diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 42b2d8fa08..f3bb8fb67c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -74,7 +74,7 @@ build-gnutls-mit-standalone-lloadd:
       - obj/servers/
       - obj/libraries/
 
-build-mbedtls-mit-standalone-lloadd:
+build-mbedtls-mit-lloadd:
   image: "debian:testing"
   stage: build
   script:
diff --git a/build/mkversion b/build/mkversion
index 8d3e97758c..7a1a20811a 100755
--- a/build/mkversion
+++ b/build/mkversion
@@ -72,11 +72,13 @@ cat << __EOF__
  * <http://www.OpenLDAP.org/license.html>.
  */
 
-static const char copyright[] =
+#include <ldap_cdefs.h>
+
+static const char copyright[] LDAP_GCCATTR((unused)) =
 "Copyright 1998-2026 The OpenLDAP Foundation.  All rights reserved.\n"
 "COPYING RESTRICTIONS APPLY\n";
 
-$static $const char $SYMBOL[] =
+$static $const char $SYMBOL[] LDAP_GCCATTR((unused)) =
 "@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
 "\t$WHOWHERE\n";
 
diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c
index ed394ec7fa..697d18b402 100644
--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@@ -2279,6 +2279,7 @@ static void print_syncinfo(
 			} break;
 		case LBER_DEFAULT:
 			printf(_("empty SyncInfoValue\n"));
+			break;
 		default:
 			printf(_("SyncInfoValue unknown\n"));
 			break;
diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1
index 70e297d0ee..f526bb1d89 100644
--- a/doc/man/man1/ldapsearch.1
+++ b/doc/man/man1/ldapsearch.1
@@ -317,6 +317,7 @@ Search extensions:
           rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)
   [!]vlv=<before>/<after>(/<offset>/<count>|:<value>)  (virtual list view)
   [!]deref=derefAttr:attr[,attr[...]][;derefAttr:attr[,attr[...]]]
+  [!]accountUsability                  (Netscape Password policy)
   [!]<oid>[=:<value>|::<b64value>]
 .fi
 .TP
diff --git a/doc/man/man3/ldap_parse_reference.3 b/doc/man/man3/ldap_parse_reference.3
index d3fb0a21b6..81863dca1e 100644
--- a/doc/man/man3/ldap_parse_reference.3
+++ b/doc/man/man3/ldap_parse_reference.3
@@ -32,7 +32,7 @@ or
 The \fIreferralsp\fP parameter will be filled in with an allocated array of
 character strings. The strings are copies of the referrals contained in
 the parsed message. The array should be freed by calling
-.BR ldap_value_free (3) .
+.BR ldap_memvfree (3) .
 If \fIreferralsp\fP is NULL, no referrals are returned.
 If no referrals were returned, \fI*referralsp\fP is set to NULL.
 .LP
diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c
index d0191bbc72..bcfbfb366f 100644
--- a/libraries/libldap/result.c
+++ b/libraries/libldap/result.c
@@ -175,7 +175,7 @@ chkResponseList(
 		nextlm = lm->lm_next;
 		++cnt;
 
-		if ( ldap_abandoned( ld, lm->lm_msgid ) ) {
+		if ( ldap_abandoned( ld, lm->lm_msgid ) > 0 ) {
 			Debug2( LDAP_DEBUG_ANY,
 				"response list msg abandoned, "
 				"msgid %d message type %s\n",
@@ -610,7 +610,7 @@ fail:
 	
 	/* if it's been abandoned, toss it */
 	if ( id > 0 ) {
-		if ( ldap_abandoned( ld, id ) ) {
+		if ( ldap_abandoned( ld, id ) > 0 ) {
 			/* the message type */
 			tag = ber_peek_tag( ber, &len );
 			switch ( tag ) {
@@ -1433,8 +1433,8 @@ ldap_msgdelete( LDAP *ld, int msgid )
 /*
  * ldap_abandoned
  *
- * return the location of the message id in the array of abandoned
- * message ids, or -1
+ * return 1 if message id is in the array of abandoned message ids,
+ * 0 if not, -1 on error.
  */
 static int
 ldap_abandoned( LDAP *ld, ber_int_t msgid )
diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c
index a7f7eb7501..b72125b1f8 100644
--- a/libraries/libldap/util-int.c
+++ b/libraries/libldap/util-int.c
@@ -311,12 +311,14 @@ ldap_pvt_gettime( struct lutil_tm *ltm )
 	time_t t;
 #ifdef HAVE_CLOCK_GETTIME
 #define	FRAC	tv_nsec
+#define	USECS(x)	x / 1000
 #define	NSECS(x)	x
 	struct timespec tv;
 
 	clock_gettime( CLOCK_REALTIME, &tv );
 #else
 #define	FRAC	tv_usec
+#define	USECS(x)	x
 #define	NSECS(x)	x * 1000
 	struct timeval tv;
 
@@ -327,7 +329,7 @@ ldap_pvt_gettime( struct lutil_tm *ltm )
 	LDAP_MUTEX_LOCK( &ldap_int_gettime_mutex );
 	if ( tv.tv_sec < _ldap_pvt_gt_prevTv.tv_sec
 		|| ( tv.tv_sec == _ldap_pvt_gt_prevTv.tv_sec
-		&& tv.FRAC <= _ldap_pvt_gt_prevTv.FRAC )) {
+		&& USECS(tv.FRAC) <= USECS(_ldap_pvt_gt_prevTv.FRAC) )) {
 		_ldap_pvt_gt_subs++;
 	} else {
 		_ldap_pvt_gt_subs = 0;
diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 5ae5ca747f..cab352d0e7 100644
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -435,7 +435,7 @@ mdb_search( Operation *op, SlapReply *rs )
 	int		manageDSAit;
 	int		tentries = 0;
 	int		admincheck = 0;
-	int		pausepoll;
+	int		pausepoll = 0;
 	IdScopes	isc;
 	MDB_cursor	*mci, *mcd;
 	ww_ctx wwctx;
@@ -809,7 +809,6 @@ adminlimit:
 		id = mdb_idl_first( candidates, &cursor );
 	}
 
-	pausepoll = 0;
 	while (id != NOID)
 	{
 		int scopeok;
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index 6a5a481157..80f6ffab02 100644
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -2016,7 +2016,7 @@ meta_send_entry(
 	Entry 			ent = { 0 };
 	BerElement 		ber = *ldap_get_message_ber( e );
 	Attribute 		*attr, **attrp;
-	LDAPControl **res_ctrls;
+	LDAPControl **res_ctrls = NULL;
 	struct berval 		bdn,
 				dn = BER_BVNULL;
 	const char 		*text;
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index dbb9ff6c1e..2006ba3b76 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -1580,7 +1580,7 @@ config_generic(ConfigArgs *c) {
 			break;
 
 		case CFG_LASTBIND_PRECISION:
-			c->be->be_lastbind_precision = 0;
+			c->be->be_lastbind_precision = c->ca_desc->arg_default.v_uint;
 			break;
 
 		case CFG_LASTBIND_ASSERT:
@@ -2011,7 +2011,9 @@ config_generic(ConfigArgs *c) {
 				mask |= 1;
 			}
 			new_daemon_threads = mask+1;
-			config_push_cleanup( c, config_resize_lthreads );
+			if ( CONFIG_ONLINE_ADD( c ) ) {
+				config_push_cleanup( c, config_resize_lthreads );
+			}
 			}
 			break;
 
@@ -5689,7 +5691,9 @@ done:
 			schema_destroy_one( ca, colst, nocs, last );
 		} else if ( ca->num_cleanups ) {
 			ca->reply.err = rc;
-			config_run_cleanup( ca );
+			if ( slapMode & SLAP_SERVER_MODE ) {
+				config_run_cleanup( ca );
+			}
 		}
 	}
 done_noop:
@@ -7591,6 +7595,8 @@ config_back_db_open( BackendDB *be, ConfigReply *cr )
 	c.lineno = 0;
 	c.argc = 6;
 	c.argv = (char **)defacl;
+	snprintf( c.log, sizeof(c.log), "%s", c.fname );
+
 	parse_acl( &c, 0 );
 	defacl_parsed = be->bd_self->be_acl;
 	if ( save_access ) {
diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index d1f3926943..e8c44512ae 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -3492,6 +3492,10 @@ slap_pause_server( void )
 	BackendInfo *bi;
 	int rc = LDAP_SUCCESS;
 
+#ifdef HAVE_SYSTEMD
+	sd_notify( 1, "RELOADING=1" );
+#endif /* HAVE_SYSTEMD */
+
 	rc = ldap_pvt_thread_pool_pause( &connection_pool );
 
 	LDAP_STAILQ_FOREACH(bi, &backendInfo, bi_next) {
@@ -3528,6 +3532,11 @@ slap_unpause_server( void )
 	}
 
 	rc = ldap_pvt_thread_pool_resume( &connection_pool );
+
+#ifdef HAVE_SYSTEMD
+	sd_notify( 1, "READY=1" );
+#endif /* HAVE_SYSTEMD */
+
 	return rc;
 }
 
diff --git a/servers/slapd/logging.c b/servers/slapd/logging.c
index 04e0ffcc17..8f0b4b5e68 100644
--- a/servers/slapd/logging.c
+++ b/servers/slapd/logging.c
@@ -743,8 +743,9 @@ config_logging(ConfigArgs *c) {
 	} else if ( c->op == LDAP_MOD_DELETE ) {
 		switch(c->type) {
 		case CFG_LOGLEVEL:
+			/* If missing, the default is stored in ldap_syslog? */
 			if ( !c->line ) {
-				config_syslog = 0;
+				config_syslog = LDAP_DEBUG_NONE;
 			} else {
 				i = verb_to_mask( c->line, loglevel_ops );
 				config_syslog &= ~loglevel_ops[i].mask;
diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c
index 5c83e6bcd9..26dc610954 100644
--- a/servers/slapd/overlays/accesslog.c
+++ b/servers/slapd/overlays/accesslog.c
@@ -141,7 +141,7 @@ static ConfigTable log_cfats[] = {
 			"DESC 'Log old values of these attributes even if unmodified' "
 			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
-	{ "logbase", "op|writes|reads|session|all< <baseDN", 3, 3, 0,
+	{ "logbase", "op|writes|reads|session|all> <baseDN", 3, 3, 0,
 		ARG_MAGIC|LOG_BASE,
 		log_cf_gen, "( OLcfgOvAt:4.7 NAME 'olcAccessLogBase' "
 			"DESC 'Operation types to log under a specific branch' "
diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
index 13af13a2f3..7ab70f04b5 100644
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -752,7 +752,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
 				return rc; /* unexpected error */
 			}
 
-			if (found ^ c->type == CONSTRAINT_URI)
+			if (found ^ (c->type == CONSTRAINT_URI) )
 				return LDAP_CONSTRAINT_VIOLATION; /* constraint violation */
 			break;
 		}
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 07e1c0d2e3..28c99b101b 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1504,7 +1504,6 @@ out:
 int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
 {
 	int i, rc;
-	SaslRegexp_t sr;
 	struct rewrite_info *rw = NULL;
 
 	if ( valx < 0 || valx > nSaslRegexp )
@@ -1529,7 +1528,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
 			SaslRegexp[i] = SaslRegexp[i - 1];
 		}
 
-		SaslRegexp[i] = sr;
 		SaslRegexp[i].sr_match = ch_strdup( match );
 		SaslRegexp[i].sr_replace = ch_strdup( replace );
 
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index b30aa98a89..0a12627f2d 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -3385,13 +3385,13 @@ struct zone_heap {
 #endif
 
 #define SLAP_BACKEND_INIT_MODULE(b) \
-	static BackendInfo bi;	\
+	static BackendInfo b ## _bi;	\
 	int \
 	init_module( int argc, char *argv[] ) \
 	{ \
-		bi.bi_type = #b ; \
-		bi.bi_init = b ## _back_initialize; \
-		backend_add( &bi ); \
+		b ## _bi.bi_type = #b ; \
+		b ## _bi.bi_init = b ## _back_initialize; \
+		backend_add( &b ## _bi ); \
 		return 0; \
 	}
 
diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c
index 09892e3f0b..d664d347b6 100644
--- a/servers/slapd/slappasswd.c
+++ b/servers/slapd/slappasswd.c
@@ -241,6 +241,12 @@ slappasswd( int argc, char *argv[] )
 	}
 #endif
 
+	if ( !lutil_passwd_scheme( scheme ) ) {
+		fprintf( stderr, "Password scheme not recognised\n" );
+		rc = EXIT_FAILURE;
+		goto destroy;
+	}
+
 	if( pwfile != NULL ) {
 		if( lutil_get_filed_password( pwfile, &passwd )) {
 			rc = EXIT_FAILURE;
diff --git a/tests/scripts/test068-sasl-tls-external b/tests/scripts/test068-sasl-tls-external
index a28ef383ed..edd3323292 100755
--- a/tests/scripts/test068-sasl-tls-external
+++ b/tests/scripts/test068-sasl-tls-external
@@ -75,6 +75,7 @@ $LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls_reqce
 RC=$?
 if test $RC != 0 ; then
 	echo "ldapwhoami (startTLS) failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $PID
 	exit $RC
 else
 	echo "success"