Description of problem: if we delete winSyncSubtreePair attribute from sync agreement, server crashes Version-Release number of selected component (if applicable): 389-ds-base-1.3.3.1-16.el7_1.x86_64 How reproducible: always Steps to Reproduce: 1. Create any sync agreement. For instance: dn: cn=any,cn=replica,cn=dc\3Dexample\2Cdc\3Dorg,cn=mapping tree,cn=config objectClass: top objectClass: nsDSWindowsReplicationAgreement description: sync agreement cn: any nsds7WindowsReplicaSubtree: cn=Users,dc=anytree nsds7DirectoryReplicaSubtree: ou=People, dc=example,dc=org nsds7NewWinUserSyncEnabled: on nsds7NewWinGroupSyncEnabled: on nsds7WindowsDomain: any.domain nsDS5ReplicaRoot: dc=anytree nsDS5ReplicaHost: test.ad nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=Dirsyn,cn=Users,dc=anytree nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: secret12 oneWaySync: fromWindows winSyncSubtreePair: ou=People,dc=anytree:ou=other,dc=anytree 2. start server systemctl start dirsrv@EXAMPLE-ORG 3. delete winSyncSubtreePair ldapmodify -D "cn=directory manager" -w 'RedHat1!' dn: cn=any,cn=replica,cn=dc\3Dexample\2Cdc\3Dorg,cn=mapping tree,cn=config changetype: modify delete: winSyncSubtreePair modifying entry "cn=any,cn=replica,cn=dc\3Dexample\2Cdc\3Dorg,cn=mapping tree,cn=config" ldap_result: Can't contact LDAP server (-1) Actual results: crash Additional info: #0 slapi_sdn_free (sdn=sdn@entry=0x7f0086e86e88) at ldap/servers/slapd/dn.c:2351 2351 is_allocated = slapi_isbitset_uchar((*sdn)->flag, FLAG_ALLOCATED); #0 slapi_sdn_free (sdn=sdn@entry=0x7f0086e86e88) at ldap/servers/slapd/dn.c:2351 #1 0x00007f00794dee91 in free_subtree_pairs (pairs=0x7f0086e86d70) at ldap/servers/plugins/replication/windows_private.c:994 #2 windows_private_set_subtreepairs (ra=ra@entry=0x7f0086e85f70, parray=parray@entry=0x0) at ldap/servers/plugins/replication/windows_private.c:930 #3 0x00007f00794e05ac in windows_parse_config_entry ( ra=ra@entry=0x7f0086e85f70, type=<optimized out>, e=e@entry=0x7f006c007540) at ldap/servers/plugins/replication/windows_private.c:331 #4 0x00007f00794e0902 in windows_handle_modify_agreement ( ra=ra@entry=0x7f0086e85f70, type=<optimized out>, e=e@entry=0x7f006c007540) at ldap/servers/plugins/replication/windows_private.c:348 #5 0x00007f00794b13e5 in agmtlist_modify_callback (pb=<optimized out>, entryBefore=<optimized out>, e=0x7f006c007540, returncode=0x7f0054ff4528, returntext=0x7f0054ff4560 "", arg=<optimized out>) at ldap/servers/plugins/replication/repl5_agmtlist.c:577 #6 0x00007f00851e274b in dse_call_callback (pb=pb@entry=0x7f0054ff8ae0, operation=operation@entry=8, flags=flags@entry=1, entryBefore=entryBefore@entry=0x7f006c001af0, entryAfter=entryAfter@entry=0x7f006c007540, returncode=returncode@entry=0x7f0054ff4528, returntext=returntext@entry=0x7f0054ff4560 "", pdse=<optimized out>) ---Type <return> to continue, or q <return> to quit--- In fact, sdn is already corrupt: (gdb) frame 1 #1 0x00007f00794dee91 in free_subtree_pairs (pairs=0x7f0086e86d70) at ldap/servers/plugins/replication/windows_private.c:994 994 slapi_sdn_free(&(p->DSsubtree)); (gdb) print p->DSsubtree $1 = (Slapi_DN *) 0x31 (gdb)