389 Directory Server 2.4.1, 2.3.4, and 2.2.8

The 389 Directory Server project has announced new releases of versions 2.4.1, 2.3.4, and 2.2.8. From the release announcements, it appears that the most significant changes include (note that not all changes apply to all versions):

  • Fixed a crash in syncrepl processing
  • Fixed a crash that could occur when disabling a replica
  • Fixed a memory leak in delete processing
  • Added support for a last login time history
  • Added support for alias entries
  • Added the ability to skip certain password policy updates (e.g., updating the history or password expiration time) for an administrative password reset
  • Added support for handling both account inactivity and password expiration at the same time
  • Fixed an AD synchronization issue that could prevent entries from being deleted
  • Fixed a UI issue in which certificate validation could be too strict
  • Improved performance for search filters targeting the nsrole attribute
  • Improved installer support for selinux
  • Updated the backup process to include certain configuration files

LDAP Tool Box Service Desk 0.5.1

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released the 0.5.1 release of their Service Desk tool, which is a web application for administrators that supports viewing and managing accounts in an LDAP directory server. This release includes the following changes:

  • Provided result codes for account lock and unlock attempts
  • Updated the audit file to include the requester IP address
  • Fixed an issue affecting message overrides

Note that features for managing password policy state may only be available for certain types of directory servers.

LDAP Tool Box Self Service Password 1.5.3

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 1.5.3 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. Changes in this release include:

  • Fixed an issue in which a password reset flow could disclose the existence of an account
  • Added a comment about the use of custom CSS
  • Improved support for Dutch and Arabic localizations

LDAP Tool Box White Pages 0.4

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released the version 0.4 of their White Pages application, which is a PHP application that allows searching for and displaying information contained in an LDAP directory. Changes in this release appear to include:

  • Added the ability to negate filter components when performing a search
  • Improved support for displaying addresses using the LDAP postal address syntax
  • Improved support for displaying information for attribute types configured as a list
  • Added support for displaying location information in maps
  • Improved vcard support for groups
  • Added the ability to have a gallery containing members of a group
  • Added the ability to use gravatar to obtain photos
  • Added support for LDAP values that should be interpreted as raw bytes
  • Added the ability to configure a network timeout
  • Disabled error reporting when debugging is disabled

ForgeRock Directory Services 7.3

ForgeRock Directory Services version 7.3 has been released. According to the release notes, changes in this release include:

  • Improved the efficiency of online replica initialization
  • Improved the logic for detecting when a replica has fallen too far behind in replication
  • Reduced the amount of memory required for group and entry caching
  • Improved the efficiency of encoding and decoding entries containing attributes with large numbers of values
  • Added support for monitoring the cost of maintaining an index
  • Added a matching rule that can be used to monitor progress when migrating passwords to a new scheme
  • Added a warning message when defining an unnecessary presence index for an attribute that has an equality index
  • Added a variety of monitoring metrics
  • Added support for logging error messages in JSON format
  • Improved the efficiency of returning userCertificate values
  • Updated the mail attribute type definition to support non-ASCII characters
  • Updated the modrate tool to support reading entries before updating them, and to improve support for multivalued attributes
  • Moved replication messages to the server error log
  • Moved entry cache metrics from “cn=entry cache,cn=monitor” to “cn=entry caches,cn=monitor”
  • Addressed an issue that could cause an upgrade to require a full rebuild
  • Fixed an error when processing a search involving BigIndex
  • Reduced the frequency of change number indexing state logging
  • Ignored the max-allowed-client-connections limit in the admin connector
  • Fixed an issue when backing up to an S3 bucket in a new region
  • Eliminated redundant columns in dsconfig list-replication-domains output
  • Fixed an issue in which the replication server could forward changes that had already been applied
  • Fixed an issue in which a backup could report an incorrect number of database files
  • Added support for serializing information about controls in replication messages
  • Fixed an issue that could cause isMemberOf read attempts to block after creating, deleting, or renaming static groups
  • Fixed an issue that could cause all worker threads to become blocked by abandon operations
  • Fixed an issue in processing an abandon operation during server shutdown
  • Fixed an issue that could prevent the server from starting when configured with a subordinate base DN
  • Removed the dsrepl –script-friendly argument
  • Updated the LoadBalancer availability check to handle bad user bind states
  • Fixed an issue in which missing replication server heartbeats were not detected
  • Fixed an issue in which the server could fail to check the state of a new replica added to the topology
  • Updated the server to revert permissions for the 99-user.ldif schema file on startup
  • Fixed an issue in which certain important replication debugging messages were suppressed
  • Fixed an issue in which dsrepl status did not take bad data status into account
  • Fixed a potential deadlock between overlapping modify DN operations
  • Fixed an issue in which dsrepl status could show deleted replication domains
  • Improved logging for replication connect errors
  • Fixed an issue in which the server could ignore critical VLV controls when processing an unindexed search
  • Fixed an issue in which connections to the proxy server incorrectly timed out after 10 seconds
  • Fixed an issue that could occur when running searchrate concurrently with modrate
  • Fixed an issue with the server incorrectly terminating connections as a result of a missing heartbeat
  • Fixed an issue win which supportextract could incorrectly exclude certain key stores
  • Fixed an issue in which the LDAP changelog was not properly updated during a replica initialization
  • Fixed an issue in which rotation and retention policies were not correctly applied for certain logging
  • Fixed an issue in which the replication server could accept connections when its database is unavailable

LdapRecord 3.0.0

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.0.0, which appears to include the following changes:

  • Added support for SASL authentication
  • Updated the minimum supported PHP version to 8.1
  • Implemented strict types across all classes and methods

389 Directory Server 2.4.0, 2.3.3, 2.2.7, and 2.1.8

The 389 Directory Server project has announced new releases of versions 2.4.0, 2.3.3, 2.2.7, and 2.1.8. From the release announcements, it appears that the most significant changes include (note that not all changes apply to all versions):

  • Fixed issues in which clear-text or encoded passwords could have been exposed to unprivileged users
  • Fixed a couple of potential crashes
  • Fixed a couple of potential memory leaks and other memory management issues
  • Fixed a potential hang that could occur when rebuilding RUV information in the replication changelog
  • Improved search performance when referral handling is needed
  • Improved server behavior when a large number of connections are established
  • Added an option to close client connections after a failed authentication attempt
  • Fixed an a CLI issue when attempting to configure referral behavior
  • Fixed an issue in which search statistics omitted some types of lookups
  • Fixed an issue in which schema replication overwrote the X-ORIGIN extension
  • Updated dsconf to make it possible to specify a timeout when running tasks
  • Updated the logconv tool to support a new logging format
  • Updated the ldifgen tool to use a common default directory for LDIF files
  • Updated lib389 to perform better validation when importing certificates
  • Fixed an issue in which the server used case-sensitive matching for Boolean values
  • Fixed an issue in which user interfaces relied on a hard-coded set of password storage schemes
  • Fixed an issue when running dscreate as a non-superuser account
  • Fixed an issue in which dscreate ds-root did not properly normalize paths
  • Fixed an issue that allowed attribute types to be defined with conflicting matching rules
  • Improved search optimization logic
  • Improved db2ldif error handling
  • Improved UI support for importing and exporting certificates
  • Updated dsrc support to make it possible to specify alternative locations for user and group entries
  • Improved migration from OpenLDAP
  • Updated the CLI to support subject alternative names in CSRs
  • Deprecated support for the nsslapd-ldapimaprootdn attribute

LDAP Tool Box Service Desk 0.5

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released the 0.5 release of their Service Desk tool, which is a web application for administrators that supports viewing and managing accounts in an LDAP directory server. This release includes the following changes:

  • Added support for PHP version 8 and higher
  • Added an option for notifying users and administrators by email when a password is changed or reset
  • Added an enable/disable button for forcing a user to reset their password upon authentication
  • Added the ability to display DNs as links to the corresponding entries
  • Improved support for displaying timestamps
  • Improved support for displaying postal addresses
  • Fixed an issue in which accounts could be locked when not using a password policy that has account lockout enabled
  • Fixed an issue resulting from the application providing a string when an array was expected

Note that features for managing password policy state may only be available for certain types of directory servers.

Apache Directory LDAP API 2.1.3

Although there does not yet seem to be an official announcement on the mailing list, the Apache Directory Project website lists a new 2.1.3 release of the Apache Directory LDAP API. The most significant changes in this release appear to include:

  • Fixed an issue in which password exceptions may not include the diagnostic message returned by the server
  • Fixed an issue that could affect comparing multivalued RDNs
  • Changed the type of exception thrown in response to a malformed search filter string
  • Improved DN parsing performance
  • Updated the schema information to include attribute types from the latest revision of the password policy draft
  • Changed the log level for a debug log message that could be generated if the API receives a response to a request that the client is no longer interested in