Apache Directory LDAP API 2.1.1

The Apache Directory Project has announced the release of the Apache Directory LDAP API version 2.1.1. This release appears to include the following changes:

  • Fixed an issue in handling DNs with multivalued RNDs
  • Fixed an issue in handling bind responses with the password expired response control
  • Fixed an issue in handling DSML error responses without a request ID
  • Updated support for TLS encryption
  • Updated DSML support to prefer escaping special characters in strings rather than base64-encoding those values

389 Directory Server 2.1.4

The 389 Directory Server project has released version 2.1.4. Changes in this release appear to include:

  • Added support for ECDSA private keys for TLS communication
  • Improved error handling in the dsidm user command
  • Fixed an issue in which rejected connections reported incorrect optime and wtime elements in access log messages
  • Addressed several issues in the UI

go-ldap 3.4.4

The go-ldap project has released version 3.4.4 of its LDAP API for Go. Some of the changes in this release include:

  • Updated the minimum required Go version to 1.14
  • Added support for entry unmarshalling
  • Added support for NTLM authentication without a password
  • Added support for the subtree delete control
  • Added support for referrals for modify operations
  • Added support for configurable logging
  • Fixed an issue with request timeout handling
  • Added missing client interface methods

OpenLDAP 2.6.3 and 2.5.13

The OpenLDAP project has announced the release of versions 2.6.3 and 2.5.13 of their LDAP directory server. Changes included in these releases include:

  • Fixed numerous memory leaks and other memory management issues (both versions)
  • Fixed an issue that could crash the server when performing a replication refresh (version 2.6.3)
  • Fixed an issue that could crash the server with both rwm and ppolicy enabled (both versions)
  • Fixed an issue that could interfere with replication if an instance went offline for an extended period of time (both versions)
  • Fixed an issue in which killing a process accessing the a could interfere with other processes accessing the same database (both versions)
  • Fixed an issue that prevented the server from working properly on some types of BSD systems (both versions)
  • Fixed a backward-compatibility issue with the automatic group overlay (both versions)
  • Fixed an issue in which lastbind updates were not properly chained on read-only consumers (version 2.6.3)
  • Fixed an issue in which the rwm overlay did not properly handle DNs with special characters (version 2.6.3)
  • Fixed an issue in which notice of disconnection unsolicited notifications were not properly encoded (version 2.6.3)
  • Added support for case-insensitive matching of Boolean values (version 2.6.3)
  • Added support for allowing empty directory strings (both versions)
  • Updated the 2.2 release of the ppm module (version 2.6.3)

ForgeRock Directory Services 7.2

ForgeRock Directory Services version 7.2 has been released. According to the release notes, changes in this release include:

  • Updated setup so that it now requires a –deploymentId argument
  • Added support for big indexes, which are optimized for very large result sets
  • Added support for Argon2 password encoding
  • Added support for backing up to AWS S3 using temporary credentials
  • Reduced startup time with large numbers of groups
  • Added support for Java 17
  • Added support for template-based virtual attributes
  • Added support for DN pattern matching
  • Fixed an issue that could prevent the server from shutting down
  • Fixed an issue that could prevent the server from starting in a non-US locale
  • Fixed a potential deadlock in changelog purging
  • Fixed an issue that could prevent changelog files from being closed
  • Removed the lookthrough-limit configuration property
  • Replaced the cursor-entry-limit property with a max-candidate-set-size property
  • Added support for the HAProxy proxy protocol
  • Updated the server to log SSL exceptions as errors rather than warnings
  • Added an administrative alert when a backup completes
  • Improved search optimization for unresolved conflicts
  • Improved search optimization for initial substrings
  • Improved keepalive support for proxy connections
  • Added a tool to generate a bash completion script for included commands
  • Added improved monitoring of index usage
  • Added support for histogram metrics in monitoring
  • Updated monitoring to consider replication threads/li>
  • Exposed monitoring output over HTTP even if some backends are offline
  • Added an entrySize field in access log messages
  • Updated the server to warn if it detects that an external service is attempting to unexpectedly manage rotation and retention
  • Improved efficiency of validating PKCS5S2-encoded passwords
  • Improved efficiency of generating ETag values
  • Improved efficiency of rebuild-index when rebuilding specific indexes
  • Improved efficiency of rebuild-index when rebuilding degraded indexes but there are no such indexes
  • Added a dskeymgr show-deployment-id command
  • Updated the dsrepl status –showReplicas command to include an entry count
  • Updated the supportextract command to collect additional system information
  • Updated the supportextract command to attempt to exclude environment variables that may represent passwords
  • Updated the REST to LDAP gateway to add an estimate of the total paged results for indexed searches
  • Updated the REST to LDAP gateway to add support for simplifying search filters
  • Updated the REST to LDAP gateway to make it possible to request the number of matches without actually retrieving the corresponding entries
  • Updated the REST to LDAP gateway to improve use of JSON data types when converting from LDAP attribute values
  • Updated the REST to LDAP gateway to use a replace modification when updating the value of a single-valued attribute
  • Improved monitoring support for the REST to LDAP gateway
  • Improved debugsearchindex output
  • Improved schema compatibility with the RFC 2307bis draft
  • Improved consistency of config file archives
  • Fixed an issue in which upgrade did not properly migrate JE configuration properties
  • Fixed a potential out-of-memory error when attempting a subtree delete
  • Fixed an issue in which the LDIF backend could silently reject entries that fail schema validation
  • Fixed an issue that could interfere with exporting a backend when an expected database does not exist
  • Fixed an issue that could case the process of listing or restoring a cloud backup to be slow
  • Fixed an issue that could cause dsconfig to exit when setting the bootstrap-replication-server property
  • Fixed a setup issue that may arise when providing a trust store password file
  • Fixed an issue that could prevent creating VLV indexes with a baseObject scope
  • Fixed a makeldif issue when attempting to use a DateTime tag with colons
  • Fixed an issue in which some dsbackup global arguments were not valid for some subcommands

389 Directory Server 2.2.2, 2.1.3, and 2.0.16

The 389 Directory Server project has announced new releases of versions 2.2.2, 2.1.3, and 2.0.16. From the release announcements, it looks like some of the changes in these versions are:

  • Fixed an issue in which a malformed request could crash the server (version 2.0.16)
  • Fixed a memory leak in error handling code (versions 2.1.3 and 2.0.16)
  • Fixed an issue in which replication could be broken until a server restart after changing the replication manager password (version 2.0.16)
  • Fixed an issue in which search filters may not be properly normalized during processing (all three versions)
  • Fixed an issue in which the server could incorrectly return LDAP subentries when they had not been requested (version 2.0.16)
  • Fixed an issue that could prevent entries with subentries from being removed (version 2.0.16)
  • Fixed an SNMP-related issue that could prevent the server from starting (version 2.0.16)
  • Fixed an issue with migrating data containing password policy information from OpenLDAP (versions 2.1.3 and 2.0.16)
  • Fixed an issue that could cause problems with migrating from OpenLDAP if the memberOf overlay is enabled (version 2.0.16)
  • Fixed a monitoring-related issue when migrating from OpenLDAP (all three versions)
  • Fixed an issue in which dsconf backend export could fail in servers with multiple backends (all three versions)
  • Fixed an issue that could cause the server to report errors if the number of entries matching a VLV search changed in the middle of the search (version 2.0.16)
  • Updated the server to automatically enable changelog trimming when setting up replication (version 2.0.16)
  • Simplified the process for creating and managing an instance as a non-root user (version 2.0.16)
  • Improved search filter optimization (version 2.0.16)
  • Updated dscreate to add options for configuring replication (version 2.0.16)
  • Improved performance with large numbers of connections (version 2.2.2)
  • Fixed an address sanitization error (version 2.2.2)
  • Improved logging for errors encountered while attempting to decode replication messages (all three versions)
  • Improved logging for errors encountered while attempting to synchronize data with Active Directory (all three versions)
  • Included the cockpit web application in the release (version 2.0.16)
  • Improved autocomplete support for command-line tools (version 2.0.16)
  • Updated the UI to add improved support for account lockout (version 2.0.16)
  • Added an option to preserve backward compatibility with an older version of the server when using nested backends (version 2.0.16)
  • Added shorter alternative names for dsidm subcommands (all three versions)
  • Fixed a malformed dsconf error message (all three versions)