Symas OpenLDAP 2.4.28.1 for Solaris 10 SPARC (32- and 64-bit) is available for download. See the release announcement for Symas OpenLDAP 2.4.28.1 for additional information.

Symas OpenLDAP 2.4.28.1 for Debian 6 i386 (32-bit) is available for download. See the release announcement for Symas OpenLDAP 2.4.28.1 for additional information.

Symas OpenLDAP 2.4.28.1 for Debian 5 i386 (32-bit) is available for download. See the release announcement for Symas OpenLDAP 2.4.28.1 for additional information.

Symas OpenLDAP 2.4.28.1 for Debian 6 amd64 (64-bit) is available for download. See the release announcement for Symas OpenLDAP 2.4.28.1 for additional information.

Symas OpenLDAP 2.4.28.1 for Debian 5 amd64 (64-bit) is available for download. See the release announcement for Symas OpenLDAP 2.4.28.1 for additional information.

It’s been a long slog, but we’ve finally started the 2.4.28.1 release cycle. The first platforms are Red Hat 4, 5, and 6 for i386 and x86_64 processors, with Debian/Ubuntu and others following. You’ll note that the Debian/Ubuntu releases will take place earlier than ever before, which is an indication that more of our customers are running their LDAP servers on Debian and Ubuntu installations.

This is the first release of Symas OpenLDAP that contains the new experimental back-mdb backend. For an explanation of why that’s important, see Howard’s blog post here. What’s more is that you’ll find this backend in both Silver and Gold editions of Symas OpenLDAP! We’re very proud of this new backend and hope you try it out soon.

Cyrus SASL has been updated to 2.1.25. The SCRAM authentication plugin is not in the distribution yet, but we’ll add it soon. Let us know if you need it.

Also new in this release is delta-syncrepl multi-master replication. Now you can run multi-master replication in attribute-change mode, instead of having to replicate full entries. It’s still a bit new, so watch it carefully, but we think it’s ready for prime-time.

Finally, Heimdal Kerberos is back, hopefully to stay, for selected platforms. Debian/Ubuntu is be one, and HP-UX parisc will be another. It’s not a separate package, as in releases past- it’s simply a part of the main package. We’re still trying to decide which other platforms to add this to, so let us know if you have any on your wish list.

Ring-topology multi-master replication (a ring of masters) is still a problem, but multi-master replication in general is working fine after we fixed a rather nasty bug that turned up in 2.4.26. We’re working on a fix for the ring-topology problem and will release it as soon as it’s ready.

Now for all the rest of the stuff you’ve come to expect in our release announcements:

January 8, 2012
Release Notes for Symas OpenLDAP
Gold and Silver, Version 2.4.28.1

This release of Symas OpenLDAP contains the following component versions:

OpenLDAP 2.4.28 + selected patches

BDB 4.8.30

Cyrus SASL 2.1.25

OpenSSL 0.9.8r

Upgrade warning:
See notes for 2.4.21.0 if upgrading from releases prior to
that.  (Upgrading anything newer requires no special action)

Known defects in this release:
OpenLDAP ITS#7049 is still a problem for ring-topology multi-master
configurations (Symas #1545)

Changes for this release:
Packaging:
No changes

OpenLDAP:
No changes

Berkeley DB:
No changes

OpenSSL:
No changes

SASL:
Fixed core dump in sasl gssapi module (Symas #1546)
Fixed incorrect runpath in sasl modules (Symas #1547)
Fixed missing runpath in sasl utilities (Symas #1548)

Heimdal Kerberos:
No changes

Status of this release:
This is a production release and is made available for general use. We
have tested it in our labs and in the field and we believe it is
suitable for use in production environments. However, as is always the
case with any software, please test it in your own environment to make
sure it meets your requirements, Maintain backups of critical data and
make appropriate provisions for unexpected outages.

Bug reports, comments, and suggestions should be submitted to your
dedicated support email address or to support@symas.com.

We look forward to hearing from you!

============================================================================
January 6, 2012

Preparation for 2.4.28 branch

Packaging:
Corrected conflict/prereq checking (Symas #1269)
Fixed echoing of newlines in exampledb.sh and exampledb-krb5.sh

Known defects:
Cyrus SASL is unreliable, ONLY when reverse DNS lookup does not
work for the system. Correcting reverse DNS resolves the problem.

============================================================================
December 19, 2011
Release Notes for Symas OpenLDAP
Gold and Silver, Version 2.4.28.20111219
(Developer Prerelease)

This release of Symas OpenLDAP contains the following component versions:

OpenLDAP 2.4.28

BDB 4.8.30

Cyrus SASL 2.1.25

OpenSSL 0.9.8r

Upgrade warning:
See notes for 2.4.21.0 if upgrading from releases prior to
that.  (Upgrading anything newer requires no special action)

Known defects in this release:
Prerequisite/conflict checking does not work correctly

Changes for this release:
Packaging:
Added experimental back-mdb backend
Removed back-ndb mysql clustering backend from redhat/suse package

OpenLDAP:
Fixed back-mdb out of order slapadd (ITS#7090)
Fixed assertion failure in back-ldap (Symas#1155) (ITS#6851)
Added libldap support for draft-wahl-ldap-session (ITS#6984)
Added slapd support for draft-wahl-ldap-session (ITS#6984)
Added slapadd pipelining capability (ITS#7078)
Added slapd Add-if-not-present (ITS#6561)
Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031)
Added slapd-mdb experimental backend (ITS#7079)
Added slapd-passwd dynamic config support
Added slapd-perl dynamic config support
Added slapd-shell dynamic config support
Added slapd-sock support as an overlay (ITS#6666)
Added slapd-sql dynamic config support
Added contrib/passwd APR1 support (ITS#6826)
Fixed slapi linking on AIX (ITS#3272)
Fixed ldapmodify crash with LDIF controls (ITS#7039)
Fixed ldapsearch to honor timeout and timelimit (ITS#7009)
Fixed libldap endless looping (ITS#7035)
Fixed libldap TLS to not check hostname when using ‘allow’ (ITS#7014)
Fixed libldap GnuTLS cert dn parse (ITS#7051)
Fixed libldap MozNSS correctly destroy SSL_PeerCertificate (ITS#6980)
Fixed libldap MozNSS with issuer expiration and verify never (ITS#6998)
Fixed libldap MozNSS memory leak (ITS#7001)
Fixed libldap MozNSS allow/try behavior (ITS#7002)
Fixed libldap MozNSS to be thread safe (ITS#7022)
Fixed libldap MozNSS SSL_ForceHandshake to use a mutex (ITS#7034)
Fixed libldap MozNSS with wildcard certs (ITS#7006)
Fixed liblutil MD5 initialization (ITS#6982)
Fixed slapadd common code into slapcommon (ITS#6737)
Fixed slapd backend connection initialization (ITS#6993)
Fixed slapd frontend DB parsing in cn=config (ITS#7016)
Fixed slapd hang with {numbered} overlay insertion (ITS#7030)
Fixed slapd inet_ntop usage (ITS#6925)
Fixed slapd cn=config deletion of bitmasks (ITS#7083)
Fixed slapd cn=config modify replace/delete crash (ITS#7065)
Fixed slapd schema UTF8StringNormalize with 0 length values (ITS#7059)
Fixed slapd with dynamic acls for cn=config (ITS#7066)
Fixed slapd response callbacks (ITS#6059,ITS#7062)
Fixed slapd no_connection warnings with ldapi (ITS#6548,ITS#7092)
Fixed slapd return code processing (ITS#7060)
Fixed slapd sl_malloc various issues (ITS#6437)
Fixed slapd startup behavior (ITS#6848)
Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472)
Fixed slapd syncrepl timeout when using refreshAndPersist (ITS#6999)
Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052)
Fixed slapd syncrepl glue for empty suffix (ITS#7037)
Fixed slapd results cleanup (ITS#6763,ITS#7053)
Fixed slapd validation of args for TLSCertificateFile (ITS#7012)
Fixed slapd-bdb/hdb to build entry DN based on parent DN (ITS#5326)
Fixed slapd-hdb with zero-length entries (ITS#7073)
Fixed slapd-hdb duplicate entries in subtree IDL cache (ITS#6983)
Fixed slapo-constraint conversion to back-config (ITS#6986)
Fixed slapo-dds tag in refresh response (ITS#6886)
Fixed slapo-dds TTL tolerance (ITS#7017)
Fixed slapo-lastbind so authTimestamp is manageable (ITS#6873)
Fixed slapo-pcache response cleanup (ITS#6981)
Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021)
Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985)
Fixed slapo-sssvlv to only return requested attrs (ITS#7061)
Fixed slapo-syncprov DSA attribute filtering for Persist mode (ITS#7019)
Fixed slapo-syncprov when consumer has newer state of our SID (ITS#7040)
Fixed slapo-syncprov crash (ITS#7025)
Fixed slapo-unique URI checking of “host” portion (ITS#7018)
Fixed contrib/autogroup double-free (ITS#6972)
Fixed contrib/smbk5pwd cn=config deletion of bitmasks (ITS#7083)
Fixed contrib/smbk5pwd on 64-bit systems (ITS#7082)
Added missing LDIF form of schema files (ITS#7063)
Fixed creation and installation of slapd.ldif (ITS#7015)
Fixed libnet linking (ITS#7071)
ldapmodify(1) Fixed minor typo in -S option description (ITS#7086)
ldap_sync(3) Document ldap_sync_destroy (ITS#7028)
slapo-unique(5) Fix keyword quoting (ITS#7028)

Berkeley DB:
No changes

OpenSSL:
No changes

SASL:
Upgrade to Cyrus SASL 2.1.25

Status of this release:

This is a developer pre-release and is made available for experimental
testing purposes. It contains known defects and should not be
considered fully operational for production purposes.  Please use this
release only for experimental evaluation of new features on
experimental data.  Maintain backups of critical data and make
appropriate provisions for unexpected outages.

Bug reports, comments, and suggestions can be submitted to support@symas.com.

We look forward to hearing from you!

Symas OpenLDAP 2.4.26.1 for Debian 6 x86 (32-bit) is available for download. See the release announcement for Symas OpenLDAP 2.4.26.1 for additional information.

Symas OpenLDAP 2.4.26.1 has been released for download. Initial platforms are:

• Red Hat 4/5/6 32- and 64-bit
• Solaris 10 SPARC 32- and 64-bit

Release Notes for Symas OpenLDAP
Gold and Silver, Version 2.4.26.1

This release of Symas OpenLDAP contains the following component versions:

OpenLDAP 2.4.26

BDB 4.8.30

Cyrus SASL 2.1.22

OpenSSL 0.9.8r

Upgrade warning:
See notes for 2.4.21.0 if upgrading from releases prior to
that.  (Upgrading anything newer requires no special action)

Known defects in this release:
None

Changes for this release:
Packaging:
Correct version number that is reported for Symas OpenLDAP by the
Solaris pkginfo command for Solaris platforms (Symas #715)

OpenLDAP:
Enabled OpenLDAP slapi support (Symas #1320)
Fixed SunOS package version numbering (Symas #715)
Added Samba 3 schema file to distribution (Symas #1286)
Fixed memberof sub-operation timestamp generation
(Symas #1238) (ITS#6915)
Added libldap LDAP_OPT_X_TLS_PACKAGE (ITS#6969)
Fixed libldap MozNSS with CACertDir (ITS#6975)
Fixed libldap MozNSS with PR_SetEnv (ITS#6862)
Fixed libldap descriptor leak (ITS#6929)
Fixed libldap socket leak (ITS#6930)
Fixed libldap get option crash (ITS#6931)
Fixed libldap lockup (ITS#6898)
Fixed libldap ASYNC TLS setup (ITS#6828)
Fixed libldap with missing \n terminations (ITS#6947)
Fixed tools double free (ITS#6946)
Fixed tools verbose output (ITS#6977)
Fixed ldapmodify SEGV on invalid LDIF (ITS#6978)
Added slapd extra_attrs database option (ITS#6513)
Fixed slapd asserts (ITS#6932)
Fixed slapd configfile param on windows (ITS#6933)
Fixed slapd config with global chaining (ITS#6843)
Fixed slapd uninitialized variables (ITS#6935)
Fixed slapd config objectclass is readonly (ITS#6963)
Fixed slapd entry response with control (ITS#6899)
Fixed slapd with unknown attrs (ITS#6819)
Fixed slapd normalization of schema RDN (ITS#6967)
Fixed slapd operations cache to 10 op limit (ITS#6944)
Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
Fixed slapd-bdb/hdb with sparse index ranges (ITS#6961)
Fixed slapd-monitor stray code cleanup (ITS#6974)
Fixed back-ldap ppolicy updates (ITS#6711)
Fixed back-ldap with id-assert (ITS#6817)
Fixed slapd-meta reentry issues (ITS#6909)
Fixed slapd-sql length of data type (ITS#6657,ITS#6691)
Added slapo-accesslog filter matching (ITS#6815)
Fixed slapo-accesslog with invalid attrs (ITS#6819)
Added slapo-auditlog connID and peername logging (ITS#6936)
Fixed slapo-memberof with accesslog (ITS#6329,ITS#6766,ITS#6915)
Fixed slapo-pcache with unknown attrs (ITS#6823)
Fixed slapo-pcache with ‘1.1′, ‘+’, and ‘*’ attrs (ITS#6950)
Fixed slapo-pcache buffersize issues (ITS#6951)
Fixed slapo-pcache refresh (ITS#6953)
Fixed slapo-pcache with pCacheBind (ITS#6954)
Fixed slapo-pcache database corruption (ITS#6831)
Fixed slapo-rwm with attributes with no equality rule (ITS#6943)
Fixed slapo-sssvlv limits check when global (ITS#6973)
Fixed slapo-syncprov with replicated subtrees (ITS#6872)
Fixed slapo-unique with managedsait (ITS#6641)
Fixed slapo-unique filter with zero-length values (ITS#6901)
Added contrib/acl GSS naming extensions ACL module
Fixed contrib/smbk5pwd with shadowLastChange (ITS#6955)
Build Environment
Fixed builds that do not have GETTIMEOFDAY (ITS#6885)
Fixed libldap libfetch dependancy (ITS#6889)
Documentation
ldap_get_dn(3) add man page (ITS#6959)
slapo-nssov(5) Fixed typo (ITS#6934)
slapd-backends(5) update recommended database backend (ITS#6904)
slapd-bdb(5) update recommended database backend (ITS#6904)
slapd-hdb(5) update recommended database backend (ITS#6904)
admin24 update that cn=config is preferred (ITS#6905)
admin24 update information about indexes (ITS#6906)
admin24 fix –enable-wrappers option (ITS#6971)

Berkeley DB:
No changes

OpenSSL:
No changes

SASL:
No changes

Status of this release:
This is a production release and is made available for general use. We
have tested it in our labs and in the field and we believe it is
suitable for use in production environments. However, as is always the
case with any software, please test it in your own environment to make
sure it meets your requirements, Maintain backups of critical data and
make appropriate provisions for unexpected outages.

Bug reports, comments, and suggestions should be submitted to your
dedicated support email address or to support@symas.com.

We look forward to hearing from you!

32- and 64-bit releases for Solaris 8 SPARC are available now.

32- and 64-bit versions of Symas OpenLDAP 2.4.25.1 for Solaris 10 SPARC and MacOS 10.6.6 Intel are now available on the Symas Download Portal.