389 Directory Server 2.0.11

The 389 Directory Server project has released version 2.0.11. Changes in this release appear to include:

  • Fixed an issue in which promoting or demoting a replica could crash the server
  • Fixed an issue in which a replica could encounter a deadlock
  • Fixed a memory leak in ldap-agent
  • Updated the CSN generator to limit time skew drift
  • Fixed an issue with PBKDF2 password encoding in FIPS 140-2-compliant mode
  • Fixed an issue in which max_failure_count could be reached too soon on a slow machine
  • Improved targetfilter ACI evaluation performance
  • Fixed an uninitialized variable issue in the logconv.pl script
  • Improved validation for automember configuration
  • Fixed an issue that arise if the /etc/hosts file had an invalid entry
  • Fixed a compatibility issue resulting from an attribute syntax change
  • Added the ability to create groups in the LDAP editor
  • Fixed an issue in which the editor tree was not being properly updated

Symas OpenLDAP 2.6

Symas has released version version 2.6 of their pre-built version of OpenLDAP. Their announcement lists the following changes:

  • Added the ability to log to a file as an alternative to syslog
  • Retired support for the back-ndb backend
  • Deprecated support for the back-sql and back-perl backends
  • Added additional load-balancing strategies
  • Improved support for certain controls and extended operations through the LDAP load balancer

OpenLDAP 2.6 and 2.5.9

The OpenLDAP project has announced the release of versions 2.6 and 2.5.8 of their LDAP directory server. Changes included in these releases include:

  • Added support for logging to a file as an alternative to syslog (version 2.6)
  • Added support for new load-balancing strategies (version 2.6)
  • Improved support for certain controls and extended operations through the LDAP load balancer (version 2.6)
  • Fixed an issue that could prevent importing an access log database from an OpenLDAP 2.4 server (version 2.5.9)

LdapRecord 2.8.0

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.8.0, which appears to include the following changes:

  • Added the ability to specify a lockout duration in minutes, without a time zone
  • Added the ability to rename a user with a provided string as an alternative to an RDN
  • Added the ability to save a model without firing any events
  • Added the ability to execute callbacks for each object in a chunked query
  • Added the ability to abort chunk processing
  • Added the ability to execute a callback for a query with no results
  • Added a convenience method to obtain the matching entry from a query when exactly one is expected
  • Added a convenience methods to determine whether a query contains any results
  • Added methods to determine if a DN is valid or empty

OpenLDAP 2.5.8

The OpenLDAP project has announced the release of version 2.5.8 of their LDAP directory server. Changes in this release include:

  • Fixed a memory leak in syncrepl processing
  • Fixed a memory leak in client code used to obtain a peer certificate
  • Fixed a TLS-related issue introduced when converting configuration from slapd.conf to cn=config
  • Fixed a potential crash in password quality checking
  • Fixed an issue preventing attribute values from being deleted
  • Fixed an issue preventing users from setting a custom password policy
  • Fixed an issue with the equality matching rule for the namingContexts attribute
  • Fixed an issue with excessive logging for password policy processing
  • Fixed an issue affecting the ability to set up MySQL for use as a backend database
  • Fixed issues with the WiredTiger backend

LDAP Tool Box slapd-cli 2.8

The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 2.8 of their slapd-cli tools (formerly called openldap-initscript), which provide a set of command-line tools for OpenLDAP. This release includes the following changes:

  • Fixed a potential privilege escalation vulnerability that could be exploited by manipulating the PID file
  • Fixed a potential privilege escalation vulnerability that could result from recursive file ownership changes
  • Fixed a checksync tool issue with multiple suffixes
  • Fixed an issue when the OpenLDAP service used a name other than “slapd”
  • Migrated away from deprecated memberOf configuration
  • Migrated away from init.d references in favor of systemd
  • Added support for command-line autocomplete
  • Updated the status output to include the OpenLDAP version
  • Provide an option to use a default configuration and sample data
  • Updated documentation

UnboundID LDAP SDK for Java 6.0.2

UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.2, which includes the following changes:

  • Fixed an issue with support for cross-signed certificates
  • Added support for tls-server-end-point channel binding when using GSSAPI on a sufficiently modern JVM
  • Fixed an issue with search result references in the in-memory directory server
  • Added an option to use a non-interactive default trust mechanism in LDAP command-line tools
  • Updated the set of LDAP-related specifications in the documentation

    389 Directory Server 1.4.4.17

    The 389 Directory Server project has released version 1.4.4.17. Changes in this release appear to include:

    • Fixed an issue in which the server could crash or behave erratically when configured with access control rules based on IP addresses
    • Fixed an issue in which the server could accept any password when binding as a user with a malformed crypt password
    • Fixed an issue in which temporary password rules may not be enforced
    • Fixed an issue in which the nsuniqueid index could become corrupted during an index rebuild
    • Fixed an issue that could interfere with purging entries from the retro changelog
    • Fixed an issue in which the server could crash if dnaInterval is set to zero
    • Fixed an issue in which the server could crash if the referential integrity log is corrupted
    • Fixed an issue that could cause dsidm to crash if the account policy plugin is enabled but not configured
    • Fixed an issue in which re-encoding the password on bind could reset the password expiration time
    • Fixed an issue in which online import failed to warn about an attempt to import an entry without a parent
    • Fixed an issue in which the uniqueness plugin could check the wrong subtree when moving an entry
    • Fixed an issue that could cause changeNumber to be unindexed in the retro changelog
    • Improved certutil error handling
    • Improved SASL authentication logging
    • Added CLI and UI support for nsslapd-state
    • Added the ability to regenerate invalid entryUUID values on import