LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.19.2, which appears to fix an issue when running on PHP 7.3.
LDAP Tool Box Nagios Plugins 0.9
The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released the version 0.9 of their Nagios Plugins component, which can be used to track the health of LDAP servers in the Nagios monitoring system, some of which apply to any type of server, while others are implementation-specific. Changes in this release include a fixing a deltacsn check in a syncrepl script and adding metrics for LMDB page usage in OpenLDAP.
Ping Identity Directory Server 9.2.0.0
Ping Identity Directory Server version 9.2.0.0 has just been released. I wrote about this release in detail on my personal blog, but here’s a summary of the changes:
- Removed support for incremental backups
- Updated the Groovy language version from 2.x to 3.x
- Added support for Java 17
- Added support for accessing external services through an HTTP proxy server
- Added a Prometheus monitoring servlet extension
- Added support for authenticating to Amazon AWS using an IRSA role
- Added support for generating digital signatures with encryption settings definitions
- Updated replace-certificate when running in interactive mode so that it can re-prompt for a certificate file if the initial file existed but did not contain valid certificate data
- Improved support for data security auditors
- Added new secure, connectioncriteria, and requestcriteria access control keywords
- Added support for defining resource limits for unauthenticated clients
- Added Argon2i, Argon2d, and Argon2id password storage schemes to supplement the existing Argon2 scheme
- Changed the default value of the replication-purge-obsolete-replicas global configuration property from false to true
- Updated migrate-ldap-schema to support migrating attribute type definitions from Active Directory in spite of their non-standards-compliant format
- Improved the usage text for the dsreplication enable command
- Exposed the maximum-attributes-per-add-request and maximum-modifications-per-modify-request properties in the global configuration
- Added support for synchronizing to SCIMv2 destinations
- Added a sync-pipe-view tool that can display information about the set of sync pipes configured in the server
- Added sync pipe monitor attributes related to account password policy state when synchronizing to a Ping Identity Directory Server
- Fixed an issue that could cause replication protocol messages to be dropped, potentially resulting in paused replication
- Fixed an issue in which a timeout could prevent adding servers to a large topology
- Fixed an issue in which an unexpected error could cause a replication server to stop accepting new connections
- Fixed an issue that prevented resource limits from being set properly for the topology administrator
- Fixed an issue in which the dsreplication tool incorrectly handled DNs in a case-sensitive manner
- Fixed an issue that could cause dsreplication enable to fail if there were any topology administrators without passwords
- Fixed an issue that could cause a configured idle timeout to interfere with replica initialization
- Fixed an issue that could prevent the server from generating an administrative alert when clearing an alarm that triggered an alert when it was originally raised
- Fixed an issue that could cause degraded performance to a PingOne sync destination
- Fixed an issue that could prevent users from changing their own passwords with the password modify extended operation if their account was in a “must change password” state and the request passed through the Directory Proxy Server
- Fixed an issue in which dsconfig would always attempt to use simple authentication when applying changes to servers in a group, regardless of the type of authentication used when launching dsconfig
- Fixed an issue that could cause certain kinds of Directory REST API requests to fail if they included the uniqueness request control
- Fixed an issue in which an unclean shutdown could cause the server to create exploded index databases
- Disabled the index cursor entry limit by default, which could cause certain types of indexed searches to be considered unindexed
- Fixed an issue that could adversely affect performance in servers with a large number of virtual static groups
UnboundID LDAP SDK for Java 6.0.7
UnboundID LDAP SDK for Java is a Java-based API for interacting with LDAP directory servers and performing other LDAP-related processing. The project has just released version 6.0.7, which includes the following changes:
- Fixed a bug that could prevent SearchResultEntry.equals from matching other types of Entry objects.
- Fixed a bug in Entry.applyModifications in cases where the provided entry was missing any RDN attribute values
- Fixed a bug in the argument parser’s support for mutually dependent arguments
- Added JSONObject methods for retrieving fields by name when treating the name in a case-insensitive manner
- Included the latest version of draft-schmaus-kitten-sasl-ht in the set of LDAP-related specifications
OpenDJ 4.5.3
The Open Identity Platform project has released version 4.5.3 of the OpenDJ Directory Server. It appears that this release fixes setup issues that could occur when using custom schema or configuration and also fixes an issue that could interfere with DSML support.
389 Directory Server 2.3.1, 2.2.4, and 2.1.6
The 389 Directory Server project has announced new releases of versions 2.3.1, 2.2.4, and 2.1.6. From the release announcements, it appears that the most significant changes include:
- Fixed a potential vulnerability in the UI (all three versions)
- Fixed potential memory management issues (all three versions)
- Made database compaction more robust (all three versions)
- Fixed an issue with an inconsistency with tombstone entries between LMDB and Berkeley DB (version 2.3.1)
- Increased the default number of file descriptors to avoid problems resulting from exhaustion (version 2.3.1)
- Fixed an issue that prevented enabling replication with a mixed-case suffix (all three versions)
- Fixed a performance issue with the memberof attribute (all three versions)
- Fixed issues with migration from OpenLDAP (all three versions)
- Fixed an issue in which changelog trimming was not performed at the expected interval (all three versions)
- Fixed various issues with the access log analysis script (all three versions)
- Fixed an issue that could cause the server to crash during shutdown (versions 2.3.1 and 2.2.4)
- Fixed an issue that could cause the entryuuid fixup task to fail in a replicated environment (all three versions)
- Fixed a performance issue due to lock contention under mixed load (all three versions)
- Fixed a performance issue when using pam_passthrough (all three versions)
- Fixed an issue in which some releases didn not include the cockpit web application (version 2.3.1)
- Fixed an issue that could prevent the UI from working properly if you change the root DN (all three versions)
- Fixed a performance issue with smart referral entries (all three versions)
- Fixed an issue with dscreate when using a custom dir_path with SELinux enabled (all three verisons)
- Added a default ACI that could help avoid problems with searches targeting group membership (version 2.3.1)
- Updated the server to only allow a single memberof fixup task to run at a time (all three versions)
- Updated healthcheck to ensure that all group attributes referenced by memberof are indexed (all three versions)
- Improved import performance with LMDB (version 2.3.1)
- Added default indexes for uidnumber, gidnumber, and memberuid (versions 2.3.1 and 2.1.6)
- Improved access logging for operation statistics (versions 2.3.1 and 2.2.4)
- Added the ability to always include a specified set of attributes in the audit log (all three versions)
- Improved debug logging support for password policy processing (all three versions)
- Updated the CLI to add support for adding CA certificate bundles (all three versions)
- Improved UI support for binary attributes like jpegPhoto (all three versions)
GLAuth 2.2.0-RC1
GLAuth is a simple LDAP server that positions itself as a lightweight alternative to OpenLDAP or Active Directory. The project has just released version 2.2.0-RC1, which appears to include the following changes:
- Added support for exporting metrics in a Prometheus-compatible format
- Added a plugin in support for PAM authentication
- Added support for logging with zerolog
- Added an option to check the configuration
LdapRecord 2.19.0
LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.19.0, which appears to include the following changes:
- Added the ability to filter relations based on related object classes
- Fixed an issue in which the Timestamp::convertWindowsTimeToDateTime method could use the wrong time zone
LdapRecord 2.18.0
LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.18.0, which appears to add the ability to count model relationships.
LdapRecord 2.17.3
LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released version 2.17.3, which appears to fix an issue that could prevent model events from being properly dispatched when calling createAttribute, updateAttribute, or deleteAttribute.