What's new in OpenLDAP 2.4.48
Jul 24, 2019
- Added libldap OpenSSL Elliptic Curve support (ITS#7595)
- Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
- Added slapd-monitor support for slapd-mdb (ITS#7770)
- Fixed liblber leaks (ITS#8727)
- Fixed liblber with partial flush (ITS#8864)
- Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
- Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
- Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
- Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
- Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
- Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
- Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
- Fixed libldap to correctly close TLS connection (ITS#8755)
- Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
- Fixed liblunicode case correspondance (ITS#8508)
- Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
- Fixed slapd config parser variable for Windows64 (ITS#9012)
- Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
- Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
- Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
- Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
- Fixed slapd to initialize SASL SSF per connection (ITS#9052)
- Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
- Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
- Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
- Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
- Fixed slapd-meta assertion when network interface goes down (ITS#8841)
- Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
- Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
- Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
- Fixed slapo-accesslog possible assert with exops (ITS#8971)
- Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
- Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
- Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
- Fixed slapo-memberof for group name change to itself (ITS#9000)
- Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
- Fixed slapo-rwm to not free original filter (ITS#8964)
- Fixed slapo-syncprov contextCSN generation (ITS#9015)
- Build Environment:
- Fixed slapd to only link to BDB libraries with static build (ITS#8948)
- Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
- Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
- Documentation:
- General - Fixed minor typos (ITS#8764, ITS#8761)
- admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
- slapd.access(5) - Note MDB is the primary backend (ITS#8881)
- slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
- slapd-ldap(5) - Document starttls parameter (ITS#8693)
- Contrib:
- Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
New in OpenLDAP 2.4.47 (Dec 22, 2018)
- Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
- Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
- Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752)
- Fixed libldap dn to domain parsing with bad input (ITS#8842)
- Fixed slapd slapcat to correctly honor -g option (ITS#8667)
- Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923)
- Fixed slapd to check status of rdnNormalize (ITS#8932)
- Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616)
- Fixed slapd sasl authz-policy "all" behavior (ITS#8909)
- Fixed slapd sasl minor typo (ITS#8918)
- Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912)
- Fixed slapd domainScope control to match Microsoft specification (ITS#8840)
- Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
- Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
- Fixed slapo-memberof cn=config modifications (ITS#8663)
- Fixed slapo-ppolicy with multimaster replication (ITS#8927)
- Fixed slapo-syncprov with NULL modlist (ITS#8843)
- Build Environment:
- Added slapd reproducible build support (ITS#8928)
- Fixed missing includes with OpenSSL 1.0.2 (ITS#8809)
- Contrib:
- Fixed slapo-pbkdf2 hash generation (ITS#8878)
- Documentation:
- admin24 fixed minor typo (ITS#8887)
New in OpenLDAP 2.4.46 (Mar 23, 2018)
- Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717)
- Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373)
- Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687)
- Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791)
- Fixed libldap MozNSS CA certificate hash matching (ITS#7374)
- Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389)
- Fixed libldap MozNSS initialization (ITS#8484)
- Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650)
- Fixed libldap memory leak with cancel operations (ITS#8782)
- Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705)
- Fixed slapd to maintain SSF across SASL binds (ITS#8796)
- Fixed slapd syncrepl deadlock when updating cookie (ITS#8752)
- Fixed slapd syncrepl callback to always be last in the stack (ITS#8752)
- Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778)
- Fixed slapd CSN queue processing (ITS#8801)
- Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720)
- Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520)
- Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226)
- Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404)
- Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692)
- Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752)
- Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100)
- Fixed slapo-syncprov memory leak with delete operations (ITS#8690)
- Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444)
- Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100)
- Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607)
- Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800)
- Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486)
- Build Environment:
- Fixed Windows build with newer MINGW version (ITS#8697)
- Fixed compiler warnings and removed unused variables (ITS#8578)
- Contrib:
- Fixed ldapc++ Control structure (ITS#8583)
- Documentation:
- Delete stub manpage for back-ldbm (ITS#8713)
- Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121)
- Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818)
- Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715)
- Fixed slapo-syncprov(5) indexing requirements (ITS#5048)
New in OpenLDAP 2.4.45 (Sep 4, 2017)
- Added slapd support for OpenSSL 1.1.0 series (ITS#8353, ITS#8533, ITS#8634)
- Fixed libldap to fail ldap_result if the handle is already bad (ITS#8585)
- Fixed libldap to expose error if user specified CA doesn't exist (ITS#8529)
- Fixed libldap handling of Diffie-Hellman parameters (ITS#7506)
- Fixed libldap GnuTLS use after free (ITS#8385)
- Fixed libldap SASL initialization (ITS#8648)
- Fixed slapd bconfig rDN escape handling (ITS#8574)
- Fixed slapd segfault with invalid hostname (ITS#8631)
- Fixed slapd sasl SEGV rebind in same session (ITS#8568)
- Fixed slapd syncrepl filter handling (ITS#8413)
- Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS#8432)
- Fixed slapd callback struct so older modules without writewait should function. Custom modules may need to be updated for sc_writewait callback (ITS#8435)
- Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS#8576)
- Fixed slapd-mdb so it passes ITS6794 regression test (ITS#6794)
- Fixed slapd-mdb double free with size zero paged result (ITS#8655)
- Fixed slapd-meta uninitialized diagnostic message (ITS#8442)
- Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS#8423)
- Fixed slapo-accesslog with multiple modifications to the same attribute (ITS#6545)
- Fixed slapo-relay to correctly initialize sc_writewait (ITS#8428)
- Fixed slapo-sssvlv double free (ITS#8592)
- Fixed slapo-unique with empty modifications (ITS#8266)
- Build Environment:
- Added test065 for proxyauthz (ITS#8571)
- Fix test008 to be portable (ITS#8414)
- Fix test064 to wait for slapd to start (ITS#8644)
- Fix its4336 regression test (ITS#8534)
- Fix its4337 regression test (ITS#8535)
- Fix regression tests to execute on all backends (ITS#8539)
- Contrib:
- Added slapo-autogroup(5) man page (ITS#8569)
- Added passwd missing conversion scripts for apr1 (ITS#6826)
- Fixed contrib modules where the writewait callback was not correctly initialized (ITS#8435)
- Fixed smbk5pwd to build with newer OpenSSL releases (ITS#8525)
- Documentation:
- admin24 fixed tls_cipher_suite bindconf option (ITS#8099)
- admin24 fixed typo cn=config to be slapd.d (ITS#8449)
- admin24 fixed slapo-syncprov information to be curent (ITS#8253)
- admin24 fixed typo in access control docs (ITS#7341, ITS#8391)
- admin24 fixed minor typo in tuning guide (ITS#8499)
- admin24 fixed information about the limits option (ITS#7700)
- admin24 fixed missing options for syncrepl configuration (ITS#7700)
- admin24 fixed accesslog documentation to note it should not be replicated (ITS#8344)
- Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS#7177)
- Fixed ldapsearch(1) information on the V[V] flag behavior (ITS#7177, ITS#6339)
- Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS#8538)
- Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS#8635)
- Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS#8123)
- Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS#8565)
- Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS#8613)
- Fixed slapo-syncprov(5) documentation to be current (ITS#8253)
- Fixed slapadd(8) manpage to note slapd-mdb (ITS#8215)
- Fixed various minor grammar issues in the man pages (ITS#8544)
- Fixed various typos (ITS#8587)
New in OpenLDAP 2.4.44 (Feb 6, 2016)
- Fixed slapd-bdb/hdb missing olcDbChecksum config attr (ITS#8337)
- Fixed slapd-mdb behavior with long lived read transactions (ITS#8226)
- Fixed slapd-mdb cleanup after failed transaction (ITS#8360)
- Fixed slapd-sql missing id_query/olcSqlIdQuery (ITS#8329)
- Fixed slapo-accesslog callback initialization (ITS#8351)
- Fixed slapo-ppolicy pwdMaxRecordedFailure must never be zero (ITS#8327)
- Fixed slapo-syncprov abandon processing (ITS#8354)
- Fixed slapo-syncprov ctxcsn snapshot on refresh (ITS#8281, ITS#8365)
- Documentation:
- admin24 Stop linking to Berkeley DB downloads (ITS#8362)
- admin24 Update documentation for LMDB preference
New in OpenLDAP 2.4.43 (Dec 2, 2015)
- Fixed liblber remove obsolete assert (ITS#8240, ITS#8301)
- Fixed libldap file URLs on windows (ITS#8273)
- Fixed libldap microsecond timer for windows (ITS#8295)
- Fixed slap tools minor one time memory leak (ITS#8082)
- Fixed slapd to avoid redundant processing of abandon ops (ITS#8232)
- Fixed slapd syncrepl segv when present list is NULL (ITS#8231, ITS#8042)
- Fixed slapd segfault with invalid SASL URI (ITS#8218)
- Fixed slapd configuration parser with unbalanced quotes (ITS#8233)
- Fixed slapd syncrepl check with config db on windows (ITS#8277)
- Fixed slapd with mod Increment and inherited attribute type (ITS#8289)
- Fixed slapd-ldap SEGV after failed retry (ITS#8173)
- Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS#8244)
- Fixed slapd-null to have an option to return a search entry (ITS#8249)
- Fixed slapd-relay to correctly handle quoted options (ITS#8284)
- Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS#8281)
- Fixed slapo-dds segfault when using slapo-memberof (ITS#8133)
- Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS#8185)
- Fixed slapo-ppolicy to release entry on failure (ITS#7537)
- Fixed slapo-ppolicy to fall back to default policy if there is a parsing error (ITS#8234)
- Fixed slapo-syncprov with interrupted refresh phase (ITS#8281)
- Fixed slapo-refint with subtree renames (ITS#8220)
- Fixed slapo-rwm missing olcDropUnrequested attribute (ITS#7889)
- Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS#7964)
- Build Environment
- Fixed ldif-filter option parsing (ITS#8292)
- Fixed slapd-tester EOL handling in test output for windows (ITS#8280)
- Fixed slapd-tester executable suffix for windows (ITS#8216)
- Fixed test061 timing issues (ITS#8297)
- Contrib
- Added libnettle support to pw-pbkdf2 (ITS#8198)
- Fixed smbk5pwd compiler warnings with libnettle (ITS#8235)
- Fixed passwd symbol collisions with other crypto libraries (ITS#8294)
- Documentation
- Updated guide to reflect changes to how TLS is handled with syncrepl (ITS#7897)
New in OpenLDAP 2.4.42 (Aug 16, 2015)
- Fixed liblber address length for CLDAP (ITS#8158)
- Fixed libldap dnssrv potential overflow with port number (ITS#7027,ITS#8195)
- Fixed slapd cn=config when updating olcAttributeTypes (ITS#8199)
- Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS#8203)
- Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS#8184)
- Fixed slapo-rwm crash when deleting rewrite rules (ITS#8213)
- Fixed libdb detection with gcc 5.x (ITS#8056)
New in OpenLDAP 2.4.40 (Oct 7, 2014)
- Fixed libldap DNS SRV priority handling (ITS#7027)
- Fixed libldap don't leak libldap err codes (ITS#7676)
- Fixed libldap CR/LF handling (ITS#4635)
- Fixed libldap ldif-wrap length (ITS#7871)
- Fixed libldap GnuTLS ciphersuite parsing (ITS#7500)
- Fixed libldap GnuTLS with newer versions (ITS#7430,ITS#6359)
- Fixed libldif to correctly handle 4096 character lines (ITS#7859)
- Fixed librewrite reference counting (ITS#7723)
- Fixed slapacl with back-mdb reader transactions (ITS#7920)
- Fixed slapd syncrepl to send cookie on fallback (ITS#7849)
- Fixed slapd syncrepl SEGV when abandoning a connection (ITS#7928)
- Fixed slapd slapcat with external schema (ITS#7895)
- Fixed slapd schema RDN normalization (ITS#7935)
- Fixed slapd with repeated language tags (ITS#7941)
- Fixed slapd modrdn crash on naming attr with no matching rule (ITS#7850)
- Fixed slapd memory leak in control handling (ITS#7942)
- Fixed slapd-ldap removed dead code (ITS#7922)
- Fixed slapd-mdb to work concurrently with slapadd (ITS#7798)
- Fixed slapd-mdb with paged results (ITS#7705, ITS#7800)
- Fixed slapd-mdb slapcat with nonexistent indices (ITS#7870)
- Fixed slapd-mdb long lived reader transactions (ITS#7904)
- Fixed slapd-mdb memory leak on matchedDN (ITS#7872)
- Fixed slapd-mdb sorting of attribute values (ITS#7902)
- Fixed slapd-mdb to flag attribute values as sorted (ITS#7903)
- Fixed slapd-mdb index config handling (ITS#7912)
- Fixed slapd-mdb entry release handling (ITS#7915)
- Fixed slapd-mdb with aliases and referrals (ITS#7927)
- Fixed slapd-mdb alias dereferencing (ITS#7702)
- Fixed slapd-sock socket flushing (ITS#7937)
- Fixed slapo-accesslog attribute normalization (ITS#7934)
- Fixed slapo-accesslog internal search logging (ITS#7929)
- Fixed slapo-auditlog connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-chain interaction with slapo-rwm (ITS#7930)
- Fixed slapo-constraint connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-dds connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-dyngroup connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-memberof attr count (ITS#7893)
- Fixed slapo-memberof frontendDB handling (ITS#7249)
- Fixed slapo-memberof internal search logging (ITS#7929)
- Fixed slapo-pcache config processing (ITS#7919)
- Fixed slapo-pcache connection destroy logic (ITS#7906,ITS#7923)
- Added slapo-ppolicy ORDERING rules (ITS#7838)
- Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS#7161)
- Fixed slapo-ppolicy connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-refint to check for pauses in cn=config (ITS#7873)
- Fixed slapo-refint internal search logging (ITS#7929)
- Fixed slapo-refint connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-seqmod connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-slapover connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapo-sock db_init (ITS#7868)
- Fixed slapo-sssvlv fix olcSssVlvMaxPerConn (ITS#7908)
- Fixed slapo-translucent double free (ITS#7587)
- Fixed slapo-translucent to work with manageDSAit (ITS#7864)
- Fixed slapo-translucent to use local backend with local entries (ITS#7915)
- Fixed slapo-unique connection destroy logic (ITS#7906,ITS#7923)
- Fixed slapcacl with invalid suffix (ITS#7827)
- Build Environment:
- Remove support for gcrypt (ITS#7877)
- BDB 6.0.20 and later is not supported (ITS#7890)
- Fixed ODBC link check (ITS#7891)
- Fixed slapd.ldif frontend config (ITS#7933)
- Contrib:
- Added pbkdf2 module (ITS#7742)
- Fixed autogroup double free (ITS#7831)
- Fixed autogroup modification callback responses (ITS#6970)
- Fixed ldapc++ memory leak in Async connection (ITS#7806)
- Fixed nssov install path (ITS#7858)
- Fixed passwd rpath (ITS#7885)
- Fixed apr1 do_phk_hash argument order (ITS#7869)
- Fixed slapd-sha2 buffer overrun (ITS#7851)
- Documentation:
- Fixed slapd.ldif man page reference (ITS#7803)
- Fixed slapd.conf(5) man page to reference exattrs (ITS#7847)
- Fixed guide to work with mkrelease (ITS#7887)
- Fixed ldap_get_dn(3) ldap_ava definition (ITS#7860)
New in OpenLDAP 2.4.39 (Jan 28, 2014)
- Fixed libldap MozNSS crash (ITS#7783)
- Fixed libldap memory leak with SASL (ITS#7757)
- Fixed libldap assert in parse_passwdpolicy_control (ITS#7759)
- Fixed libldap shortcut NULL RDNs (ITS#7762)
- Fixed libldap deref to use correct control
- Fixed liblmdb keysizes with mdb_update_key (ITS#7756)
- Fixed slapd cn=config olcDbConfig modification (ITS#7750)
- Fixed slapd-bdb/hdb to bail out of search if config is paused (ITS#7761)
- Fixed slapd-bdb/hdb indexing issue with derived attributes (ITS#7778)
- Fixed slapd-mdb to bail out of search if config is paused (ITS#7761)
- Fixed slapd-mdb indexing issue with derived attributes (ITS#7778)
- Fixed slapd-perl to bail out of search if config is paused (ITS#7761)
- Fixed slapd-sql to bail out of search if config is paused (ITS#7761)
- Fixed slapo-constraint handling of softadd/softdel (ITS#7773)
- Fixed slapo-syncprov assert with findbase (ITS#7749)
- Build Environment:
- Test suite: Use $(MAKE) for tests (ITS#7753)
- Documentation:
- admin24 fix TLSDHParamFile to be correct (ITS#7684)
New in OpenLDAP 2.4.38 (Nov 18, 2013)
- Fixed liblmdb nordahead flag (ITS#7734)
- Fixed liblmdb to check cursor index before cursor_del (ITS#7733)
- Fixed liblmdb wasted space on split (ITS#7589)
- Fixed slapd for certs with a NULL issuerDN (ITS#7746)
- Fixed slapd cn=config with empty nested includes (ITS#7739)
- Fixed slapd syncrepl memory leak with delta-sync MMR (ITS#7735)
- Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741)
- Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743)
- Fixed slapd-mdb to stop processing on dn not found (ITS#7741)
- Fixed slapd-mdb dangling reader (ITS#7662)
- Fixed slapd-mdb matching rule for OlcDbEnvFlags (ITS#7737)
- Fixed slapd-mdb with indexed ANDed filters (ITS#7743)
- Fixed slapd-meta from blocking other threads (ITS#7740)
- Fixed slapo-syncprov assert with findbase (ITS#7749)
New in OpenLDAP 2.4.37 (Oct 28, 2013)
- Added liblmdb nordahead environment flag (ITS#7725)
- Fixed client tools CLDAP with IPv6 (ITS#7695)
- Fixed libldap CLDAP with IPv6 (ITS#7695)
- Fixed libldap lock ordering with abandon op (ITS#7712)
- Fixed liblmdb segfault with mdb_cursor_del (ITS#7718)
- Fixed liblmdb when converting to writemap (ITS#7715)
- Fixed liblmdb assert on MDB_NEXT with delete (ITS#7722)
- Fixed liblmdb wasted space on split (ITS#7589)
- Fixed slapd cn=config with olcTLSProtocolMin (ITS#7685)
- Fixed slapd-bdb/hdb optimize index updates (ITS#7329)
- Fixed slapd-ldap chaining with cn=config (ITS#7381, ITS#7434)
- Fixed slapd-ldap chaning with controls (ITS#7687)
- Fixed slapd-mdb optimize index updates (ITS#7329)
- Fixed slapd-meta chaining with cn=config (ITS#7381, ITS#7434)
- Fixed slapo-constraint to no-op on nonexistent entries (ITS#7692)
- Fixed slapo-dds assert on startup (ITS#7699)
- Fixed slapo-memberof to not replicate internal ops (ITS#7710)
- Fixed slapo-refint to not replicate internal ops (ITS#7710)
- Build Environment:
- Fixed slapd-mdb ptr arithmetic on void *s (ITS#7720)
- Documentation:
- ldapsearch(1) minor typo fix (ITS#7680)
- slapd-passwd(5) minor typo fix (ITS#7680)
New in OpenLDAP 2.4.36 (Aug 19, 2013)
- Added back-meta target filter patterns (ITS#7609)
- Added liblmdb mdb_txn_env to API (ITS#7660)
- Fixed libldap CLDAP with uninit'd memory (ITS#7582)
- Fixed libldap with UDP (ITS#7583)
- Fixed libldap OpenSSL TLS versions (ITS#7645)
- Fixed liblmdb MDB_PREV behavior (ITS#7556)
- Fixed liblmdb transaction issues (ITS#7515)
- Fixed liblmdb mdb_drop overflow page return (ITS#7561)
- Fixed liblmdb nested split (ITS#7592)
- Fixed liblmdb overflow page behavior (ITS#7620)
- Fixed liblmdb race condition with read and write txns (ITS#7635)
- Fixed liblmdb mdb_del behavior with MDB_DUPSORT and mdb_del (ITS#7658)
- Fixed slapd cn=config with unknown schema elements (ITS#7608)
- Fixed slapd cn=config with loglevel 0 (ITS#7611)
- Fixed slapd slapi filterlist free behavior (ITS#7636)
- Fixed slapd slapi control free behavior (ITS#7641)
- Fixed slapd schema countryString as directoryString (ITS#7659)
- Fixed slapd schema telephoneNumber as directoryString (ITS#7659)
- Fixed slapd-bdb/hdb to wait for read locks in tool mode (ITS#6365)
- Fixed slapd-mdb behavior with alias dereferencing (ITS#7577)
- Fixed slapd-mdb modrdn and base-scoped searches (ITS#7604)
- Fixed slapd-mdb refcount behavior (ITS#7628)
- Fixed slapd-meta binding flag is set (ITS#7524)
- Fixed slapd-meta with minimal config (ITS#7581)
- Fixed slapd-meta missing results messages (ITS#7591)
- Added slapd-meta TCP keepalive support (ITS#7513)
- Fixed slapo-sssvlv double free (ITS#7588)
- Fixed slaptest to list -Q option (ITS#7568)
- Build Environment:
- Fixed slapd-meta declaration warnings (ITS#7654)
- Contrib:
- Fixed nssov group enumeration bug (ITS#7569)
- Fixed autogroup when URI has no attrs (ITS#7580)
- Documentation:
- admin24 Update database backend notes (ITS#7590)
- ldap.conf(5) fixed typos (ITS#7568)
- ldapmodify(1) remove replog reference (ITS#7562)
- ldif(5) remove replog reference (ITS#7562)
- slapd-config(5) remove replog reference (ITS#7562)
- slapd.conf(5) remove replog reference (ITS#7562)
- slapd-config(5) document TLSProtocolMin (ITS#5655,ITS#7645)
- slapd.conf(5) document TLSProtocolMin (ITS#5655,ITS#7645)
New in OpenLDAP 2.4.34 (Mar 4, 2013)
- Fixed libldap connections with EINTR (ITS#7476)
- Fixed libldap lineno overflow in ldif_read_record (ITS#7497)
- Fixed liblmdb mdb_env_open flag handling (ITS#7453)
- Fixed liblmdb mdb_midl_sort array optimization (ITS#7432)
- Fixed liblmdb freelist with large entries (ITS#7455)
- Fixed liblmdb to check for filled dirty page list (ITS#7491)
- Fixed liblmdb to validate data limits (ITS#7485)
- Fixed liblmdb mdb_update_key for large keys (ITS#7505)
- Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477)
- Fixed slapd syncrepl for old entries in MMR setup (ITS#7427)
- Fixed slapd signedness for index_substr_any_* (ITS#7449)
- Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450)
- Fixed slapd mutex in send_ldap_ber (ITS#6164)
- Added slapd-ldap onerr option (ITS#7492)
- Added slapd-ldap keepalive support (ITS#7501)
- Fixed slapd-ldif with empty dir (ITS#7451)
- Fixed slapd-mdb to reopen attr DBs after env reopen (ITS#7416)
- Fixed slapd-mdb handling of missing entries (ITS#7483,7496)
- Fixed slapd-mdb environment flag setting (ITS#7452)
- Fixed slapd-mdb with sub db slapcat (ITS#7469)
- Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS#7488,ITS#7527)
- Fixed slapd-mdb subtree search speed (ITS#7473)
- Fixed slapd-meta conversion to cn=config (ITS#7525)
- Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526)
- Fixed slapd-sql back-config support (ITS#7499)
- Fixed slapo-constraint handle uri and restrict correctly (ITS#7418)
- Fixed slapo-constraint with multi-master replication (ITS#7426)
- Fixed slapo-constraint segfault (ITS#7431)
- Fixed slapo-deref control initialization (ITS#7436)
- Fixed slapo-deref control exposure (ITS#7445)
- Fixed slapo-memberof with internal ops (ITS#7487)
- Fixed slapo-pcache matching rules for config db (ITS#7459)
- Fixed slapo-rwm modrdn cleanup (ITS#7414)
- Fixed slapo-sssvlv maxperconn parameter (ITS#7484)
- Build Environment:
- Fixed slapo-constraint test suite (ITS#7423)
- Contrib:
- Added nssov nssov_config support (ITS#7518)
- Added nssov password_prohibit_message (ITS#7518)
- Fixed ldapc++ with gcc-4.7 (ITS#7281,ITS#7304)
- Fixed nssov olcNssPamSession handling (ITS#7481)
- Fixed nssov connection DN (ITS#7518)
- Add missing Makefile for various modules (ITS#7308)
- Unify Makefile structure for modules (ITS#7309)
- Fixed slapo-allowed attribute replication (ITS#7493)
- Fixed slapo-passwd SHA2 to correctly zero buffer (ITS#7490)
- Documentation:
- ldapurl(1) fix example usage (ITS#7454)
- ldap_get_option(3) fixed trailing whitespace (ITS#7411)
- slapd-config(5) olcExtraAttrs is per db (ITS#7421)
- slapd-overlays(5) update manpage index (ITS#7489)
- slapo-dynlist(5) Search behavior notes (ITS#7486)
- slapo-valsort(5) Document valsort control syntax (ITS#7523)
New in OpenLDAP 2.4.33 (Oct 10, 2012)
- Added slapd-meta cn=config support
- Fixed libldap MozNSS slot picking (ITS#7359)
- Fixed libldap MozNSS with tokenname:certnickname format (ITS#7360)
- Fixed libmdb POSIX semaphore cleanup on environment close (ITS#7364)
- Fixed libmdb mdb_page_split (ITS#7385, ITS#7229)
- Fixed slapd alock handling on Windows (ITS#7361)
- Fixed slapd acl handling with zero-length values (ITS#7350)
- Fixed slapd syncprov to not reference ops inside a lock (ITS#7172)
- Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354)
- Fixed slapd slapd_rw_destroy function (ITS#7390)
- Fixed slapd-ldap idassert bind handling (ITS#7403)
- Fixed slapd-mdb slapadd -q -w double free (ITS#7356)
- Fixed slapd-mdb to close read txn in reindex commit (ITS#7386)
- Fixed slapo-constraint with multiple modifications (ITS#7168)
- Build Environment:
- Fixed build with Visual Studio (ITS#7358)
- Fixed libmdb posix semaphore use on BSD system (ITS#7363)
- Add slapo-constraint test suite (ITS#7344, ITS#7366)
- Contrib:
- Updated radius passwd module for NAS-Identifier (ITS#7357)
- Documentation:
- slapo-refint(5) Note that refint is not replicated (ITS#7405)
New in OpenLDAP 2.4.31 (Apr 24, 2012)
- Added slapo-accesslog support for reqEntryUUID (ITS#6656)
- Fixed libldap IPv6 URL detection (ITS#7194)
- Fixed libldap rebinding on failed connection (ITS#7207)
- Fixed libmdb alignment of MDB_db members (ITS#7191)
- Fixed libmdb branch page merging on deletes (ITS#7190)
- Fixed libmdb page split with MDB_APPEND (ITS#7213)
- Fixed libmdb free page usage with entry deletion (ITS#7210)
- Fixed libmdb to use IOV_MAX if it is defined and small (ITS#7196)
- Fixed libmdb key alignment (ITS#7219)
- Fixed libmdb mdb_page_split (ITS#7229)
- Fixed libmdb with zero length IDLs (ITS#7230)
- Fixed slapd listener initialization (ITS#7233)
- Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197)
- Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195)
- Fixed slapd to reject MMR setups with bad serverID setting (ITS#7200)
- Fixed slapd approxIndexer key generation (ITS#7203)
- Fixed slapd modification of olcSuffix (ITS#7205)
- Fixed slapd schema validation with missing definitions (ITS#7224)
- Fixed slapd syncrepl -c with supplied CSN values (ITS#7245)
- Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231)
- Fixed slapd-perl modify with binary values (ITS#7149)
- Fixed slapd-shell cn=config support (ITS#7201)
- Fixed slapd-shell modify with binary values (ITS#7149)
- Fixed slapo-accesslog deadlock with non-logged write ops (ITS#7088)
- Fixed slapo-syncprov sessionlog check (ITS#7218)
- Fixed slapo-syncprov entry leak (ITS#7234)
- Fixed slapo-syncprov startup initialization (ITS#7235)
- Build Environment:
- Fixed test022 to check ldapsearch results (ITS#7228)
- Fixed test044 when back-monitor is disabled (ITS#7204)
- Documentation:
- Fixed slapschema(8) formatting (ITS#7188)
- Fixed limdb functionality documentation (ITS#7238)
- Fixed ldap_get_option(3) note inheritance behavior (ITS#7240)
New in OpenLDAP 2.4.28 (Dec 20, 2011)
- Fixed back-mdb out of order slapadd
New in OpenLDAP 2.4.26 (Jul 1, 2011)
- Added libldap LDAP_OPT_X_TLS_PACKAGE (ITS#6969)
- Fixed libldap MozNSS with CACertDir (ITS#6975)
- Fixed libldap MozNSS with PR_SetEnv (ITS#6862)
- Fixed libldap descriptor leak (ITS#6929)
- Fixed libldap socket leak (ITS#6930)
- Fixed libldap get option crash (ITS#6931)
- Fixed libldap lockup (ITS#6898)
- Fixed libldap ASYNC TLS setup (ITS#6828)
- Fixed libldap with missing \n terminations (ITS#6947)
- Fixed tools double free (ITS#6946)
- Fixed tools verbose output (ITS#6977)
- Fixed ldapmodify SEGV on invalid LDIF (ITS#6978)
- Added slapd extra_attrs database option (ITS#6513)
- Fixed slapd asserts (ITS#6932)
- Fixed slapd configfile param on windows (ITS#6933)
- Fixed slapd config with global chaining (ITS#6843)
- Fixed slapd uninitialized variables (ITS#6935)
- Fixed slapd config objectclass is readonly (ITS#6963)
- Fixed slapd entry response with control (ITS#6899)
- Fixed slapd with unknown attrs (ITS#6819)
- Fixed slapd normalization of schema RDN (ITS#6967)
- Fixed slapd operations cache to 10 op limit (ITS#6944)
- Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
- Fixed slapd-bdb/hdb with sparse index ranges (ITS#6961)
- Fixed slapd-monitor stray code cleanup (ITS#6974)
- Fixed back-ldap ppolicy updates (ITS#6711)
- Fixed back-ldap with id-assert (ITS#6817)
- Fixed slapd-meta reentry issues (ITS#6909)
- Fixed slapd-sql length of data type (ITS#6657,ITS#6691)
- Added slapo-accesslog filter matching (ITS#6815)
- Fixed slapo-accesslog with invalid attrs (ITS#6819)
- Added slapo-auditlog connID and peername logging (ITS#6936)
- Fixed slapo-memberof with accesslog (ITS#6329,ITS#6766,ITS#6915)
- Fixed slapo-pcache with unknown attrs (ITS#6823)
- Fixed slapo-pcache with '1.1', '+', and '*' attrs (ITS#6950)
- Fixed slapo-pcache buffersize issues (ITS#6951)
- Fixed slapo-pcache refresh (ITS#6953)
- Fixed slapo-pcache with pCacheBind (ITS#6954)
- Fixed slapo-pcache database corruption (ITS#6831)
- Fixed slapo-rwm with attributes with no equality rule (ITS#6943)
- Fixed slapo-sssvlv limits check when global (ITS#6973)
- Fixed slapo-syncprov with replicated subtrees (ITS#6872)
- Fixed slapo-unique with managedsait (ITS#6641)
- Fixed slapo-unique filter with zero-length values (ITS#6901)
- Added contrib/acl GSS naming extensions ACL module
- Fixed contrib/smbk5pwd with shadowLastChange (ITS#6955)
- Build Environment
- Fixed builds that do not have GETTIMEOFDAY (ITS#6885)
- Fixed libldap libfetch dependancy (ITS#6889)
- Documentation
- ldap_get_dn(3) add man page (ITS#6959)
- slapo-nssov(5) Fixed typo (ITS#6934)
- slapd-backends(5) update recommended database backend (ITS#6904)
- slapd-bdb(5) update recommended database backend (ITS#6904)
- slapd-hdb(5) update recommended database backend (ITS#6904)
- admin24 update that cn=config is preferred (ITS#6905)
- admin24 update information about indexes (ITS#6906)
- admin24 fix --enable-wrappers option (ITS#6971)
New in OpenLDAP 2.4.23 (Jun 30, 2010)
- Fixed libldap to return server's error code (ITS#6569)
- Fixed libldap memleaks (ITS#6568)
- Fixed liblutil off-by-one with delta (ITS#6541)
- Fixed slapd acls with glued databases (ITS#6468)
- Fixed slapd syncrepl rid logging (ITS#6533)
- Fixed slapd modrdn handling of invalid values (ITS#6570)
- Fixed slapd-bdb hasSubordinates computation (ITS#6549)
- Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
- Fixed slapd-bdb entry cache delete failure (ITS#6577)
- Fixed slapd-ldap to return control responses (ITS#6530)
- Fixed slapo-ppolicy to use Debug (ITS#6566)
- Fixed slapo-refint to zero out freed DN vals (ITS#6572)
- Fixed slapo-rwm to use Debug (ITS#6566)
- Fixed slapo-sssvlv to use Debug (ITS#6566)
- Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
- Fixed slapo-valsort to use Debug (ITS#6566)
- Fixed contrib/nssov network.c missing patch (ITS#6562)
- Build Environment:
- Fixed test043 attribute sorting (ITS#6553)
- Documentation:
- slapd-config(5) note default rootdn (ITS#6546)
New in OpenLDAP 2.4.19 (Oct 6, 2009)
- Minor bugs in the command line tools were fixed.
- There were also several more significant fixes and enhancements.
New in OpenLDAP 2.4.14 (Feb 14, 2009)
- Many minor bugfixes, some minor enhancements, and many documentation updates.
- Support for GnuTLS was improved, bugs in connection close handling were fixed, some replication bugs were fixed, and some new features were added.
New in OpenLDAP 2.4.13 (Nov 25, 2008)
- Many fixes and enhancements to the libraries, server, modules, and documentation.
New in OpenLDAP 2.4.12 (Oct 14, 2008)
- Various fixes to the code and documentation, plus a few new features such as support for BerkeleyDB 4.7, native support for MySQL NDB, etc.