openldap-announce

openldap-announce@openldap.org

136 discussions

OpenLDAP 2.4.55 available, LMDB 0.9.27 available
by project＠openldap.org 26 Oct '20

26 Oct '20

OpenLDAP 2.4.55 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) OpenLDAP 2.4.55 Release (2020/10/26) Fixed slapd normalization handling with modrdn (ITS#9370) Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) Contrib Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) MD5(openldap-2.4.55.tgz)= 333a75f42e55b907543fa3a46a620eab SHA1(openldap-2.4.55.tgz)= 03f67a56b8760abe0d5fdfa06e93542a3f4b8ef4 LMDB 0.9.27 Release (2020/10/26) ITS#9376 fix repeated DUPSORT cursor deletes

1 0

OpenLDAP 2.4.54 available
by project＠openldap.org 12 Oct '20

12 Oct '20

OpenLDAP 2.4.54 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015) MD5(openldap-2.4.54.tgz)= dee0ad4683e56a57d9a11a391f6be428 SHA1(openldap-2.4.54.tgz)= e82d321ac3df5ffb6790c22322471e2fae3d1546

1 0

OpenLDAP 2.4.53 available
by project＠openldap.org 07 Sep '20

07 Sep '20

OpenLDAP 2.4.53 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) OpenLDAP 2.4.53 (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) Build Require OpenSSL 1.0.2 or later (ITS#9323) Fixed libldap compilation issue with broken C compilers (ITS#9332) MD5(openldap-2.4.53.tgz)= ac589e3691d52872e32c569c5e05cece SHA1(openldap-2.4.53.tgz)= 9a03db5cc02fd8b0afc5bf11fb10f7cd5260bcf0

1 0

OpenLDAP 2.4.52 available
by project＠openldap.org 28 Aug '20

28 Aug '20

OpenLDAP 2.4.52 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) OpenLDAP 2.4.52 (2020/08/28) Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) Fixed librewrite malloc/free corruption (ITS#9249) Fixed libldap hang when using UDP and server down (ITS#9328) Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) Fixed slapd-mdb index error with collapsed range (ITS#9135) MD5(openldap-2.4.52.tgz)= d5e6824c58a050a6e43f53c2aa0ca677 SHA1(openldap-2.4.52.tgz)= c65ebaf9f3f874295b72f19a5de9b74ff0ade4ec

1 0

Red Hat Enterprise Linux 8 libldap considered Harmful
by project＠openldap.org 20 Aug '20

20 Aug '20

Red Hat recently patched the libldap in Enterprise Linux 8 to "support" RFC 6125 in direct violation of the recommendations in section 1.4 of that RFC. Due to the significant issues with RFC 6125 (https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/t…), we consider these changes harmful. It is advised to avoid use of the OpenLDAP libraries as provided by Red Hat Enterprise Linux 8 and its derivatives.

1 0

RFC6125 considered Harmful
by project＠openldap.org 20 Aug '20

20 Aug '20

Hello OpenLDAP community, There have been a number of inquiries recently in regards to RFC 6125 and its support in OpenLDAP. After reviewing the contents of RFC 6125, we felt it important to publicly address the OpenLDAP project's stance on this RFC. RFC 6125 specifically states it does not supersede existing RFCs. Certificate handling for the LDAP protocol is defined in RFC4513, thus the procedures defined in RFC 6125 do not apply to the LDAP protocol. Additionally, RFC 6125 explicitly excludes the LDAP protocol from consideration in Section 1.4 and Appendix B.3. Even without the specific exclusions for the LDAP protocol, the OpenLDAP project considers the general concepts in RFC 6125 as harmful. It redefines the purpose of subjectAlternativeName from being an alternative to the commonName to being the only allowable source for consideration unless it is not present in the certificate. This breaks standard practice for commonName going back to at least 1998. Additionally it breaks standard wildcard certs as issued from various Certificate Authorities as the long standing behavior has been to use a commonName=*.example.com, which is not allowed with RFC 6125. The Subject Naming discussion in Section 2.3 and 2.3.1 is also problematic. Rather than clarify the confusion around Distinguished Names, it just muddles things even further. This is a simple concept and there's no good reason to perpetuate the confusion: DNs are hierarchical names, just like DNS names are hierarchical names. A fully qualified name is an ordered concatenation of names from a root of a naming hierarchy to its leaves. In DNS the root is "." and the names are written in leaf-to-root order, thus: com example.com www.example.com LDAP software has adopted this same leaf-to-root order for its string representation of DNs, thus: dc=com dc=example,dc=com dc=www,dc=example,dc=com Although older X.500 software tended to use a root-to-leaf ordering, just like filesystems use, and older X.509 certificate tools used this as well: /dc=com /dc=com/dc=example /dc=com/dc=example/dc=www This is still the exact same DN, just using a different convention for string representation. Ignoring the fact that DNs are hierarchical, and noting that a CN appearing anywhere in the DN can be used to check a service name, flies in the face of over 30 years of practice. In summary, RFC 6125 breaks long-established practices for weakly supported reasons and fails to enhance understanding of the subject.

1 0

OpenLDAP 2.4.51 available, LMDB 0.9.26 available
by project＠openldap.org 11 Aug '20

11 Aug '20

OpenLDAP 2.4.51 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) Ryan Tandy OpenLDAP 2.4.51 Release (2020/08/11) Added slapo-ppolicy implement Netscape password policy controls (ITS#9279) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287) Fixed slapd to enforce singular existence of some overlays (ITS#9309) Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227) Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282) Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295) Fixed slapd-perl dynamic config with threaded slapd (ITS#7573) Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302) Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309) Fixed slapo-chain to check referral (ITS#9262) Build Environment Fix test064 so it no longer uses bashisms (ITS#9263) Contrib Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248) slapo-allowed - Fix usage of unitialized variable (ITS#9308) Documentation ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271) MD5(openldap-2.4.51.tgz)= 0d2025896cf1c17af7304ecc57ec9531 SHA1(openldap-2.4.51.tgz)= 4fe7f0e5766d0d9a5431871b581938c05b4eb873 LMDB 0.9.26 Release (2020/08/11) ITS#9278 fix robust mutex cleanup for FreeBSD

1 0

OpenLDAP 2.4.50 available
by project＠openldap.org 28 Apr '20

28 Apr '20

OpenLDAP 2.4.50 is now available for download as detailed on our download page: https://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. This release contains a security fix for a potential DoS attack (ITS#9202), reported by the Samba Team and filed as CVE-2020-10704. Further OpenLDAP specific CVE filed by Debian as CVE-2020-12243. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) Ryan Tandy OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230) MD5(openldap-2.4.50.tgz)= f9ed44ef373abed04c9e4c8586260f9e SHA1(openldap-2.4.50.tgz)= 82f576e0d0d334e9e798d9de8936683546247bb9

1 0

OpenLDAP infrastructure updates
by OpenLDAP project 05 Mar '20

05 Mar '20

On March 12, 2020 the infrastructure for the OpenLDAP project will be undergoing a long needed set of upgrades. In particular, the following changes will be made: * The Jitterbugs based issue tracker will be replaced with Bugzilla. All existing issues will be migrated into Bugzilla. * The list server will be upgraded from mailman2 to mailman3 * The git repository will be moved to a gitlab instance It is expected that this maintenance will last several hours and most project services will be unavailable during that time. A further email will be sent once the migration is complete. Once the migration is complete the method for accessing some resources will change: * The new bugzilla tracking system will require a login to file bugs. Individuals who have submitted bugs in the past will already have an account created for them, but will need to request a password reset or use the Github authentication method (as long as Github has the account email address) * The updated mailman3 instance also will require a login for list management. You will need to confirm your email in mailman before being able to log in (either directly or via GitHub). Additionally, several services will be read-only snapshots after the migration: * Existing mailing list archives (from mailmain2) will be retained at their current location, but new emails will be archived in the mailman3 archive site only. * The FAQ site, which will be removed after useful content is migrated to a new platform (yet to be decided) * The FTP site will be only used for tarball distribution of new releases. New patch submissions should be done either via gitlab (preferred) or as attachments in bugzilla.

1 0

OpenLDAP 2.4.49 available, LMDB 0.9.25 available
by OpenLDAP project 30 Jan '20

30 Jan '20

OpenLDAP 2.4.49 is now available for download as detailed on our download page: http://www.openldap.org/software/download/ and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade. Significant contributors are: Howard Chu (Symas Corp) Quanah Gibson-Mount (Symas Corp) Ondřej Kuzník (Symas Corp) Ryan Tandy OpenLDAP 2.4.49 Release (2020/01/30) Added slapd-monitor database entry count for slapd-mdb (ITS#9154) Fixed client tools to not add controls on cancel/abandon (ITS#9145) Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116) Fixed libldap to correctly free sb (ITS#9081, ITS#8755) Fixed libldap descriptor leak if ldaps fails (ITS#9147) Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069) Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067) Fixed slapd to relax domainScope control check (ITS#9100) Fixed slapd to have cleaner error handling during connection setup (ITS#9112) Fixed slapd data check when processing cancel exop (ITS#9124) Fixed slapd attribute description processing (ITS#9128) Fixed slapd-ldap to set oldctrls correctly (ITS#9076) Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657) Fixed slapd-mdb missing final commit with slapindex (ITS#9095) Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091) Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150) Fixed slapd-monitor global operation counter reporting (ITS#9119) Fixed slapo-ppolicy when used with slapauth (ITS#8629) Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126) Fixed slapo-syncprov fix sessionlog init (ITS#9146) Fixed slapo-unique loop termination (ITS#9077) Build Environment Fix mkdep to honor TMPDIR if set (ITS#9062) Remove ICU library detection (ITS#9144) Update config.guess and config.sub to support newer architectures (ITS#7855) Disable ITS8521 regression test as it is no longer valid (ITS#9015) Documentation admin24 - Fix inconsistent whitespace in replication section (ITS#9153) slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063) slapd-ldap(5) - Document "tls none" option (ITS#9071) slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065) MD5(openldap-2.4.49.tgz)= 2a47a6bb4319357ea7b032c45283e79e SHA1(openldap-2.4.49.tgz)= f0caeca122e6f90e6ac5cc8ba36fe9cec13826da LMDB 0.9.25 Release (2020/01/30) ITS#9068 fix mdb_dump/load backslashes in printable content ITS#9118 add MAP_NOSYNC for FreeBSD ITS#9155 free mt_spill_pgs in non-nested txn on end

1 0

← Newer
1
2
3
4
5
6
7
8
...
14
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-announce