diff --git a/389-ds-base-1.4.3.20.tar.bz2 b/389-ds-base-1.4.3.36.tar.gz
similarity index 40%
rename from 389-ds-base-1.4.3.20.tar.bz2
rename to 389-ds-base-1.4.3.36.tar.gz
index 158ada235dcd6f7c846c00d9c797478c3335e7be..c4b9545d2501d4b2c461749c5255913793a2dfcc 100644
Binary files a/389-ds-base-1.4.3.20.tar.bz2 and b/389-ds-base-1.4.3.36.tar.gz differ
diff --git a/389-ds-base.spec b/389-ds-base.spec
index ea72392f271f7f3593e3cdc899720c648436a65c..6db1f6fd7c3470741f960caf23ae2a24dc2a7506 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -5,17 +5,16 @@ ExcludeArch:   i686
 
 Name:          389-ds-base
 Summary:       Base 389 Directory Server
-Version:       1.4.3.20
+Version:       1.4.3.36
 Release:       1
 License:       GPLv3+
 URL:           https://www.port389.org
-Source0:       https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2
+Source0:       https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz
 Source1:       389-ds-base-git.sh
 Source2:       389-ds-base-devel.README
 Source3:       https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
-
-Patch0:        CVE-2021-3652.patch
-Patch1:        CVE-2021-3514.patch
+# Refer: https://github.com/389ds/389-ds-base/pull/5374
+Patch0:        fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch
 
 BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
 BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
@@ -27,7 +26,8 @@ BuildRequires: python%{python3_pkgversion}-pyasn1-modules python%{python3_pkgver
 BuildRequires: python%{python3_pkgversion}-argcomplete python%{python3_pkgversion}-argparse-manpage
 BuildRequires: python%{python3_pkgversion}-libselinux python%{python3_pkgversion}-policycoreutils
 BuildRequires: python%{python3_pkgversion}-packaging rsync npm nodejs libtalloc-devel libtevent-devel
-Requires:      389-ds-base-libs = %{version}-%{release}
+BuildRequires: python%{python3_pkgversion}-cryptography
+Requires:      389-ds-base-libs = %{version}-%{release} 389-ds-base-legacy-tools = %{version}-%{release}
 Requires:      python%{python3_pkgversion}-lib389 = %{version}-%{release}
 Requires:      policycoreutils-python-utils /usr/sbin/semanage libsemanage-python%{python3_pkgversion}
 Requires:      selinux-policy >= 3.14.1-29 openldap-clients openssl-perl python%{python3_pkgversion}-ldap
@@ -106,9 +106,9 @@ Requires:      389-ds-base = %{version}-%{release}
 Documentation for 389 Directory Server.
 
 %prep
-%autosetup -n 389-ds-base-%{version} -p1
+%autosetup -n 389-ds-base-389-ds-base-%{version} -p1
 
-%setup -n 389-ds-base-%{version} -T -D -b 3
+%setup -n 389-ds-base-389-ds-base-%{version} -T -D -b 3
 
 cp %{SOURCE2} README.devel
 
@@ -120,7 +120,7 @@ NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
 
 LEGACY_FLAGS="--enable-legacy --enable-perl"
 cd ../jemalloc-5.2.1
-%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin --enable-prof
+%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin --enable-prof --with-lg-page=16
 %make_build
 cd -
 
@@ -136,7 +136,7 @@ cd ./src/lib389
 %py3_build
 cd -
 for f in "dsconf.8" "dsctl.8" "dsidm.8" "dscreate.8"; do
-  sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/389-ds-base-%{version}/src/lib389/man/$f
+  sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/389-ds-base-389-ds-base-%{version}/src/lib389/man/$f
 done
 export XCFLAGS=$RPM_OPT_FLAGS
 %make_build
@@ -148,7 +148,7 @@ install -d %{buildroot}%{_datadir}/cockpit
 
 find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
 find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
-cp -r %{_builddir}/389-ds-base-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
+cp -r %{_builddir}/389-ds-base-389-ds-base-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
 
 cd src/lib389
 %py3_install
@@ -166,8 +166,8 @@ sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/dirsrv/
 
 cd ../jemalloc-5.2.1
 make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
-cp -pa COPYING ../389-ds-base-%{version}/COPYING.jemalloc
-cp -pa README ../389-ds-base-%{version}/README.jemalloc
+cp -pa COPYING ../389-ds-base-389-ds-base-%{version}/COPYING.jemalloc
+cp -pa README ../389-ds-base-389-ds-base-%{version}/README.jemalloc
 cd -
 
 %check
@@ -326,7 +326,7 @@ exit 0
 %{_sbindir}/{ldif2ldap,bak2db,db2bak,db2index,db2ldif,dbverify,ldif2db,restart-dirsrv}
 %{_sbindir}/{start-dirsrv,status-dirsrv,stop-dirsrv,upgradedb,vlvindex}
 %{_sbindir}/{monitor,dbmon.sh,dn2rdn,restoreconfig,saveconfig,suffix2instance,upgradednformat}
-%{_libexecdir}/dirsrv/{ds_selinux_enabled,ds_selinux_port_query}
+%{_libexecdir}/dirsrv/{ds_selinux_enabled,ds_selinux_port_query,ds_selinux_restorecon.sh}
 %{_datadir}/dirsrv/properties/*.res
 %{_datadir}/dirsrv/script-templates
 %{_datadir}/dirsrv/updates
@@ -354,6 +354,12 @@ exit 0
 %{_mandir}/*/*
 
 %changelog
+* Tue Oct 24 2023 wangkai <13474090681@163.com> - 1.4.3.36-1
+- Update to 1.4.3.36
+- Fix dsidm user/posixgroup get_dn fails with search_ext()
+- Fix unable to add objectclass/attribute without x-origin
+- Fix execute dsconf to open pdb
+
 * Tue Mar 15 2022 wangkai <wangkai385@huawei.com> - 1.4.3.20-1
 - Update to 1.4.3.20 for fix CVE-2020-35518
 
diff --git a/CVE-2021-3514.patch b/CVE-2021-3514.patch
deleted file mode 100644
index 887f5b2761b4e5ae75a7568a3a6f14b35e5e666e..0000000000000000000000000000000000000000
--- a/CVE-2021-3514.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 2e5b526012612d1d6ccace46398bee679a730271 Mon Sep 17 00:00:00 2001
-From: tbordaz <tbordaz@redhat.com>
-Date: Tue, 27 Apr 2021 09:29:32 +0200
-Subject: [PATCH] Issue 4711 - SIGSEV with sync_repl (#4738)
-
-Bug description:
-	sync_repl sends back entries identified with a unique
-	identifier that is 'nsuniqueid'. If 'nsuniqueid' is
-	missing, then it may crash
-
-Fix description:
-	Check a nsuniqueid is available else returns OP_ERR
-
-relates: https://github.com/389ds/389-ds-base/issues/4711
-
-Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
-
-Platforms tested:  F33
----
- ldap/servers/plugins/sync/sync_util.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
-index e64d519e1a..3dacee8cad 100644
---- a/ldap/servers/plugins/sync/sync_util.c
-+++ b/ldap/servers/plugins/sync/sync_util.c
-@@ -127,8 +127,8 @@ sync_create_state_control(Slapi_Entry *e, LDAPControl **ctrlp, int type, Sync_Co
-     BerElement *ber;
-     struct berval *bvp;
-     char *uuid;
--    Slapi_Attr *attr;
--    Slapi_Value *val;
-+    Slapi_Attr *attr = NULL;
-+    Slapi_Value *val = NULL;
- 
-     if (type == LDAP_SYNC_NONE || ctrlp == NULL || (ber = der_alloc()) == NULL) {
-         return (LDAP_OPERATIONS_ERROR);
-@@ -138,6 +138,14 @@ sync_create_state_control(Slapi_Entry *e, LDAPControl **ctrlp, int type, Sync_Co
- 
-     slapi_entry_attr_find(e, SLAPI_ATTR_UNIQUEID, &attr);
-     slapi_attr_first_value(attr, &val);
-+    if ((attr == NULL) || (val == NULL)) {
-+        /* It may happen with entries in special backends
-+         * such like cn=config, cn=shema, cn=monitor...
-+         */
-+        slapi_log_err(SLAPI_LOG_ERR, SYNC_PLUGIN_SUBSYSTEM,
-+		      "sync_create_state_control - Entries are missing nsuniqueid. Unable to proceed.\n");
-+        return (LDAP_OPERATIONS_ERROR);
-+    }
-     uuid = sync_nsuniqueid2uuid(slapi_value_get_string(val));
-     if ((rc = ber_printf(ber, "{eo", type, uuid, 16)) != -1) {
-         if (cookie) {
diff --git a/CVE-2021-3652.patch b/CVE-2021-3652.patch
deleted file mode 100644
index 7670873f6020f265f7e7a10cff2e5bef3c4a2171..0000000000000000000000000000000000000000
--- a/CVE-2021-3652.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From c1926dfc6591b55c4d33f9944de4d7ebe077e964 Mon Sep 17 00:00:00 2001
-From: Firstyear <william@blackhats.net.au>
-Date: Fri, 9 Jul 2021 11:53:35 +1000
-Subject: [PATCH] Issue 4817 - BUG - locked crypt accounts on import may allow
- all passwords (#4819)
-
-Bug Description: Due to mishanding of short dbpwd hashes, the
-crypt_r algorithm was misused and was only comparing salts
-in some cases, rather than checking the actual content
-of the password.
-
-Fix Description: Stricter checks on dbpwd lengths to ensure
-that content passed to crypt_r has at least 2 salt bytes and
-1 hash byte, as well as stricter checks on ct_memcmp to ensure
-that compared values are the same length, rather than potentially
-allowing overruns/short comparisons.
-
-fixes: https://github.com/389ds/389-ds-base/issues/4817
-
-Author: William Brown <william@blackhats.net.au>
-
-Review by: @mreynolds389
----
- .../password/pwd_crypt_asterisk_test.py       | 50 +++++++++++++++++++
- ldap/servers/plugins/pwdstorage/crypt_pwd.c   | 20 +++++---
- 2 files changed, 64 insertions(+), 6 deletions(-)
- create mode 100644 dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-
-diff --git a/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-new file mode 100644
-index 0000000000..d76614db1c
---- /dev/null
-+++ b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-@@ -0,0 +1,50 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2021 William Brown <william@blackhats.net.au>
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details.
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import ldap
-+import pytest
-+from lib389.topologies import topology_st
-+from lib389.idm.user import UserAccounts
-+from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
-+
-+pytestmark = pytest.mark.tier1
-+
-+def test_password_crypt_asterisk_is_rejected(topology_st):
-+    """It was reported that {CRYPT}* was allowing all passwords to be
-+    valid in the bind process. This checks that we should be rejecting
-+    these as they should represent locked accounts. Similar, {CRYPT}!
-+
-+    :id: 0b8f1a6a-f3eb-4443-985e-da14d0939dc3
-+    :setup: Single instance
-+    :steps: 1. Set a password hash in with CRYPT and the content *
-+            2. Test a bind
-+            3. Set a password hash in with CRYPT and the content !
-+            4. Test a bind
-+    :expectedresults:
-+            1. Successfully set the values
-+            2. The bind fails
-+            3. Successfully set the values
-+            4. The bind fails
-+    """
-+    topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
-+    topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
-+
-+    users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
-+    user = users.create_test_user()
-+
-+    user.set('userPassword', "{CRYPT}*")
-+
-+    # Attempt to bind with incorrect password.
-+    with pytest.raises(ldap.INVALID_CREDENTIALS):
-+        badconn = user.bind('badpassword')
-+
-+    user.set('userPassword', "{CRYPT}!")
-+    # Attempt to bind with incorrect password.
-+    with pytest.raises(ldap.INVALID_CREDENTIALS):
-+        badconn = user.bind('badpassword')
-+
-diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-index 9031b21996..1b37d41ede 100644
---- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-@@ -48,15 +48,23 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
- int
- crypt_pw_cmp(const char *userpwd, const char *dbpwd)
- {
--    int rc;
--    char *cp;
-+    int rc = -1;
-+    char *cp = NULL;
-+    size_t dbpwd_len = strlen(dbpwd);
-     struct crypt_data data;
-     data.initialized = 0;
- 
--    /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
--    cp = crypt_r(userpwd, dbpwd, &data);
--    if (cp) {
--        rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
-+    /*
-+     * there MUST be at least 2 chars of salt and some pw bytes, else this is INVALID and will
-+     * allow any password to bind as we then only compare SALTS.
-+     */
-+    if (dbpwd_len >= 3) {
-+        /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
-+        cp = crypt_r(userpwd, dbpwd, &data);
-+    }
-+    /* If these are not the same length, we can not proceed safely with memcmp. */
-+    if (cp && dbpwd_len == strlen(cp)) {
-+        rc = slapi_ct_memcmp(dbpwd, cp, dbpwd_len);
-     } else {
-         rc = -1;
-     }
diff --git a/fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch b/fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1b31dc20658c463d18bfd69e792cc9f0e34088ff
--- /dev/null
+++ b/fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch
@@ -0,0 +1,11 @@
+--- 389-ds-base-1.4.3.36/src/lib389/lib389/cli_idm/posixgroup.py	2023-06-14 22:32:48.000000000 +0800
++++ 389-ds-base-1.4.3.36/src/lib389/lib389/cli_idm/posixgroup.py_bak	2023-10-23 19:21:19.427980741 +0800
+@@ -38,7 +38,7 @@
+ 
+ 
+ def get_dn(inst, basedn, log, args):
+-    dn = lambda args: _get_arg( args.dn, msg="Enter dn to retrieve")
++    dn = _get_arg( args.dn, msg="Enter dn to retrieve")
+     _generic_get_dn(inst, basedn, log.getChild('_generic_get_dn'), MANY, dn, args)
+ 
+