LDAP Tool Box Self Service Password 1.5.0

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 1.5.0 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. Changes in this release include:

  • Fixed an issue in which an SMS token could be used to change the password for any account
  • Fixed an issue that could allow the same captcha to be used multiple times
  • Fixed an issue that could disclose the existence of user accounts
  • Fixed an issue that could cause a server error when attempting to reset the password for a nonexistent user
  • Fixed an issue that could prevent resetting expired passwords
  • Fixed issues when using captchas with password reset email messages
  • Fixed an issue that could prevent password reset token email messages from being sent
  • Fixed an issue that could cause an email notification to be sent even if an update attempt failed
  • Added support for encoding passwords with Argon2
  • Added support for Kerberos authentication
  • Added support for rate limiting by IP address
  • Added the ability to specify multiple email address attributes
  • Added the ability to specify multiple email address and/or mobile phone number attributes
  • Added an SMS API for using signal-cli
  • Added sendmail to the Docker image
  • Added support for validating SSH public keys

389 Directory Server 2.3.0. and 2.2.3

The 389 Directory Server project has announced new releases of versions 2.3.0 and 2.2.3. From the release announcements, it looks like the changes both versions were largely the same, and they include:

  • Fixed potential crashes in replication processing
  • Fixed a potential crash in LDIF import processing
  • Fixed various memory leaks and other memory management issues
  • Fixed an issue with the replication keep-alive interval
  • Added a new JSON-formatted security audit log
  • Fixed an issue with dscreate on systems running SELinux
  • Fixed an issue that prevented importing a certificate chain
  • Fixed an issue in which a transaction was not aborted after failing to create a managed entry
  • Fixed an issue with the way that nscpEntryWsi values are computed
  • Fixed an issue in which the LDAP editor was not updated when switching instances
  • Fixed an issue that could cause suffixes to be converted to all lowercase
  • Fixed an issue with the dsidm user get_dn command
  • Fixed an issue could prevent optime and wtime from being set for rejected connections
  • Added support for TLS certificates with ECDSA private keys
  • Updated sudoers schema to allow UTF-8 values instead of just IA5 values

UnboundID LDAP SDK for Java 6.0.6

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.6, which includes the following changes:

  • Fixed an issue with re-establishing a connection in asynchronous mode after closing it with outstanding requests.
  • Fixed an issue that could affect getting an SSLContext in FIPS 140-2-compliant mode.
  • Added a system property that can enable certificate hostname verification by default.
  • Added a –verifyCertificateHostname argument to LDAP command-line tools.
  • Improved documentation for establishing secure connections according to best practices.
  • Fixed an issue in JNDI compatibility support for controls and extended request/response values.
  • Added the ability to create a search request with the base DN as a DN object rather than a String.
  • Fixed an issue with command-line tools that encountered an Error during processing.
  • Fixed an issue with the IA5 argument value validator that could allow non-ASCII characters in values.
  • Fixed an issue with the DNS hostname argument value validator that could prevent it from properly validating all components of a hostname.
  • Added an option to the identify-references-to-missing-entries tool to generate an LDIF with modifications needed to remove any identified references.
  • Improved subject alternative DNS name selection in SelfSignedCertificateGenerator.
  • Updated manage-certificates generate-self-signed-certificate to rename –replace-existing-certificate to –use-existing-key-pair.
  • Included a native-image/resource-config.json file in the jar file manifest for use by GraalVM.
  • Updated summarize-access-log to report several more items.
  • Updated the audit data security administrative task to support retaining previous reports by count or age.
  • Fixed issues that prevented setting the criticality of the administrative operation and join request controls.

    389 Directory Server 2.1.5

    The 389 Directory Server project has released version 2.1.5. Changes in this release appear to include:

    • Fixed a potential crash in LDIF import processing
    • Fixed a potential crash in syncrepl processing
    • Fixed various memory management issues
    • Fixed an issue with the replication keepalive interval
    • Fixed an issue that could cause corruption in nscpEntryWsi values
    • Fixed an issue in which the LDAP editor was not updated when switching instances
    • Fixed a dscreate issue when using SELinux
    • Updated sudo-related schema to support UTF-8 values rather than just IA5

    Apache Directory LDAP API 2.1.1

    The Apache Directory Project has announced the release of the Apache Directory LDAP API version 2.1.1. This release appears to include the following changes:

    • Fixed an issue in handling DNs with multivalued RNDs
    • Fixed an issue in handling bind responses with the password expired response control
    • Fixed an issue in handling DSML error responses without a request ID
    • Updated support for TLS encryption
    • Updated DSML support to prefer escaping special characters in strings rather than base64-encoding those values