The OpenLDAP project has released version 2.5 of their LDAP directory server. The release announcement lists the following changes included in this version:
- Added a load balancer daemon
- Improved support for attributes with large numbers of values
- Added support for LDAP transactions as described in RFC 5805
- Added support for new replication protocols, including those used by Active Directory and DSEE
- Added support for multi-factor authentication options, including HOTP and TOTP
- Added support for an asynchronous metadirectory backend
- Added support for a Wiredtiger database backend
- Added support for deleting configuration objects without restarting the server
- Added an overlay with support for certain certification authority functions
- Added an overlay with home directory management support
- Added an overlay with support for encoding passwords with the Argon2 function
- Added support for the authorization identity request and response controls as described in RFC 3829
- Added an overlay with support for storing enumerated values and fixed-size integers
- Added an overlay with passing authentication requests through to another LDAP server
- Added an overlay with passing authentication requests through to a radius server
- Added an overlay with support for improved performance when using Apache Fortress
- Added an overlay with support for generating usnCreated and usnChanged operational attributes
- Added an overlay with support for sharing attribute values between several entries
- Added an overlay with support for the verify credentials extended operation
- Added additional password validation options
- Improved support for draft-behera-ldap-password-policy-10
- Added support for Netscape password expiring and password expired controls
- Added support for a lazy commit control as used in Active Directory
- Added support for a Netscape account usability control
- Added support for dynamically generating an attribute with information about a user’s group membership
- Improved the unique attribute overlay to avoid the potential for race conditions
- Improved support for the cache database
- Added a library for LDIF parsing
- Made several updates to the LDAP client library, including support for TLS and GSSAPI channel binding, TLS public key pinning, and the TLS SNI extension
- Added a slapmodify tool for making offline updates to the configuration
- Made significant performance enhancements throughout the codebase