LdapRecord 2.4.8 and 2.5.0

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released versions 2.4.8 and 2.5.0. Changes included in these releases are:

  • Added escaping to filters in log messages (version 2.4.8)
  • Added the ability to iterate through search results in pages to avoid memory issues with large result sets (version 2.5.0)
  • Added the ability to fetch a model’s object classes (version 2.5.0)
  • Dropped support for PHP 7.2 (version 2.5.0)
  • Deprecated the DeprecatedPaginator class and the Ldap::supportsServerControlsInMethods method (version 2.5.0)

OpenLDAP 2.5.5 and 2.4.59

The OpenLDAP project has released versions 2.5.5 and 2.4.59 of their LDAP directory server. Some of the changes included in these versions include:

  • Fixed a potential double-free memory management issue (both versions)
  • Fixed a replication issue that could cause changes to be missed (both versions)
  • Fixed a cache locking issue that could cause the server to appear unresponsive (both versions)
  • Fixed issues with TLSv1.3 cipher suite handling (both versions)
  • Fixed an issue that could prevent removing a naming context entry (both versions)
  • Fixed a potential crash when using autogroup (version 2.4.59)
  • Fixed an issue in which slapadd could fail because of improper initialization (version 2.4.59)
  • Fixed a syncrepl issue when both adding and removing a value for a single-valued attribute (version 2.4.59)
  • Fixed a quarantine issue in the metadata backend (version 2.5.5)
  • Fixed an issue in which log messages could potentially be lost immediately after a very fast restart (version 2.5.5)
  • Fixed an issue with incorrect OIDs for the authorization identity request and response controls (version 2.5.5)
  • Fixed an that could prevent encoding passwords with Argon2 (version 2.5.5)
  • Fixed an issue with empty DNs in certain extensible match filters (version 2.5.5)
  • Added an LDAP load-balancing daemon (version 2.5.5)
  • Improved syncrepl refresh performance in certain cases (version 2.5.5)
  • Updated the access log to include the new DN for modify DN operations (version 2.5.5)
  • Updated the client library and metadata backend to support client-side timeouts (version 2.5.5)

UnboundID LDAP SDK for Java 6.0.0

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.0, which includes the following changes:

  • Deprecated support for TLSv1 and TLSv1.1
  • Deprecated support for TLS cipher suites that rely on the SHA-1 message digest or RSA key exchange
  • Fixed an issue that could cause the LDAP SDK to use the default set of JVM-enabled TLS cipher suites instead of a recommended set identified by the LDAP SDK
  • Updated the logic used when generating the string representations of DNs so that printable non-ASCII characters are no longer escaped by default
  • Updated the logic used when generating the LDIF representations of entries and change records so that values with ASCII control characters are now base64-encoded by default
  • Updated the LDIF reader to make it possible to disable support for reading change records with LDAP controls
  • Updated the PKCS #11 key manager to make it easier to interact with a PKCS #11 token without altering the JVM configuration
  • Updated the manage-certificates tool to support interacting with PKCS #11 tokens
  • Updated the manage-certificates tool to add a new copy-keystore subcommand
  • Updated the manage-certificates tool to add optional –output-file and –output-format arguments to the generate-self-signed-certificate subcommand
  • Updated the manage-certificates tool to allow interacting with BCFKS key stores even when not operating in FIPS 140-2-compliant mode
  • Updated the manage-certificates tool to display the key store type when using the list-certificates subcommand
  • Updated the in-memory-directory-server tool to add a –doNotGenerateOperationalAttributes argument
  • Added a new ThreadLocalSecureRandom class
  • Updated the documentation to include the latest revisions of the draft-coretta-x660-ldap, draft-ietf-kitten-password-storage, and draft-melnikov-scram-2fa drafts
  • Updated the use of the Bouncy Castle FIPS-compliant secure random number generator to reduce the potential for exhausting system entropy
  • Added the ability to customize the set of providers that will be allowed when operating in FIPS 140-2-compliant mode
  • Updated the command-line tool framework to check for FIPS 140-2-compliant mode as early as possible in the tool startup process
  • Updated the collect-support-data tool to allow using the –keyStoreFormat and –trustStoreFormat arguments even if the –useRemoteServer argument was not provided
  • Added client-side support for a new administrative task for safely removing an object class from the server schema

    LDAP Tool Box Service Desk 0.4

    The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released the 0.4 release of their Service Desk tool, which is a web application for administrators that supports viewing and managing accounts in an LDAP directory server. This release includes the following changes:

    • Provided a Docker image for the service desk application
    • Added multitenancy support with the ability to load different configurations based on the host name provided by the client
    • Added dashboard pages to list locked accounts, idle accounts, accounts with expired passwords, and accounts with passwords that will soon expire
    • Updated the account information display to include the password expiration date when applicable
    • Fixed an issue on SELinux caused by the location of the cache files

    Note that features for managing password policy state may only be available for certain types of directory servers.

    389 Directory Server 1.4.3.23

    The 389 Directory Server project has announced the release of version 1.4.3.23. From the release announcement, it looks like some of the changes in these versions are:

    • Fixed a potential crash in sync_repl processing
    • Fixed a virtual attribute issue that could lead to a server deadlock
    • Added support for temporary password rules
    • Added the ability to exclude specified attributes from the retro changelog
    • Fixed an issue that could cause invalid wtime and optime values to appear in compare operation log messages

    LDAP Tool Box Self Service Password 1.4.3

    The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released the version 1.4.3 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. Changes in this release include:

    • Fixed a security issue that could allow SMS-based password reset to change the password for any account
    • Fixed a security issue that could allow the same captcha to be used multiple times
    • Updated the Docker image to include sendmail