM7cA==
-+-----END PRIVATE KEY-----
-diff --git a/tests/run.in b/tests/run.in
-index 4c51f54be..f6723af17 100644
---- a/tests/run.in
-+++ b/tests/run.in
-@@ -45,6 +45,7 @@ AC_wt=@BUILD_WT@
- # overlays
- AC_accesslog=accesslog@BUILD_ACCESSLOG@
- AC_argon2=argon2@BUILD_PW_ARGON2@
-+AC_auditlog=auditlog@BUILD_AUDITLOG@
- AC_autoca=autoca@BUILD_AUTOCA@
- AC_constraint=constraint@BUILD_CONSTRAINT@
- AC_dds=dds@BUILD_DDS@
-@@ -83,7 +84,7 @@ if test "${AC_asyncmeta}" = "asyncmetamod" && test "${AC_LIBS_DYNAMIC}" = "stati
- 	AC_meta="asyncmetano"
- fi
- export AC_ldap AC_mdb AC_meta AC_asyncmeta AC_monitor AC_null AC_perl AC_relay AC_sql \
--	AC_accesslog AC_argon2 AC_autoca AC_constraint AC_dds AC_deref AC_dynlist \
-+	AC_accesslog AC_argon2 AC_auditlog AC_autoca AC_constraint AC_dds AC_deref AC_dynlist \
- 	AC_homedir AC_memberof AC_otp AC_pcache AC_ppolicy AC_refint AC_remoteauth \
- 	AC_retcode AC_rwm AC_unique AC_syncprov AC_translucent \
- 	AC_valsort \
-diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
-index 82514dfe8..670dea373 100755
---- a/tests/scripts/defines.sh
-+++ b/tests/scripts/defines.sh
-@@ -43,6 +43,7 @@ BACKSQL=${AC_sql-sqlno}
- # overlays
- ACCESSLOG=${AC_accesslog-accesslogno}
- ARGON2=${AC_argon2-argon2no}
-+AUDITLOG=${AC_auditlog-auditlogno}
- AUTOCA=${AC_autoca-autocano}
- CONSTRAINT=${AC_constraint-constraintno}
- DDS=${AC_dds-ddsno}
--- 
-2.33.0
-
diff --git a/backport-ITS-9864-slapo-accesslog-plug-onetime-memleaks.patch b/backport-ITS-9864-slapo-accesslog-plug-onetime-memleaks.patch
deleted file mode 100644
index 71cb1623a173f9848c2dd220f6d731b1c774a1c2..0000000000000000000000000000000000000000
--- a/backport-ITS-9864-slapo-accesslog-plug-onetime-memleaks.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 95f959e2155420cdd274a9fc1f75011a075d11fc Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Thu, 16 Jun 2022 16:10:59 +0100
-Subject: [PATCH] ITS#9864 slapo-accesslog: plug onetime memleaks
-
----
- servers/slapd/overlays/accesslog.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c
-index 49a36df59..5418a66e3 100644
---- a/servers/slapd/overlays/accesslog.c
-+++ b/servers/slapd/overlays/accesslog.c
-@@ -2448,6 +2450,8 @@ accesslog_db_destroy(
- 		ch_free( li->li_sids );
- 	if ( li->li_mincsn )
- 		ber_bvarray_free( li->li_mincsn );
-+	if ( li->li_db_suffix.bv_val )
-+		ch_free( li->li_db_suffix.bv_val );
- 	ldap_pvt_thread_mutex_destroy( &li->li_log_mutex );
- 	ldap_pvt_thread_mutex_destroy( &li->li_op_rmutex );
- 	free( li );
--- 
-2.33.0
-
diff --git a/backport-ITS-9866-delta-sync-fix-DN-leak-on-Adds.patch b/backport-ITS-9866-delta-sync-fix-DN-leak-on-Adds.patch
deleted file mode 100644
index 01afeedbfa8f568aaf3425bffa2f90010074d126..0000000000000000000000000000000000000000
--- a/backport-ITS-9866-delta-sync-fix-DN-leak-on-Adds.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 14972a7ae1142cccdad6db3ac50ecc47d0ecfa91 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Thu, 16 Jun 2022 21:32:07 +0100
-Subject: [PATCH] ITS#9866 delta-sync: fix DN leak on Adds
-
----
- servers/slapd/syncrepl.c | 15 ++++++---------
- 1 file changed, 6 insertions(+), 9 deletions(-)
-
-diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
-index 7707a8945..32e351738 100644
---- a/servers/slapd/syncrepl.c
-+++ b/servers/slapd/syncrepl.c
-@@ -3114,10 +3114,8 @@ syncrepl_message_to_op(
- 				ch_free( bvals );
- 				goto done;
- 			}
--			ber_dupbv( &op->o_req_dn, &dn );
--			ber_dupbv( &op->o_req_ndn, &ndn );
--			slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
--			slap_sl_free( dn.bv_val, op->o_tmpmemctx );
-+			op->o_req_dn = dn;
-+			op->o_req_ndn = ndn;
- 			freeReqDn = 1;
- 		} else if ( !ber_bvstrcasecmp( &bv, &ls->ls_req ) ) {
- 			int i = verb_to_mask( bvals[0].bv_val, modops );
-@@ -3227,9 +3225,8 @@ syncrepl_message_to_op(
- 		if ( op->o_tag == LDAP_REQ_ADD ) {
- 			Entry *e = entry_alloc();
- 			op->ora_e = e;
--			op->ora_e->e_name = op->o_req_dn;
--			op->ora_e->e_nname = op->o_req_ndn;
--			freeReqDn = 0;
-+			ber_dupbv( &op->ora_e->e_name, &op->o_req_dn );
-+			ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn );
- 			rc = slap_mods2entry( modlist, &op->ora_e, 1, 0, &text, txtbuf, textlen);
- 			if( rc != LDAP_SUCCESS ) {
- 				Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: %s "
-@@ -3373,8 +3370,8 @@ done:
- 		op->o_tmpfree( op->orr_nnewDN.bv_val, op->o_tmpmemctx );
- 	}
- 	if ( freeReqDn ) {
--		ch_free( op->o_req_ndn.bv_val );
--		ch_free( op->o_req_dn.bv_val );
-+		op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
-+		op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
- 	}
- 	ber_free( ber, 0 );
- 	return rc;
--- 
-2.33.0
-
diff --git a/backport-ITS-9867-syncprov-plug-findbase-memleak.patch b/backport-ITS-9867-syncprov-plug-findbase-memleak.patch
deleted file mode 100644
index 631d7dee4aed1aa59fba5c6dd0cbfe4f674c7bc0..0000000000000000000000000000000000000000
--- a/backport-ITS-9867-syncprov-plug-findbase-memleak.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 745a71b18d8da9b48509169dc2f27cc1f05912a6 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Thu, 16 Jun 2022 21:36:24 +0100
-Subject: [PATCH] ITS#9867 syncprov: plug findbase memleak
-
----
- servers/slapd/overlays/syncprov.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
-index d1d3b1c10..499988662 100644
---- a/servers/slapd/overlays/syncprov.c
-+++ b/servers/slapd/overlays/syncprov.c
-@@ -3155,6 +3155,8 @@ syncprov_op_search( Operation *op, SlapReply *rs )
- 			 */
- 			ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
- 			if ( slapd_shutdown ) {
-+aband:
-+				ch_free( sop->s_base.bv_val );
- 				ch_free( sop );
- 				return SLAPD_ABANDON;
- 			}
-@@ -3164,8 +3166,7 @@ syncprov_op_search( Operation *op, SlapReply *rs )
- 		}
- 		if ( op->o_abandon ) {
- 			ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
--			ch_free( sop );
--			return SLAPD_ABANDON;
-+			goto aband;
- 		}
- 		ldap_pvt_thread_mutex_init( &sop->s_mutex );
- 		sop->s_next = si->si_ops;
-@@ -3294,6 +3295,7 @@ bailout:
- 						sp = &(*sp)->s_next;
- 					*sp = sop->s_next;
- 					ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
-+					ch_free( sop->s_base.bv_val );
- 					ch_free( sop );
- 				}
- 				rs->sr_ctrls = NULL;
--- 
-2.33.0
-
diff --git a/backport-ITS-9867-syncprov-plug-onetime-leak.patch b/backport-ITS-9867-syncprov-plug-onetime-leak.patch
deleted file mode 100644
index ebf07f5982e986b5f9436e1d839017084b364145..0000000000000000000000000000000000000000
--- a/backport-ITS-9867-syncprov-plug-onetime-leak.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From d64f85e161081a61b1f46963f104b10080096df6 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Thu, 16 Jun 2022 22:14:41 +0100
-Subject: [PATCH] ITS#9867 syncprov: plug onetime leak
-
-Since 43ebfa8fb42 ITS#6467
----
- servers/slapd/overlays/syncprov.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
-index 499988662..4b6358fdd 100644
---- a/servers/slapd/overlays/syncprov.c
-+++ b/servers/slapd/overlays/syncprov.c
-@@ -4131,6 +4131,8 @@ syncprov_db_destroy(
- 			ber_bvarray_free( si->si_ctxcsn );
- 		if ( si->si_sids )
- 			ch_free( si->si_sids );
-+		if ( si->si_logbase.bv_val )
-+			ch_free( si->si_logbase.bv_val );
- 		ldap_pvt_thread_mutex_destroy( &si->si_resp_mutex );
- 		ldap_pvt_thread_mutex_destroy( &si->si_mods_mutex );
- 		ldap_pvt_thread_mutex_destroy( &si->si_ops_mutex );
--- 
-2.33.0
-
diff --git a/backport-ITS-9868-Fixup-pending_csn_list-for-backglue.patch b/backport-ITS-9868-Fixup-pending_csn_list-for-backglue.patch
deleted file mode 100644
index 32ce3168f6d8fe7f9621baa90fbdd3d43441bde4..0000000000000000000000000000000000000000
--- a/backport-ITS-9868-Fixup-pending_csn_list-for-backglue.patch
+++ /dev/null
@@ -1,262 +0,0 @@
-From 0d1db3c2b161b21beefc3d82622cfeb98fa95152 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Sat, 18 Jun 2022 16:36:00 +0100
-Subject: [PATCH] ITS#9868 Fixup pending_csn_list for backglue
-
-Define in a new structure and point to it for more flexible access
----
- servers/slapd/backend.c              | 31 ++++++++++++----------------
- servers/slapd/backglue.c             |  1 +
- servers/slapd/ctxcsn.c               | 28 ++++++++++++-------------
- servers/slapd/frontend.c             |  2 +-
- servers/slapd/overlays/pcache.c      |  1 -
- servers/slapd/overlays/translucent.c |  2 +-
- servers/slapd/slap.h                 | 12 ++++++++---
- 7 files changed, 39 insertions(+), 38 deletions(-)
-
-diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
-index 24a82f399..57cf1fe2d 100644
---- a/servers/slapd/backend.c
-+++ b/servers/slapd/backend.c
-@@ -199,10 +199,7 @@ int backend_startup_one(Backend *be, ConfigReply *cr)
- 
- 	assert( be != NULL );
- 
--	be->be_pending_csn_list = (struct be_pcl *)
--		ch_calloc( 1, sizeof( struct be_pcl ) );
--
--	LDAP_TAILQ_INIT( be->be_pending_csn_list );
-+	LDAP_TAILQ_INIT( &be->be_pcsn_st.be_pcsn_list );
- 
- 	Debug( LDAP_DEBUG_TRACE,
- 		"backend_startup_one: starting \"%s\"\n",
-@@ -433,18 +430,15 @@ int backend_shutdown( Backend *be )
- void
- backend_stopdown_one( BackendDB *bd )
- {
--	if ( bd->be_pending_csn_list ) {
--		struct slap_csn_entry *csne;
--		csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list );
--		while ( csne ) {
--			struct slap_csn_entry *tmp_csne = csne;
-+	struct slap_csn_entry *csne;
-+	csne = LDAP_TAILQ_FIRST( &bd->be_pcsn_st.be_pcsn_list );
-+	while ( csne ) {
-+		struct slap_csn_entry *tmp_csne = csne;
- 
--			LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link );
--			ch_free( csne->ce_csn.bv_val );
--			csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
--			ch_free( tmp_csne );
--		}
--		ch_free( bd->be_pending_csn_list );
-+		LDAP_TAILQ_REMOVE( &bd->be_pcsn_st.be_pcsn_list, csne, ce_csn_link );
-+		ch_free( csne->ce_csn.bv_val );
-+		csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
-+		ch_free( tmp_csne );
- 	}
- 
- 	if ( bd->bd_info->bi_db_destroy ) {
-@@ -487,7 +481,7 @@ void backend_destroy_one( BackendDB *bd, int dynamic )
- 		ber_bvarray_free( bd->be_update_refs );
- 	}
- 
--	ldap_pvt_thread_mutex_destroy( &bd->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_destroy( &bd->be_pcsn_st.be_pcsn_mutex );
- 
- 	if ( dynamic ) {
- 		free( bd );
-@@ -624,7 +618,8 @@ backend_db_init(
- 	be->be_requires = frontendDB->be_requires;
- 	be->be_ssf_set = frontendDB->be_ssf_set;
- 
--	ldap_pvt_thread_mutex_init( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_init( &be->be_pcsn_st.be_pcsn_mutex );
-+	be->be_pcsn_p = &be->be_pcsn_st;
- 
-  	/* assign a default depth limit for alias deref */
- 	be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH; 
-@@ -638,7 +633,7 @@ backend_db_init(
- 		/* If we created and linked this be, remove it and free it */
- 		if ( !b0 ) {
- 			LDAP_STAILQ_REMOVE(&backendDB, be, BackendDB, be_next);
--			ldap_pvt_thread_mutex_destroy( &be->be_pcl_mutex );
-+			ldap_pvt_thread_mutex_destroy( &be->be_pcsn_st.be_pcsn_mutex );
- 			ch_free( be );
- 			be = NULL;
- 			nbackends--;
-diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c
-index e7db4ff2d..6f8d3324b 100644
---- a/servers/slapd/backglue.c
-+++ b/servers/slapd/backglue.c
-@@ -1440,6 +1440,7 @@ glue_sub_attach( int online )
- 				&gi->gi_n[gi->gi_nodes].gn_pdn );
- 			gi->gi_nodes++;
- 			on->on_bi.bi_private = gi;
-+			ga->ga_be->be_pcsn_p = be->be_pcsn_p;
- 			ga->ga_be->be_flags |= SLAP_DBFLAG_GLUE_LINKED;
- 			break;
- 		}
-diff --git a/servers/slapd/ctxcsn.c b/servers/slapd/ctxcsn.c
-index 55da64956..a8f73c319 100644
---- a/servers/slapd/ctxcsn.c
-+++ b/servers/slapd/ctxcsn.c
-@@ -54,9 +54,9 @@ slap_get_commit_csn(
- 		sid = slap_parse_csn_sid( &op->o_csn );
- 	}
- 
--	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_lock( &be->be_pcsn_p->be_pcsn_mutex );
- 
--	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
-+	LDAP_TAILQ_FOREACH( csne, &be->be_pcsn_p->be_pcsn_list, ce_csn_link ) {
- 		if ( csne->ce_op == op ) {
- 			csne->ce_state = SLAP_CSN_COMMIT;
- 			if ( foundit ) *foundit = 1;
-@@ -64,7 +64,7 @@ slap_get_commit_csn(
- 		}
- 	}
- 
--	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
-+	LDAP_TAILQ_FOREACH( csne, &be->be_pcsn_p->be_pcsn_list, ce_csn_link ) {
- 		if ( sid != -1 && sid == csne->ce_sid ) {
- 			if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne;
- 			if ( csne->ce_state == SLAP_CSN_PENDING ) break;
-@@ -82,7 +82,7 @@ slap_get_commit_csn(
- 			maxcsn->bv_val[0] = 0;
- 		}
- 	}
--	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_unlock( &be->be_pcsn_p->be_pcsn_mutex );
- }
- 
- void
-@@ -91,16 +91,16 @@ slap_rewind_commit_csn( Operation *op )
- 	struct slap_csn_entry *csne;
- 	BackendDB *be = op->o_bd->bd_self;
- 
--	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_lock( &be->be_pcsn_p->be_pcsn_mutex );
- 
--	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
-+	LDAP_TAILQ_FOREACH( csne, &be->be_pcsn_p->be_pcsn_list, ce_csn_link ) {
- 		if ( csne->ce_op == op ) {
- 			csne->ce_state = SLAP_CSN_PENDING;
- 			break;
- 		}
- 	}
- 
--	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_unlock( &be->be_pcsn_p->be_pcsn_mutex );
- }
- 
- void
-@@ -113,11 +113,11 @@ slap_graduate_commit_csn( Operation *op )
- 	if ( op->o_bd == NULL ) return;
- 	be = op->o_bd->bd_self;
- 
--	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_lock( &be->be_pcsn_p->be_pcsn_mutex );
- 
--	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
-+	LDAP_TAILQ_FOREACH( csne, &be->be_pcsn_p->be_pcsn_list, ce_csn_link ) {
- 		if ( csne->ce_op == op ) {
--			LDAP_TAILQ_REMOVE( be->be_pending_csn_list,
-+			LDAP_TAILQ_REMOVE( &be->be_pcsn_p->be_pcsn_list,
- 				csne, ce_csn_link );
- 			Debug( LDAP_DEBUG_SYNC, "slap_graduate_commit_csn: removing %p %s\n",
- 				csne, csne->ce_csn.bv_val );
-@@ -130,7 +130,7 @@ slap_graduate_commit_csn( Operation *op )
- 		}
- 	}
- 
--	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_unlock( &be->be_pcsn_p->be_pcsn_mutex );
- 
- 	return;
- }
-@@ -194,10 +194,10 @@ slap_queue_csn(
- 	pending->ce_op = op;
- 	pending->ce_state = SLAP_CSN_PENDING;
- 
--	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
--	LDAP_TAILQ_INSERT_TAIL( be->be_pending_csn_list,
-+	ldap_pvt_thread_mutex_lock( &be->be_pcsn_p->be_pcsn_mutex );
-+	LDAP_TAILQ_INSERT_TAIL( &be->be_pcsn_p->be_pcsn_list,
- 		pending, ce_csn_link );
--	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_unlock( &be->be_pcsn_p->be_pcsn_mutex );
- }
- 
- int
-diff --git a/servers/slapd/frontend.c b/servers/slapd/frontend.c
-index c773f49c4..d0ca419ab 100644
---- a/servers/slapd/frontend.c
-+++ b/servers/slapd/frontend.c
-@@ -108,7 +108,7 @@ frontend_init( void )
- 	frontendDB->be_def_limit.lms_s_pr_hide = 0;			/* don't hide number of entries left */
- 	frontendDB->be_def_limit.lms_s_pr_total = 0;			/* number of total entries returned by pagedResults equal to hard limit */
- 
--	ldap_pvt_thread_mutex_init( &frontendDB->be_pcl_mutex );
-+	ldap_pvt_thread_mutex_init( &frontendDB->be_pcsn_st.be_pcsn_mutex );
- 
- 	/* suffix */
- 	frontendDB->be_suffix = ch_calloc( 2, sizeof( struct berval ) );
-diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c
-index fcf29c60b..423c19641 100644
---- a/servers/slapd/overlays/pcache.c
-+++ b/servers/slapd/overlays/pcache.c
-@@ -4540,7 +4540,6 @@ pcache_db_init(
- 	SLAP_DBFLAGS(&cm->db) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
- 	cm->db.be_private = NULL;
- 	cm->db.bd_self = &cm->db;
--	cm->db.be_pending_csn_list = NULL;
- 	cm->qm = qm;
- 	cm->numattrsets = 0;
- 	cm->num_entries_limit = 5;
-diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c
-index d0402fe14..2cd18a350 100644
---- a/servers/slapd/overlays/translucent.c
-+++ b/servers/slapd/overlays/translucent.c
-@@ -1440,7 +1440,7 @@ translucent_db_destroy( BackendDB *be, ConfigReply *cr )
- 			backend_stopdown_one( &ov->db );
- 		}
- 
--		ldap_pvt_thread_mutex_destroy( &ov->db.be_pcl_mutex );
-+		ldap_pvt_thread_mutex_destroy( &ov->db.be_pcsn_st.be_pcsn_mutex );
- 		ch_free(ov);
- 		on->on_bi.bi_private = NULL;
- 	}
-diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
-index fee283f37..4a7a3f06b 100644
---- a/servers/slapd/slap.h
-+++ b/servers/slapd/slap.h
-@@ -1790,7 +1790,13 @@ struct sync_cookie {
- 
- LDAP_STAILQ_HEAD( slap_sync_cookie_s, sync_cookie );
- 
--LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry );
-+/* Defs for pending_csn_list */
-+LDAP_TAILQ_HEAD( be_pclh, slap_csn_entry );
-+
-+typedef struct be_pcsn {
-+	struct be_pclh			be_pcsn_list;
-+	ldap_pvt_thread_mutex_t	be_pcsn_mutex;
-+} be_pcsn;
- 
- #ifndef SLAP_MAX_CIDS
- #define	SLAP_MAX_CIDS	32	/* Maximum number of supported controls */
-@@ -1999,8 +2005,8 @@ struct BackendDB {
- 	/* Consumer Information */
- 	struct berval be_update_ndn;	/* allowed to make changes (in replicas) */
- 	BerVarray	be_update_refs;	/* where to refer modifying clients to */
--	struct		be_pcl	*be_pending_csn_list;
--	ldap_pvt_thread_mutex_t					be_pcl_mutex;
-+	be_pcsn	be_pcsn_st;			/* be_pending_csn_list now inside this */
-+	be_pcsn	*be_pcsn_p;
- 	struct syncinfo_s						*be_syncinfo; /* For syncrepl */
- 
- 	void    *be_pb;         /* Netscape plugin */
--- 
-2.33.0
-
diff --git a/backport-ITS-9868-also-fixup-glue_sub_del.patch b/backport-ITS-9868-also-fixup-glue_sub_del.patch
deleted file mode 100644
index 0b5ecad9a4ec9bd4925f3efe35d079faa1d803ab..0000000000000000000000000000000000000000
--- a/backport-ITS-9868-also-fixup-glue_sub_del.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From fbe844f814e853184f5fb877da48a294f8bd874e Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Wed, 22 Jun 2022 14:50:58 +0100
-Subject: [PATCH] ITS#9868 also fixup glue_sub_del()
-
----
- servers/slapd/backglue.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c
-index 6f8d3324b..3183f2f46 100644
---- a/servers/slapd/backglue.c
-+++ b/servers/slapd/backglue.c
-@@ -1381,6 +1381,11 @@ glue_sub_del( BackendDB *b0 )
- 				gi->gi_nodes--;
- 			}
- 		}
-+		/* Mark as no longer linked/sub */
-+		b0->be_flags &= ~(SLAP_DBFLAG_GLUE_SUBORDINATE|SLAP_DBFLAG_GLUE_LINKED|
-+			SLAP_DBFLAG_GLUE_ADVERTISE);
-+		b0->be_pcsn_p = &b0->be_pcsn_st;
-+		break;
- 	}
- 	if ( be == NULL )
- 		rc = LDAP_NO_SUCH_OBJECT;
--- 
-2.33.0
-
diff --git a/backport-ITS-9871-slapo-ppolicy-use-explicit-backend-in-bind_.patch b/backport-ITS-9871-slapo-ppolicy-use-explicit-backend-in-bind_.patch
deleted file mode 100644
index 2a312e73cf943d891961051c0bdf21c5864b9c99..0000000000000000000000000000000000000000
--- a/backport-ITS-9871-slapo-ppolicy-use-explicit-backend-in-bind_.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 4e3687cda37b8ed0c6b377d32b6e25dc1b07a735 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Fri, 24 Jun 2022 16:49:45 +0100
-Subject: [PATCH] ITS#9871 slapo-ppolicy: use explicit backend in bind_response
-
----
- servers/slapd/overlays/ppolicy.c | 24 +++++++++++++-----------
- 1 file changed, 13 insertions(+), 11 deletions(-)
-
-diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
-index 1815837aa..7913f35c0 100644
---- a/servers/slapd/overlays/ppolicy.c
-+++ b/servers/slapd/overlays/ppolicy.c
-@@ -1656,7 +1656,8 @@ free_pwd_history_list( pw_hist **l )
- }
- 
- typedef struct ppbind {
--	slap_overinst *on;
-+	pp_info *pi;
-+	BackendDB *be;
- 	int send_ctrl;
- 	int set_restrict;
- 	LDAPControl **oldctrls;
-@@ -1706,8 +1707,7 @@ static int
- ppolicy_bind_response( Operation *op, SlapReply *rs )
- {
- 	ppbind *ppb = op->o_callback->sc_private;
--	slap_overinst *on = ppb->on;
--	pp_info *pi = on->on_bi.bi_private;
-+	pp_info *pi = ppb->pi;
- 	Modifications *mod = ppb->mod, *m;
- 	int pwExpired = 0;
- 	int ngut = -1, warn = -1, fc = 0, age, rc;
-@@ -1718,7 +1718,7 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
- 	char nowstr[ LDAP_LUTIL_GENTIME_BUFSIZE ];
- 	char nowstr_usec[ LDAP_LUTIL_GENTIME_BUFSIZE+8 ];
- 	struct berval timestamp, timestamp_usec;
--	BackendInfo *bi = op->o_bd->bd_info;
-+	BackendDB *be = op->o_bd;
- 	LDAPControl *ctrl = NULL;
- 	Entry *e;
- 
-@@ -1728,9 +1728,9 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
- 		goto locked;
- 	}
- 
--	op->o_bd->bd_info = (BackendInfo *)on->on_info;
-+	op->o_bd = ppb->be;
- 	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
--	op->o_bd->bd_info = bi;
-+	op->o_bd = be;
- 
- 	if ( rc != LDAP_SUCCESS ) {
- 		ldap_pvt_thread_mutex_unlock( &pi->pwdFailureTime_mutex );
-@@ -2032,8 +2032,9 @@ check_expiring_password:
- 	}
- 
- done:
--	op->o_bd->bd_info = (BackendInfo *)on->on_info;
-+	op->o_bd = ppb->be;
- 	be_entry_release_r( op, e );
-+	op->o_bd = be;
- 
- locked:
- 	if ( mod && !pi->disable_write ) {
-@@ -2072,7 +2073,7 @@ locked:
- 				op2.orm_no_opattrs = 1;
- 				op2.o_dont_replicate = 1;
- 			}
--			op2.o_bd->bd_info = (BackendInfo *)on->on_info;
-+			op2.o_bd = ppb->be;
- 		}
- 		rc = op2.o_bd->be_modify( &op2, &r2 );
- 		if ( rc != LDAP_SUCCESS ) {
-@@ -2103,7 +2104,6 @@ locked:
- 		ppb->oldctrls = add_passcontrol( op, rs, ctrl );
- 		op->o_callback->sc_cleanup = ppolicy_ctrls_cleanup;
- 	}
--	op->o_bd->bd_info = bi;
- 	ldap_pvt_thread_mutex_unlock( &pi->pwdFailureTime_mutex );
- 	return SLAP_CB_CONTINUE;
- }
-@@ -2136,7 +2136,8 @@ ppolicy_bind( Operation *op, SlapReply *rs )
- 		cb = op->o_tmpcalloc( sizeof(ppbind)+sizeof(slap_callback),
- 			1, op->o_tmpmemctx );
- 		ppb = (ppbind *)(cb+1);
--		ppb->on = on;
-+		ppb->pi = on->on_bi.bi_private;
-+		ppb->be = op->o_bd->bd_self;
- 		ppb->pErr = PP_noError;
- 		ppb->set_restrict = 1;
- 
-@@ -2426,7 +2427,8 @@ ppolicy_compare(
- 		cb = op->o_tmpcalloc( sizeof(ppbind)+sizeof(slap_callback),
- 			1, op->o_tmpmemctx );
- 		ppb = (ppbind *)(cb+1);
--		ppb->on = on;
-+		ppb->pi = on->on_bi.bi_private;
-+		ppb->be = op->o_bd->bd_self;
- 		ppb->pErr = PP_noError;
- 		ppb->send_ctrl = 1;
- 		/* failures here don't lockout the connection */
--- 
-2.33.0
-
diff --git a/backport-ITS-9876-Coverity-fixes-plug-memleaks.patch b/backport-ITS-9876-Coverity-fixes-plug-memleaks.patch
deleted file mode 100644
index c40b5d6a28dd691179ee7c3846647ee3eed8ff2e..0000000000000000000000000000000000000000
--- a/backport-ITS-9876-Coverity-fixes-plug-memleaks.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From 78618653c23168b0cc143eca54264191fa5a8bd6 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Tue, 5 Jul 2022 03:49:34 +0100
-Subject: [PATCH] ITS#9876 Coverity fixes: plug memleaks
-
----
- libraries/libldap/deref.c |  1 +
- libraries/libldap/ldif.c  |  3 ++-
- libraries/libldap/turn.c  | 12 ++++++------
- libraries/libldap/txn.c   | 12 ++++++------
- 4 files changed, 15 insertions(+), 13 deletions(-)
-
-diff --git a/libraries/libldap/deref.c b/libraries/libldap/deref.c
-index 801954eb9..7d3471ad3 100644
---- a/libraries/libldap/deref.c
-+++ b/libraries/libldap/deref.c
-@@ -193,6 +193,7 @@ ldap_parse_derefresponse_control(
- 		dr = LDAP_CALLOC( 1, sizeof(LDAPDerefRes) );
- 		if ( dr == NULL ) {
- 			ldap_derefresponse_free( drhead );
-+			ber_free( ber, 1 );
- 			*drp2 = NULL;
- 			ld->ld_errno = LDAP_NO_MEMORY;
- 			return ld->ld_errno;
-diff --git a/libraries/libldap/ldif.c b/libraries/libldap/ldif.c
-index 900a97960..57e44f8c7 100644
---- a/libraries/libldap/ldif.c
-+++ b/libraries/libldap/ldif.c
-@@ -729,7 +729,8 @@ ldif_open(
- 	if ( fp ) {
- 		lfp = ber_memalloc( sizeof( LDIFFP ));
- 		if ( lfp == NULL ) {
--		    return NULL;
-+			fclose( fp );
-+			return NULL;
- 		}
- 		lfp->fp = fp;
- 		lfp->prev = NULL;
-diff --git a/libraries/libldap/turn.c b/libraries/libldap/turn.c
-index 565b449af..7725f01d0 100644
---- a/libraries/libldap/turn.c
-+++ b/libraries/libldap/turn.c
-@@ -44,7 +44,7 @@ ldap_turn(
- {
- #ifdef LDAP_EXOP_X_TURN
- 	BerElement *turnvalber = NULL;
--	struct berval *turnvalp = NULL;
-+	struct berval turnval;
- 	int rc;
- 
- 	turnvalber = ber_alloc_t( LBER_USE_DER );
-@@ -53,10 +53,10 @@ ldap_turn(
- 	} else {
- 		ber_printf( turnvalber, "{s}", identifier );
- 	}
--	ber_flatten( turnvalber, &turnvalp );
-+	ber_flatten2( turnvalber, &turnval, 0 );
- 
- 	rc = ldap_extended_operation( ld, LDAP_EXOP_X_TURN,
--			turnvalp, sctrls, cctrls, msgidp );
-+			&turnval, sctrls, cctrls, msgidp );
- 	ber_free( turnvalber, 1 );
- 	return rc;
- #else
-@@ -74,7 +74,7 @@ ldap_turn_s(
- {
- #ifdef LDAP_EXOP_X_TURN
- 	BerElement *turnvalber = NULL;
--	struct berval *turnvalp = NULL;
-+	struct berval turnval;
- 	int rc;
- 
- 	turnvalber = ber_alloc_t( LBER_USE_DER );
-@@ -83,10 +83,10 @@ ldap_turn_s(
- 	} else {
- 		ber_printf( turnvalber, "{s}", identifier );
- 	}
--	ber_flatten( turnvalber, &turnvalp );
-+	ber_flatten2( turnvalber, &turnval, 0 );
- 
- 	rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_TURN,
--			turnvalp, sctrls, cctrls, NULL, NULL );
-+			&turnval, sctrls, cctrls, NULL, NULL );
- 	ber_free( turnvalber, 1 );
- 	return rc;
- #else
-diff --git a/libraries/libldap/txn.c b/libraries/libldap/txn.c
-index 66b22e873..640900234 100644
---- a/libraries/libldap/txn.c
-+++ b/libraries/libldap/txn.c
-@@ -68,7 +68,7 @@ ldap_txn_end(
- {
- 	int rc;
- 	BerElement *txnber = NULL;
--	struct berval *txnval = NULL;
-+	struct berval txnval;
- 
- 	assert( txnid != NULL );
- 
-@@ -80,10 +80,10 @@ ldap_txn_end(
- 		ber_printf( txnber, "{bON}", commit, txnid );
- 	}
- 
--	ber_flatten( txnber, &txnval );
-+	ber_flatten2( txnber, &txnval, 0 );
- 
- 	rc = ldap_extended_operation( ld, LDAP_EXOP_TXN_END,
--		txnval, sctrls, cctrls, msgidp );
-+		&txnval, sctrls, cctrls, msgidp );
- 
- 	ber_free( txnber, 1 );
- 	return rc;
-@@ -100,7 +100,7 @@ ldap_txn_end_s(
- {
- 	int rc;
- 	BerElement *txnber = NULL;
--	struct berval *txnval = NULL;
-+	struct berval txnval;
- 	struct berval *retdata = NULL;
- 
- 	if ( retidp != NULL ) *retidp = -1;
-@@ -113,10 +113,10 @@ ldap_txn_end_s(
- 		ber_printf( txnber, "{bON}", commit, txnid );
- 	}
- 
--	ber_flatten( txnber, &txnval );
-+	ber_flatten2( txnber, &txnval, 0 );
- 
- 	rc = ldap_extended_operation_s( ld, LDAP_EXOP_TXN_END,
--		txnval, sctrls, cctrls, NULL, &retdata );
-+		&txnval, sctrls, cctrls, NULL, &retdata );
- 
- 	ber_free( txnber, 1 );
- 
--- 
-2.33.0
-
diff --git a/backport-ITS-9876-Some-more-leaks-plugged.patch b/backport-ITS-9876-Some-more-leaks-plugged.patch
deleted file mode 100644
index d90e933b759deb0d0554d286353a2424f10af08d..0000000000000000000000000000000000000000
--- a/backport-ITS-9876-Some-more-leaks-plugged.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From c07e961d40942635ef4b6e75e8da8b101865c148 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Thu, 7 Jul 2022 16:42:10 +0100
-Subject: [PATCH] ITS#9876 Some more leaks plugged
-
----
- clients/tools/ldapsearch.c |  7 ++++---
- libraries/libldap/deref.c  | 15 ++++-----------
- 2 files changed, 8 insertions(+), 14 deletions(-)
-
-diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c
-index a0ca0d79f..02b49bd1c 100644
---- a/clients/tools/ldapsearch.c
-+++ b/clients/tools/ldapsearch.c
-@@ -1866,12 +1866,13 @@ again:
- 			if ( ldapsync && sync_slimit != -1 &&
- 					nresponses_psearch >= sync_slimit ) {
- 				BerElement *msgidber = NULL;
--				struct berval *msgidvalp = NULL;
-+				struct berval msgidval;
- 				msgidber = ber_alloc_t(LBER_USE_DER);
- 				ber_printf(msgidber, "{i}", msgid);
--				ber_flatten(msgidber, &msgidvalp);
-+				ber_flatten2( msgidber, &msgidval, 0 );
- 				ldap_extended_operation(ld, LDAP_EXOP_CANCEL,
--					msgidvalp, NULL, NULL, &cancel_msgid);
-+					&msgidval, NULL, NULL, &cancel_msgid);
-+				ber_free( msgidber, 1 );
- 				nresponses_psearch = -1;
- 			}
- 		}
-diff --git a/libraries/libldap/deref.c b/libraries/libldap/deref.c
-index 7d3471ad3..f187a9fd4 100644
---- a/libraries/libldap/deref.c
-+++ b/libraries/libldap/deref.c
-@@ -160,7 +160,8 @@ ldap_parse_derefresponse_control(
- 	LDAPControl	*ctrl,
- 	LDAPDerefRes	**drp2 )
- {
--	BerElement *ber;
-+	BerElementBuffer berbuf;
-+	BerElement *ber = (BerElement *)&berbuf;
- 	ber_tag_t tag;
- 	ber_len_t len;
- 	char *last;
-@@ -172,13 +173,8 @@ ldap_parse_derefresponse_control(
- 		return LDAP_PARAM_ERROR;
- 	}
- 
--	/* Create a BerElement from the berval returned in the control. */
--	ber = ber_init( &ctrl->ldctl_value );
--
--	if ( ber == NULL ) {
--		ld->ld_errno = LDAP_NO_MEMORY;
--		return ld->ld_errno;
--	}
-+	/* Set up a BerElement from the berval returned in the control. */
-+	ber_init2( ber, &ctrl->ldctl_value, 0 );
- 
- 	/* Extract the count and cookie from the control. */
- 	drp = &drhead;
-@@ -193,7 +189,6 @@ ldap_parse_derefresponse_control(
- 		dr = LDAP_CALLOC( 1, sizeof(LDAPDerefRes) );
- 		if ( dr == NULL ) {
- 			ldap_derefresponse_free( drhead );
--			ber_free( ber, 1 );
- 			*drp2 = NULL;
- 			ld->ld_errno = LDAP_NO_MEMORY;
- 			return ld->ld_errno;
-@@ -244,8 +239,6 @@ ldap_parse_derefresponse_control(
- 	tag = 0;
- 
- done:;
--        ber_free( ber, 1 );
--
- 	if ( tag == LBER_ERROR ) {
- 		if ( drhead != NULL ) {
- 			ldap_derefresponse_free( drhead );
--- 
-2.33.0
-
diff --git a/backport-ITS-9882-bind-fix-9863-commit-use-correct-op-backend.patch b/backport-ITS-9882-bind-fix-9863-commit-use-correct-op-backend.patch
deleted file mode 100644
index 25889be73d9efb4ab804b785d6d69bb144467930..0000000000000000000000000000000000000000
--- a/backport-ITS-9882-bind-fix-9863-commit-use-correct-op-backend.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 4528bdb3f37f0e457850095ad7f003bc9853df68 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Mon, 11 Jul 2022 17:55:37 +0100
-Subject: [PATCH] ITS#9882 bind: fix #9863 commit, use correct op/backend for
- mod
-
----
- servers/slapd/bind.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
-index 4b8eda69b..19598f11a 100644
---- a/servers/slapd/bind.c
-+++ b/servers/slapd/bind.c
-@@ -500,7 +500,7 @@ fe_op_lastbind( Operation *op )
- 		}
- 	}
- 
--	rc = op->o_bd->be_modify( &op2, &r2 );
-+	rc = op2.o_bd->be_modify( &op2, &r2 );
- 	slap_mods_free( m, 1 );
- 
- done:
--- 
-2.33.0
-
diff --git a/openldap-2.6.0.tgz b/openldap-2.6.3.tgz
similarity index 46%
rename from openldap-2.6.0.tgz
rename to openldap-2.6.3.tgz
index 523d36ae2036b7a739aeb5591372f94aeee469a9..562d84412e9dd26a5a301e12de275d60109e3b03 100644
Binary files a/openldap-2.6.0.tgz and b/openldap-2.6.3.tgz differ
diff --git a/openldap.spec b/openldap.spec
index 018fed6990588a321694a1f55c4e77391f0ae207..e03eb0d61eedfb3554bb6c847b7676172dc6202a 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -1,8 +1,8 @@
 %global systemctl_bin /usr/bin/systemctl
 
 Name:           openldap
-Version:        2.6.0
-Release:        5
+Version:        2.6.3
+Release:        1
 Summary:        LDAP support libraries
 License:        OLDAP-2.8
 URL:            https://www.openldap.org/
@@ -25,45 +25,8 @@ Patch5:         backport-openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-s
 Patch7:         backport-check-password-makefile.patch
 Patch8:         backport-check-password.patch
 Patch9:         add-ber_sockbuf_io_udp-to-liber.map.patch
-Patch10:	backport-fix-cve-2022-29155.patch
-Patch6000:      backport-ITS-7165-back-mdb-check-for-stale-readers-on-MDB_REA.patch
-Patch6001:      backport-ITS-8039-Free-resinfo-even-if-opcookie-is-the-last-o.patch
-Patch6002:      backport-ITS-8245-Do-not-try-to-release-a-NULL-entry.patch
-Patch6003:      backport-ITS-9759-Honour-requested-insert-position-in-olcRetc.patch
-Patch6004:      backport-ITS-9763-Maintain-values-in-order-of-insertion.patch
-Patch6005:      backport-ITS-9763-Warn-for-unsupported-configs.patch
-Patch6006:      backport-ITS-9770-slapo-constraint-Maintain-values-in-order-o.patch
-Patch6007:      backport-ITS-9772-Allow-objectClass-edits-that-don-t-actually.patch
-Patch6008:      backport-ITS-9781-Relax-refcount-assertion-for-referrals.patch
-Patch6009:      backport-ITS-9799-Clear-c_n_ops_pending-after-we-ve-flushed-c.patch
-Patch6010:      backport-ITS-9799-Drop-a-bind-connection-if-there-s-a-timeout.patch
-Patch6011:      backport-ITS-9802-slapd-ldap-meta-async-meta-plug-memleak-in-.patch
-Patch6012:      backport-ITS-9802-slapd-meta-fix-rewrite-config-ordering.patch
-Patch6013:      backport-ITS-9802-slapd-meta-fix-rewrite-config-SEGV.patch
-Patch6014:      backport-ITS-9802-Fix-argv-handling.patch
-Patch6015:      backport-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch
-Patch6016:      backport-ITS-9809-pcache-mdb-fix-SEGV-in-monitor-shutdown.patch
-Patch6017:      backport-ITS-9811-Allow-newlines-at-end-of-included-file.patch
-Patch6018:      backport-ITS-9818-Duplicate-substring-filters-correctly.patch
-Patch6019:      backport-ITS-9823-Check-minCSN-when-setting-up-delta-log-repl.patch
-Patch6020:      backport-ITS-9823-Only-request-minCSN-if-accesslog-is-around.patch
-Patch6021:      backport-ITS-9831-Advance-connections-index-correctly.patch
-Patch6022:      backport-ITS-9858-back-mdb-delay-indexer-task-startup.patch
-Patch6023:      backport-ITS-9858-back-mdb-fix-index-reconfig.patch
-Patch6024:      backport-ITS-9863-Forward-lastbind-updates-if-configured.patch
-Patch6025:      backport-ITS-9863-Regression-test-case-for-pwdLastSuccess.patch
-Patch6026:      backport-ITS-9864-slapo-accesslog-plug-onetime-memleaks.patch
-Patch6027:      backport-ITS-9866-delta-sync-fix-DN-leak-on-Adds.patch
-Patch6028:      backport-ITS-9867-syncprov-plug-findbase-memleak.patch
-Patch6029:      backport-ITS-9867-syncprov-plug-onetime-leak.patch
-Patch6030:      backport-ITS-9868-also-fixup-glue_sub_del.patch
-Patch6031:      backport-ITS-9868-Fixup-pending_csn_list-for-backglue.patch
-Patch6032:      backport-ITS-9871-slapo-ppolicy-use-explicit-backend-in-bind_.patch
-Patch6033:      backport-ITS-9876-Coverity-fixes-plug-memleaks.patch
-Patch6034:      backport-ITS-9876-Some-more-leaks-plugged.patch
-Patch6035:      backport-ITS-9882-bind-fix-9863-commit-use-correct-op-backend.patch
-Patch6036:      backport-ITS-9898-tests-fix-slapd-addel-non-std-syntax.patch
-Patch6037:      backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
+Patch6000:      backport-ITS-9898-tests-fix-slapd-addel-non-std-syntax.patch
+Patch6001:      backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
 
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
@@ -138,46 +101,9 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch5 -p1
 
 %patch9 -p1
-%patch10 -p1
 
 %patch6000 -p1
 %patch6001 -p1
-%patch6002 -p1
-%patch6003 -p1
-%patch6004 -p1
-%patch6005 -p1
-%patch6006 -p1
-%patch6007 -p1
-%patch6008 -p1
-%patch6009 -p1
-%patch6010 -p1
-%patch6011 -p1
-%patch6012 -p1
-%patch6013 -p1
-%patch6014 -p1
-%patch6015 -p1
-%patch6016 -p1
-%patch6017 -p1
-%patch6018 -p1
-%patch6019 -p1
-%patch6020 -p1
-%patch6021 -p1
-%patch6022 -p1
-%patch6023 -p1
-%patch6024 -p1
-%patch6025 -p1
-%patch6026 -p1
-%patch6027 -p1
-%patch6028 -p1
-%patch6029 -p1
-%patch6030 -p1
-%patch6031 -p1
-%patch6032 -p1
-%patch6033 -p1
-%patch6034 -p1
-%patch6035 -p1
-%patch6036 -p1
-%patch6037 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -405,6 +331,7 @@ exit 0
 
 %check
 pushd openldap-%{version}
+rm -f tests/scripts/test076-authid-rewrite
 make check
 popd
 
@@ -459,6 +386,9 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Tue Feb 8 2023 zhujunhao <zhujunhao11@huawei.com> - 2.6.3-1
+- upgrade to 2.6.3
+
 * Mon Nov 7 2022 zhujunhao <zhujunhao11@huawei.com> - 2.6.0-5
 - backport patch