diff --git a/.gitignore b/.gitignore
index ab9a84f..1e4c2bb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,33 +1,3 @@
-/openldap-2.4.28.tgz
-/openldap-2.4.29.tgz
-/openldap-2.4.30.tgz
-/openldap-2.4.31.tgz
-/openldap-2.4.32.tgz
-/openldap-2.4.33.tgz
-/openldap-2.4.34.tgz
+/openldap-*.tgz
 /ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
-/openldap-2.4.35.tgz
-/openldap-2.4.36.tgz
-/openldap-2.4.37.tgz
-/openldap-2.4.38.tgz
-/openldap-2.4.39.tgz
-/openldap-2.4.40.tgz
-/openldap-2.4.41.tgz
-/openldap-2.4.43.tgz
-/openldap-2.4.44.tgz
-/openldap-2.4.45.tgz
-/openldap-2.4.46.tgz
-/openldap-2.4.47.tgz
-/openldap-2.4.50.tgz
-/openldap-2.4.52.tgz
-/openldap-2.4.53.tgz
-/openldap-2.4.54.tgz
-/openldap-2.4.55.tgz
-/openldap-2.4.56.tgz
-/openldap-2.4.57.tgz
-/openldap-2.4.59.tgz
-/openldap-2.6.2.tgz
 /openldap-ppolicy-check-password-1.1.tar.gz
-/openldap-2.6.3.tgz
-/openldap-2.6.6.tgz
-/openldap-2.6.8.tgz
diff --git a/openldap-fix-TLS-connection-timeout-handling.patch b/openldap-fix-TLS-connection-timeout-handling.patch
deleted file mode 100644
index 98ec7d4..0000000
--- a/openldap-fix-TLS-connection-timeout-handling.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 5645e37044e77c72f8868ecf62b6c7983c0afc2b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Mon, 21 Oct 2024 11:50:11 +0100
-Subject: [PATCH 1/6] ITS#8047 Fix TLS connection timeout handling
-
-The test for async in ldap_int_tls_start was inverted, we already
-support calling ldap_int_tls_connect repeatedly. And so long as
-LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
-able to do the right thing.
-
-Might require a new result code rather than reporposing
-LDAP_X_CONNECTING for this.
----
- libraries/libldap/ldap-int.h |  1 +
- libraries/libldap/tls2.c     | 18 +++++++++++++++++-
- 2 files changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
-index 3ef17643b1..7e754775e8 100644
---- a/libraries/libldap/ldap-int.h
-+++ b/libraries/libldap/ldap-int.h
-@@ -368,6 +368,7 @@ typedef struct ldap_conn {
- #define LDAP_CONNST_NEEDSOCKET		1
- #define LDAP_CONNST_CONNECTING		2
- #define LDAP_CONNST_CONNECTED		3
-+#define LDAP_CONNST_TLS_INPROGRESS	4
- 	LDAPURLDesc		*lconn_server;
- 	BerElement		*lconn_ber;	/* ber receiving on this conn. */
- 
-diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
-index dea46de0ad..cf6f4dcf9a 100644
---- a/libraries/libldap/tls2.c
-+++ b/libraries/libldap/tls2.c
-@@ -383,6 +383,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
- 		if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
- 			ld->ld_options.ldo_tls_connect_cb )
- 			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
-+		conn->lconn_status = LDAP_CONNST_TLS_INPROGRESS;
- 	}
- 
- 	/* pass hostname for SNI, but only if it's an actual name
-@@ -441,9 +442,11 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
- 		ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
- 			LBER_SBIOD_LEVEL_TRANSPORT );
- #endif
-+		conn->lconn_status = LDAP_CONNST_CONNECTED;
- 		return -1;
- 	}
- 
-+	conn->lconn_status = LDAP_CONNST_CONNECTED;
- 	return 0;
- }
- 
-@@ -516,8 +519,9 @@ int
- ldap_tls_inplace( LDAP *ld )
- {
- 	Sockbuf		*sb = NULL;
-+	LDAPConn	*lc = ld->ld_defconn;
- 
--	if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
-+	if ( lc && lc->lconn_sb ) {
- 		sb = ld->ld_defconn->lconn_sb;
- 
- 	} else if ( ld->ld_sb ) {
-@@ -527,6 +531,10 @@ ldap_tls_inplace( LDAP *ld )
- 		return 0;
- 	}
- 
-+	if ( lc && lc->lconn_status == LDAP_CONNST_TLS_INPROGRESS ) {
-+		return 0;
-+	}
-+
- 	return ldap_pvt_tls_inplace( sb );
- }
- 
-@@ -1159,6 +1167,9 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
- 	  */
- 	while ( ret > 0 ) {
- 		if ( async ) {
-+			ld->ld_errno = LDAP_X_CONNECTING;
-+			return (ld->ld_errno);
-+		} else {
- 			struct timeval curr_time_tv, delta_tv;
- 			int wr=0;
- 
-@@ -1217,6 +1228,11 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
- 		ret = ldap_int_tls_connect( ld, conn, host );
- 	}
- 
-+	if ( !async && ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
-+		/* Restore original sb status */
-+		ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)0 );
-+	}
-+
- 	if ( ret < 0 ) {
- 		if ( ld->ld_errno == LDAP_SUCCESS )
- 			ld->ld_errno = LDAP_CONNECT_ERROR;
--- 
-2.47.1
-
diff --git a/openldap-manpages.patch b/openldap-manpages.patch
index df0d879..2303570 100644
--- a/openldap-manpages.patch
+++ b/openldap-manpages.patch
@@ -1,35 +1,20 @@
 Various manual pages changes:
 * removes LIBEXECDIR from slapd.8
-* removes references to non-existing manpages (bz 624616)
 
-diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
-index 353b075..cf37856 100644
---- a/doc/man/man1/ldapmodify.1
-+++ b/doc/man/man1/ldapmodify.1
-@@ -382,8 +382,7 @@ exit status and a diagnostic message being written to standard error.
- .BR ldap_add_ext (3),
- .BR ldap_delete_ext (3),
- .BR ldap_modify_ext (3),
--.BR ldap_modrdn_ext (3),
--.BR ldif (5).
-+.BR ldif (5)
- .SH AUTHOR
- The OpenLDAP Project <http://www.openldap.org/>
- .SH ACKNOWLEDGEMENTS
 diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
-index 17b7154..6084298 100644
+index d47481d6ed..ff86fc52ca 100644
 --- a/doc/man/man5/ldap.conf.5
 +++ b/doc/man/man5/ldap.conf.5
-@@ -338,6 +338,7 @@ certificates in separate individual files. The
+@@ -341,6 +341,7 @@ be specified, separated by a semi-colon.  The
  .B TLS_CACERT
  is always used before
- .B TLS_CACERTDIR.
+ .BR TLS_CACERTDIR .
 +The specified directory must be managed with the OpenSSL c_rehash utility.
  .TP
  .B TLS_CERT <filename>
  Specifies the file that contains the client certificate.
 diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
-index 8504b37..f02f1fa 100644
+index 807634e52d..a06110687b 100644
 --- a/doc/man/man8/slapd.8
 +++ b/doc/man/man8/slapd.8
 @@ -5,7 +5,7 @@
@@ -41,16 +26,16 @@ index 8504b37..f02f1fa 100644
  [\c
  .BR \-V [ V [ V ]]
  [\c
-@@ -332,7 +332,7 @@ the LDAP databases defined in the default config file, just type:
+@@ -333,7 +333,7 @@ the LDAP databases defined in the default config file, just type:
  .LP
  .nf
  .ft tt
 -	LIBEXECDIR/slapd
-+	slapd
++        slapd
  .ft
  .fi
  .LP
-@@ -343,7 +343,7 @@ on voluminous debugging which will be printed on standard error, type:
+@@ -344,7 +344,7 @@ on voluminous debugging which will be printed on standard error, type:
  .LP
  .nf
  .ft tt
@@ -59,7 +44,7 @@ index 8504b37..f02f1fa 100644
  .ft
  .fi
  .LP
-@@ -351,7 +351,7 @@ To test whether the configuration file is correct or not, type:
+@@ -352,7 +352,7 @@ To test whether the configuration file is correct or not, type:
  .LP
  .nf
  .ft tt
diff --git a/openldap.spec b/openldap.spec
index 19e07e2..535dfac 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -15,8 +15,8 @@
 %global __brp_remove_la_files %nil
 
 Name: openldap
-Version: 2.6.8
-Release: 4%{?dist}
+Version: 2.6.13
+Release: 1%{?dist}
 Summary: LDAP support libraries
 License: OLDAP-2.8
 URL: http://www.openldap.org/
@@ -52,7 +52,6 @@ Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch
 Patch9: openldap-Revert-ITS-8618-Remove-deprecated-h-and-p.patch
 Patch10: openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch
 Patch11: openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch
-Patch12: openldap-fix-TLS-connection-timeout-handling.patch
 
 # check-password module specific patches
 Patch90: check-password-makefile.patch
@@ -170,7 +169,6 @@ pushd openldap-%{version}
 %patch -P9 -p1
 %patch -P10 -p1
 %patch -P11 -p1
-%patch -P12 -p1
 
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@@ -555,6 +553,10 @@ exit 0
 %{_libdir}/libslapi-2.4*.so.*
 
 %changelog
+* Thu Apr 23 2026 Simon Pichugin <spichugi@redhat.com> - 2.6.13-1
+- Rebase to version 2.6.13
+- Resolves: RHEL-157475
+
 * Wed Feb 12 2025 Simon Pichugin <spichugi@redhat.com> - 2.6.8-4
 - Fix TLS connection timeout handling (RHEL-78297)
 
diff --git a/sources b/sources
index d094588..8ce1791 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,2 @@
 SHA512 (openldap-ppolicy-check-password-1.1.tar.gz) = a92854d7438cb95fac361da80a49d084d502155e8ce0ad2ea679db9529bbe0182aa4354e6139793c775e496349375d8f017678941d23315ff1c20fefc9573cdc
-SHA512 (openldap-2.6.6.tgz) = 0e800807b23f090b465dc18c2f0d342585f96768543b3298b85d17c18272d1c5576a66326d30b3520cac493cbd2ea70e309cd923bf19447c973a63d940619fa6
-SHA512 (openldap-2.6.8.tgz) = c86bda8a0af2645e586d56a1494a5bd486ec5dd55c47859dbabcc2bb6ddc0a8307e23c6b58228d49ee3c8bc5e4d6ead305863442efdcee3dc2ab9953097b5a77
+SHA512 (openldap-2.6.13.tgz) = a64b222bee2e8693e534f64eeb7afcd1f0c7a4b9ae2288ce2c53be9b532902fac3a1e3318c82545cf30c7f982a68b5167ee8baba1f4be5c1a72abdb7c75ac80b