The Suretec Blog

OpenLDAP 2.4.25 is now officially out. Download now and review the final changes list:

OpenLDAP 2.4.25 is now available for download as detailed on our download page:

http://www.openldap.org/software/download/

and should soon be available on all official mirrors:

ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

Significant contributors include:

Howard Chu (Symas Corp)
Quanah Gibson-Mount (VMware, Inc)
Ralf Haferkamp (SUSE Linux)
Pierangelo Masarati (Politecnico di Milano)

OpenLDAP 2.4.25 Release (2011/03/26)
Fixed ldapsearch pagedresults loop (ITS#6755)
Fixed tools for incompatible args (ITS#6849)
Fixed libldap MozNSS crash (ITS#6863)
Fixed slapd add objectclasses in order (ITS#6837)
Added slapd ordering for uidNumber and gidNumber (ITS#6852)
Fixed slapd segfault when adding values out of order (ITS#6858)
Fixed slapd sortval handling (ITS#6845)
Fixed slapd-bdb with slapadd/index quick option (ITS#6853)
Fixed slapd-ldap^[?] chain cn=config support (ITS#6837)
Fixed slapd-ldap chain with slapd.conf (ITS#6857)
Fixed slapd-meta deadlock (ITS#6846)
Fixed slapo-sssvlv with multiple requests (ITS#6850)
Fixed contrib/lastbind install rules (ITS#6238)
Fixed contrib/cloak install rules (ITS#6877)
Build Environment
Fixed windows NT threads build (ITS#6859)
Fixed libldap/lberl/util if/else usage (ITS#6832)
Fixed Windows odbc32 detection (ITS#6125)
Fixed Windows msys build (ITS#6870)
Fixed test020 exit codes (ITS#6404)
Documentation
admin24 guide ldapi usage (ITS#6839)
admin24 guide conversion notes (ITS#6834)
admin24 guide fix drawback math for syncrepl (ITS#6866)
admin24 guide note manpages are definitive (ITS#6855)

MD5 (openldap-2.4.25.tgz) = ec63f9c2add59f323a0459128846905b
SHA1 (openldap-2.4.25.tgz) = 56efaf3656cc68d3b5be66422c0c89f0104d7183

OpenLDAP 2.4.24 is now officially out. Download now and review the final changes list:

OpenLDAP 2.4.24 is now available for download as detailed on our download page:

http://www.openldap.org/software/download/

and should soon be available on all official mirrors:

ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

Significant contributors include:
Howard Chu (Symas Corp)
Hallvard Furuseth (University of Oslo)
Quanah Gibson-Mount (VMware, Inc)
Ralf Haferkamp (SUSE Linux)
Gavin Henry (Suretec Systems)
Pierangelo Masarati (Politecnico di Milano)
Rein Tollevik (Basefarm AS)

OpenLDAP 2.4.24 Release (2011/02/10)
Added LDIF line wrapping setting (ITS#6645)
Added MozNSS support (ITS#6714,ITS#6742,ITS#6790,ITS#6791)
Added MozNSS support (ITS#6802,ITS#6811,ITS#6816,ITS#5696)
Added libldap cert x500UniqueIdentifier handling (ITS#6741)
Added libldap_r,libldap formal concurrency API (ITS#6625,ITS#5421)
Added slapadd attribute value checking (ITS#6592)
Added slapcat continue mode for problematic DBs (ITS#6482)
Added slapd syncrepl suffixmassage support (ITS#6781)
Added slapd multiple listener threads (ITS#6780)
Added slapd extensible match for ordering rules (ITS#6532)
Added slapd-meta paged results control forwarding (ITS#6664)
Added slapd-meta subtree-include support (ITS#6801)
Added slapd-null back-config support (ITS#6624)
Added slapd-sql autocommit support (ITS#6612)
Added slapd-sql support for long long keys (ITS#6617)
Added slapo-sssvlv multiple sorts per connection (ITS#6686)
Added contrib/autogroup LDAP^[?] URI with attribute filter (ITS#6536)
Added contrib/dupent module (ITS#6630)
Added contrib/lastbind (ITS#6238)
Added contrib/kinit for kerberos tickets
Added contrib/noopsrch for entry counting (ITS#6598)
Fixed client tools control logging (ITS#6775)
Fixed client tools one time leak (ITS#6778)
Fixed liblber to not close invalid sockets (ITS#6585)
Fixed liblber unmatched brace handling (ITS#6764)
Fixed liblber error setting (ITS#6732)
Fixed liblber memory debugging (ITS#6733)
Fixed libldap connectionless warnings (ITS#6747)
Fixed libldap dnssrv port format specifier (ITS#6644)
Fixed libldap EOF handling (ITS#6723)
Fixed libldap GnuTLS hang on socket close (ITS#6673)
Fixed libldap sasl partial write handling (ITS#6639)
Fixed libldap search leak (ITS#6453)
Fixed libldap referral chasing (ITS#6602)
Fixed libldap leak when chasing referrals (ITS#6744)
Fixed libldap url parsing with NULL host (ITS#6653)
Fixed libldap ldap_open_internal_connection (ITS#6788)
Fixed libldap sync checking for BER errors (ITS#6738)
Fixed libldap variable usage (ITS#6813)
Fixed liblutil getpass prompts (ITS#6702)
Fixed ldapsearch segfault with deref (ITS#6638)
Fixed ldapsearch multiple controls parsing (ITS#6651)
Fixed slapd SlapReply usage (ITS#6758)
Fixed slapd acl parsing overflow (ITS#6611)
Fixed slapd acl when resuming parsing (ITS#6804)
Fixed slapd Compare operation (ITS#6753)
Fixed slapd default config acls with overlays (ITS#6822)
Fixed slapd assert control (ITS#5862)
Fixed slapd assertions and debugging (ITS#6759)
Fixed slapd config leak with olcDbDirectory (ITS#6634)
Fixed slapd connectionless warnings (ITS#6747)
Fixed slapd listeners destruction (ITS#6736)
Fixed slapd to free controls if needed (ITS#6629)
Fixed slapd to stop if given unknown options (ITS#6754)
Fixed slapd filter leak (ITS#6635)
Fixed slapd matching rules for strict ordering (ITS#6722)
Fixed slapd when first acl is value dependent (ITS#6693)
Fixed slapd modify to return actual error (ITS#6581)
Fixed slapd modrdn with empty DN (ITS#6768)
Fixed slapd c_authz_backend setting (ITS#6824)
Fixed slapd sortvals of attributes with 1 value (ITS#6715)
Fixed slapd syncrepl reuse of presence list (ITS#6707)
Fixed slapd syncrepl uninitialized return code (ITS#6719)
Fixed slapd syncrepl variable initialization (ITS#6739)
Fixed slapd syncrepl refresh to use complete cookie (ITS#6807)
Fixed slapd-bdb hasSubordinates generation (ITS#6712)
Fixed slapd-bdb entry cache delete failure (ITS#6577)
Fixed slapd-bdb entry cache leak on multi-core systems (ITS#6660)
Fixed slapd-bdb error propagation to overlays (ITS#6633)
Fixed slapd-bdb slapadd -q with glued dbs (ITS#6794)
Fixed slapd-ldap^[?] debug output of timeout (ITS#6721)
Fixed slapd-ldap DNSSRV referral chaining (ITS#6565)
Fixed slapd-ldap chaining with bind failures (ITS#6607)
Fixed slapd-ldap chaining with onelevel scope (ITS#6699)
Fixed slapd-ldap chaining with ppolicy (ITS#6540)
Fixed slapd-ldap with SASL/EXTERNAL (ITS#6642)
Fixed slapd-ldap crasher on matchedDN (ITS#6793)
Fixed slapd-ldap with unknown objectClasses (ITS#6814)
Fixed slapd-ldif error strings (ITS#6731)
Fixed slapd-ndb to honor rootpw setting (ITS#6661)
Fixed slapd-ndb hasSubordinates generation (ITS#6712)
Fixed slapd-ndb variable initialization (ITS#6806)
Fixed slapd-ndb with out of order attributes (ITS#6821)
Fixed slapd-meta anon retry with failed auth method (ITS#6643)
Fixed slapd-meta rebind proc (ITS#6665)
Fixed slapd-meta to correctly rebind as user (ITS#6574)
Fixed slapd-meta with SASL/EXTERNAL (ITS#6642)
Fixed slapd-meta matchedDN return code (ITS#6774)
Fixed slapd-meta candidate selection (ITS#6799)
Fixed slapd-meta attribute normalization (ITS#6818)
Fixed slapd-monitor hasSubordinates generation (ITS#6712)
Fixed slapd-monitor abandon processing (ITS#6783)
Fixed slapd-monitor entry locks (ITS#6787)
Fixed slapd-sock missing newline in Compare operation (ITS#6809)
Fixed slapd-sql with null objectClass (ITS#6616)
Fixed slapd-sql hasSubordinates generation (ITS#6712)
Fixed slapo-accesslog with controls (ITS#6652)
Fixed slapo-dynlist Compare operation (ITS#6752)
Fixed slapo-dynlist entry handling (ITS#6752)
Fixed slapo-memberof CSN generation (ITS#6766)
Fixed slapo-memberof log messages (ITS#6748)
Fixed slapo-memberof with an empty groupOfNames (ITS#6670)
Fixed slapo-memberof with modrdn operations (ITS#6700)
Fixed slapo-pcache callback freeing (ITS#6640)
Fixed slapo-pcache to ignore undefined attrs (ITS#6600)
Fixed slapo-pcache pointer freeing (ITS#6797)
Fixed slapo-pcache with negative caching (ITS#6796)
Fixed slapo-pcache monitoring cleanup (ITS#6808)
Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608)
Fixed slapo-ppolicy to allow userPassword deletion (ITS#6620)
Fixed slapo-refint when last group member is deleted (ITS#6663)
Fixed slapo-refint with subtree rename (ITS#6730)
Fixed slapo-rwm double free (ITS#6720)
Fixed slapo-rwm crasher (ITS#6632,ITS#6727)
Fixed slapo-rwm entry handling (ITS#6760)
Fixed slapo-rwm response hang (ITS#6792)
Fixed slapo-sssvlv initialization (ITS#6649)
Fixed slapo-sssvlv to not advertise when unused (ITS#6647)
Fixed slapo-sssvlv result code (ITS#6685)
Fixed slapo-syncprov to send error if consumer is newer (ITS#6606)
Fixed slapo-syncprov filter race condition (ITS#6708)
Fixed slapo-syncprov active mod race (ITS#6709)
Fixed slapo-syncprov to refresh if context is dirty (ITS#6710)
Fixed slapo-syncprov CSN updates to all replicas (ITS#6718)
Fixed slapo-syncprov sessionlog ordering (ITS#6716)
Fixed slapo-syncprov sessionlog with adds (ITS#6503)
Fixed slapo-syncprov mutex (ITS#6438)
Fixed slapo-syncprov mincsn check with MMR (ITS#6717)
Fixed slapo-syncprov control leak (ITS#6795)
Fixed slapo-syncprov error codes (ITS#6812)
Fixed slapo-translucent entry leak (ITS#6746)
Fixed contrib/autogroup install location (ITS#6684)
Fixed contrib/autogroup crash with ppolicy (ITS#6684)
Fixed contrib/autogroup with non-DN URIs (ITS#6684)
Fixed contrib/autogroup with memberOf overlay (ITS#6684)
Fixed contrib/cloak when returning multiple entries (ITS#6762)
Fixed contrib/nssov to only close socket on shutdown (ITS#6676)
Fixed contrib/nssov multi platform support (ITS#6604)
Build Environment
Added support for [unsigned] long long (ITS#6622)
Added slapd support for BDB 5.0+ (ITS#6698)
Fixed config.guess/sub to pick up newer OSes (ITS#6547)
Fixed libldap mutex code - cleanup (ITS#6672)
Fixed libldap unnecessary ifdef's (ITS#6603)
Fixed slapd-tester EOF handling (ITS#6723)
Fixed slapd-tester filter initialization (ITS#6735)
Fixed test scripts with alternate testdir (ITS#6782)
Removed antiquated SunOS LWP support (ITS#6669)
Documentation
admin24 guide fix examples (ITS#6681)
admin24 guide typo fixes (ITS#6609)
admin24 guide refint rootdn requirement (ITS#6364)
admin24 add pcache overlay section (ITS#6521)
ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
ldap.conf(5) GnuTLS cipher spec info (ITS#6525)
slapd.conf(5) GnlTLS cipher spec info (ITS#6525)
slapd.conf(5) multi-listener support (ITS#6780)
slapd-config(5) GnuTLS cipher spec info (ITS#6525)
slapd-config(5) multi-listener support (ITS#6780)
slapd-meta(5) note deprecated items (ITS#6800)
slapd-meta(5) document subtree-include (ITS#6801)
slapo-pcache(5) note rootdn requirement (ITS#6522)
slapo-refint(5) rootdn requirement (ITS#6364)

MD5 (openldap-2.4.24.tgz) = 116fe1e23a7b67686d5e62274367e6c0
SHA1 (openldap-2.4.24.tgz) = a4baad3d45ae5810ba5fee48603210697c70d52f

Hi all,

Everyone involved in the directory sector and OpenLDAP has been seeing lots more enquiries to migrate from Sun Directory to OpenLDAP as the future of Sun Directory, now Oracle owns Sun is becoming a concern, as is their new pricing model. We obviously have experience doing this and migration from any other directory server.

If you want to convert your enterprise directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution please do contact us.

Our partners Symas also have a Directory Services Upgrade Program that we can do for you in the UK:

Convert your Enterprise Directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution. Typically, enterprises dramatically reduce their annual cost converting to OpenLDAP from Sun, Oracle, Netscape, or iPlanet Directory Services products. The workload requires half or less the power and capacity for substantially improved performance. This is a relatively easy transition to make because LDAPv3 is highly standardized and OpenLDAP conforms to the most demanding requirements of the Internet Standards (RFC^[?] 4511 and related RFCs)..

Symas Corporation will be glad to consult with your team and offer you a fixed-price, fixed schedule offer for conversion of your Enterprise Directory technology. This service includes:

- A complete evaluation of your present Directory Services servers
- A Detailed plan for implementation of the new technology
- A roadmap for conversion of existing LDAP^[?] applications and data feeds
- Conversion of schema definitions
- Access Control conversions/implementation
- Database transfer and clean-up
- OpenLDAP deployment, tuning and configuration
- SSL Certificate Conversion
- Database reload
- Assistance with application testing
- Operational team training (LDAP University)
- One year of standard Gold
- level Symas OpenLDAP technical support

Please do contact us.

Thanks,

Gavin.

OpenLDAP 2.4.23 is now officially out. Download now and review the final changes list:

OpenLDAP 2.4.23 is now available for download as detailed on our download page:
http://www.openldap.org/software/download/

and should soon be available on all official mirrors:
ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

Significant contributors to this release include:
Howard Chu (Symas Corp)
Quanah Gibson-Mount (Yahoo! Inc)
Ralf Haferkamp (SUSE Linux)
Pierangelo Masarati (Politecnico di Milano)

OpenLDAP 2.4.23 Release (2010/06/30)
Fixed libldap to return server's error code (ITS#6569)
Fixed libldap memleaks (ITS#6568)
Fixed liblutil off-by-one with delta (ITS#6541)
Fixed slapd acls with glued databases (ITS#6468)
Fixed slapd syncrepl rid logging (ITS#6533)
Fixed slapd modrdn handling of invalid values (ITS#6570)
Fixed slapd-bdb hasSubordinates computation (ITS#6549)
Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
Fixed slapd-bdb entry cache delete failure (ITS#6577)
Fixed slapd-ldap^[?] to return control responses (ITS#6530)
Fixed slapo-ppolicy to use Debug (ITS#6566)
Fixed slapo-refint to zero out freed DN vals (ITS#6572)
Fixed slapo-rwm to use Debug (ITS#6566)
Fixed slapo-sssvlv to use Debug (ITS#6566)
Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
Fixed slapo-valsort to use Debug (ITS#6566)
Fixed contrib/nssov network.c missing patch (ITS#6562)
Build Environment
Fixed test043 attribute sorting (ITS#6553)
Documentation
slapd-config(5) note default rootdn (ITS#6546)

MD5 (openldap-2.4.23.tgz) = 90150b8c0d0192e10b30157e68844ddf
SHA1 (openldap-2.4.23.tgz) = 26027e7020256c5f47e17787f17ee8b31af42378

Hi all,

Two bits of important news today:

"For those of you who use libcurl in your own applications, you may be interested to know that I've written a new LDAP^[?] implementation for libcurl." - Howard Chu from Symas

and

Shutdown of the OpenLDAP-Software list in favor of the OpenLDAP-Technical list

So when you post to openldap-software@openldap.org don't get scared, nothing has happened to OpenLDAP!

Thanks,

Gavin.

It's taken us a while to get round to ordering one of these Yubikeys from Yubico, but they do look great and have lots of documentation via the wiki.

We're going to be testing them via the pam module for SSH access (and of course using pam_ldap).

So, users in LDAP^[?] via pam, and a Yubikey, let's see how it goes!

(will be interesting for logging in a SIP handset via Asterisk or FreeSWITCH that needs one too and all the others technologies Suretec use and support (Catalyst, Perl, PostgresSQL, Squid and more....). We'll see....

As OpenLDAP sets the standard for being the most standards based LDAP^[?] directory, you'll be pleased to know that our partners Symas are keeping everyone updated about the wonderful world of collaboration in the LDAP world and in the process updating some much needed draft RFCs.

So, when you've got a second have a read of:

Password Policy for LDAP Directories - draft-behera-ldap^[?]-password-policy-10.txt

and

An Approach for Using LDAP as a Network Information Service - draft-howard-rfc2307bis-02.txt

Gavin.

A quick update:

SureVoIP a new startup ITSP will be launched by Suretec very soon. It is currently in development and being installed in a Scottish datacentre using various enterprise grade Open Source products. Keep an eye out for when it goes beta and will be available at http://www.surevoip.co.uk

OpenLDAP 2.4.17 is now officially out. Download now and review the final changes list.

Keep an eye on the Symas Release Notices site for when Symas OpenLDAP is at 2.4.17.

Suretec.

There's been lot's of hard work gone into 2.4.17 and I say it every time, but this is the best release so far!

A huge thanks to the following significant contributors to this release:

Howard Chu (Symas Corp)
Hallvard Furuseth (University of Oslo)
Quanah Gibson-Mount (Yahoo! Inc)
Ralf Haferkamp (SUSE Linux)
Gavin Henry (Suretec Systems)
Pierangelo Masarati (Sys-Net)
Rein Tollevik (Basefarm AS)

It's been 3 months almost to the day since 2.4.16 so you'll see lot's of fixes and a new tool. It always amazes me that there are still bugs even though OpenLDAP is so stable, widely deployed and so fast! Well, software will always have bugs

The nice new tool is Slapschema: "Slapschema is used to check schema compliance of the contents of a slapd(8) database." See man slapschema (8)

For complete fixes etc. see the OpenLDAP CHANGES file.

Oh, and where are all my new docs? We've been so busy with existing and new clients that things have slipped, sorry. Lots of work with our partners Symas too and we're also prepping a new VoIP platform for Suretec Telecom called SureVoIP (which OpenLDAP plays a big part!).

More later and upgrade, upgrade, upgrade!!

The International Conference on LDAP^[?] is a technical forum for IT professionals interested in LDAP and related topics like directory servers, directory management applications, directory integration, identity and access management, and meta directories.

It focuses on implementation and integration of LDAP servers and LDAP-enabled client applications. The event will bring together vendors, developers, active and prospective LDAP practitioners to share their experiences about deployment strategies, service operations, interoperability, discuss LDAP usage in new projects and learn about upcoming trends and developments.
Topics

You are involved with LDAP in interesting projects?

- You do LDAP client development?
- You have used LDAP like no-one before?
- You have innovative concepts in LDAP Integration?

Why not share your experiences, good and bad, with others?

We look for speakers who ae willing to talk about:

Continue reading "LDAPCon 2009 Call For Papers"

The 2nd International Conference on LDAP^[?]
LDAPCon 2009 has been announced!

- September 20th and 21st, 2009
- Portland Waterfront Marriott Hotel
- Portland, Oregon, USA
- LDAPCon 2009 in conjunction with LinuxCon 2009, attendees will be registered for all LinuxCon sessions and events as well as those for LDAPCon
- Conference fee: $US625

OpenLDAP has been replacing proprietary directory server offerings in the private sector, public sector and the financial sector at an increasing pace. This is largely due to its performance and scalability, dynamic configuration capabilities and flexible extensibility via bundled modules.

OpenLDAP would not have earned its place in these sectors without enterprise grade replication options.

In this talk, an overview of the latest production ready OpenLDAP 2.4 replication features will be discussed and the numerous best practice strategies will be presented covering the most common deployment configurations found in the wild.


19:30 in Room L13.18, 13th Floor, Livingstone Towers at Strathclyde University, Glasgow.

This has just appeared on voip-info.org via our Google Alerts and will answer
a lot of questions that appear on the Kamailio and OpenSIPS mailing lists:

http://www.voip-info.org/wiki/view/Realtime+Integration+Of+Asterisk+1.4+With+Kamailio+1.5.x

All that is left is to switch to LDAP^[?] authentication using the OpenSIPS LDAP module and res_config_ldap Asterisk plugin

Cheers.

Aberdeen hosts first advanced open source training course in Scotland

Local business Suretec teams up with world experts at Digium to bring ‘eccentric and entertaining’ professional trainer to north-east Scotland

Open Source software expert, Gavin Henry, who is managing director of Aberdeen-headquartered Suretec Group has teamed up with telecoms training provider, Telespeak and Asterisk open source software specialists, Digium, to organise Scotland’s first advanced training course for open source telecoms professionals.

[Read more]