Skip to content

OpenLDAP 2.4.25 released

OpenLDAPOpen SourceSuretec OpenLDAP 2.4.25 is now officially out. Download now and review the final changes list:

OpenLDAP 2.4.25 is now available for download as detailed on our download page:

and should soon be available on all official mirrors:

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

Significant contributors include:

Howard Chu (Symas Corp)
Quanah Gibson-Mount (VMware, Inc)
Ralf Haferkamp (SUSE Linux)
Pierangelo Masarati (Politecnico di Milano)

OpenLDAP 2.4.25 Release (2011/03/26)
Fixed ldapsearch pagedresults loop (ITS#6755)
Fixed tools for incompatible args (ITS#6849)
Fixed libldap MozNSS crash (ITS#6863)
Fixed slapd add objectclasses in order (ITS#6837)
Added slapd ordering for uidNumber and gidNumber (ITS#6852)
Fixed slapd segfault when adding values out of order (ITS#6858)
Fixed slapd sortval handling (ITS#6845)
Fixed slapd-bdb with slapadd/index quick option (ITS#6853)
Fixed slapd-ldap[?] chain cn=config support (ITS#6837)
Fixed slapd-ldap chain with slapd.conf (ITS#6857)
Fixed slapd-meta deadlock (ITS#6846)
Fixed slapo-sssvlv with multiple requests (ITS#6850)
Fixed contrib/lastbind install rules (ITS#6238)
Fixed contrib/cloak install rules (ITS#6877)
Build Environment
Fixed windows NT threads build (ITS#6859)
Fixed libldap/lberl/util if/else usage (ITS#6832)
Fixed Windows odbc32 detection (ITS#6125)
Fixed Windows msys build (ITS#6870)
Fixed test020 exit codes (ITS#6404)
admin24 guide ldapi usage (ITS#6839)
admin24 guide conversion notes (ITS#6834)
admin24 guide fix drawback math for syncrepl (ITS#6866)
admin24 guide note manpages are definitive (ITS#6855)

MD5 (openldap-2.4.25.tgz) = ec63f9c2add59f323a0459128846905b
SHA1 (openldap-2.4.25.tgz) = 56efaf3656cc68d3b5be66422c0c89f0104d7183

OpenLDAP 2.4.24 released

OpenLDAPOpen SourceSuretec OpenLDAP 2.4.24 is now officially out. Download now and review the final changes list:

OpenLDAP 2.4.24 is now available for download as detailed on our download page:

and should soon be available on all official mirrors:

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

Significant contributors include:
Howard Chu (Symas Corp)
Hallvard Furuseth (University of Oslo)
Quanah Gibson-Mount (VMware, Inc)
Ralf Haferkamp (SUSE Linux)
Gavin Henry (Suretec Systems)
Pierangelo Masarati (Politecnico di Milano)
Rein Tollevik (Basefarm AS)

OpenLDAP 2.4.24 Release (2011/02/10)
Added LDIF line wrapping setting (ITS#6645)
Added MozNSS support (ITS#6714,ITS#6742,ITS#6790,ITS#6791)
Added MozNSS support (ITS#6802,ITS#6811,ITS#6816,ITS#5696)
Added libldap cert x500UniqueIdentifier handling (ITS#6741)
Added libldap_r,libldap formal concurrency API (ITS#6625,ITS#5421)
Added slapadd attribute value checking (ITS#6592)
Added slapcat continue mode for problematic DBs (ITS#6482)
Added slapd syncrepl suffixmassage support (ITS#6781)
Added slapd multiple listener threads (ITS#6780)
Added slapd extensible match for ordering rules (ITS#6532)
Added slapd-meta paged results control forwarding (ITS#6664)
Added slapd-meta subtree-include support (ITS#6801)
Added slapd-null back-config support (ITS#6624)
Added slapd-sql autocommit support (ITS#6612)
Added slapd-sql support for long long keys (ITS#6617)
Added slapo-sssvlv multiple sorts per connection (ITS#6686)
Added contrib/autogroup LDAP[?] URI with attribute filter (ITS#6536)
Added contrib/dupent module (ITS#6630)
Added contrib/lastbind (ITS#6238)
Added contrib/kinit for kerberos tickets
Added contrib/noopsrch for entry counting (ITS#6598)
Fixed client tools control logging (ITS#6775)
Fixed client tools one time leak (ITS#6778)
Fixed liblber to not close invalid sockets (ITS#6585)
Fixed liblber unmatched brace handling (ITS#6764)
Fixed liblber error setting (ITS#6732)
Fixed liblber memory debugging (ITS#6733)
Fixed libldap connectionless warnings (ITS#6747)
Fixed libldap dnssrv port format specifier (ITS#6644)
Fixed libldap EOF handling (ITS#6723)
Fixed libldap GnuTLS hang on socket close (ITS#6673)
Fixed libldap sasl partial write handling (ITS#6639)
Fixed libldap search leak (ITS#6453)
Fixed libldap referral chasing (ITS#6602)
Fixed libldap leak when chasing referrals (ITS#6744)
Fixed libldap url parsing with NULL host (ITS#6653)
Fixed libldap ldap_open_internal_connection (ITS#6788)
Fixed libldap sync checking for BER errors (ITS#6738)
Fixed libldap variable usage (ITS#6813)
Fixed liblutil getpass prompts (ITS#6702)
Fixed ldapsearch segfault with deref (ITS#6638)
Fixed ldapsearch multiple controls parsing (ITS#6651)
Fixed slapd SlapReply usage (ITS#6758)
Fixed slapd acl parsing overflow (ITS#6611)
Fixed slapd acl when resuming parsing (ITS#6804)
Fixed slapd Compare operation (ITS#6753)
Fixed slapd default config acls with overlays (ITS#6822)
Fixed slapd assert control (ITS#5862)
Fixed slapd assertions and debugging (ITS#6759)
Fixed slapd config leak with olcDbDirectory (ITS#6634)
Fixed slapd connectionless warnings (ITS#6747)
Fixed slapd listeners destruction (ITS#6736)
Fixed slapd to free controls if needed (ITS#6629)
Fixed slapd to stop if given unknown options (ITS#6754)
Fixed slapd filter leak (ITS#6635)
Fixed slapd matching rules for strict ordering (ITS#6722)
Fixed slapd when first acl is value dependent (ITS#6693)
Fixed slapd modify to return actual error (ITS#6581)
Fixed slapd modrdn with empty DN (ITS#6768)
Fixed slapd c_authz_backend setting (ITS#6824)
Fixed slapd sortvals of attributes with 1 value (ITS#6715)
Fixed slapd syncrepl reuse of presence list (ITS#6707)
Fixed slapd syncrepl uninitialized return code (ITS#6719)
Fixed slapd syncrepl variable initialization (ITS#6739)
Fixed slapd syncrepl refresh to use complete cookie (ITS#6807)
Fixed slapd-bdb hasSubordinates generation (ITS#6712)
Fixed slapd-bdb entry cache delete failure (ITS#6577)
Fixed slapd-bdb entry cache leak on multi-core systems (ITS#6660)
Fixed slapd-bdb error propagation to overlays (ITS#6633)
Fixed slapd-bdb slapadd -q with glued dbs (ITS#6794)
Fixed slapd-ldap[?] debug output of timeout (ITS#6721)
Fixed slapd-ldap DNSSRV referral chaining (ITS#6565)
Fixed slapd-ldap chaining with bind failures (ITS#6607)
Fixed slapd-ldap chaining with onelevel scope (ITS#6699)
Fixed slapd-ldap chaining with ppolicy (ITS#6540)
Fixed slapd-ldap with SASL/EXTERNAL (ITS#6642)
Fixed slapd-ldap crasher on matchedDN (ITS#6793)
Fixed slapd-ldap with unknown objectClasses (ITS#6814)
Fixed slapd-ldif error strings (ITS#6731)
Fixed slapd-ndb to honor rootpw setting (ITS#6661)
Fixed slapd-ndb hasSubordinates generation (ITS#6712)
Fixed slapd-ndb variable initialization (ITS#6806)
Fixed slapd-ndb with out of order attributes (ITS#6821)
Fixed slapd-meta anon retry with failed auth method (ITS#6643)
Fixed slapd-meta rebind proc (ITS#6665)
Fixed slapd-meta to correctly rebind as user (ITS#6574)
Fixed slapd-meta with SASL/EXTERNAL (ITS#6642)
Fixed slapd-meta matchedDN return code (ITS#6774)
Fixed slapd-meta candidate selection (ITS#6799)
Fixed slapd-meta attribute normalization (ITS#6818)
Fixed slapd-monitor hasSubordinates generation (ITS#6712)
Fixed slapd-monitor abandon processing (ITS#6783)
Fixed slapd-monitor entry locks (ITS#6787)
Fixed slapd-sock missing newline in Compare operation (ITS#6809)
Fixed slapd-sql with null objectClass (ITS#6616)
Fixed slapd-sql hasSubordinates generation (ITS#6712)
Fixed slapo-accesslog with controls (ITS#6652)
Fixed slapo-dynlist Compare operation (ITS#6752)
Fixed slapo-dynlist entry handling (ITS#6752)
Fixed slapo-memberof CSN generation (ITS#6766)
Fixed slapo-memberof log messages (ITS#6748)
Fixed slapo-memberof with an empty groupOfNames (ITS#6670)
Fixed slapo-memberof with modrdn operations (ITS#6700)
Fixed slapo-pcache callback freeing (ITS#6640)
Fixed slapo-pcache to ignore undefined attrs (ITS#6600)
Fixed slapo-pcache pointer freeing (ITS#6797)
Fixed slapo-pcache with negative caching (ITS#6796)
Fixed slapo-pcache monitoring cleanup (ITS#6808)
Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608)
Fixed slapo-ppolicy to allow userPassword deletion (ITS#6620)
Fixed slapo-refint when last group member is deleted (ITS#6663)
Fixed slapo-refint with subtree rename (ITS#6730)
Fixed slapo-rwm double free (ITS#6720)
Fixed slapo-rwm crasher (ITS#6632,ITS#6727)
Fixed slapo-rwm entry handling (ITS#6760)
Fixed slapo-rwm response hang (ITS#6792)
Fixed slapo-sssvlv initialization (ITS#6649)
Fixed slapo-sssvlv to not advertise when unused (ITS#6647)
Fixed slapo-sssvlv result code (ITS#6685)
Fixed slapo-syncprov to send error if consumer is newer (ITS#6606)
Fixed slapo-syncprov filter race condition (ITS#6708)
Fixed slapo-syncprov active mod race (ITS#6709)
Fixed slapo-syncprov to refresh if context is dirty (ITS#6710)
Fixed slapo-syncprov CSN updates to all replicas (ITS#6718)
Fixed slapo-syncprov sessionlog ordering (ITS#6716)
Fixed slapo-syncprov sessionlog with adds (ITS#6503)
Fixed slapo-syncprov mutex (ITS#6438)
Fixed slapo-syncprov mincsn check with MMR (ITS#6717)
Fixed slapo-syncprov control leak (ITS#6795)
Fixed slapo-syncprov error codes (ITS#6812)
Fixed slapo-translucent entry leak (ITS#6746)
Fixed contrib/autogroup install location (ITS#6684)
Fixed contrib/autogroup crash with ppolicy (ITS#6684)
Fixed contrib/autogroup with non-DN URIs (ITS#6684)
Fixed contrib/autogroup with memberOf overlay (ITS#6684)
Fixed contrib/cloak when returning multiple entries (ITS#6762)
Fixed contrib/nssov to only close socket on shutdown (ITS#6676)
Fixed contrib/nssov multi platform support (ITS#6604)
Build Environment
Added support for [unsigned] long long (ITS#6622)
Added slapd support for BDB 5.0+ (ITS#6698)
Fixed config.guess/sub to pick up newer OSes (ITS#6547)
Fixed libldap mutex code - cleanup (ITS#6672)
Fixed libldap unnecessary ifdef's (ITS#6603)
Fixed slapd-tester EOF handling (ITS#6723)
Fixed slapd-tester filter initialization (ITS#6735)
Fixed test scripts with alternate testdir (ITS#6782)
Removed antiquated SunOS LWP support (ITS#6669)
admin24 guide fix examples (ITS#6681)
admin24 guide typo fixes (ITS#6609)
admin24 guide refint rootdn requirement (ITS#6364)
admin24 add pcache overlay section (ITS#6521)
ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
ldap.conf(5) GnuTLS cipher spec info (ITS#6525)
slapd.conf(5) GnlTLS cipher spec info (ITS#6525)
slapd.conf(5) multi-listener support (ITS#6780)
slapd-config(5) GnuTLS cipher spec info (ITS#6525)
slapd-config(5) multi-listener support (ITS#6780)
slapd-meta(5) note deprecated items (ITS#6800)
slapd-meta(5) document subtree-include (ITS#6801)
slapo-pcache(5) note rootdn requirement (ITS#6522)
slapo-refint(5) rootdn requirement (ITS#6364)

MD5 (openldap-2.4.24.tgz) = 116fe1e23a7b67686d5e62274367e6c0
SHA1 (openldap-2.4.24.tgz) = a4baad3d45ae5810ba5fee48603210697c70d52f

Increase in enquiries for migrations from Sun Directory and other directory servers to OpenLDAP

LinuxOpenLDAPOpen SourceSuretec Hi all,

Everyone involved in the directory sector and OpenLDAP has been seeing lots more enquiries to migrate from Sun Directory to OpenLDAP as the future of Sun Directory, now Oracle owns Sun is becoming a concern, as is their new pricing model. We obviously have experience doing this and migration from any other directory server.

If you want to convert your enterprise directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution please do contact us.

Our partners Symas also have a Directory Services Upgrade Program that we can do for you in the UK:

Convert your Enterprise Directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution. Typically, enterprises dramatically reduce their annual cost converting to OpenLDAP from Sun, Oracle, Netscape, or iPlanet Directory Services products. The workload requires half or less the power and capacity for substantially improved performance. This is a relatively easy transition to make because LDAPv3 is highly standardized and OpenLDAP conforms to the most demanding requirements of the Internet Standards (RFC[?] 4511 and related RFCs)..

Symas Corporation will be glad to consult with your team and offer you a fixed-price, fixed schedule offer for conversion of your Enterprise Directory technology. This service includes:

- A complete evaluation of your present Directory Services servers
- A Detailed plan for implementation of the new technology
- A roadmap for conversion of existing LDAP[?] applications and data feeds
- Conversion of schema definitions
- Access Control conversions/implementation
- Database transfer and clean-up
- OpenLDAP deployment, tuning and configuration
- SSL Certificate Conversion
- Database reload
- Assistance with application testing
- Operational team training (LDAP University)
- One year of standard Gold
- level Symas OpenLDAP technical support

Please do contact us.



OpenLDAP 2.4.23 released

OpenLDAPOpen SourceSuretec OpenLDAP 2.4.23 is now officially out. Download now and review the final changes list:

OpenLDAP 2.4.23 is now available for download as detailed on our download page:

and should soon be available on all official mirrors:

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

Significant contributors to this release include:
Howard Chu (Symas Corp)
Quanah Gibson-Mount (Yahoo! Inc)
Ralf Haferkamp (SUSE Linux)
Pierangelo Masarati (Politecnico di Milano)

OpenLDAP 2.4.23 Release (2010/06/30)
Fixed libldap to return server's error code (ITS#6569)
Fixed libldap memleaks (ITS#6568)
Fixed liblutil off-by-one with delta (ITS#6541)
Fixed slapd acls with glued databases (ITS#6468)
Fixed slapd syncrepl rid logging (ITS#6533)
Fixed slapd modrdn handling of invalid values (ITS#6570)
Fixed slapd-bdb hasSubordinates computation (ITS#6549)
Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
Fixed slapd-bdb entry cache delete failure (ITS#6577)
Fixed slapd-ldap[?] to return control responses (ITS#6530)
Fixed slapo-ppolicy to use Debug (ITS#6566)
Fixed slapo-refint to zero out freed DN vals (ITS#6572)
Fixed slapo-rwm to use Debug (ITS#6566)
Fixed slapo-sssvlv to use Debug (ITS#6566)
Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
Fixed slapo-valsort to use Debug (ITS#6566)
Fixed contrib/nssov network.c missing patch (ITS#6562)
Build Environment
Fixed test043 attribute sorting (ITS#6553)
slapd-config(5) note default rootdn (ITS#6546)

MD5 (openldap-2.4.23.tgz) = 90150b8c0d0192e10b30157e68844ddf
SHA1 (openldap-2.4.23.tgz) = 26027e7020256c5f47e17787f17ee8b31af42378

OpenLDAP News: openldap-software mailing list, cURL, libcurl, and LDAP

OpenLDAPOpen Source Hi all,

Two bits of important news today:

"For those of you who use libcurl in your own applications, you may be interested to know that I've written a new LDAP[?] implementation for libcurl." - Howard Chu from Symas


Shutdown of the OpenLDAP-Software list in favor of the OpenLDAP-Technical list

So when you post to don't get scared, nothing has happened to OpenLDAP!



Monitoring your LDAP directory

OpenLDAPOpen Source Hi all,

Andreas Andersson posted this on the openldap technical list last week about CN=Montior:

My name is Andreas and I want to inform you about a little project I've been working on called CN=Monitor.
It's about monitoring and verifying directory servers with focus on open source LDAP[?] servers. From single installed servers to large scaled deployments.

Its a webbased application where you can:
- Verify availability, compare load and performance between servers
- Collect historical events for long term analysis (and get weekly reports by mail)
- Verify cluster and load balancing functionality
- Query several directories at the same time for data consistancy verification
... and a lot more.

Why the name CN=Monitor. Well.. a lot of the information collected and analyzed is gathered from the CN=Monitor base DN.

Looks very promising!!!

Will keep you posted,


Updated LDAP RFCs drafts - "LDAP as a Network Information Service" and "Password Policy for LDAP Directories"

OpenLDAPOpen SourceSuretec As OpenLDAP sets the standard for being the most standards based LDAP[?] directory, you'll be pleased to know that our partners Symas are keeping everyone updated about the wonderful world of collaboration in the LDAP world and in the process updating some much needed draft RFCs.

So, when you've got a second have a read of:

Password Policy for LDAP Directories - draft-behera-ldap[?]-password-policy-10.txt


An Approach for Using LDAP as a Network Information Service - draft-howard-rfc2307bis-02.txt


Suretec VoIP platform coming soon - SureVoIP

AsteriskCatalystDojoJabber/XMPPLinuxOpenLDAPOpenSIPSOpen SourcePerlPostgreSQLSuretec A quick update:

SureVoIP a new startup ITSP will be launched by Suretec very soon. It is currently in development and being installed in a Scottish datacentre using various enterprise grade Open Source products. Keep an eye out for when it goes beta and will be available at

LDAPCon 2009 Call For Papers

OpenLDAPOpen SourceSuretec The International Conference on LDAP[?] is a technical forum for IT professionals interested in LDAP and related topics like directory servers, directory management applications, directory integration, identity and access management, and meta directories.

It focuses on implementation and integration of LDAP servers and LDAP-enabled client applications. The event will bring together vendors, developers, active and prospective LDAP practitioners to share their experiences about deployment strategies, service operations, interoperability, discuss LDAP usage in new projects and learn about upcoming trends and developments.

You are involved with LDAP in interesting projects?

- You do LDAP client development?
- You have used LDAP like no-one before?
- You have innovative concepts in LDAP Integration?

Why not share your experiences, good and bad, with others?

We look for speakers who ae willing to talk about:

Continue reading "LDAPCon 2009 Call For Papers"

2nd International Conference on LDAP - LDAPCon 2009

OpenLDAPOpen SourceSuretec The 2nd International Conference on LDAP[?]
LDAPCon 2009
has been announced!

- September 20th and 21st, 2009
- Portland Waterfront Marriott Hotel
- Portland, Oregon, USA
- LDAPCon 2009 in conjunction with LinuxCon 2009, attendees will be registered for all LinuxCon sessions and events as well as those for LDAPCon
- Conference fee: $US625

Webinar: 'Guide to Scaling OpenLDAP with MySQL Cluster'

OpenLDAPOpen SourceSuretec “Guide to Scaling OpenLDAP with MySQL Cluster” on June 24th at 10:00AM PST. Howard Chu, CTO of Symas Corporation, will be the primary technical presenter. This is going to be a repeat of the great pitch we did at the MySQL Conference in Santa Clara. This is a terrific introduction to the OpenLDAP Driver for MySQL Cluster for people interested in this new database technology for LDAP[?] directory data.

Register here


Reminder: OpenLDAP Replication Strategies presentation tonight

OpenLDAPOpen SourceSuretec OpenLDAP has been replacing proprietary directory server offerings in the private sector, public sector and the financial sector at an increasing pace. This is largely due to its performance and scalability, dynamic configuration capabilities and flexible extensibility via bundled modules.

OpenLDAP would not have earned its place in these sectors without enterprise grade replication options.

In this talk, an overview of the latest production ready OpenLDAP 2.4 replication features will be discussed and the numerous best practice strategies will be presented covering the most common deployment configurations found in the wild.

19:30 in Room L13.18, 13th Floor, Livingstone Towers at Strathclyde University, Glasgow.

Asterisk svn commit access for res_config_ldap granted.

AsteriskLinuxOpenLDAPOpen SourceSuretec Just a quick one to say that we now have svn commit access to the res_config_ldap RealTime driver to maintain it and the Asterisk LDAP[?] schema in the Asterisk source code.

Any bugs you find, please report them!

OpenLDAP build farm

OpenLDAPOpen SourceSuretec Dear all,

Just a quick update to say things are moving forward on the OpenLDAP build farm and very soon (after more testing) you'll be able to submit your desired platform for testing and upload your build results!

More later (next month),


OpenLDAP Replication Strategies

OpenLDAPOpen SourceSuretec At this years UKUUG's annual Large Installation Systems Administration (LISA) conference I gave a talk on OpenLDAP Replication Strategies. You can grab theOpenLDAP Replications Strategies PDF or SlideShare version.

Other presentations regarding OpenLDAP that day (including one from Howard, the Projects Chief Architect and Symas CTO), OpenLDAP and MySQL: Bridging the Data Model Divide and Andrew Findlays Writing Access Control Policies for LDAP[?]


Warning: Use of undefined constant CHARSET_NATIVE - assumed 'CHARSET_NATIVE' (this will throw an Error in a future version of PHP) in /home/suretecsystems/www/blog/ on line 182