The Open Identity Platform project has released version 4.6.3 of the OpenDJ Directory Server. Changes in this release appear to include:

• Fixed a compatibility issue with OpenIDM
• Updated the posixGroup object class definition to make it auxiliary by default

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 1.6.0 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. Changes in this release include:

• Added audit logging support
• Added the ability to use a login hint to pre-fill the username field
• Added a page to set email and phone number attributes
• Added support for filtering allowed languages
• Improved security and error handling when using SMS
• Prevented multiple submits of the same form
• Removed criteria that depends on a former password when that password is not available
• Improved translations
• Added a change to prevent host header poisoning
• Improved the logic used to determine the difference between former and new passwords
• Added the ability to change custom password fields

The 389 Directory Server project has released version 3.0.2. Some of the changes in this release appear to include:

• Fixed a potential crash from an issue in the referential integrity plugin
• Fixed an issue that could allow the server to accept new connections when shutting down
• Fixed an issue that could prevent creating entries with long RDN values
• Fixed an issue in which the server may yield incorrect results for a VLV search when using an LMDB backend
• Fixed an issue that could prevent pre-encoded passwords from being added to a user’s password history
• Fixed an issue that could prevent using dscreate in interactive mode with an LMDB backend
• Fixed an issue in the encoding of timestamps in certain locales
• Fixed an issue in the error message used for a paged results search that was interrupted by the search time limit
• Fixed an issue in which an incorrect certificate lifetime could be displayed
• Log messages to make it possible to identify bind operations involving multi-factor authentication
• Added support for buffering writes to the server audit log for better performance
• Updated the Healthcheck tool to include configuration-related checks for the LMDB database
• Improved HAProxy support when the HAProxy server is on the same machine as the 389 Directory Server instance
• Improved dsidm error handling when trying to create an entry whose parent doesn’t exist

The go-ldap project has released version 3.4.7 of its LDAP API for Go. Some of the changes in this release include:

• Updated unmarshalling support to support *string as a field type
• Added support for the subordinate subtree search scope
• Added support for imposing a search result set size limit
• Added support for GSSAPI authentication
• Fixed an issue in which IsErrorAnyOf would not match a wrapped result
• Fixed an issue with incorrect ASN.1 handling in DN parsing
• Better mark deprecated functions in the documentation

ForgeRock Directory Services version 7.4 has been released. According to the release notes, changes in this release include:

• Added a new dsrepl disaster-recovery mechanism for safer disaster recovery procedures
• Removed the existing dsrepl start-disaster-recovery and dsrepl end-disaster-recovery commands
• Updated HDAP support to provide the ability to authenticate with a bearer tokens
• Updated the server so that it can immediately start maintaining new indexes for previously unused attributes
• Improved the efficiency of using equality indexes for presence searches
• Expanded the ability to use VLV indexes for some kinds of search requests
• Updated access log messages to better reflect when a search is unindexed
• Added processing time metrics for persistent searches
• Updated the server to improve resource limit evaluation for requests using proxied authorization
• Added support for Java 17 and Java 21
• Removed support for Java 11
• Added support for Amazon Linux 2023
• Added a dsrepl decode-csn command
• Included the hostname in the supportextract archive file
• Introduced changes to prevent direct upgraes from 7.4 instances using data encryption with AES/GCM
• Fixed an internal error resulting from certain kinds of unknown requests
• Fixed a potential schema violation resulting from an etag in the schema configuration entry
• Fixed an issue in which a TOO_LATE replication status would not mark a server as unhealthy
• Fixed an issue with the ds-mon-receive-delay metric
• Fixed an issue with dsrepl initialize when a custom schema file only includes sync state entries
• Fixed an issue in which authenticating using the REST API did not properly honor the force-change-on-add configuration
• Removed support for SNMP monitoring
• Removed the already-deprecated /admin and /api endpoints from newly created server instances
• Made a number of changes to the server’s plugin API, some of which may affect existing plugins
• Deprecated the legacy Prometheus metrics format in favor of a new format
• Deprecated a number of existing Prometheus metrics in favor of new metrics with improved names

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.5.1, which appears to include the following changes:

• Fixed an serialization issue with decoding UTF-8 strings
• Fixed an issue with the order of operations when serializing and deserializing certain properties

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 7.0.0, which includes the following changes:

• The LDAP SDK now requires Java 8 or later; Java 7 is no longer supported
• Improved connection pool behavior when a health check determines that a connection is valid on checkout
• Added a new compare-ldap-schemas tool
• Improved performance and reduced disk space and memory requirements when performing repeated binds using the GSSAPI SASL mechanism
• Added experimental client-side support for the relax rules request control
• Added client-side support for a number of controls used in ForgeRock OpenDJ
• Added connection pool health checks specific to the Ping Identity Directory Server
• Added convenience methods for generating cryptographic digests of strings, byte arrays, or files
• Added methods for normalizing JSON values and JSON object filters
• Added a constant with the name of a system property that can be used to enable MD5 support when using the latest version of the Bouncy Castle FIPS-compliant cryptographic provider
• Updated the documentation to include new and updated versions of several Internet Drafts

The LDAP Tool Box project offers a number of tools, scripts, and other niceties for working with LDAP. The project has released Linux packages for OpenLDAP versions 2.6.7 and 2.5.17, including RPMs for distributions like Red Hat and CentOS, as well as DEBs for distributions like Debian and Ubuntu. The packages are available for download from https://ltb-project.org/download.html.

The Apache Directory Project has announced the release of version 2.1.6 of their Apache Directory LDAP API. The primary change in this release appears to address an issue with the way that it encodes DSML filters.

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 3.3 of their slapd-cli tools (formerly called openldap-initscript), which provide a set of command-line tools for OpenLDAP. Changes in this release appear to include:

• Added the ability to delete older backup files
• Added support for the HAProxy proxy protocol
• Added support for client certificate authentication in checksync
• Added an option to convert slapd.conf to cn=config at each startup