The 389 Directory Server project has released version 3.0.2. Some of the changes in this release appear to include:

• Fixed a potential crash from an issue in the referential integrity plugin
• Fixed an issue that could allow the server to accept new connections when shutting down
• Fixed an issue that could prevent creating entries with long RDN values
• Fixed an issue in which the server may yield incorrect results for a VLV search when using an LMDB backend
• Fixed an issue that could prevent pre-encoded passwords from being added to a user’s password history
• Fixed an issue that could prevent using dscreate in interactive mode with an LMDB backend
• Fixed an issue in the encoding of timestamps in certain locales
• Fixed an issue in the error message used for a paged results search that was interrupted by the search time limit
• Fixed an issue in which an incorrect certificate lifetime could be displayed
• Log messages to make it possible to identify bind operations involving multi-factor authentication
• Added support for buffering writes to the server audit log for better performance
• Updated the Healthcheck tool to include configuration-related checks for the LMDB database
• Improved HAProxy support when the HAProxy server is on the same machine as the 389 Directory Server instance
• Improved dsidm error handling when trying to create an entry whose parent doesn’t exist

The go-ldap project has released version 3.4.7 of its LDAP API for Go. Some of the changes in this release include:

• Updated unmarshalling support to support *string as a field type
• Added support for the subordinate subtree search scope
• Added support for imposing a search result set size limit
• Added support for GSSAPI authentication
• Fixed an issue in which IsErrorAnyOf would not match a wrapped result
• Fixed an issue with incorrect ASN.1 handling in DN parsing
• Better mark deprecated functions in the documentation

ForgeRock Directory Services version 7.4 has been released. According to the release notes, changes in this release include:

• Added a new dsrepl disaster-recovery mechanism for safer disaster recovery procedures
• Removed the existing dsrepl start-disaster-recovery and dsrepl end-disaster-recovery commands
• Updated HDAP support to provide the ability to authenticate with a bearer tokens
• Updated the server so that it can immediately start maintaining new indexes for previously unused attributes
• Improved the efficiency of using equality indexes for presence searches
• Expanded the ability to use VLV indexes for some kinds of search requests
• Updated access log messages to better reflect when a search is unindexed
• Added processing time metrics for persistent searches
• Updated the server to improve resource limit evaluation for requests using proxied authorization
• Added support for Java 17 and Java 21
• Removed support for Java 11
• Added support for Amazon Linux 2023
• Added a dsrepl decode-csn command
• Included the hostname in the supportextract archive file
• Introduced changes to prevent direct upgraes from 7.4 instances using data encryption with AES/GCM
• Fixed an internal error resulting from certain kinds of unknown requests
• Fixed a potential schema violation resulting from an etag in the schema configuration entry
• Fixed an issue in which a TOO_LATE replication status would not mark a server as unhealthy
• Fixed an issue with the ds-mon-receive-delay metric
• Fixed an issue with dsrepl initialize when a custom schema file only includes sync state entries
• Fixed an issue in which authenticating using the REST API did not properly honor the force-change-on-add configuration
• Removed support for SNMP monitoring
• Removed the already-deprecated /admin and /api endpoints from newly created server instances
• Made a number of changes to the server’s plugin API, some of which may affect existing plugins
• Deprecated the legacy Prometheus metrics format in favor of a new format
• Deprecated a number of existing Prometheus metrics in favor of new metrics with improved names

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.5.1, which appears to include the following changes:

• Fixed an serialization issue with decoding UTF-8 strings
• Fixed an issue with the order of operations when serializing and deserializing certain properties

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 7.0.0, which includes the following changes:

• The LDAP SDK now requires Java 8 or later; Java 7 is no longer supported
• Improved connection pool behavior when a health check determines that a connection is valid on checkout
• Added a new compare-ldap-schemas tool
• Improved performance and reduced disk space and memory requirements when performing repeated binds using the GSSAPI SASL mechanism
• Added experimental client-side support for the relax rules request control
• Added client-side support for a number of controls used in ForgeRock OpenDJ
• Added connection pool health checks specific to the Ping Identity Directory Server
• Added convenience methods for generating cryptographic digests of strings, byte arrays, or files
• Added methods for normalizing JSON values and JSON object filters
• Added a constant with the name of a system property that can be used to enable MD5 support when using the latest version of the Bouncy Castle FIPS-compliant cryptographic provider
• Updated the documentation to include new and updated versions of several Internet Drafts

The LDAP Tool Box project offers a number of tools, scripts, and other niceties for working with LDAP. The project has released Linux packages for OpenLDAP versions 2.6.7 and 2.5.17, including RPMs for distributions like Red Hat and CentOS, as well as DEBs for distributions like Debian and Ubuntu. The packages are available for download from https://ltb-project.org/download.html.

The Apache Directory Project has announced the release of version 2.1.6 of their Apache Directory LDAP API. The primary change in this release appears to address an issue with the way that it encodes DSML filters.

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 3.3 of their slapd-cli tools (formerly called openldap-initscript), which provide a set of command-line tools for OpenLDAP. Changes in this release appear to include:

• Added the ability to delete older backup files
• Added support for the HAProxy proxy protocol
• Added support for client certificate authentication in checksync
• Added an option to convert slapd.conf to cn=config at each startup

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.4.0, which appears to include the following changes:

• Fixed an issue in which orWhere could not be called without an operator
• Fixed an issue in which the getAuthIdentifier method returned an incorrect value for OpenLDAP users
• Added support for base DN substitution in DN comparison methods
• Added the ability to morph models based on object classes

The OpenLDAP project has announced the release of versions 2.6.7 and 2.5.17 of their LDAP directory server. Changes included in these releases appear to include:

• Fixed a potential crash that could occur with connections closed with a notice-of-disconnection response (both versions)
• Fixed a potential crash that could occur with certain dynlist configurations (both versions)
• Fixed an issue in which the server would shut down upon encountering an access control rule with a malformed regular expression (both versions)
• Fixed an issue in which the server could incorrectly disclose an entry’s existence in the matched DN element of a response (both versions)
• Fixed a replication issue involving non-sequential timestamps (both versions)
• Fixed multiple client-side issues that may occur when using TLS (both versions)
• Added an option to disable including the member list in dynlist groups (both versions)
• Fixed a back-asyncmeta issue when trying to use an empty suffixmassage value (both versions)
• Fixed an issue that prevented lloadd from working on systems without a resolv.conf file (both versions)
• Fixed an issue with the formatting for log messages with very long filters (both versions)
• Fixed a replication issue when using both the glue and rwm overlays (version 2.6.7)
• Fixed an issue in which lloadd did not properly read its configuration (version 2.6.7)