The default of the "nsslapd-enable-nunc-stans" parameter has been changed to "off"
Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the "nsslapd-enable-nunc-stans" parameter to "off". As a result, Directory Server is now stable.
This bug is created as a clone of upstream ticket:
#### Issue Description
Currently nunc-stans is not stable, and we need to turn if off by default until the FD leak and deadlock is resolved.
Build tested: 389-ds-base-188.8.131.52-10.el7.x86_64
On a fresh instance:
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w password -b cn=config -s base nsslapd-enable-nunc-stans
[root@server ds]# pstack $(pidof ns-slapd) | grep nunc-stans -c
Nunc-stans is disabled by default, marking as VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.