389 Directory Server 2.3.1, 2.2.4, and 2.1.6

The 389 Directory Server project has announced new releases of versions 2.3.1, 2.2.4, and 2.1.6. From the release announcements, it appears that the most significant changes include:

  • Fixed a potential vulnerability in the UI (all three versions)
  • Fixed potential memory management issues (all three versions)
  • Made database compaction more robust (all three versions)
  • Fixed an issue with an inconsistency with tombstone entries between LMDB and Berkeley DB (version 2.3.1)
  • Increased the default number of file descriptors to avoid problems resulting from exhaustion (version 2.3.1)
  • Fixed an issue that prevented enabling replication with a mixed-case suffix (all three versions)
  • Fixed a performance issue with the memberof attribute (all three versions)
  • Fixed issues with migration from OpenLDAP (all three versions)
  • Fixed an issue in which changelog trimming was not performed at the expected interval (all three versions)
  • Fixed various issues with the access log analysis script (all three versions)
  • Fixed an issue that could cause the server to crash during shutdown (versions 2.3.1 and 2.2.4)
  • Fixed an issue that could cause the entryuuid fixup task to fail in a replicated environment (all three versions)
  • Fixed a performance issue due to lock contention under mixed load (all three versions)
  • Fixed a performance issue when using pam_passthrough (all three versions)
  • Fixed an issue in which some releases didn not include the cockpit web application (version 2.3.1)
  • Fixed an issue that could prevent the UI from working properly if you change the root DN (all three versions)
  • Fixed a performance issue with smart referral entries (all three versions)
  • Fixed an issue with dscreate when using a custom dir_path with SELinux enabled (all three verisons)
  • Added a default ACI that could help avoid problems with searches targeting group membership (version 2.3.1)
  • Updated the server to only allow a single memberof fixup task to run at a time (all three versions)
  • Updated healthcheck to ensure that all group attributes referenced by memberof are indexed (all three versions)
  • Improved import performance with LMDB (version 2.3.1)
  • Added default indexes for uidnumber, gidnumber, and memberuid (versions 2.3.1 and 2.1.6)
  • Improved access logging for operation statistics (versions 2.3.1 and 2.2.4)
  • Added the ability to always include a specified set of attributes in the audit log (all three versions)
  • Improved debug logging support for password policy processing (all three versions)
  • Updated the CLI to add support for adding CA certificate bundles (all three versions)
  • Improved UI support for binary attributes like jpegPhoto (all three versions)

GLAuth 2.2.0-RC1

GLAuth is a simple LDAP server that positions itself as a lightweight alternative to OpenLDAP or Active Directory. The project has just released version 2.2.0-RC1, which appears to include the following changes:

  • Added support for exporting metrics in a Prometheus-compatible format
  • Added a plugin in support for PAM authentication
  • Added support for logging with zerolog
  • Added an option to check the configuration

LdapRecord 2.19.0

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.19.0, which appears to include the following changes:

  • Added the ability to filter relations based on related object classes
  • Fixed an issue in which the Timestamp::convertWindowsTimeToDateTime method could use the wrong time zone

LdapRecord 2.17.3

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.17.3, which appears to fix an issue that could prevent model events from being properly dispatched when calling createAttribute, updateAttribute, or deleteAttribute.

LDAP Tool Box Self Service Password 1.5.2

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 1.5.2 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. The most significant change in this release appears to address an issue that could cause multiple captchas to be displayed when sending an SMS message.

LDAP Tool Box Self Service Password 1.5.0

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 1.5.0 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. Changes in this release include:

  • Fixed an issue in which an SMS token could be used to change the password for any account
  • Fixed an issue that could allow the same captcha to be used multiple times
  • Fixed an issue that could disclose the existence of user accounts
  • Fixed an issue that could cause a server error when attempting to reset the password for a nonexistent user
  • Fixed an issue that could prevent resetting expired passwords
  • Fixed issues when using captchas with password reset email messages
  • Fixed an issue that could prevent password reset token email messages from being sent
  • Fixed an issue that could cause an email notification to be sent even if an update attempt failed
  • Added support for encoding passwords with Argon2
  • Added support for Kerberos authentication
  • Added support for rate limiting by IP address
  • Added the ability to specify multiple email address attributes
  • Added the ability to specify multiple email address and/or mobile phone number attributes
  • Added an SMS API for using signal-cli
  • Added sendmail to the Docker image
  • Added support for validating SSH public keys

389 Directory Server 2.3.0. and 2.2.3

The 389 Directory Server project has announced new releases of versions 2.3.0 and 2.2.3. From the release announcements, it looks like the changes both versions were largely the same, and they include:

  • Fixed potential crashes in replication processing
  • Fixed a potential crash in LDIF import processing
  • Fixed various memory leaks and other memory management issues
  • Fixed an issue with the replication keep-alive interval
  • Added a new JSON-formatted security audit log
  • Fixed an issue with dscreate on systems running SELinux
  • Fixed an issue that prevented importing a certificate chain
  • Fixed an issue in which a transaction was not aborted after failing to create a managed entry
  • Fixed an issue with the way that nscpEntryWsi values are computed
  • Fixed an issue in which the LDAP editor was not updated when switching instances
  • Fixed an issue that could cause suffixes to be converted to all lowercase
  • Fixed an issue with the dsidm user get_dn command
  • Fixed an issue could prevent optime and wtime from being set for rejected connections
  • Added support for TLS certificates with ECDSA private keys
  • Updated sudoers schema to allow UTF-8 values instead of just IA5 values

UnboundID LDAP SDK for Java 6.0.6

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.6, which includes the following changes:

  • Fixed an issue with re-establishing a connection in asynchronous mode after closing it with outstanding requests.
  • Fixed an issue that could affect getting an SSLContext in FIPS 140-2-compliant mode.
  • Added a system property that can enable certificate hostname verification by default.
  • Added a –verifyCertificateHostname argument to LDAP command-line tools.
  • Improved documentation for establishing secure connections according to best practices.
  • Fixed an issue in JNDI compatibility support for controls and extended request/response values.
  • Added the ability to create a search request with the base DN as a DN object rather than a String.
  • Fixed an issue with command-line tools that encountered an Error during processing.
  • Fixed an issue with the IA5 argument value validator that could allow non-ASCII characters in values.
  • Fixed an issue with the DNS hostname argument value validator that could prevent it from properly validating all components of a hostname.
  • Added an option to the identify-references-to-missing-entries tool to generate an LDIF with modifications needed to remove any identified references.
  • Improved subject alternative DNS name selection in SelfSignedCertificateGenerator.
  • Updated manage-certificates generate-self-signed-certificate to rename –replace-existing-certificate to –use-existing-key-pair.
  • Included a native-image/resource-config.json file in the jar file manifest for use by GraalVM.
  • Updated summarize-access-log to report several more items.
  • Updated the audit data security administrative task to support retaining previous reports by count or age.
  • Fixed issues that prevented setting the criticality of the administrative operation and join request controls.