openldap-announce

openldap-announce@openldap.org

137 discussions

Release Maintenance Policy
by Howard Chu 08 Aug '21

08 Aug '21

HEADS UP: OpenLDAP 2.4 End of Life. Just a reminder to everyone: the Project has a long-standing policy of doing active development on only one release version at a time. To allow time for migrations we provide some overlap from one release version to the next. E.g., while 2.5 is active we will still provide critical bugfixes for 2.4. Since 2.4 has been around for something like 14 years now people may have forgotten this policy. This is a heads up that with 2.6 due for release in September, all updates to 2.4 will cease at that time. Likewise, when 2.7 is released next year all updates to 2.5 will cease. Also for clarity: We consider "Critical" bugs to include security flaws resulting in unauthorized data disclosure, or unauthorized remote code execution. We do not consider assert() failures or crashes resulting only in Denial of Service as security flaws. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

OpenLDAP 2.5.6 available
by project＠openldap.org 27 Jul '21

27 Jul '21

OpenLDAP 2.5.6 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) OpenLDAP 2.5.6 Release (2021/07/27) Fixed libldap buffer overflow (ITS#9578) Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590) Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747) Fixed slapd multiple config defaults (ITS#9363) Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603) Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608) Build Fixed library symbol versioning on Solaris (ITS#9591) Fixed compile warning in libldap/tpool.c (ITS#9601) Fixed compile wraning in libldap/tls_o.c (ITS#9602) Contrib Fixed ppm module for sysconfdir (ITS#7832) Documentation Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614) SHA3-512(openldap-2.5.6.tgz)= c3d5f8a0cc1b0bd1cb03df75acedf13988e3c816fe2d818c5a2cd7eef562ae9b05220c01b2cfd7112c04fb039da7a54b5acd27179bd10859c9758ddf40d3463c

1 0

OpenLDAP 2.5.5 available
by project＠openldap.org 03 Jun '21

03 Jun '21

OpenLDAP 2.5.5 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) OpenLDAP 2.5.5 Release (2021/06/03) Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502) Added lloadd tcp-user-timeout support (ITS#9502) Added slapd-asyncmeta tcp-user-timeout support (ITS#9502) Added slapd-ldap tcp-user-timeout support (ITS#9502) Added slapd-meta tcp-user-timeout support (ITS#9502) Fixed incorrect control OIDs for AuthZ Identity (ITS#9542) Fixed libldap typo in util-int.c (ITS#9541) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546) Fixed lloadd multiple issues (ITS#8747) Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537) Fixed slapd typo in daemon.c (ITS#9541) Fixed slapd slapi compilation (ITS#9544) Fixed slapd to handle empty DN in extended filters (ITS#9551) Fixed slapd syncrepl searches with empty base (ITS#6467) Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534) Fixed slapd abort due to typo (ITS#9561) Fixed slapd-asyncmeta quarantine handling (ITS#8721) Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555) Fixed slapd-ldap quarantine handling (ITS#8721) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapd-meta quarantine handling (ITS#8721) Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552) Fixed slapo-pcache locking during expiration (ITS#9529) Fixed slappw-argon2 module installation (ITS#9548) Contrib Update ldapc++/ldaptcl to use configure.ac (ITS#9554) Documentation ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820) ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) SHA3-512(openldap-2.5.5.tgz)= 9a479101e25d8715114b216b767d39f2b3107b5e92667fc26368d7de72cb3ef8417360a22c83127c4ccc6cec298c6dbca151c2e61f74a6c2446640ed05636fa1

1 0

OpenLDAP 2.4.59 available
by project＠openldap.org 03 Jun '21

03 Jun '21

OpenLDAP 2.4.59 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) OpenLDAP 2.4.59 Release (2021/06/03) Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) Fixed slapd-mdb cursor init check (ITS#9526) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapo-pcache locking during expiration (ITS#9529) Contrib Fixed slapo-autogroup to not thrash thread context (ITS#9494) Documentation ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) MD5(openldap-2.4.59.tgz)= 6036a03b3a67b4a1fe1246e0a2c7265a SHA1(openldap-2.4.59.tgz)= b154d06bbf40fafafb34fffc4b116946d931efef

1 0

OpenLDAP 2.5 Announcement
by project＠openldap.org 29 Apr '21

29 Apr '21

OpenLDAP Version 2.5 Release Announcement April 29, 2021 The OpenLDAP Project is pleased to announce the general availability of OpenLDAP Software version 2.5, a suite of the Lightweight Directory Access Protocol (v3) servers, clients, utilities, documentation, and development tools. This release contains significant new function that has been contributed by Symas, its customers, and by other organizations and individuals that use OpenLDAP. The bulk of this function has already been heavily tested in the field using OpenLDAP 2.4, so the Project expects the 2.5 release to be extremely stable in its early releases. As with all new software, though, the Project recommends that users carefully test the software to ensure it meets their needs. The following new components and capabilities are highlighted for this release: Featured Enhancements * LDAP Load Balancer Daemon A load balancer daemon, designed from the ground up to handle LDAP loads, has been developed. It is protocol-aware and can balance LDAP loads on a per-operation basis rather than on a per-connection basis. Gone are the days of long-lived connections collecting on a small number of LDAP servers and having to manually restart servers to rebalance loads. * Large Multi-valued Attribute Support When configured to use LMDB, OpenLDAP can handle multi-valued attributes with large numbers of values without any appreciable performance degradation. Searches, adds, deletes, and modifications of individual values happen faster than quicksilver through a goose. * LDAP Transaction Support When configured to use LMDB, multiple LDAP operations can be committed together in a single client-controlled transaction. If any of the operations fail, all of the other operations that are part of that transaction are rolled back. * New Replication Protocols OpenLDAP can now replicate entries from legacy LDAP directory servers including Microsoft Active Directory and Sun DSEE/Oracle DSEE. This makes retiring those systems simpler and easier. * Multi-Factor Authentication OpenLDAP now supports TOTP, HOTP and other modern multi-factor authentication methods. Many existing LDAP applications can use multi-factor authentication without modification. New Database Backends * Asynchronous Meta-directory OpenLDAP's standard meta-directory backend ties together search results from multiple remote LDAP servers, translates attribute names, and rewrites distinguished names but is limited to working with a relatively small number of remote servers. A new version of the meta-directory backend, async-meta, is able to efficiently handle connections to thousands of remote LDAP servers without suffering performance degradation. * Wiredtiger (Experimental) OpenLDAP can now use the Wiredtiger database to store its data. The Wiredtiger database software is available separately and its SDK must be available when OpenLDAP is compiled. New OpenLDAP Server Capabilities General * Additional LDAP Replication Protocols The replication consumer software has been enhanced to support multiple replication protocols. In addition to supporting the native Syncrepl/Delta Syncrepl protocols, it can also replicate entries from Microsoft Active Directory and DSEE/ODSEE. * Support for New LDAP Controls and Extended Operations To improve compatibility with applications designed for use with legacy LDAP servers, OpenLDAP 2.5 now supports many additional LDAP controls. See below for a complete list of new controls. * Dynamic Configuration Delete OpenLDAP 2.5 now allows dynamic configuration objects to be deleted. That makes it possible to delete overlays, databases, and other configuration-related items without restarting the LDAP server daemon. * Significant performance enhancements throughout the client and server code base Details New Overlays and Modules * autoca: An overlay to perform X.509 certificate authority functions via LDAP. Create a new CA, create or fetch a certificate/key pair with an LDAP search operation, and perform other CA functions with just an LDAP search operation. * homedir: perform complete home directory life cycle management, from creation, to archival, to deletion, completely automatically. Designed specifically for environments that use LDAP authentication and networked home directories, this overlay monitors a replication feed and performs actions based on changes to user and group entries. * otp: Have the LDAP directory server handle all the processing for time- and counter-based one-time passwords. Compatible with Google and other standards-based authenticator apps. * totp: A simpler password hashing module for time-based one-time passwords. * argon2: a new password hashing module using the Argon2 hash mechanism * adremap: remap attributes for PAM/NSS MS AD support * authzid: implements RFC 3829 support * datamorph: store enumerated values and fixed size integers * ppm: adds additional password checking critera to the slapo-ppolicy overlay * pw-radius: pass bind operations to the specified radius server(s) * rbac: accelerates the responses to ANSI INCITS 359 RBAC policy queries originating from Apache Fortress clients * remoteauth: Forward bind operations to one or more remote LDAP servers. Can optionally store the successfully-submitted password in the local database. * usn: adds MS AD usnCreated and usnChanged operational attributes to entries * variant: allows attributes/values to be shared between several entries * vc: implements the verify credentials extended operation Updates to Existing Backends * back-monitor is always statically built into slapd Updates to Existing Overlays The following updates have been made to existing overlays: * pcache: New control allows access to the cache DB, exop can remove data from the cache DB. Monitoring information for pcache is now available if back-monitor is enabled. * ppolicy: updated to comply with password policy draft 10 (draft-behera-ldap-password-policy-10) and to optionally return Netscape Password Expiring and Password Expired controls * dynlist: can now generate the (is)memberOf attribute dynamically and perform reverse lookups to find all groups a user belongs to. * unique: the unique overlay can now do db-wide locking to avoid potential race conditions New Libraries * libldif provides an LDIF parsing API Updates to Existing Libraries * libldap_r has been merged with libldap * libldap has TLS channel binding support * libldap has TLS public key pinning support * libldap has TLS SNI support * libldap has GSSAPI channel binding support New and Updated Clients and Tools * slapmodify: a tool for offline updates to cn=config New Supported LDAP Controls The following controls are now supported in OpenLDAP 2.5: Control Name OID Comments AUTHZID_REQUEST 2.16.840.1.113730.4.16 Authorization Identity Request Control (RFC 3829) AUTHZID_RESPONSE 2.16.840.1.113730.4.15 Authorization Identity Response Control (RFC 3829) LAZY_COMMIT 1.2.840.113556.1.4.619 MS AD Lazy Commit Control ACCOUNT_USABILITY 1.3.6.1.4.1.42.2.27.9.5.8 Netscape account usability control PASSWORD_EXPIRED 2.16.840.1.113730.3.4.4 Netscape Password expiring warning PASSWORD_EXPIRING 2.16.840.1.113730.3.4.5 Netscape Password expired warning TXN_SPEC 1.3.6.1.1.21.2 LDAP transaction specification control New Supported Extended Operations The following extended operations are now supported in OpenLDAP 2.5: Exop Name OID Comments TXN_START 1.3.6.1.1.21.1 Start LDAP transaction TXN_END 1.3.6.1.1.21.3 End LDAP Transaction TXN_ABORTED_NOTICE 1.3.6.1.1.21.4 Abort LDAP Transaction (notification) VERIFY_CREDENTIALS 1.3.6.1.4.1.4203.666.6.5 Verify user credentials ACKNOWLEDGEMENTS OpenLDAP Software is developed by the OpenLDAP Project. The Project consists of a team of volunteers who use the Internet to coordinate their activities. The Project is an organized activity of the OpenLDAP Foundation. OpenLDAP Software is derived from University of Michigan LDAP, release 3.3. AVAILABILITY This software is available under the OpenLDAP Public License, a non-restrictive, "free", open-source license. Download information is available at: https://www.OpenLDAP.org/software/download/ Binary distributions are available from a number of sources, including Symas and the Linux Toolbox (LTB) Project SUPPORT OpenLDAP Software is user supported: https://www.openldap.org/support/ In addition, commercial support is available from the vendors listed here: https://www.openldap.org/support/ The OpenLDAP Administrator's Guide, which includes quick-start instructions, is available at: https://www.openldap.org/doc/admin25/ In addition, there are also a number of discussion lists related to OpenLDAP Software. A list of mailing lists is available at: https://www.OpenLDAP.org/lists/ To report bugs, please use project's Issue Tracking System: https://bugs.openldap.org/ The OpenLDAP home page containing lots of interesting information and online documentation is available at this URL: https://www.OpenLDAP.org/ SUPPORTED PLATFORMS This release has been ported to many UNIX (and UNIX-like) platforms including Darwin, FreeBSD, Linux, NetBSD, OpenBSD and most commercial UNIX systems. The release has also been ported (in part or in whole) to other platforms including Apple MacOS X, IBM zOS, and Microsoft Windows NT/2000/etc. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Copyright 1999-2021 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distribute verbatim copies of this document is granted.

1 0

OpenLDAP 2.5.3beta available
by project＠openldap.org 31 Mar '21

31 Mar '21

OpenLDAP 2.5.3beta is now available for experimentation and testing. Significant contributors include: Howard Chu (Symas Corporation) Quanah Gibson-Mount (Symas Corporation) Ondřej Kuzník (Symas Corp) It can be downloaded from https://www.openldap.org/software/download/ or via one of our official mirrors. A list of ITSes resolved in this release can be found via https://bugs.openldap.org/buglist.cgi?bug_status=VERIFIED&list_id=1498&prod…

1 0

OpenLDAP 2.4.58 available, LMDB 0.9.29 available
by project＠openldap.org 16 Mar '21

16 Mar '21

OpenLDAP 2.4.58 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) OpenLDAP 2.4.58 Release (2021/03/16) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454) Fixed slapd to alloc new conn struct after freeing old one (ITS#9458) Fixed slapd syncrepl to check all contextCSNs (ITS#9282) Fixed slapd-bdb lockdetect config (ITS#9449) MD5(openldap-2.4.58.tgz)= c203d735ba69976e5b28dc39006f29b5 SHA1(openldap-2.4.58.tgz)= 875416827be3ad63f20004510a354db0aaceb2ed LMDB 0.9.29 Release (2021/03/16) ITS#9461 refix ITS#9376 ITS#9500 fix regression from ITS#8662

1 0

OpenLDAP 2.5.2beta available
by project＠openldap.org 26 Feb '21

26 Feb '21

OpenLDAP 2.5.2beta is now available for experimentation and testing. Significant contributors include: Howard Chu (Symas Corporation) Quanah Gibson-Mount (Symas Corporation) Ondřej Kuzník (Symas Corp) It can be downloaded from https://www.openldap.org/software/download/ or via one of our official mirrors.

1 0

LMDB 0.9.28 available
by project＠openldap.org 08 Feb '21

08 Feb '21

LMDB 0.9.28 Release (2021/02/04) ITS#8662 add -a append option to mdb_load

1 0

OpenLDAP 2.4.57 available
by project＠openldap.org 18 Jan '21

18 Jan '21

OpenLDAP 2.4.57 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) OpenLDAP 2.4.57 Release (2021/01/18) Fixed ldapexop to use correct return code (ITS#9417) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424) Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd modrdn memory leak (ITS#9420) Fixed slapd double-free in vrfilter (ITS#9408) Fixed slapd cancel operation to correctly terminate (ITS#9428) Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400) Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394) MD5(openldap-2.4.57.tgz)= e3349456c3a66e5e6155be7ddc3f042c SHA1(openldap-2.4.57.tgz)= 1cffa70a3ea8545948041fd113f8f53bc24d6d87

1 0

← Newer
1
2
3
4
5
6
7
...
14
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-announce