by ldapdotcom
Bookmark

Ping Identity Directory Server 10.0.0.0

Ping Identity Directory Server version 10.0.0.0 has just been released. I wrote about this release in detail on my personal blog, but here’s a summary of the changes:

  • Removed support for Java 8; only Java versions 11 and 17 are now supported
  • Removed the Metrics Engine product in favor of integration with standard monitoring software
  • Added support for inverted static groups
  • Added support for post-LDIF-export task processors, including one that can copy an exported LDIF file to an Amazon S3 bucket
  • Added a log file rotation listener that can upload newly rotated log files to an Amazon S3 bucket
  • Added an amazon-s3-client command-line tool
  • Added authentication support to the Directory REST API
  • Added support for a generate access token request control
  • Added support for configuring a single database cache that may be shared across all local DB backends
  • Added an option to automatically re-encode passwords on bind if the associated storage scheme configuration is changed
  • Added an option to use a separate request handler per client connection
  • Updated the encrypt-file tool to add –re-encrypt and –find-encrypted-files arguments
  • Added a new missing-change-policy configuration property that can be used to customize the way the server behaves in the event of missing replication changes
  • Significantly improved the performance of backup, restore, and online replica initialization
  • Significantly improved static group update performance
  • Improved performance for validating server state immediately after completing an update
  • Added a split-ldif tool for use in migrating to an entry-balanced deployment
  • Updated the bcrypt password storage scheme to support the 2b variant
  • Updated the HTTP connection handler to add an option to perform SNI hostname validation during TLS negotiation
  • Updated the backup tool to warn about attempting to compress a backup of an encrypted backend
  • Updated the dsreplication tool to maintain a separate log per subcommand, and to keep a better record of failed attempts
  • Removed the dsreplication remove-defunct-server subcommand in favor of the remove-defunct-server tool
  • Removed the dsreplication cleanup-defunct-server subcommand in favor of the remove-defunct-server –performLocalCleanup command
  • Updated dsreplication initialize-with-static-topology to add an –allowServerInstanceDelete argument
  • Updated dsreplication initialize-with-static-topology to add an –allowDomainIDReuse argument
  • Updated the check-replication-domains tool to no longer require the –serverRoot argument
  • Added an option to configure whether information about all remote servers are included in replication server monitor messages
  • Added support for an access log fields request control
  • Improved the way that the configuration API treats patch operations containing empty arrays
  • Added the ability to configure connect and response timeouts for interaction with various HTTP services
  • Improved Synchronization Server performance when setting the startpoint to the end of an Active Directory changelog
  • Reduced the amount of memory used by the export-ldif and backup tools by default
  • Improved the Directory REST API support for stripping encoded passwords from responses
  • Improved the way the replica generation ID is computed
  • Fixed an issue that could occur when initializing aggregate pass-through authentication handlers
  • Fixed an issue that could cause invalid block type errors when interacting with compressed files
  • Fixed an issue that could prevent the changelog password encryption plugin from working properly for password modify extended operations
  • Fixed an issue that could prevent the server from updating a user’s password history for requests including the password update behavior request control
  • Fixed an issue that could cause two copies of a user’s current password to be added to the password history
  • Fixed an issue that could incorrectly allow a user to set an empty password (which could not be used for authentication)
  • Fixed an issue that could cause the dictionary password validator to incorrectly accept certain kinds of passwords in which a long enough substring represented a dictionary word
  • Fixed an issue with the handling for replace modifications for attributes with options
  • Fixed an issue that prevented the server from recording a bind failure if it was the first attempt after a temporary lockout had expired
  • Fixed an issue with the output of the manage-profile generate-profile tool when run against an updated server
  • Fixed an issue in which dsreplication initialize could suggest using –force in scenarios where it would not be useful
  • Fixed an issue in which dsreplication enable-with-static-topology could incorrectly report an error about failing to connect to a remote instance
  • Fixed an issue in which dsreplication enable-with-static-topology in which base DN case sensitivity was not handled properly
  • Fixed an issue in which remove-defunct-server could fail if the AES256 password storage scheme was enabled
  • Fixed a replication error could occur if missing changes were found for an obsolete replica that only existed in some servers
  • Fixed an issue in which the server did not check the time limit during expensive index processing for a search operation
  • Fixed an issue that could cause the server to incorrectly include client certificate messages in the expensive operations log
  • Fixed an internal error that could arise if an administrative alert was generated at a specific point in the shutdown process
  • Fixed an issue with synchronizing Boolean attributes to PingOne
  • Fixed an issue with the way the Synchronization Server handled the Active Directory unicodePwd attribute when no DN map was configured for the sync class
  • Fixed an issue with create-sync-pipe-config when using generic JDBC sync destinations
  • Fixed an issue when using manage-topology add-server to add a Synchronization Server to a topology that already contained at least two such instances
  • Fixed an issue with alternative authorization DN logging for multi-update extended operations
  • Fixed an issue in which dsjavaproperties –initialize could generate duplicate arguments
  • Fixed an issue in which a spurious error message could be logged when accessing the status page in the Administration Console