Ping Identity Directory Server version 10.0.0.0 has just been released. I wrote about this release in detail on my personal blog, but here’s a summary of the changes:

• Removed support for Java 8; only Java versions 11 and 17 are now supported
• Removed the Metrics Engine product in favor of integration with standard monitoring software
• Added support for inverted static groups
• Added support for post-LDIF-export task processors, including one that can copy an exported LDIF file to an Amazon S3 bucket
• Added a log file rotation listener that can upload newly rotated log files to an Amazon S3 bucket
• Added an amazon-s3-client command-line tool
• Added authentication support to the Directory REST API
• Added support for a generate access token request control
• Added support for configuring a single database cache that may be shared across all local DB backends
• Added an option to automatically re-encode passwords on bind if the associated storage scheme configuration is changed
• Added an option to use a separate request handler per client connection
• Updated the encrypt-file tool to add –re-encrypt and –find-encrypted-files arguments
• Added a new missing-change-policy configuration property that can be used to customize the way the server behaves in the event of missing replication changes
• Significantly improved the performance of backup, restore, and online replica initialization
• Significantly improved static group update performance
• Improved performance for validating server state immediately after completing an update
• Added a split-ldif tool for use in migrating to an entry-balanced deployment
• Updated the bcrypt password storage scheme to support the 2b variant
• Updated the HTTP connection handler to add an option to perform SNI hostname validation during TLS negotiation
• Updated the backup tool to warn about attempting to compress a backup of an encrypted backend
• Updated the dsreplication tool to maintain a separate log per subcommand, and to keep a better record of failed attempts
• Removed the dsreplication remove-defunct-server subcommand in favor of the remove-defunct-server tool
• Removed the dsreplication cleanup-defunct-server subcommand in favor of the remove-defunct-server –performLocalCleanup command
• Updated dsreplication initialize-with-static-topology to add an –allowServerInstanceDelete argument
• Updated dsreplication initialize-with-static-topology to add an –allowDomainIDReuse argument
• Updated the check-replication-domains tool to no longer require the –serverRoot argument
• Added an option to configure whether information about all remote servers are included in replication server monitor messages
• Added support for an access log fields request control
• Improved the way that the configuration API treats patch operations containing empty arrays
• Added the ability to configure connect and response timeouts for interaction with various HTTP services
• Improved Synchronization Server performance when setting the startpoint to the end of an Active Directory changelog
• Reduced the amount of memory used by the export-ldif and backup tools by default
• Improved the Directory REST API support for stripping encoded passwords from responses
• Improved the way the replica generation ID is computed
• Fixed an issue that could occur when initializing aggregate pass-through authentication handlers
• Fixed an issue that could cause invalid block type errors when interacting with compressed files
• Fixed an issue that could prevent the changelog password encryption plugin from working properly for password modify extended operations
• Fixed an issue that could prevent the server from updating a user’s password history for requests including the password update behavior request control
• Fixed an issue that could cause two copies of a user’s current password to be added to the password history
• Fixed an issue that could incorrectly allow a user to set an empty password (which could not be used for authentication)
• Fixed an issue that could cause the dictionary password validator to incorrectly accept certain kinds of passwords in which a long enough substring represented a dictionary word
• Fixed an issue with the handling for replace modifications for attributes with options
• Fixed an issue that prevented the server from recording a bind failure if it was the first attempt after a temporary lockout had expired
• Fixed an issue with the output of the manage-profile generate-profile tool when run against an updated server
• Fixed an issue in which dsreplication initialize could suggest using –force in scenarios where it would not be useful
• Fixed an issue in which dsreplication enable-with-static-topology could incorrectly report an error about failing to connect to a remote instance
• Fixed an issue in which dsreplication enable-with-static-topology in which base DN case sensitivity was not handled properly
• Fixed an issue in which remove-defunct-server could fail if the AES256 password storage scheme was enabled
• Fixed a replication error could occur if missing changes were found for an obsolete replica that only existed in some servers
• Fixed an issue in which the server did not check the time limit during expensive index processing for a search operation
• Fixed an issue that could cause the server to incorrectly include client certificate messages in the expensive operations log
• Fixed an internal error that could arise if an administrative alert was generated at a specific point in the shutdown process
• Fixed an issue with synchronizing Boolean attributes to PingOne
• Fixed an issue with the way the Synchronization Server handled the Active Directory unicodePwd attribute when no DN map was configured for the sync class
• Fixed an issue with create-sync-pipe-config when using generic JDBC sync destinations
• Fixed an issue when using manage-topology add-server to add a Synchronization Server to a topology that already contained at least two such instances
• Fixed an issue with alternative authorization DN logging for multi-update extended operations
• Fixed an issue in which dsjavaproperties –initialize could generate duplicate arguments
• Fixed an issue in which a spurious error message could be logged when accessing the status page in the Administration Console

LDAPjs is a JavaScript library that provides LDAP protocol support for the Node.js environment. The project has just released version 3.0.7. It looks like the only change in this release is a fix that can prevent a server crash when attempting to process a simple bind with an empty or malformed DN.

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.11, which includes the following changes:

• This is the last version of the LDAP SDK that will support Java 7; future releases will only support Java 8 and higher
• Updated ldapsearch and ldapmodify to provide better validation for the –proxyAs argument
• Updated the Filter class to allow empty strings as an alternative to null values when creating substring filters that don’t contain all component types
• Improved the logic used to pare entries to a specified set of attributes to better handle attribute descriptions with illegal characters
• Updated TimestampArgument to support timestamps in the ISO 8601 format described in RFC 3339
• Added a JSONBuffer.appendField method
• Added enums for dealing with data sizes using either binary (1024-based) or decimal (1000-based) multipliers
• Added client-side support for post-LDIF-export task processors in the Ping Identity Directory Server

Symas has announced commercial support for an OpenLDAP Docker container, as well as a Helm Chart that can help facilitate its deployment. The container appears to be available for OpenLDAP 2.5.x and 2.6.x versions on the amd64 and arm64 architectures.

The 389 Directory Server project has released version 2.4.4. Some of the changes in this release appear to include:

• Fixed an issue in which the server could crash as a result of a bug in connection management
• Fixed an issue in which the server could hang with a large number of concurrent connections
• Fixed an issue that could cause a crash when aborting an import of data into an LMDB database
• Fixed an issue that could prevent importing data into an LMDB database
• Fixed a concurrency issue when the account policy plugin is used to update last login history
• Fixed an issue with the schema editing CLI that could remove a definition on a failed edit
• Fixed an issue with dscreate create-template
• Fixed an issue with a password prompt when trying to get replication status
• Fixed an issue in the web console that could cause it to lose expected capitalization in attribute names
• Updated dsconf and dscreate to support setting parameters for an LMDB database
• Updated dsconf to prevent setting a replica ID for hubs and consumers
• Improved the man page for the ldclt tool

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.3.0. The primary change in this release appears to be the addition of a mechanism for applying a base DN substitution during create and rename operations.

The Open Identity Platform project has released version 4.6.1 of the OpenDJ Directory Server. Changes in this release appear to include:

• Added support for storing data in a Cassandra database
• Added support for Java 21
• Fixed a potential out of memory error during import

The Apache Directory Project has released Apache DS 2.0.0.AM27, which is a preview of their upcoming 2.0.0 release. Changes in this release appear to include:

• Upgraded the server’s log4j library version to one that includes fixes for critical vulnerabilities
• Fixed encryption support that relied on a hard-coded initialization vector
• Fixed issues in which the server did not attempt to validate certificates
• Fixed an issue that could prevent the server from starting on Windows
• Fixed an issue that could prevent the server from running on the IBM JVM
• Fixed an issue in which the server could leak threads
• Fixed an issue with encryption support in the DIGEST-MD5 SASL mechanism
• Fixed an issue in which a modify DN operation could be used to overwrite an existing entry
• Fixed an issue with the way that password modify extended responses were encoding
• Fixed case-sensitivity issues when processing LDIF records
• Fixed an issue in which an AND filter containing (objectClass=top) would not return any results
• Improved performance for certain types of searches with large result sets
• Fixed issues with the server when using Java versions newer than Java 8
• Fixed an issue with the order in which interceptors were being processed
• Fixed an issue that could cause the server to encounter an internal error when attempting to process a search with an unsupported type of matching
• Fixed an issue that could cause the server to encounter an internal error when an unsupported control was requested
• Added support for the subtree delete request control
• Removed support for acting as a Kerberos server

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released versions 3.2.2 and 2.20.5, which address the following issues:

• Fix an issue with an invalid query filter containing memberof (both versions)
• Fixed a type error in the groups relation builder (version 3.2.2)

The Apache Directory Project has announced the release of version 2.1.5 of their Apache Directory LDAP API. This release does not appear to include any changes to the API itself, but only updates its dependency libraries.