ApacheDS™

ApacheDS™ is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Versioning Scheme

The version number of ApacheDS has the following form:

<major>.<minor>.<micro> [-M<milestone number> or -RC<release candidate number>]

This scheme has three number components:

  • The major number increases when there are incompatible changes in the API.
  • The minor number increases when a new feature is introduced.
  • The micro number increases when a bug or a trivial change is made.

and an optional label that indicates the maturity of a release:

  • M (Milestone) means the feature set can change at any time in the next milestone releases. The last milestone release becomes the first release candidate after a vote.
  • RC (Release Candidate) means the feature set is frozen and the next RC releases will focus on fixing problems unless there is a serious flaw in design. The last release candidate becomes the first GA release after a vote.
  • No label implies GA (General Availability), which means the release is stable enough and therefore ready for production environment.

ApacheDS 1.0 is considered a dead branch. ApacheDS 1.5.X are intermediary versions toward ApacheDS 2.0, which is currently being developped.

Users should start with the latest 2.0 version, even if it's not stabilized yet.

A stable version is a version with a frozen set of features, and a frozen API. We don't release a version if all the integration tests are not passing, so any release should be considered stable enogh to be used.
Although we may add new features between two milestones, and the data structure may change, which may imply that the data have to be extracted and reimported in order for the server to be operational.
The configuration might also evolve between two versions.

Important new features in ApacheDS 2.0

The following new features have been added in the 2.0 version :

  • Dynamic Schema
  • SASL/StartTLS
  • Multi-Master Replication, RFC 4533
  • Cache
  • LDIF based Configuration
  • Better performances
  • Password Policy
  • LDIF Partition

News

ApacheDS 2.0.0-M12 released posted on May 2nd, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M12, the twelwth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M12:

  • DIRSERVER-1798 - The AdministrativePoint interceptor is always activated, even if it's not part of the config
  • DIRAPI-80 - Cannot issue a direct operation without having connected to the server
  • DIRSERVER-1143 - ldappasswd fails to bind
  • DIRSERVER-1584 - document how to limit the available ciphers for ldaps (how to disable SSL3_RSA_RC4_40_MD5 : SSL_EXPORT SSL3_RSA_DES_40_CBC_SHA)
  • DIRSERVER-1812 - The default admin account should never get locked forever
  • DIRSERVER-1814 - Using anon connection results in UnbindRequestHandler reporting 'LdapNoSuchObjectException: ERR_268 Cannot find a partition for '
  • DIRSERVER-1826 - The ads-pwdFailureCountInterval is not taken into account
  • DIRSERVER-1834 - Broken backend when using AT with no EQUALITY MR

This is a critical version, and anyone using 2.0.0-M11 should replace it with this version.

Downloads are available here

ApacheDS 2.0.0-M11 released posted on March 3rd, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M11, the eleventh milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M11:

  • DIRSERVER-1281 - StreamCorruptedException after brutal shutdown
  • DIRSERVER-1797 - The AdministrativeRole AT is not indexed, leadings to huge delay when starting the server
  • DIRSERVER-1798 - The AdministrativePoint interceptor is always activated, even if it's not part of the config
  • DIRSERVER-1799 - When deleting values from an existing entry, the presence index might get out of date
  • DIRSERVER-1802 - Disabling an authenticator results in a NPE
  • DIRSERVER-1803 - When the SimpleAuthenticator is disabled, and the auth level is set to SIMPLE, we can bind freely
  • DIRSERVER-1804 - [patch] Fix ApacheDS code to allow control and reduce number of outputted logs
  • DIRSERVER-1805 - The replication janitor thread is not stopped correctly when teh server is stopped
  • DIRKRB-85 - @CreateKdcServer should include searchBaseDn attribute
  • DIRSERVER-1321 - Clarify relationship between partition.syncOnWrite and apacheDS.syncPeriodMillis configuration attributes
  • DIRSERVER-1322 - Auto inferring context entry
  • DIRSERVER-1808 - We should evaluate the Scope and any other index in a fliter only when the # of candidate is above a threshold
  • DIRKRB-86 - The Kerberos server badly need some logging...

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don't have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M10 released posted on January 29th, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M10, the tenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M10:

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don't have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M8 released posted on October 12th, 2012

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M8, the eigth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M8:

  • DIRSERVER-1458 - Cursor API generic usage is totally wrong
  • DIRSERVER-1624 - Index are not created when added after the server has been started
  • DIRSERVER-1655 - Possible incorrect insertion of modifications in the consumer log
  • DIRSERVER-1659 - the apacheds.sh/bat files contains a hard coded revision. This is not good
  • DIRSERVER-1663 - NPE when doing add/delete and search at the same time on the same entries
  • DIRSERVER-1677 - Dependencies cleanup
  • DIRSERVER-1689 - testNoSearchByNonAdmin does not throw an LdapNoPermissionException, as expected
  • DIRSERVER-1706 - be sure we close the cursors when the session expires and if we have paged searches or persistent search going on
  • DIRSERVER-1709 - Adding an index does not create the index if the server is already started
  • DIRSERVER-1710 - The memory default (128M) is not enouh in most case
  • DIRSERVER-1715 - Implement backward browse for DescendantCursor and ChildrenCursor
  • DIRSERVER-1718 - Problems when adding a schema containing one or more uppercased letters
  • DIRSERVER-1722 - The PagedSearchIT.testPagedSearchWrongCookie() test blocks randomly the build
  • DIRSERVER-1723 - Potential LRUCache exhaustion with searches
  • DIRSERVER-1726 - DefaultPasswordValidator always throws PasswordPolicyException when consecutive non-letter chars are in RDN
  • DIRSERVER-1727 - LDAP Searches against boolean attributes with booleanMatch equality never return matches
  • DIRSERVER-1732 - ERR_04131 The value is expected to be a String
  • DIRSERVER-1735 - When ads-pwdmaxage attribute is set to more then 2147483, then all user passwords are expirer forever.
  • DIRSERVER-1737 - ApacheDS should be able to start even when one of its indexed attributes can't be found in the schema manager
  • DIRSERVER-1738 - Can't restart ApacheDS after setting a value superior to Integer.MAX_VALUE in an AT with Integer syntax
  • DIRSERVER-1739 - LDAP Searches Slow
  • DIRSERVER-1744 - Compex LDAP search filters returning unmatched objects
  • DIRSERVER-1747 - Presence index is not up to date when the server is started
  • DIRSERVER-1748 - EqualityEvaluator does not work correctly

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don't have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M7 released posted on May 21st, 2012

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M7, the seventh milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M7:

  • DIRSERVER-1093 - the ResourceRecordEncoder and QuestionRecordEncoder have bug for empty domainName
  • DIRSERVER-1697 - Creation of new syntax fails due to ERR_277 Attribute m-obsolete not declared in objectClasses of entry
  • DIRSERVER-1698 - Search on entries with multiple AVA in RDN does not work correctly if the initial RDN order is not used
  • DIRSERVER-1702 - Adding an index through annotation does not work
  • DIRSERVER-1712 - If the index are created using their alias, they are deleted immediately
  • DIRSERVER-1711 - Index initialization is taking way too much time
  • DIRSERVER-1713 - Error on console with first start of clean system

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don't have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M6 released posted on February 29th, 2012

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M6, the sixth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M6:

  • DIRSERVER-1644 - User provided value is not retained during rename operation
  • DIRSERVER-1681 - adding entries with attribute userCertificate;binary fails with "No such attribute"
  • DIRSERVER-1692 - Unable to add a JPEG image to an entry due to an 'Invalid Attribute Syntax' error
  • DIRSERVER-1693 - Renaming an entry when the RDN uses a case insensitive AT should be possible
  • DIRSERVER-1694 - Renaming an existing entry with a DN containing upper cased chars will not store the CN as provided
  • DIRSERVER-1696 - Creation of an entry like cn=test1+cn=test2, ou=system should not be allowed
  • DIRSERVER-1699 - DN/RDN handling is incorrect when there are some escaped values into them
  • DIRSERVER-1700 - Version in Root DSE is reported as '$pom.version'

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don't have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here