diff --git a/.gitignore b/.gitignore
index eab66c2..400752c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,3 +40,4 @@
 /openldap-2.6.6.tgz
 /openldap-2.6.7.tgz
 /openldap-2.6.8.tgz
+/openldap-2.6.9.tgz
diff --git a/openldap-fix-TLS-connection-timeout-handling.patch b/openldap-fix-TLS-connection-timeout-handling.patch
deleted file mode 100644
index 98ec7d4..0000000
--- a/openldap-fix-TLS-connection-timeout-handling.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 5645e37044e77c72f8868ecf62b6c7983c0afc2b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Mon, 21 Oct 2024 11:50:11 +0100
-Subject: [PATCH 1/6] ITS#8047 Fix TLS connection timeout handling
-
-The test for async in ldap_int_tls_start was inverted, we already
-support calling ldap_int_tls_connect repeatedly. And so long as
-LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
-able to do the right thing.
-
-Might require a new result code rather than reporposing
-LDAP_X_CONNECTING for this.
----
- libraries/libldap/ldap-int.h |  1 +
- libraries/libldap/tls2.c     | 18 +++++++++++++++++-
- 2 files changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
-index 3ef17643b1..7e754775e8 100644
---- a/libraries/libldap/ldap-int.h
-+++ b/libraries/libldap/ldap-int.h
-@@ -368,6 +368,7 @@ typedef struct ldap_conn {
- #define LDAP_CONNST_NEEDSOCKET		1
- #define LDAP_CONNST_CONNECTING		2
- #define LDAP_CONNST_CONNECTED		3
-+#define LDAP_CONNST_TLS_INPROGRESS	4
- 	LDAPURLDesc		*lconn_server;
- 	BerElement		*lconn_ber;	/* ber receiving on this conn. */
- 
-diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
-index dea46de0ad..cf6f4dcf9a 100644
---- a/libraries/libldap/tls2.c
-+++ b/libraries/libldap/tls2.c
-@@ -383,6 +383,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
- 		if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
- 			ld->ld_options.ldo_tls_connect_cb )
- 			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
-+		conn->lconn_status = LDAP_CONNST_TLS_INPROGRESS;
- 	}
- 
- 	/* pass hostname for SNI, but only if it's an actual name
-@@ -441,9 +442,11 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
- 		ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
- 			LBER_SBIOD_LEVEL_TRANSPORT );
- #endif
-+		conn->lconn_status = LDAP_CONNST_CONNECTED;
- 		return -1;
- 	}
- 
-+	conn->lconn_status = LDAP_CONNST_CONNECTED;
- 	return 0;
- }
- 
-@@ -516,8 +519,9 @@ int
- ldap_tls_inplace( LDAP *ld )
- {
- 	Sockbuf		*sb = NULL;
-+	LDAPConn	*lc = ld->ld_defconn;
- 
--	if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
-+	if ( lc && lc->lconn_sb ) {
- 		sb = ld->ld_defconn->lconn_sb;
- 
- 	} else if ( ld->ld_sb ) {
-@@ -527,6 +531,10 @@ ldap_tls_inplace( LDAP *ld )
- 		return 0;
- 	}
- 
-+	if ( lc && lc->lconn_status == LDAP_CONNST_TLS_INPROGRESS ) {
-+		return 0;
-+	}
-+
- 	return ldap_pvt_tls_inplace( sb );
- }
- 
-@@ -1159,6 +1167,9 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
- 	  */
- 	while ( ret > 0 ) {
- 		if ( async ) {
-+			ld->ld_errno = LDAP_X_CONNECTING;
-+			return (ld->ld_errno);
-+		} else {
- 			struct timeval curr_time_tv, delta_tv;
- 			int wr=0;
- 
-@@ -1217,6 +1228,11 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
- 		ret = ldap_int_tls_connect( ld, conn, host );
- 	}
- 
-+	if ( !async && ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
-+		/* Restore original sb status */
-+		ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)0 );
-+	}
-+
- 	if ( ret < 0 ) {
- 		if ( ld->ld_errno == LDAP_SUCCESS )
- 			ld->ld_errno = LDAP_CONNECT_ERROR;
--- 
-2.47.1
-
diff --git a/openldap.spec b/openldap.spec
index 1f70bbf..0edcbcd 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -16,8 +16,8 @@
 %global __brp_remove_la_files %nil
 
 Name: openldap
-Version: 2.6.8
-Release: 3%{?dist}
+Version: 2.6.9
+Release: 1%{?dist}
 Summary: LDAP support libraries
 License: OLDAP-2.8
 URL: http://www.openldap.org/
@@ -51,7 +51,6 @@ Patch6: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
 Patch7: openldap-openssl-manpage-defaultCA.patch
 Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch
 Patch9: openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch
-Patch10: openldap-fix-TLS-connection-timeout-handling.patch
 
 # check-password module specific patches
 Patch90: check-password-makefile.patch
@@ -174,7 +173,6 @@ pushd openldap-%{version}
 %patch -P7 -p1
 %patch -P8 -p1
 %patch -P9 -p1
-%patch -P10 -p1
 
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@@ -562,6 +560,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Aug 6 2025 Simon Pichugin <spichugi@redhat.com> - 2.6.9-1
+- Rebase to version 2.6.9 (RHEL-107610)
+
 * Wed Feb 12 2025 Simon Pichugin <spichugi@redhat.com> - 2.6.8-3
 - Fix TLS connection timeout handling (RHEL-68773)
 
diff --git a/sources b/sources
index a2fd447..51594b5 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (openldap-ppolicy-check-password-1.1.tar.gz) = a92854d7438cb95fac361da80a49d084d502155e8ce0ad2ea679db9529bbe0182aa4354e6139793c775e496349375d8f017678941d23315ff1c20fefc9573cdc
-SHA512 (openldap-2.6.8.tgz) = c86bda8a0af2645e586d56a1494a5bd486ec5dd55c47859dbabcc2bb6ddc0a8307e23c6b58228d49ee3c8bc5e4d6ead305863442efdcee3dc2ab9953097b5a77
+SHA512 (openldap-2.6.9.tgz) = d3f839d3cf1030caa410e54f968e9c0caf3bc371c06ea0f64cf3a6ece6d31013c9dbfb08a3a63ea9137a2062aa6edc6e0bc542b365fe4ad66608df4cdbe94a4e