Information security firm Packet Storm published a blog post about the LDAP Swiss Army Knife, a simple LDAP server (implemented using the UnboundID LDAP SDK for Java) that can be used for LDAP security-related testing, including intercepting plaintext credentials, forwarding NTLM credentials, and exploiting various LDAP-related vulnerabilities. They also posted a PDF document from pentesting firm SySS that describes a number of ways to use it for LDAP security-related testing.
Ping Identity Directory Server versions 184.108.40.206 and 220.127.116.11 have been released. These updates address an issue with the previous 18.104.22.168 and 22.214.171.124 release that could adversely affect the ability to use the web-based administration console. No other changes are included in these releases.
Fraser Tweedale works on identity management solutions at Red Hat, focusing on X.509. He has just published a blog post titled “A Distinguished Name is not a string” in which he discusses distinguished names (DNs), both in LDAP and X.509 certificates. It describes what DNs are and how to avoid some of the common pitfalls that may arise from the different string representations that equivalent DNs may have.
The 389 Directory Server project has announced new 126.96.36.199 and 188.8.131.52 versions. The 184.108.40.206 version appears to be a bugfix release (including a couple of potential security-related issues) and updates to administrative interfaces. The 220.127.116.11 release includes additional fixes (including potential crashes), improves logging for internal operations, and adds support for compare operations in the configuration.
Adldap2 is a PHP package that provides LDAP authentication and directory management tools. The project has just released version 10.0.11, which appears to add query logging, support the homePhone attribute, utility methods for dealing with DNs, and access to additional information when interacting with FreeIPA. It also improves support for StartTLS so that it will now lazily establish connections when using StartTLS and to make it easier to obtain information about errors in StartTLS processing.