1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
A N N O U N C E M E N T -- OpenLDAP 2.5
The OpenLDAP Project is pleased to announce the availability
of OpenLDAP Software 2.5, a suite of the Lightweight Directory
Access Protocol (v3) servers, clients, utilities, and
development tools.
This release contains the following major enhancements:
* Slapd(8) enhancements
- kqueue support for BSD based OSes
- cn=config delete support
- Don't use copy control support
- Threadpool queues
- non-blocking TLS support
- Configurable TCP read and write buffers
for listeners.
- LDAP Transaction support
- MS AD Lazy commit control
- MS AD replication support
- DSEE replication support
- Sun/Netscape draft persistent search support
- HAProxy proxy protocol v2 support
* New backends
- back-wt: Wiredtiger backend to slapd (Experimental)
- back-asyncmeta: Async version of back-meta
* Backend updates
- back-ldap: CANCHAINOPS
- back-meta META_CLIENT_PR
- back-monitor is always built as a part of slapd
* Retired backends
- back-bdb
- back-hdb
- back-shell
* Deprecated backends
- back-ndb
- back-sql
- back-perl
* New overlays
- autoca
- homedir
- otp
- remoteauth
* New password hashing module
- argon2
* Overlay updates
- pcache can access private DB with control
- pcache can remove a query from the cache
with exop
- back-monitor support for pcache
- ppolicy updated with password policy
draft 10 support
- dynlist can now generate (is)memberOf
dynamically
- dynlist do reverse lookups to find all
groups a user belongs to
- unique can now do db wide locking to avoid
race conditions
* New Library
- libldif provides an LDIF parsing API
* Library updates
- libldap_r has been merged with libldap
- libldap has TLS channel binding support
- libldap has TLS public key pinning support
- libldap has TLS SNI support
- libldap has GSSAPI channel binding support
* Clients and tools
- slapmodify for offline updates to cn=config
* Significant performance enhancements throughout
the client and server code base
* New contrib overlays
- adremap remaps attributes for PAM/NSS MS AD
support
- authzid implements RFC 3829 support
- datamorph stores enumerated values and fixed
size integers
- ppm adds additional password checking criteria
to the slapo-ppolicy overlay
- pw-radius allows bind operations to be
passed to the specified radius server(s)
- rbac intercepts, decodes and enforces specific
RBAC policies per the Apache Fortress RBAC
data formats
- totp provides one time password support
- usn adds MS AD usnCreated and usnChanged
operational attributes to entries
- variant allows attributes/values to be shared
between several entries
- vc provides the verify credentials
extended operation
This release includes the following major components:
* slapd - a stand-alone LDAP directory server
* lloadd - a stand-alone LDAP load balancing proxy server
* -lldap - a LDAP client library
* -llber - a lightweight BER/DER encoding/decoding library
* LDIF tools - data conversion tools for use with slapd
* LDAP tools - A collection of command line LDAP utilities
* Admin Guide, Manual Pages - associated documentation
In addition, there are some contributed components:
* LDAPC++ - a LDAP C++ SDK
* Various slapd modules and slapi plugins
ACKNOWLEDGEMENTS
OpenLDAP Software is developed by the OpenLDAP Project. The
Project consists of a team of volunteers who use the
Internet to coordinate their activities. The Project is
an organized activity of the OpenLDAP Foundation.
OpenLDAP Software is derived from University of Michigan LDAP,
release 3.3.
AVAILABILITY
This software is available under the OpenLDAP Public License,
an non-restrictive, "free", open-source license. Download
information is available at:
https://www.OpenLDAP.org/software/download/
SUPPORT
OpenLDAP Software is user supported:
https://www.openldap.org/support/
The OpenLDAP Administrator's Guide, which includes quick
start instructions, is available at:
https://www.openldap.org/doc/admin/
In addition, there are also a number of discussion lists
related to OpenLDAP Software. A list of mailing lists is
available at:
https://www.OpenLDAP.org/lists/
To report bugs, please use project's Issue Tracking System:
https://bugs.openldap.org/
The OpenLDAP home page containing lots of interesting information
and online documentation is available at this URL:
https://www.OpenLDAP.org/
SUPPORTED PLATFORMS
This release has been ported to many UNIX (and UNIX-like)
platforms including Darwin, FreeBSD, Linux, NetBSD, OpenBSD
and most commercial UNIX systems. The release has also been
ported (in part or in whole) to other platforms including
Apple MacOS X, IBM zOS, and Microsoft Windows NT/2000/etc.
---
OpenLDAP is a registered trademark of the OpenLDAP Foundation.
Copyright 1999-2022 The OpenLDAP Foundation, Redwood City,
California, USA. All Rights Reserved. Permission to copy and
distribute verbatim copies of this document is granted.
|
