by ldapdotcom

OpenLDAP 2.5.8

The OpenLDAP project has announced the release of version 2.5.8 of their LDAP directory server. Changes in this release include:

  • Fixed a memory leak in syncrepl processing
  • Fixed a memory leak in client code used to obtain a peer certificate
  • Fixed a TLS-related issue introduced when converting configuration from slapd.conf to cn=config
  • Fixed a potential crash in password quality checking
  • Fixed an issue preventing attribute values from being deleted
  • Fixed an issue preventing users from setting a custom password policy
  • Fixed an issue with the equality matching rule for the namingContexts attribute
  • Fixed an issue with excessive logging for password policy processing
  • Fixed an issue affecting the ability to set up MySQL for use as a backend database
  • Fixed issues with the WiredTiger backend
by ldapdotcom

LDAP Tool Box slapd-cli 2.8

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 2.8 of their slapd-cli tools (formerly called openldap-initscript), which provide a set of command-line tools for OpenLDAP. This release includes the following changes:

  • Fixed a potential privilege escalation vulnerability that could be exploited by manipulating the PID file
  • Fixed a potential privilege escalation vulnerability that could result from recursive file ownership changes
  • Fixed a checksync tool issue with multiple suffixes
  • Fixed an issue when the OpenLDAP service used a name other than “slapd”
  • Migrated away from deprecated memberOf configuration
  • Migrated away from init.d references in favor of systemd
  • Added support for command-line autocomplete
  • Updated the status output to include the OpenLDAP version
  • Provide an option to use a default configuration and sample data
  • Updated documentation
by ldapdotcom

UnboundID LDAP SDK for Java 6.0.2

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.2, which includes the following changes:

  • Fixed an issue with support for cross-signed certificates
  • Added support for tls-server-end-point channel binding when using GSSAPI on a sufficiently modern JVM
  • Fixed an issue with search result references in the in-memory directory server
  • Added an option to use a non-interactive default trust mechanism in LDAP command-line tools
  • Updated the set of LDAP-related specifications in the documentation
    by ldapdotcom

    389 Directory Server 1.4.4.17

    The 389 Directory Server project has released version 1.4.4.17. Changes in this release appear to include:

    • Fixed an issue in which the server could crash or behave erratically when configured with access control rules based on IP addresses
    • Fixed an issue in which the server could accept any password when binding as a user with a malformed crypt password
    • Fixed an issue in which temporary password rules may not be enforced
    • Fixed an issue in which the nsuniqueid index could become corrupted during an index rebuild
    • Fixed an issue that could interfere with purging entries from the retro changelog
    • Fixed an issue in which the server could crash if dnaInterval is set to zero
    • Fixed an issue in which the server could crash if the referential integrity log is corrupted
    • Fixed an issue that could cause dsidm to crash if the account policy plugin is enabled but not configured
    • Fixed an issue in which re-encoding the password on bind could reset the password expiration time
    • Fixed an issue in which online import failed to warn about an attempt to import an entry without a parent
    • Fixed an issue in which the uniqueness plugin could check the wrong subtree when moving an entry
    • Fixed an issue that could cause changeNumber to be unindexed in the retro changelog
    • Improved certutil error handling
    • Improved SASL authentication logging
    • Added CLI and UI support for nsslapd-state
    • Added the ability to regenerate invalid entryUUID values on import
    by ldapdotcom

    389 Directory Server 2.0.10

    The 389 Directory Server project has released version 2.0.10. Changes in this release appear to include:

    • Fixed an issue in which the nsuniqueid index could become corrupted during an index rebuild
    • Fixed an issue that could interfere with purging entries from the retro changelog
    • Fixed an issue that could cause dsidm to crash if the account policy plugin is enabled but not configured
    • Added CLI and UI support for nsslapd-state
    • Fixed typos in the logconv.pl script
    by ldapdotcom

    LdapRecord 2.7.0

    LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.7.0, which appears to include the following changes:

    • Added support for retrieving arrayable attributes of an entry model
    • Added a method for more easily retrieving the raw value from an escaped value
    • Added methods for determining whether a user has a locked account and for identifying users with locked accounts
    • Made a change to the approach used for deleting leaf nodes
    by ldapdotcom

    UnboundID LDAP SDK for Java 6.0.1

    UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.1, which includes the following changes:

    • Added a new ldap-diff tool
    • Updated ldifsearch to support alternative output formats
    • Added the ability to customize the LDIF reader’s size limit for reading attribute values from a file
    • Added a system property that can cause debug messages to be written to a specified file
    • Reduced the debug level for an exception that is normal when checking if a pooled connection is still valid
    • Updated client-side support for the Ping Identity Directory Server’s matching entry count control
    • Updated client-side support for the Ping Identity Directory Server’s generate profile administrative task
    • Included the latest version of draft-coretta-x660-ldap in the set of LDAP-related specifications
      by ldapdotcom

      LDAP Synchronization Connector 2.1.6

      The LDAP Synchronization Connector (LSC) is an open source tool that can help synchronize data between an LDAP directory server and other types of data sources. The project has released version 2.1.6 of the connector, which appears to include the following changes:

      • Fixed an issue with the JaxbXmlConfigurationHelper
      • Fixed a warning when installing on Debian
      • Added support for the relax rules control
      • Fixed an error message that may be reported on a connection failure
      • Improved documentation for databaseDestinationService
      by ldapdotcom

      389 Directory Server 2.0.8

      The 389 Directory Server project has released version 2.0.8. Some of the changes in this release appear to include:

      • Fixed an issue in which enabling support for the entryUUID attribute could cause problems with replication
      • Improved validation for entryUUID values during import
      • Fixed an issue in which the attribute uniqueness plugin could examine the wrong subtree when processing a modify DN operation
      • Fixed an issue that could result from re-encoding the password on a successful bind
      • Improved error messages in the certutil tool
      • Improved monitoring for database locking