LDAPjs is a JavaScript library that provides LDAP protocol support for the Node.js environment. The project has just released version 3.0.4. It appears that the primary user-facing change in this release is a fix for an issue with search filters containing non-ASCII characters.
389 Directory Server 2.4.3, 2.3.6, and 2.2.9
The 389 Directory Server project has announced new releases of versions 2.4.3, 2.3.6, and 2.2.9. From the release announcements, it appears that the most significant changes include (note that not all changes apply to all versions):
- Fixed a variety of memory leaks
- Fixed an issue that could prevent the server from starting after a system reboot
- Fixed an issue could cause high CPU utilization on an idle server
- Fixed a crash that could occur when trying to start the server with a backend that doesn’t have a suffix
- Fixed a crash that could occur when disabling replication
- Fixed an issue in which paged searches could adversely affect performance for other operations
- Fixed an issue That could cause the cleanallruv task to crash
- Fixed a dsconf issue when trying to interact with the monitor data for an LMDB backend
- Fixed a dbscan issue when encryption is enabled
- Fixed an issue with bash autocomplete definitions
- Improved security of library code that supports extracting tar files
- Added support for a last login time history
- Updated the set of allowed password storage schemes for FIPS-compliant mode
- Fixed an LDIF export issue when no export path was specified
- Fixed an issue in handling the result of pre-extended operation plugins
- Improved search performance for filters involving nsrole
- Improved error messages that could be generated if replication is not fully configured
- Fixed a UI issue that prevented selecting the suffix for an export
- Updated the UI to add support for configuring HAProxy trusted client addresses
- Fixed an issue that could affect searching for certain elements in the UI
OpenLDAP 2.6.6 and 2.5.16
The OpenLDAP project has announced the release of versions 2.6.6 and 2.5.16 of their LDAP directory server. This appears to be a bugfix release that fixes a couple of potentially urgent issues. Changes in this release include:
- Fixed a regression that was introduced in an earlier fix around abandoned configuration changes
- Fixed an issue in the back-meta backend that could arise in processing a modify operation without any changes
LDAPjs 3.0.4
LDAPjs is a JavaScript library that provides LDAP protocol support for the Node.js environment. The project has just released version 3.0.4, which appears to fix an issue in the ensureDN function.
OpenDJ 4.5.5
The Open Identity Platform project has released version 4.5.5 of the OpenDJ Directory Server. Changes in this release include:
- Re-enabled support for TLSv1.3
- Increased a timeout to better ensure that it’s possible to establish an administrative connection under heavy load
- Fixed an error that could occur when attempting to create the base entry during setup
- Fixed issues preventing the use of the PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-SHA512 password storage schemes
- Fixed an issue with the restore –listBackups argument
- Updated posixGroup to be a structural object class and updates it to include the cn attribute type
All About Data Encryption in the Ping Identity Directory Server
I wrote a blog post that provides a fairly detailed overview of the data encryption capabilities that the Ping Identity Directory Server provides.
LDAP Tool Box OpenLDAP 2.6.5 and 2.5.15 RPMs and DEBs
The LDAP Tool Box project offers a number of tools, scripts, and other niceties for working with LDAP. The project has released Linux packages for OpenLDAP versions 2.6.5 and 2.5.15, including RPMs for distributions like Red Hat and CentOS, as well as DEBs for distributions like Debian and Ubuntu. The packages are available for download from https://ltb-project.org/download.html.
LDAP Tool Box slapd-cli 3.1
The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 3.1 of their slapd-cli tools (formerly called openldap-initscript), which provide a set of command-line tools for OpenLDAP. This release includes the following changes:
- Fixed an issue in which OpenLDAP could be incorrectly set up to require client certificates by default
- Improved validation when using importdatatemplate
- Added a mechanism for including additional arguments when invoking ldapsearch
LdapRecord 3.1.0
LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 3.1.0. The primary change in this release appears to have addressed an issue with interaction with the unicodepwd and userAccountControl attributes in Active Directory.
OpenLDAP 2.6.5 and 2.5.15
The OpenLDAP project has announced the release of versions 2.6.5 and 2.5.15 of their LDAP directory server. Changes included in these releases include:
- Fixed potential crash in minimum password age handling (both versions)
- Fixed potential crash and race condition issues with online indexing (version 2.6.5)
- Fixed potential crash if a monitor search fails or is abandoned (version 2.6.5)
- Fixed potential crash in the variant overlay with a regular expression (both versions)
- Fixed a memory management error in pcache handling of a malformed schema element (both versions)
- Fixed a syncprov race condition that could cause incorrect connection handling if a connection is lost while attempting to send search results (both versions)
- Fixed an issue that could break push-based replication (both versions)
- Fixed an issue in which an abandoned configuration change could cause inconsistent behavior (both versions)
- Fixed an issue with extended operation handling for overlays (both versions)
- Fixed an issue with the pcache overlay when converting the configuration (both versions)
- Improved performance of dynamic group member list evaluation (both versions)
- Fixed an issue in the way that TLSv1.3 cipher suites are handled in the client library (both versions)
- Fixed an issue in the way that TCP_KEEPALIVE was handled in the client library (both versions)
- Fixed an issue in the way that asynchronous connect attempts were handled in the client library (both versions)