LdapRecord 2.5.1 and 2.5.2

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released versions 2.5.1 and 2.5.2. Changes included in these releases are:

  • Fixed an issue with caching search results (version 2.5.1)
  • Added the ability to chunk relationship queries (version 2.5.1)
  • Fixed an issue with validating integer options (version 2.5.2)

389 Directory Server 2.0.6

The 389 Directory Server project has released version 2.0.6. Some of the changes in this release appear to include:

  • Fixed a potential crash in disk monitoring code
  • Fixed a potential crash and other issues resulting from a replication plugin name change
  • Fixed a potential crash resulting from a manual edit to the referential integrity log file
  • Fixed a memory management issue in dbscan
  • Fixed an issue in which the use of ACIs based on the client IP address could cause the server to classify a connection as used for replication
  • Fixed an issue in which temporary password rules are not used in conjunction with a local password policy
  • Fixed an issue in the retro changelog plugin when configured to exclude attributes
  • Fixed an issue that could cause tasks to hang
  • Fixed an issue that could cause ldapsearch to fail when multiple empty attribute descriptions were requested
  • Improved SASL logging
  • Added CLI support for temporary password rules

Ping Identity Directory Server

Ping Identity Directory Server version has just been released. I wrote about this release in detail on my personal blog, but here’s a summary of the changes:

Summary of Deprecated Functionality

  • Deprecate support for TLSv1 and TLSv1.1
  • Deprecate support for TLS cipher suites using SHA-1
  • Deprecate support for TLS cipher suites using RSA key exchange
  • Deprecate support for incremental backups

Summary of New Features and Enhancements

  • Add support for a FIPS 140-2-compliant mode
  • Added support for passphrase providers
  • Improve auditability for SCIM2 requests
  • Add support for join virtual attribute types
  • Add support for Admin Console SSO with alternative OpenID Connect providers
  • Add Admin Console support for collect-support-data and manage-profile generate-profile
  • Add a “must change password” account status notification type
  • Include an appropriate diagnostic message when successfully authenticating with an account in a “must change password” state
  • Allow updating ds-pwp-modifiable-state-json with other attributes and in transactions
  • Fix an issue preventing ds-pwp-modifiable-state-json from being updated in a multi-update extended operation
  • Add support for an AWS Secrets Manager cipher stream provider
  • Add support for dynamically loading a PKCS #11 provider
  • Add manage-certificates support for PKCS #11 key stores
  • Add support for setting up the server with certificates provided in PEM files
  • Add support for including custom tags in StatsD metric messages
  • Allow providing a JVM options cache for improved setup performance
  • Make manage-profile replace-profile more efficient when applying changes that require administrative actions
  • Reduce unnecessary escaping for non-ASCII characters in DNs
  • Reduce memory requirements for many command-line tools
  • Improve logging for multi-update extended operations
  • Include the Bouncy Castle library by default
  • Improve Admin Console logging when running in an external container
  • Add a remove-object-class-from-schema tool
  • Improve LDIF import performance and reduce the number of intermediate index files
  • Improve delete and modify performance with very large composite indexes
  • Improve performance for searches targeting dynamic groups via isMemberOf
  • Improve bind performance through the Directory Proxy Server in environments with many dynamic groups
  • Improve performance for very large exploded indexes when the index entry limit has been exceeded
  • Allow the purge expired data plugin to use multiple threads
  • Improve dbtest output for several subcommands
  • Minimize the conflict prevention details entry created for the uniqueness request control
  • Add an oid-lookup command-line tool
  • Add global ACIs for the LDAP assertion and permissive modify request controls
  • Allow forwarding the assured replication request control through the Directory Proxy Server by default
  • Allow the operation purpose request control to be used for operations in a transaction
  • Add support for alternative output formats in the ldap-result-code tool

Summary of Bug Fixes

  • Fix an issue that could allow users in a “must change password” state to issue requests
  • Prevent warning messages for unrecognized JVM vendors
  • Fix an issue that could prevent ds-pwp-modifiable-state-json changes from being replicated right away
  • Improve the logic for maintaining the entry-balancing global index
  • Fix an issue that could prevent setting up the server on old JVMs without support for 256-bit AES
  • Fix an issue that could interfere with manage-profile replace-profile when using a StatsD monitoring endpoint
  • Avoid entering lockdown mode when incorrectly believing that there were missed replication changes
  • Improve replication for dependent changes that may be received out of order
  • Fix an issue with incorrectly reporting that certain filters were not indexed
  • Prevent dsreplication status from listing offline servers under incorrect domains
  • Allow configuring cipher stream providers in Directory Proxy Server, Synchronization Server, and Metrics Engine
  • Fix an issue preventing manage-profile replace-profile from updating mirrored configuration
  • Prevent offline config change warnings when using manage-profile replace-profile
  • Update manage-profile replace-profile to preserve setup logs
  • Improve validation and behavior when configuring an explicit set of TLS cipher suites
  • Improve manage-profile replace-profile detection of changes to files not included in the server profile
  • Fix an issue when trying to update a topology server group with a server that already exists in that group
  • Fix issues with import-ldif with –addMissingRDNAttributes
  • Fix an issue with dsjavaproperties with –initialize and –jvmTuningParameter
  • Fix an issue that could prevent Sync failed ops log publishers from being removed
  • Improve the result code when trying to add an entry through the Directory Proxy Server when no backend servers are available or when adding entries with missing parents
  • Fix a potentially incorrect warning about duplicate jar files detected during startup
  • Fix an issue that could prevent Server SDK plugins from seeing all content in an add operation
  • Avoid a potential reverse DNS warning message during setup
  • Fix an issue that could cause the server to provide an incorrect estimate for the number of entries matching a filter using a composite index
  • Improve prompts when using dsreplication in interactive mode

LdapRecord 2.4.8 and 2.5.0

LdapRecord aims to provide a simple way to interact with LDAP entries using PHP. The project has released versions 2.4.8 and 2.5.0. Changes included in these releases are:

  • Added escaping to filters in log messages (version 2.4.8)
  • Added the ability to iterate through search results in pages to avoid memory issues with large result sets (version 2.5.0)
  • Added the ability to fetch a model’s object classes (version 2.5.0)
  • Dropped support for PHP 7.2 (version 2.5.0)
  • Deprecated the DeprecatedPaginator class and the Ldap::supportsServerControlsInMethods method (version 2.5.0)

OpenLDAP 2.5.5 and 2.4.59

The OpenLDAP project has released versions 2.5.5 and 2.4.59 of their LDAP directory server. Some of the changes included in these versions include:

  • Fixed a potential double-free memory management issue (both versions)
  • Fixed a replication issue that could cause changes to be missed (both versions)
  • Fixed a cache locking issue that could cause the server to appear unresponsive (both versions)
  • Fixed issues with TLSv1.3 cipher suite handling (both versions)
  • Fixed an issue that could prevent removing a naming context entry (both versions)
  • Fixed a potential crash when using autogroup (version 2.4.59)
  • Fixed an issue in which slapadd could fail because of improper initialization (version 2.4.59)
  • Fixed a syncrepl issue when both adding and removing a value for a single-valued attribute (version 2.4.59)
  • Fixed a quarantine issue in the metadata backend (version 2.5.5)
  • Fixed an issue in which log messages could potentially be lost immediately after a very fast restart (version 2.5.5)
  • Fixed an issue with incorrect OIDs for the authorization identity request and response controls (version 2.5.5)
  • Fixed an that could prevent encoding passwords with Argon2 (version 2.5.5)
  • Fixed an issue with empty DNs in certain extensible match filters (version 2.5.5)
  • Added an LDAP load-balancing daemon (version 2.5.5)
  • Improved syncrepl refresh performance in certain cases (version 2.5.5)
  • Updated the access log to include the new DN for modify DN operations (version 2.5.5)
  • Updated the client library and metadata backend to support client-side timeouts (version 2.5.5)