OpenLDAP Changelog

What's new in OpenLDAP 2.4.48

Jul 24, 2019
  • Added libldap OpenSSL Elliptic Curve support (ITS#7595)
  • Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
  • Added slapd-monitor support for slapd-mdb (ITS#7770)
  • Fixed liblber leaks (ITS#8727)
  • Fixed liblber with partial flush (ITS#8864)
  • Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
  • Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
  • Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
  • Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
  • Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
  • Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
  • Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
  • Fixed libldap to correctly close TLS connection (ITS#8755)
  • Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
  • Fixed liblunicode case correspondance (ITS#8508)
  • Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
  • Fixed slapd config parser variable for Windows64 (ITS#9012)
  • Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
  • Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
  • Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
  • Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
  • Fixed slapd to initialize SASL SSF per connection (ITS#9052)
  • Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
  • Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
  • Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
  • Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
  • Fixed slapd-meta assertion when network interface goes down (ITS#8841)
  • Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
  • Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
  • Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
  • Fixed slapo-accesslog possible assert with exops (ITS#8971)
  • Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
  • Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
  • Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
  • Fixed slapo-memberof for group name change to itself (ITS#9000)
  • Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
  • Fixed slapo-rwm to not free original filter (ITS#8964)
  • Fixed slapo-syncprov contextCSN generation (ITS#9015)
  • Build Environment:
  • Fixed slapd to only link to BDB libraries with static build (ITS#8948)
  • Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
  • Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
  • Documentation:
  • General - Fixed minor typos (ITS#8764, ITS#8761)
  • admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
  • slapd.access(5) - Note MDB is the primary backend (ITS#8881)
  • slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
  • slapd-ldap(5) - Document starttls parameter (ITS#8693)
  • Contrib:
  • Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)

New in OpenLDAP 2.4.47 (Dec 22, 2018)

  • Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
  • Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
  • Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752)
  • Fixed libldap dn to domain parsing with bad input (ITS#8842)
  • Fixed slapd slapcat to correctly honor -g option (ITS#8667)
  • Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923)
  • Fixed slapd to check status of rdnNormalize (ITS#8932)
  • Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616)
  • Fixed slapd sasl authz-policy "all" behavior (ITS#8909)
  • Fixed slapd sasl minor typo (ITS#8918)
  • Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912)
  • Fixed slapd domainScope control to match Microsoft specification (ITS#8840)
  • Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
  • Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
  • Fixed slapo-memberof cn=config modifications (ITS#8663)
  • Fixed slapo-ppolicy with multimaster replication (ITS#8927)
  • Fixed slapo-syncprov with NULL modlist (ITS#8843)
  • Build Environment:
  • Added slapd reproducible build support (ITS#8928)
  • Fixed missing includes with OpenSSL 1.0.2 (ITS#8809)
  • Contrib:
  • Fixed slapo-pbkdf2 hash generation (ITS#8878)
  • Documentation:
  • admin24 fixed minor typo (ITS#8887)

New in OpenLDAP 2.4.46 (Mar 23, 2018)

  • Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717)
  • Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373)
  • Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687)
  • Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791)
  • Fixed libldap MozNSS CA certificate hash matching (ITS#7374)
  • Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389)
  • Fixed libldap MozNSS initialization (ITS#8484)
  • Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650)
  • Fixed libldap memory leak with cancel operations (ITS#8782)
  • Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705)
  • Fixed slapd to maintain SSF across SASL binds (ITS#8796)
  • Fixed slapd syncrepl deadlock when updating cookie (ITS#8752)
  • Fixed slapd syncrepl callback to always be last in the stack (ITS#8752)
  • Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778)
  • Fixed slapd CSN queue processing (ITS#8801)
  • Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720)
  • Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520)
  • Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226)
  • Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404)
  • Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692)
  • Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752)
  • Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100)
  • Fixed slapo-syncprov memory leak with delete operations (ITS#8690)
  • Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444)
  • Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100)
  • Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607)
  • Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800)
  • Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486)
  • Build Environment:
  • Fixed Windows build with newer MINGW version (ITS#8697)
  • Fixed compiler warnings and removed unused variables (ITS#8578)
  • Contrib:
  • Fixed ldapc++ Control structure (ITS#8583)
  • Documentation:
  • Delete stub manpage for back-ldbm (ITS#8713)
  • Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121)
  • Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818)
  • Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715)
  • Fixed slapo-syncprov(5) indexing requirements (ITS#5048)

New in OpenLDAP 2.4.45 (Sep 4, 2017)

  • Added slapd support for OpenSSL 1.1.0 series (ITS#8353, ITS#8533, ITS#8634)
  • Fixed libldap to fail ldap_result if the handle is already bad (ITS#8585)
  • Fixed libldap to expose error if user specified CA doesn't exist (ITS#8529)
  • Fixed libldap handling of Diffie-Hellman parameters (ITS#7506)
  • Fixed libldap GnuTLS use after free (ITS#8385)
  • Fixed libldap SASL initialization (ITS#8648)
  • Fixed slapd bconfig rDN escape handling (ITS#8574)
  • Fixed slapd segfault with invalid hostname (ITS#8631)
  • Fixed slapd sasl SEGV rebind in same session (ITS#8568)
  • Fixed slapd syncrepl filter handling (ITS#8413)
  • Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS#8432)
  • Fixed slapd callback struct so older modules without writewait should function. Custom modules may need to be updated for sc_writewait callback (ITS#8435)
  • Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS#8576)
  • Fixed slapd-mdb so it passes ITS6794 regression test (ITS#6794)
  • Fixed slapd-mdb double free with size zero paged result (ITS#8655)
  • Fixed slapd-meta uninitialized diagnostic message (ITS#8442)
  • Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS#8423)
  • Fixed slapo-accesslog with multiple modifications to the same attribute (ITS#6545)
  • Fixed slapo-relay to correctly initialize sc_writewait (ITS#8428)
  • Fixed slapo-sssvlv double free (ITS#8592)
  • Fixed slapo-unique with empty modifications (ITS#8266)
  • Build Environment:
  • Added test065 for proxyauthz (ITS#8571)
  • Fix test008 to be portable (ITS#8414)
  • Fix test064 to wait for slapd to start (ITS#8644)
  • Fix its4336 regression test (ITS#8534)
  • Fix its4337 regression test (ITS#8535)
  • Fix regression tests to execute on all backends (ITS#8539)
  • Contrib:
  • Added slapo-autogroup(5) man page (ITS#8569)
  • Added passwd missing conversion scripts for apr1 (ITS#6826)
  • Fixed contrib modules where the writewait callback was not correctly initialized (ITS#8435)
  • Fixed smbk5pwd to build with newer OpenSSL releases (ITS#8525)
  • Documentation:
  • admin24 fixed tls_cipher_suite bindconf option (ITS#8099)
  • admin24 fixed typo cn=config to be slapd.d (ITS#8449)
  • admin24 fixed slapo-syncprov information to be curent (ITS#8253)
  • admin24 fixed typo in access control docs (ITS#7341, ITS#8391)
  • admin24 fixed minor typo in tuning guide (ITS#8499)
  • admin24 fixed information about the limits option (ITS#7700)
  • admin24 fixed missing options for syncrepl configuration (ITS#7700)
  • admin24 fixed accesslog documentation to note it should not be replicated (ITS#8344)
  • Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS#7177)
  • Fixed ldapsearch(1) information on the V[V] flag behavior (ITS#7177, ITS#6339)
  • Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS#8538)
  • Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS#8635)
  • Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS#8123)
  • Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS#8565)
  • Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS#8613)
  • Fixed slapo-syncprov(5) documentation to be current (ITS#8253)
  • Fixed slapadd(8) manpage to note slapd-mdb (ITS#8215)
  • Fixed various minor grammar issues in the man pages (ITS#8544)
  • Fixed various typos (ITS#8587)

New in OpenLDAP 2.4.44 (Feb 6, 2016)

  • Fixed slapd-bdb/hdb missing olcDbChecksum config attr (ITS#8337)
  • Fixed slapd-mdb behavior with long lived read transactions (ITS#8226)
  • Fixed slapd-mdb cleanup after failed transaction (ITS#8360)
  • Fixed slapd-sql missing id_query/olcSqlIdQuery (ITS#8329)
  • Fixed slapo-accesslog callback initialization (ITS#8351)
  • Fixed slapo-ppolicy pwdMaxRecordedFailure must never be zero (ITS#8327)
  • Fixed slapo-syncprov abandon processing (ITS#8354)
  • Fixed slapo-syncprov ctxcsn snapshot on refresh (ITS#8281, ITS#8365)
  • Documentation:
  • admin24 Stop linking to Berkeley DB downloads (ITS#8362)
  • admin24 Update documentation for LMDB preference

New in OpenLDAP 2.4.43 (Dec 2, 2015)

  • Fixed liblber remove obsolete assert (ITS#8240, ITS#8301)
  • Fixed libldap file URLs on windows (ITS#8273)
  • Fixed libldap microsecond timer for windows (ITS#8295)
  • Fixed slap tools minor one time memory leak (ITS#8082)
  • Fixed slapd to avoid redundant processing of abandon ops (ITS#8232)
  • Fixed slapd syncrepl segv when present list is NULL (ITS#8231, ITS#8042)
  • Fixed slapd segfault with invalid SASL URI (ITS#8218)
  • Fixed slapd configuration parser with unbalanced quotes (ITS#8233)
  • Fixed slapd syncrepl check with config db on windows (ITS#8277)
  • Fixed slapd with mod Increment and inherited attribute type (ITS#8289)
  • Fixed slapd-ldap SEGV after failed retry (ITS#8173)
  • Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS#8244)
  • Fixed slapd-null to have an option to return a search entry (ITS#8249)
  • Fixed slapd-relay to correctly handle quoted options (ITS#8284)
  • Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS#8281)
  • Fixed slapo-dds segfault when using slapo-memberof (ITS#8133)
  • Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS#8185)
  • Fixed slapo-ppolicy to release entry on failure (ITS#7537)
  • Fixed slapo-ppolicy to fall back to default policy if there is a parsing error (ITS#8234)
  • Fixed slapo-syncprov with interrupted refresh phase (ITS#8281)
  • Fixed slapo-refint with subtree renames (ITS#8220)
  • Fixed slapo-rwm missing olcDropUnrequested attribute (ITS#7889)
  • Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS#7964)
  • Build Environment
  • Fixed ldif-filter option parsing (ITS#8292)
  • Fixed slapd-tester EOL handling in test output for windows (ITS#8280)
  • Fixed slapd-tester executable suffix for windows (ITS#8216)
  • Fixed test061 timing issues (ITS#8297)
  • Contrib
  • Added libnettle support to pw-pbkdf2 (ITS#8198)
  • Fixed smbk5pwd compiler warnings with libnettle (ITS#8235)
  • Fixed passwd symbol collisions with other crypto libraries (ITS#8294)
  • Documentation
  • Updated guide to reflect changes to how TLS is handled with syncrepl (ITS#7897)

New in OpenLDAP 2.4.42 (Aug 16, 2015)

  • Fixed liblber address length for CLDAP (ITS#8158)
  • Fixed libldap dnssrv potential overflow with port number (ITS#7027,ITS#8195)
  • Fixed slapd cn=config when updating olcAttributeTypes (ITS#8199)
  • Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS#8203)
  • Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS#8184)
  • Fixed slapo-rwm crash when deleting rewrite rules (ITS#8213)
  • Fixed libdb detection with gcc 5.x (ITS#8056)

New in OpenLDAP 2.4.40 (Oct 7, 2014)

  • Fixed libldap DNS SRV priority handling (ITS#7027)
  • Fixed libldap don't leak libldap err codes (ITS#7676)
  • Fixed libldap CR/LF handling (ITS#4635)
  • Fixed libldap ldif-wrap length (ITS#7871)
  • Fixed libldap GnuTLS ciphersuite parsing (ITS#7500)
  • Fixed libldap GnuTLS with newer versions (ITS#7430,ITS#6359)
  • Fixed libldif to correctly handle 4096 character lines (ITS#7859)
  • Fixed librewrite reference counting (ITS#7723)
  • Fixed slapacl with back-mdb reader transactions (ITS#7920)
  • Fixed slapd syncrepl to send cookie on fallback (ITS#7849)
  • Fixed slapd syncrepl SEGV when abandoning a connection (ITS#7928)
  • Fixed slapd slapcat with external schema (ITS#7895)
  • Fixed slapd schema RDN normalization (ITS#7935)
  • Fixed slapd with repeated language tags (ITS#7941)
  • Fixed slapd modrdn crash on naming attr with no matching rule (ITS#7850)
  • Fixed slapd memory leak in control handling (ITS#7942)
  • Fixed slapd-ldap removed dead code (ITS#7922)
  • Fixed slapd-mdb to work concurrently with slapadd (ITS#7798)
  • Fixed slapd-mdb with paged results (ITS#7705, ITS#7800)
  • Fixed slapd-mdb slapcat with nonexistent indices (ITS#7870)
  • Fixed slapd-mdb long lived reader transactions (ITS#7904)
  • Fixed slapd-mdb memory leak on matchedDN (ITS#7872)
  • Fixed slapd-mdb sorting of attribute values (ITS#7902)
  • Fixed slapd-mdb to flag attribute values as sorted (ITS#7903)
  • Fixed slapd-mdb index config handling (ITS#7912)
  • Fixed slapd-mdb entry release handling (ITS#7915)
  • Fixed slapd-mdb with aliases and referrals (ITS#7927)
  • Fixed slapd-mdb alias dereferencing (ITS#7702)
  • Fixed slapd-sock socket flushing (ITS#7937)
  • Fixed slapo-accesslog attribute normalization (ITS#7934)
  • Fixed slapo-accesslog internal search logging (ITS#7929)
  • Fixed slapo-auditlog connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-chain interaction with slapo-rwm (ITS#7930)
  • Fixed slapo-constraint connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-dds connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-dyngroup connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-memberof attr count (ITS#7893)
  • Fixed slapo-memberof frontendDB handling (ITS#7249)
  • Fixed slapo-memberof internal search logging (ITS#7929)
  • Fixed slapo-pcache config processing (ITS#7919)
  • Fixed slapo-pcache connection destroy logic (ITS#7906,ITS#7923)
  • Added slapo-ppolicy ORDERING rules (ITS#7838)
  • Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS#7161)
  • Fixed slapo-ppolicy connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-refint to check for pauses in cn=config (ITS#7873)
  • Fixed slapo-refint internal search logging (ITS#7929)
  • Fixed slapo-refint connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-seqmod connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-slapover connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapo-sock db_init (ITS#7868)
  • Fixed slapo-sssvlv fix olcSssVlvMaxPerConn (ITS#7908)
  • Fixed slapo-translucent double free (ITS#7587)
  • Fixed slapo-translucent to work with manageDSAit (ITS#7864)
  • Fixed slapo-translucent to use local backend with local entries (ITS#7915)
  • Fixed slapo-unique connection destroy logic (ITS#7906,ITS#7923)
  • Fixed slapcacl with invalid suffix (ITS#7827)
  • Build Environment:
  • Remove support for gcrypt (ITS#7877)
  • BDB 6.0.20 and later is not supported (ITS#7890)
  • Fixed ODBC link check (ITS#7891)
  • Fixed slapd.ldif frontend config (ITS#7933)
  • Contrib:
  • Added pbkdf2 module (ITS#7742)
  • Fixed autogroup double free (ITS#7831)
  • Fixed autogroup modification callback responses (ITS#6970)
  • Fixed ldapc++ memory leak in Async connection (ITS#7806)
  • Fixed nssov install path (ITS#7858)
  • Fixed passwd rpath (ITS#7885)
  • Fixed apr1 do_phk_hash argument order (ITS#7869)
  • Fixed slapd-sha2 buffer overrun (ITS#7851)
  • Documentation:
  • Fixed slapd.ldif man page reference (ITS#7803)
  • Fixed slapd.conf(5) man page to reference exattrs (ITS#7847)
  • Fixed guide to work with mkrelease (ITS#7887)
  • Fixed ldap_get_dn(3) ldap_ava definition (ITS#7860)

New in OpenLDAP 2.4.39 (Jan 28, 2014)

  • Fixed libldap MozNSS crash (ITS#7783)
  • Fixed libldap memory leak with SASL (ITS#7757)
  • Fixed libldap assert in parse_passwdpolicy_control (ITS#7759)
  • Fixed libldap shortcut NULL RDNs (ITS#7762)
  • Fixed libldap deref to use correct control
  • Fixed liblmdb keysizes with mdb_update_key (ITS#7756)
  • Fixed slapd cn=config olcDbConfig modification (ITS#7750)
  • Fixed slapd-bdb/hdb to bail out of search if config is paused (ITS#7761)
  • Fixed slapd-bdb/hdb indexing issue with derived attributes (ITS#7778)
  • Fixed slapd-mdb to bail out of search if config is paused (ITS#7761)
  • Fixed slapd-mdb indexing issue with derived attributes (ITS#7778)
  • Fixed slapd-perl to bail out of search if config is paused (ITS#7761)
  • Fixed slapd-sql to bail out of search if config is paused (ITS#7761)
  • Fixed slapo-constraint handling of softadd/softdel (ITS#7773)
  • Fixed slapo-syncprov assert with findbase (ITS#7749)
  • Build Environment:
  • Test suite: Use $(MAKE) for tests (ITS#7753)
  • Documentation:
  • admin24 fix TLSDHParamFile to be correct (ITS#7684)

New in OpenLDAP 2.4.38 (Nov 18, 2013)

  • Fixed liblmdb nordahead flag (ITS#7734)
  • Fixed liblmdb to check cursor index before cursor_del (ITS#7733)
  • Fixed liblmdb wasted space on split (ITS#7589)
  • Fixed slapd for certs with a NULL issuerDN (ITS#7746)
  • Fixed slapd cn=config with empty nested includes (ITS#7739)
  • Fixed slapd syncrepl memory leak with delta-sync MMR (ITS#7735)
  • Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741)
  • Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743)
  • Fixed slapd-mdb to stop processing on dn not found (ITS#7741)
  • Fixed slapd-mdb dangling reader (ITS#7662)
  • Fixed slapd-mdb matching rule for OlcDbEnvFlags (ITS#7737)
  • Fixed slapd-mdb with indexed ANDed filters (ITS#7743)
  • Fixed slapd-meta from blocking other threads (ITS#7740)
  • Fixed slapo-syncprov assert with findbase (ITS#7749)

New in OpenLDAP 2.4.37 (Oct 28, 2013)

  • Added liblmdb nordahead environment flag (ITS#7725)
  • Fixed client tools CLDAP with IPv6 (ITS#7695)
  • Fixed libldap CLDAP with IPv6 (ITS#7695)
  • Fixed libldap lock ordering with abandon op (ITS#7712)
  • Fixed liblmdb segfault with mdb_cursor_del (ITS#7718)
  • Fixed liblmdb when converting to writemap (ITS#7715)
  • Fixed liblmdb assert on MDB_NEXT with delete (ITS#7722)
  • Fixed liblmdb wasted space on split (ITS#7589)
  • Fixed slapd cn=config with olcTLSProtocolMin (ITS#7685)
  • Fixed slapd-bdb/hdb optimize index updates (ITS#7329)
  • Fixed slapd-ldap chaining with cn=config (ITS#7381, ITS#7434)
  • Fixed slapd-ldap chaning with controls (ITS#7687)
  • Fixed slapd-mdb optimize index updates (ITS#7329)
  • Fixed slapd-meta chaining with cn=config (ITS#7381, ITS#7434)
  • Fixed slapo-constraint to no-op on nonexistent entries (ITS#7692)
  • Fixed slapo-dds assert on startup (ITS#7699)
  • Fixed slapo-memberof to not replicate internal ops (ITS#7710)
  • Fixed slapo-refint to not replicate internal ops (ITS#7710)
  • Build Environment:
  • Fixed slapd-mdb ptr arithmetic on void *s (ITS#7720)
  • Documentation:
  • ldapsearch(1) minor typo fix (ITS#7680)
  • slapd-passwd(5) minor typo fix (ITS#7680)

New in OpenLDAP 2.4.36 (Aug 19, 2013)

  • Added back-meta target filter patterns (ITS#7609)
  • Added liblmdb mdb_txn_env to API (ITS#7660)
  • Fixed libldap CLDAP with uninit'd memory (ITS#7582)
  • Fixed libldap with UDP (ITS#7583)
  • Fixed libldap OpenSSL TLS versions (ITS#7645)
  • Fixed liblmdb MDB_PREV behavior (ITS#7556)
  • Fixed liblmdb transaction issues (ITS#7515)
  • Fixed liblmdb mdb_drop overflow page return (ITS#7561)
  • Fixed liblmdb nested split (ITS#7592)
  • Fixed liblmdb overflow page behavior (ITS#7620)
  • Fixed liblmdb race condition with read and write txns (ITS#7635)
  • Fixed liblmdb mdb_del behavior with MDB_DUPSORT and mdb_del (ITS#7658)
  • Fixed slapd cn=config with unknown schema elements (ITS#7608)
  • Fixed slapd cn=config with loglevel 0 (ITS#7611)
  • Fixed slapd slapi filterlist free behavior (ITS#7636)
  • Fixed slapd slapi control free behavior (ITS#7641)
  • Fixed slapd schema countryString as directoryString (ITS#7659)
  • Fixed slapd schema telephoneNumber as directoryString (ITS#7659)
  • Fixed slapd-bdb/hdb to wait for read locks in tool mode (ITS#6365)
  • Fixed slapd-mdb behavior with alias dereferencing (ITS#7577)
  • Fixed slapd-mdb modrdn and base-scoped searches (ITS#7604)
  • Fixed slapd-mdb refcount behavior (ITS#7628)
  • Fixed slapd-meta binding flag is set (ITS#7524)
  • Fixed slapd-meta with minimal config (ITS#7581)
  • Fixed slapd-meta missing results messages (ITS#7591)
  • Added slapd-meta TCP keepalive support (ITS#7513)
  • Fixed slapo-sssvlv double free (ITS#7588)
  • Fixed slaptest to list -Q option (ITS#7568)
  • Build Environment:
  • Fixed slapd-meta declaration warnings (ITS#7654)
  • Contrib:
  • Fixed nssov group enumeration bug (ITS#7569)
  • Fixed autogroup when URI has no attrs (ITS#7580)
  • Documentation:
  • admin24 Update database backend notes (ITS#7590)
  • ldap.conf(5) fixed typos (ITS#7568)
  • ldapmodify(1) remove replog reference (ITS#7562)
  • ldif(5) remove replog reference (ITS#7562)
  • slapd-config(5) remove replog reference (ITS#7562)
  • slapd.conf(5) remove replog reference (ITS#7562)
  • slapd-config(5) document TLSProtocolMin (ITS#5655,ITS#7645)
  • slapd.conf(5) document TLSProtocolMin (ITS#5655,ITS#7645)

New in OpenLDAP 2.4.34 (Mar 4, 2013)

  • Fixed libldap connections with EINTR (ITS#7476)
  • Fixed libldap lineno overflow in ldif_read_record (ITS#7497)
  • Fixed liblmdb mdb_env_open flag handling (ITS#7453)
  • Fixed liblmdb mdb_midl_sort array optimization (ITS#7432)
  • Fixed liblmdb freelist with large entries (ITS#7455)
  • Fixed liblmdb to check for filled dirty page list (ITS#7491)
  • Fixed liblmdb to validate data limits (ITS#7485)
  • Fixed liblmdb mdb_update_key for large keys (ITS#7505)
  • Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477)
  • Fixed slapd syncrepl for old entries in MMR setup (ITS#7427)
  • Fixed slapd signedness for index_substr_any_* (ITS#7449)
  • Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450)
  • Fixed slapd mutex in send_ldap_ber (ITS#6164)
  • Added slapd-ldap onerr option (ITS#7492)
  • Added slapd-ldap keepalive support (ITS#7501)
  • Fixed slapd-ldif with empty dir (ITS#7451)
  • Fixed slapd-mdb to reopen attr DBs after env reopen (ITS#7416)
  • Fixed slapd-mdb handling of missing entries (ITS#7483,7496)
  • Fixed slapd-mdb environment flag setting (ITS#7452)
  • Fixed slapd-mdb with sub db slapcat (ITS#7469)
  • Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS#7488,ITS#7527)
  • Fixed slapd-mdb subtree search speed (ITS#7473)
  • Fixed slapd-meta conversion to cn=config (ITS#7525)
  • Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526)
  • Fixed slapd-sql back-config support (ITS#7499)
  • Fixed slapo-constraint handle uri and restrict correctly (ITS#7418)
  • Fixed slapo-constraint with multi-master replication (ITS#7426)
  • Fixed slapo-constraint segfault (ITS#7431)
  • Fixed slapo-deref control initialization (ITS#7436)
  • Fixed slapo-deref control exposure (ITS#7445)
  • Fixed slapo-memberof with internal ops (ITS#7487)
  • Fixed slapo-pcache matching rules for config db (ITS#7459)
  • Fixed slapo-rwm modrdn cleanup (ITS#7414)
  • Fixed slapo-sssvlv maxperconn parameter (ITS#7484)
  • Build Environment:
  • Fixed slapo-constraint test suite (ITS#7423)
  • Contrib:
  • Added nssov nssov_config support (ITS#7518)
  • Added nssov password_prohibit_message (ITS#7518)
  • Fixed ldapc++ with gcc-4.7 (ITS#7281,ITS#7304)
  • Fixed nssov olcNssPamSession handling (ITS#7481)
  • Fixed nssov connection DN (ITS#7518)
  • Add missing Makefile for various modules (ITS#7308)
  • Unify Makefile structure for modules (ITS#7309)
  • Fixed slapo-allowed attribute replication (ITS#7493)
  • Fixed slapo-passwd SHA2 to correctly zero buffer (ITS#7490)
  • Documentation:
  • ldapurl(1) fix example usage (ITS#7454)
  • ldap_get_option(3) fixed trailing whitespace (ITS#7411)
  • slapd-config(5) olcExtraAttrs is per db (ITS#7421)
  • slapd-overlays(5) update manpage index (ITS#7489)
  • slapo-dynlist(5) Search behavior notes (ITS#7486)
  • slapo-valsort(5) Document valsort control syntax (ITS#7523)

New in OpenLDAP 2.4.33 (Oct 10, 2012)

  • Added slapd-meta cn=config support
  • Fixed libldap MozNSS slot picking (ITS#7359)
  • Fixed libldap MozNSS with tokenname:certnickname format (ITS#7360)
  • Fixed libmdb POSIX semaphore cleanup on environment close (ITS#7364)
  • Fixed libmdb mdb_page_split (ITS#7385, ITS#7229)
  • Fixed slapd alock handling on Windows (ITS#7361)
  • Fixed slapd acl handling with zero-length values (ITS#7350)
  • Fixed slapd syncprov to not reference ops inside a lock (ITS#7172)
  • Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354)
  • Fixed slapd slapd_rw_destroy function (ITS#7390)
  • Fixed slapd-ldap idassert bind handling (ITS#7403)
  • Fixed slapd-mdb slapadd -q -w double free (ITS#7356)
  • Fixed slapd-mdb to close read txn in reindex commit (ITS#7386)
  • Fixed slapo-constraint with multiple modifications (ITS#7168)
  • Build Environment:
  • Fixed build with Visual Studio (ITS#7358)
  • Fixed libmdb posix semaphore use on BSD system (ITS#7363)
  • Add slapo-constraint test suite (ITS#7344, ITS#7366)
  • Contrib:
  • Updated radius passwd module for NAS-Identifier (ITS#7357)
  • Documentation:
  • slapo-refint(5) Note that refint is not replicated (ITS#7405)

New in OpenLDAP 2.4.31 (Apr 24, 2012)

  • Added slapo-accesslog support for reqEntryUUID (ITS#6656)
  • Fixed libldap IPv6 URL detection (ITS#7194)
  • Fixed libldap rebinding on failed connection (ITS#7207)
  • Fixed libmdb alignment of MDB_db members (ITS#7191)
  • Fixed libmdb branch page merging on deletes (ITS#7190)
  • Fixed libmdb page split with MDB_APPEND (ITS#7213)
  • Fixed libmdb free page usage with entry deletion (ITS#7210)
  • Fixed libmdb to use IOV_MAX if it is defined and small (ITS#7196)
  • Fixed libmdb key alignment (ITS#7219)
  • Fixed libmdb mdb_page_split (ITS#7229)
  • Fixed libmdb with zero length IDLs (ITS#7230)
  • Fixed slapd listener initialization (ITS#7233)
  • Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197)
  • Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195)
  • Fixed slapd to reject MMR setups with bad serverID setting (ITS#7200)
  • Fixed slapd approxIndexer key generation (ITS#7203)
  • Fixed slapd modification of olcSuffix (ITS#7205)
  • Fixed slapd schema validation with missing definitions (ITS#7224)
  • Fixed slapd syncrepl -c with supplied CSN values (ITS#7245)
  • Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231)
  • Fixed slapd-perl modify with binary values (ITS#7149)
  • Fixed slapd-shell cn=config support (ITS#7201)
  • Fixed slapd-shell modify with binary values (ITS#7149)
  • Fixed slapo-accesslog deadlock with non-logged write ops (ITS#7088)
  • Fixed slapo-syncprov sessionlog check (ITS#7218)
  • Fixed slapo-syncprov entry leak (ITS#7234)
  • Fixed slapo-syncprov startup initialization (ITS#7235)
  • Build Environment:
  • Fixed test022 to check ldapsearch results (ITS#7228)
  • Fixed test044 when back-monitor is disabled (ITS#7204)
  • Documentation:
  • Fixed slapschema(8) formatting (ITS#7188)
  • Fixed limdb functionality documentation (ITS#7238)
  • Fixed ldap_get_option(3) note inheritance behavior (ITS#7240)

New in OpenLDAP 2.4.28 (Dec 20, 2011)

  • Fixed back-mdb out of order slapadd

New in OpenLDAP 2.4.26 (Jul 1, 2011)

  • Added libldap LDAP_OPT_X_TLS_PACKAGE (ITS#6969)
  • Fixed libldap MozNSS with CACertDir (ITS#6975)
  • Fixed libldap MozNSS with PR_SetEnv (ITS#6862)
  • Fixed libldap descriptor leak (ITS#6929)
  • Fixed libldap socket leak (ITS#6930)
  • Fixed libldap get option crash (ITS#6931)
  • Fixed libldap lockup (ITS#6898)
  • Fixed libldap ASYNC TLS setup (ITS#6828)
  • Fixed libldap with missing \n terminations (ITS#6947)
  • Fixed tools double free (ITS#6946)
  • Fixed tools verbose output (ITS#6977)
  • Fixed ldapmodify SEGV on invalid LDIF (ITS#6978)
  • Added slapd extra_attrs database option (ITS#6513)
  • Fixed slapd asserts (ITS#6932)
  • Fixed slapd configfile param on windows (ITS#6933)
  • Fixed slapd config with global chaining (ITS#6843)
  • Fixed slapd uninitialized variables (ITS#6935)
  • Fixed slapd config objectclass is readonly (ITS#6963)
  • Fixed slapd entry response with control (ITS#6899)
  • Fixed slapd with unknown attrs (ITS#6819)
  • Fixed slapd normalization of schema RDN (ITS#6967)
  • Fixed slapd operations cache to 10 op limit (ITS#6944)
  • Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
  • Fixed slapd-bdb/hdb with sparse index ranges (ITS#6961)
  • Fixed slapd-monitor stray code cleanup (ITS#6974)
  • Fixed back-ldap ppolicy updates (ITS#6711)
  • Fixed back-ldap with id-assert (ITS#6817)
  • Fixed slapd-meta reentry issues (ITS#6909)
  • Fixed slapd-sql length of data type (ITS#6657,ITS#6691)
  • Added slapo-accesslog filter matching (ITS#6815)
  • Fixed slapo-accesslog with invalid attrs (ITS#6819)
  • Added slapo-auditlog connID and peername logging (ITS#6936)
  • Fixed slapo-memberof with accesslog (ITS#6329,ITS#6766,ITS#6915)
  • Fixed slapo-pcache with unknown attrs (ITS#6823)
  • Fixed slapo-pcache with '1.1', '+', and '*' attrs (ITS#6950)
  • Fixed slapo-pcache buffersize issues (ITS#6951)
  • Fixed slapo-pcache refresh (ITS#6953)
  • Fixed slapo-pcache with pCacheBind (ITS#6954)
  • Fixed slapo-pcache database corruption (ITS#6831)
  • Fixed slapo-rwm with attributes with no equality rule (ITS#6943)
  • Fixed slapo-sssvlv limits check when global (ITS#6973)
  • Fixed slapo-syncprov with replicated subtrees (ITS#6872)
  • Fixed slapo-unique with managedsait (ITS#6641)
  • Fixed slapo-unique filter with zero-length values (ITS#6901)
  • Added contrib/acl GSS naming extensions ACL module
  • Fixed contrib/smbk5pwd with shadowLastChange (ITS#6955)
  • Build Environment
  • Fixed builds that do not have GETTIMEOFDAY (ITS#6885)
  • Fixed libldap libfetch dependancy (ITS#6889)
  • Documentation
  • ldap_get_dn(3) add man page (ITS#6959)
  • slapo-nssov(5) Fixed typo (ITS#6934)
  • slapd-backends(5) update recommended database backend (ITS#6904)
  • slapd-bdb(5) update recommended database backend (ITS#6904)
  • slapd-hdb(5) update recommended database backend (ITS#6904)
  • admin24 update that cn=config is preferred (ITS#6905)
  • admin24 update information about indexes (ITS#6906)
  • admin24 fix --enable-wrappers option (ITS#6971)

New in OpenLDAP 2.4.23 (Jun 30, 2010)

  • Fixed libldap to return server's error code (ITS#6569)
  • Fixed libldap memleaks (ITS#6568)
  • Fixed liblutil off-by-one with delta (ITS#6541)
  • Fixed slapd acls with glued databases (ITS#6468)
  • Fixed slapd syncrepl rid logging (ITS#6533)
  • Fixed slapd modrdn handling of invalid values (ITS#6570)
  • Fixed slapd-bdb hasSubordinates computation (ITS#6549)
  • Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
  • Fixed slapd-bdb entry cache delete failure (ITS#6577)
  • Fixed slapd-ldap to return control responses (ITS#6530)
  • Fixed slapo-ppolicy to use Debug (ITS#6566)
  • Fixed slapo-refint to zero out freed DN vals (ITS#6572)
  • Fixed slapo-rwm to use Debug (ITS#6566)
  • Fixed slapo-sssvlv to use Debug (ITS#6566)
  • Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
  • Fixed slapo-valsort to use Debug (ITS#6566)
  • Fixed contrib/nssov network.c missing patch (ITS#6562)
  • Build Environment:
  • Fixed test043 attribute sorting (ITS#6553)
  • Documentation:
  • slapd-config(5) note default rootdn (ITS#6546)

New in OpenLDAP 2.4.19 (Oct 6, 2009)

  • Minor bugs in the command line tools were fixed.
  • There were also several more significant fixes and enhancements.

New in OpenLDAP 2.4.14 (Feb 14, 2009)

  • Many minor bugfixes, some minor enhancements, and many documentation updates.
  • Support for GnuTLS was improved, bugs in connection close handling were fixed, some replication bugs were fixed, and some new features were added.

New in OpenLDAP 2.4.13 (Nov 25, 2008)

  • Many fixes and enhancements to the libraries, server, modules, and documentation.

New in OpenLDAP 2.4.12 (Oct 14, 2008)

  • Various fixes to the code and documentation, plus a few new features such as support for BerkeleyDB 4.7, native support for MySQL NDB, etc.