ForgeRock Directory Services version 7.4 has been released. According to the release notes, changes in this release include:

• Added support for an HDAP protocol, for accessing LDAP data over HTTP
• Updated access log messages to include time spent in the work queue, and for filtering messages based on queue time
• Changed the values of some access log fields from null to true
• Added support for including details about modified attributes in access log messages
• Added support for logging details about TLS negotiation
• Updated access log messages to include user-friendly names for request controls and details about their values
• Simplified debug logging with predefined logging categories
• Added monitor attributes about changelog purging
• Updated the attribute value password validator to add support for checking substrings
• Added support for renaming collective attributes
• Added attribute syntax checking support for certificate lists, certificate pairs, and postal address syntaxes
• Updated replication to log a warning on some kinds of fractional replication configuration issues
• Improved performance for evaluating OR filters with multiple components targeting the same attribute type
• Updated GSSAPI authentication support to allow multiple service principals
• Simplified configuring PKCS #11 key managers
• Updated Debian and Red Hat packages to use systemd instead of init files for starting the server on boot
• Updated dsconfig help and the configuration reference to better identify deprecated and legacy configuration options
• Updated command-line tools supporting PKCS #11 to allow specifying alternative provider details
• Updated the backendstat subcommands for listing indexes in order by name
• Fixed an issue in which the unindexed-search privilege may not be enforced for sorted and paged searches
• Reduced memory usage for the Argon2 password storage scheme
• Fixed a performance issue when searching for attributes not defined in the schema
• Updated the server to return an unavailable result instead of unwillingToPerform if it becomes disconnected from replication servers
• Fixed an issue in which virtual attribute providers could ignore critical controls during search processing

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released versions 3.1.4 and 3.1.5, which address issues related to support for the userAccountControl attribute in Active Directory.

GLAuth is a simple LDAP server that positions itself as a lightweight alternative to OpenLDAP or Active Directory. The project has just released version 2.3.0. It appears that the primary change in this release is to rename the table used to hold information about groups from “groups” to “ldapgroups” in order to avoid a naming conflict with MySQL.

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.1.3, which appears to fix an issue in which the presence of a diagnostic message in an operation response could cause the API to consider the operation a failure, even if the response had a successful result code.

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.10, which includes the following changes:

• Added the ability to reuse connections when following referrals
• Fixed a parallel-update issue that could cause reject log file corruption
• Added a method for obtaining encoded SASL PLAIN credentials
• Added methods for getting JSON number values as Integer or Long objects
• Added a method for getting a compact stack trace representing the code location from which it was called
• Added support for a Ping-proprietary access log field request control
• Added support for Ping-proprietary generate access token request and response controls
• Updated ds-pwp-state-json support to include new fields indicating whether a user’s password is encoded with current settings
• Updated the documentation to include the latest versions of draft-ietf-kitten-scram-2fa, draft-melnikov-scram-bis, and draft-melnikov-scram-sha3-512

The Open Identity Platform project has released version 4.5.9 of the OpenDJ Directory Server. Changes in this release include:

• Removed TLSv1 as the default TLS protocol version
• Updated the default signature algorithm for generated certificates to SHA256withRSA
• Updated JMX support to return properties with appropriate data types

The go-ldap project has released version 3.4.6 of its LDAP API for Go. Some of the changes in this release include:

• Fixed potential panics in GetLDAPError
• Fixed a potential thread deadlock
• Fixed a potential race condition on a request timeout
• Added the ability to perform asynchronous searches
• Added support for acting as a syncrepl consumer
• Updated ldap.Error to better support Go’s errors.Is and errors.As functions
• Improved support for the Active Directory DirSync control when performing asynchronous searches
• Substantially reduced the maximum BER packet size to reduce the potential for consuming very large amounts of memory

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.1.2. Changes in this release include:

• Fixed an issue that could prevent Relation::setModelResolver in AppServerProvider from working properly
• Added the Stringable interface to all classes containing a __toString() method

Ping Identity Directory Server versions 9.3.0.1, 9.2.0.2, 9.1.0.3, and 8.3.0.9 have just been released. These new versions address a security issue that affects deployments using the Delegated Admin product. For more information, see my personal blog post and the product release notes.

The Open Identity Platform project has released version 4.5.6 of the OpenDJ Directory Server. This release appears to fix an issue in which an ASN.1 sequence could have unused trailing bytes.