ApacheDS™

LDAP and Kerberos server written in Java

ApacheDS™ is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

LDAPv3 Compliant

Since its initial version, ApacheDS has been certified by the Open Group which guarantees conformance of directory servers to version 3 of the LDAP protocol.

Full X500 Authorization

ApacheDS uses an adaptation of the X.500 basic access control scheme in combination with X.500 subentries to control access to entries and attributes within the DIT.

Kerberos Server Built-in

Not only is ApacheDS an LDAP server, it also supports the Kerberos protocol being a KDC (Key Distribution Center), a TGS (Ticket Granting Server) and an AS (Authentication Server).

Multi-Master Replication

Multi-master replication support via RFC 4533 (Content Synchronization Operation) has been added to ApacheDS 2.0, making it also compatible with OpenLDAP.

Password Policy Support

ApacheDS supports the "Password Policy for LDAP Directories" RFC draft, allowing it to enforce a set of rules designed to encourage users to employ strong passwords and use them properly.

LDIF-Based Configuration

The configuration of ApacheDS relies on an LDIF file, a well known format for people working around LDAP technologies, making it easier to configure the server.

Written in Java and Embeddable

ApacheDS has been written in Java, one of the best object-oriented programming languages, which makes it easy for developpers to embed in their own Java applications.

Multi-Platform

ApacheDS is available on most operating systems (Linux, Mac OS X & Windows), with dedicated installers for each platform (.deb, .bin, or .rpm packages, Windows installer, .zip and .tar.gz archives, etc).

NOTE: On the latest Apache DS release (2.0.0.AM27), the attached packages have been created with teh wrong version (2.0.0.AM28-SNAPSHOT). Those packages are really for 2.0.0.ALM27, but where built using the Apache Jenkins service, which kicked in after the release, when the version was already bumped to AM28. This will be fixed in teh next release. Sorry for the inconvenience.

News

ApacheDS 2.0.0.AM27 released posted on October 21th, 2023

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0.AM27, the 27th milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This is a major and long expected release of ApacheDS. It brings many bug fixes (29). We focused on fixing issues with newer versions of Java (11 and 17 are now supported), migrating Junit tests to version 5, mitigating the Log4j security vulnerability.

The Kerberos subsystem has been removed from the server, as Apache Kerby is already providing a maintained and updated Kezrberos server.

It uses the Apache LDAP API 2.1.5 release, and TLS 1.3 is now supported.

Here is the release note for Apache Directory ApacheDS 2.0.0.AM27:

Bugs :

  • DIRSERVER-1091 - not Support multiple resource record answers caused by ResourceRecordImpl’s error equals method
  • DIRSERVER-1632 - Setting SASL QoP to ‘auth-int’ or ‘auth-conf’ while connecting using the LDAP API fails and throws a decoder exception
  • DIRSERVER-1670 - DIGEST-MD5 authentication mechanism must support encryption
  • DIRSERVER-1951 - Maven build on windows is flakey
  • DIRSERVER-2162 - Searching for users using ObjectClass=person takes long
  • DIRSERVER-2176 - Thread leak from LdapServer Unassigned Resolved
  • DIRSERVER-2223 - JDK 9 ldaps does not work
  • DIRSERVER-2252 - Controls are not properly passed back to the client
  • DIRSERVER-2286 - Apacheds service will not start if kerberos is enable
  • DIRSERVER-2301 - Apache DS 2.0.0.AM26 Maven install fails with Unkown JVM/keysize
  • DIRSERVER-2302 - Doing a search with a filter containing (objectClass=top) fails
  • DIRSERVER-2303 - ApplyLdifs treats entries with case sensitivity
  • DIRSERVER-2308 - Moddn overrides existing entry
  • DIRSERVER-2309 - DefaultDirectoryService#addAfter adds interceptor before the given one
  • DIRSERVER-2322 - ApacheDS default server instance not starting - Error 1067
  • DIRSERVER-2326 - LDAP server doesn’t start on IBM JDK 8 (NoClassDefFound)
  • DIRSERVER-2332 - Unexpected Session Termination (nslcd - libpam-ldapd
  • DIRSERVER-2347 - Incorrect Password Modify response (extended response)
  • DIRSERVER-2359 - Search request results in OPERATIONS_ERROR due NPE
  • DIRSERVER-2362 - ApacheDS 2.0.0-M17 references older log4j that has security vulnerabilities

Improvements :

Tasks :

  • DIRSERVER-1223 - @Ignore annotation on both core and server integ causes tests to stop
  • DIRSERVER-2328 - CreateAuthenticator annotation trust manager improvements
  • DIRSERVER-2329 - Replication trust manager improvements
  • DIRSERVER-2330 - StartTlsHandler and LdapsInitializer use NoVerificationTrustManager
  • DIRSERVER-2372 - Remove the Kerberos server from the Directory Server

Tests :

ApacheDS 2.0.0.AM26 released posted on March 7th, 2020

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0.AM26, the 26th milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This is a major release of ApacheDS. It brings many bug fixes, and is the first version implementing LDAP transactions, which are now used internally for atomic operations, but can also be used through an extended operation, to apply many operations in one transaction. We also have changed the Cache system we were using (ehcache) to use the more efficient and lighter Caffeine. Otherwise, we don’t anymore store certificates in the server by default, but use an external keystore.

We can’t anymore produce the Mac OSX installer package, we are working on finding a solution for that issue (Apple deprecated the MakePackage tool and is now applying way more stringent checks and controls for packages, like and Apple signature). This will most certainly be fixed in the next revision.

It uses the Apache LDAP API 2.0.0 release

Here is the release note for Apache Directory ApacheDS 2.0.0.AM26:

Bugs :

  • DIRSERVER-1414 - Normalization is not handling correctly (but this has no impact)
  • DIRSERVER-1580 - Numerous JUnit tests failing on Windows, again.
  • DIRSERVER-1878 - Bad warning from ‘maven-shade-plugin’ when creating the ‘apacheds-service’ jar
  • DIRSERVER-1924 - The MavibotPartition entry cache is not correctly set
  • DIRSERVER-1974 - Rename Operation Issue - ApacheDS
  • DIRSERVER-2049 - Queries interrupted with delete/add operations
  • DIRSERVER-2066 - Maven 3.3.x produces Invalid installers/archives
  • DIRSERVER-2070 - Null pointer exception on kerberos password changing
  • DIRSERVER-2071 - MinaKerberosDecoder fails with NullPointerException if the kerberos message is split in multiple packets
  • DIRSERVER-2074 - small default TCP receive/send buffer size causing TCP packet fragmentation on some platforms
  • DIRSERVER-2089 - AttributeType breaks the equals/hashCode override contract
  • DIRSERVER-2099 - NOTICE and LICENSE files for DS 2.0.0-M20 are incorrect
  • DIRSERVER-2146 - Using special chars in uid makes problem
  • DIRSERVER-2197 - Debian installer package contains the binary 4 times
  • DIRSERVER-2237 - Application opens but can’t ‘Open Connection’ - IllegalArgumentException
  • DIRSERVER-2247 - Invalid signature file digest for Manifest main attributes - When switching from 2.0.0-M24 to 2.0.0-AM25
  • DIRSERVER-2253 - NIS schema object class and attribute problem
  • DIRSERVER-2264 - missing schema type for NIS: nisMapName
  • DIRSERVER-2273 - Le serveur ne démarre plus
  • DIRSERVER-2275 - Les schemas LDIF générés à partir du schema browser font planter Directory au démarrage
  • DIRSERVER-2289 - Paging support to retrieve all the entries available in ApacheDS between different client and LDAP server connections

Improvements :

  • DIRSERVER-959 - We nedd a global cache
  • DIRSERVER-1639 - Add support for specifying cipher suites in LdapServer’s configuration
  • DIRSERVER-1892 - We don’t need to clone the full entry when returning it from the backen
  • DIRSERVER-1916 - Don’t drop ‘top’ from ObjectClass index, it’s never present in the BTree
  • DIRSERVER-2044 - The CacheService.initialize() method takes an unused InstanceID argument
  • DIRSERVER-2132 - Add the structuralObjectClass attribute to every returned entry
  • DIRSERVER-2133 - Add the hasSubordinates operational attribute to entries
  • DIRSERVER-2145 - A BIND request will do 2 lookups of the entry trying to bind
  • DIRSERVER-2168 - Possible performance improvement in the Add operation
  • DIRSERVER-2262 - The LdapServer.loadkeyStore() method do the work twice if there is no KeyStore defined
  • DIRSERVER-2270 - Inconsistent log level practices

New features :

Tasks :

Tests :

ApacheDS 2.0.0.AM25 released posted on August 18th, 2018

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0.AM25, the 25th milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This is a major release of ApacheDS.

It uses the Apache LDAP API 2.0.0.AM1 release, which itself brings a lot of improvements and bug fixes.

But the major improvement is the cross-indexes transaction support that has been added, which is expecting to solve the database corruption issue we are facing for years.

Here is the release note for Apache Directory ApacheDS 2.0.0.AM25:

Bugs :

  • DIRSERVER-2109 - Apply LDIF with special crafted DN creates two CN attributes
  • DIRSERVER-2220 - ApacheDS should not log credentials
  • DIRSERVER-2231 - NPE in AbstractBTreePartition when cacheService is not used
  • DIRSERVER-2234 - Kinit via TCP causes ApacheDS to create a NioProcessor thread at 100% CPU

Improvements :

Tasks :

  • DIRSERVER-2244 - Support AES Encryption with HMAC-SHA2 for Kerberos 5 defined in RFC 8009

ApacheDS 2.0.0-M24 released posted on June 7th, 2017

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M24, the 24th milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This is mainly a maintenance release, and it’s needed to be able to release Studio with many fixes related to the server itself. The main fixes are related to SyntaxCheckers, which are now immutable, and the switch to LDAP 1.0.0 which fixes a critical SSL issue. Otherwise, the ‘repair’ command has been fixed, and a thread leak has been fixed.

In order to repair the database, one has just to start the server passing the ‘repair’ command to the apacheds script, instead of the ‘start’ command. The server will start after having repaired the database.

Here is the release note for Apache Directory ApacheDS 2.0.0-M24:

Bugs :

  • DIRSERVER-2190 - there is thread leak when did following operations: ADD,DELETE,MODIFY,MOVE,RENAME
  • DIRSERVER-2173 - Linux binary installation fails because RUN_AS_GROUP not used in chown commands
  • DIRSERVER-2121 - ApacheDS fails to start after upgrading to 2.0.0-M21
  • DIRSERVER-2072 - Documentation For Kerberos Configuration Needs To Be Updated

Improvements :

ApacheDS 2.0.0-M23 released posted on July 22th, 2016

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M23, the 23th milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This release is a bug fix release. It fixes the installers that were broken on Linux. It also fixes teh ‘repair’ command, that allows user who have a broken backend to fix it (We still have some use case where the database can get corrupted. We are working on fixing this, but it’s far from being easy…)

In order to repair the database, one has just to start the server passing the ‘repair’ command to the apacheds script, instead of the ‘start’ comamnd. The server will start after having repaired the database.

Here is the release note for Apache Directory ApacheDS 2.0.0-M23:

Bugs :

Improvements :

  • DIRKRB-595 - Add mode to allow KerberosString’s to contain UTF-8 for MSFT KDC interop

News

ApacheDS 2.0.0-M22 released posted on June 28th, 2016

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M22, the 22th milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This release is a bug fix release. We also added a ‘repair’ mode taht can be used to fix a database corruption : you just have to start the server with the ‘repair’ parameter.

This release also fixed the painful problem we have in Studio, when trying to save the configuration.

Here is the release note for Apache Directory ApacheDS 2.0.0-M22:

Bugs :

Improvements :

New features :

  • DIRSERVER-2113 - Integrate the ‘partition-plumber’ into ApacheDS
  • DIRSERVER-2129 - Add the number of descendant and the number of children to entries

Task :

  • DIRSERVER-2123 - Remove reference to commons.io and use the LDAP API Fileutils class instead

News

ApacheDS 2.0.0-M21 released posted on December 21th, 2015

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M21, the 21th milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This release is a bug fix release. We fixed some random failures on startup, and some fixes in the start scripts, beside many other smaller issues.

Here is the release note for Apache Directory ApacheDS 2.0.0-M21:

Bugs :

  • DIRSERVER-2108 - Update Apache Commons Collections to 3.2.2 due to vulnerability in 3.2.1
  • DIRSERVER-2100 - Zip file does not unpack cleanly on case-insensitive OSes
  • DIRSERVER-2085 - The PasswordPolicyConfiguration holds the password attribute as a String
  • DIRSERVER-2082 - User is allowed to perform all operations even when password must be reset
  • DIRSERVER-2075 - apacheds.sh creates a file called ‘0’ during stop action

Improvements :

  • DIRSERVER-1901 - subschemaSubentry attribute only available under root DSE
  • DIRSERVER-2080 - Add a way to politely stop apacheds from apacheds.sh
  • DIRSERVER-2084 - Admin user should be exempt from the pwdHistory check

Tasks :

  • DIRSERVER-2096 - Fix violations of coding standards and enable checkstyle check

ApacheDS 2.0.0-M20 released posted on May 2nd, 2015

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M20, the twentieth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This release is a bug fix release. We fixed some random failures on startup, and some fixes in the start scripts, beside many other smaller issues.

Here is the release note for Apache Directory ApacheDS 2.0.0-M19:

Bugs :

  • DIRSERVER-2025 - ApacheDS fails to return sortedResults when searched against a certain number of entries
  • DIRSERVER-2026 - Version M19 does not allow eszet (ß) in any tested field of inetOrgPerson
  • DIRSERVER-2034 - ReplayCache entries can’t be written to disk
  • DIRSERVER-2035 - Sporadic test failure due to fix for DIRSERVER-2034
  • DIRSERVER-2047 - Some data can be lost when using ldapadd command to insert data into apacheds
  • DIRSERVER-2048 - Searching for entries with numerous MV attributes can be long
  • DIRSERVER-2055 - Apacheds M19 not starting
  • DIRSERVER-2057 - Server returns search continuation only if ‘ref’ or ‘+’ attributes are requested
  • DIRSERVER-2060 - Bind not working after server startup
  • DIRSERVER-2065 - apacheds.sh in tar.gz archive is not executable

Improvements :

  • DIRSERVER-1809 - Allow password policy changes to take effect without server restart.
  • DIRSERVER-2030 - Remove the casting in generateResponse() method of SearchRequestHandler
  • DIRSERVER-2031 - Use a properly random port when creating a KDCServer via annotation
  • DIRSERVER-2033 - Upgrade BouncyCastle dependency
  • DIRSERVER-2036 - Upgrade EhCache dependency
  • DIRSERVER-2050 - Move configuration from single LDIF to multiple LDIF structure
  • DIRSERVER-2061 - Logging config bundled with installers is too strict

Tasks :

Test :

News

ApacheDS 2.0.0-M19 released posted on November 22th, 2014

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M19, the nineteenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

This release is a security fix release : the server is not anymore accepting SSLv3 as a valid protocol.

Here is the release note for Apache Directory ApacheDS 2.0.0-M19:

Bugs

News

ApacheDS 2.0.0-M18 released posted on November 13th, 2014

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M18, the eighteenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

Here is the release note for Apache Directory ApacheDS 2.0.0-M18:

Bugs

  • DIRSERVER-2016 Race condition in PasswordPolicy Bind handling
  • DIRSERVER-2016 Another Java 8 only error (with Kerberos)
  • DIRSERVER-2016 Java 7 vs Java 8 : failure in Java 8
  • DIRSERVER-2014 Synchronization is stopped if remote server was not restored during refresh interval
  • DIRSERVER-2012 Replication ignores startTLS when ads replStrictCertValidation is true
  • DIRSERVER-2010 LdifFileLoader cannot load LDIFS from the classpath unless they are very specific location
  • DIRSERVER-2006 Licencing for apacheds-all
  • DIRSERVER-2003 Remove ONE and SUB level index configuration from default configuration file
  • DIRSERVER-2002 OutOfMemory error while loading more than 70K entries at once
  • DIRSERVER-2001 Replication using TLS does not work when confidentiality is enforced
  • DIRSERVER-1992 LRUMap used as Entry DN cache in AbstractBTreePartition is going into an inconsistent state
  • DIRSERVER-1986 Delegated authentication fails when password policy is enabled
  • DIRSERVER-1978 Unable to import ldif when operational attribute pwdChangedTime is present

Improvement

  • DIRSERVER-1965 An Index should speed up searches starting with ‘*’

News

ApacheDS 2.0.0-M17 released posted on July 4th, 2014

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M17, the seventeenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

Here is the release note for Apache Directory ApacheDS 2.0.0-M17:

Bugs

  • DIRSERVER-1971 - Allow any sort of modification on operational attriutes while processing replication events in the consumer
  • DIRSERVER-1976 - JDBM partition is not building new indices added to the configuration
  • DIRSERVER-1979 - Adding child entries can’t be found after restarting server
  • DIRSERVER-1980 - pwdReset isn’t replicated properly
  • DIRSERVER-1982 - Couldn’t see KDC Principal field under Kerberos settings
  • DIRSERVER-1986 - Delegated authentication fails when password policy is enabled

New Features

News

ApacheDS 2.0.0-M16 released posted on March 13th, 2014

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M16, the sixteenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Downloads are available here

Here is the release note for Apache Directory ApacheDS 2.0.0-M16:

Bugs

  • DIRSERVER-1092 - org.apache.directory.server.dns.store.RecordStore not support ordered multiple resource record answers
  • DIRSERVER-1252 - Server tools dump command broken due to use of old paths
  • DIRSERVER-1412 - Modifying the schema with more than one mod may fail
  • DIRSERVER-1471 - Providing a right fix for DIRSERVER-1459
  • DIRSERVER-1761 - Unable to use external keystore for SSL
  • DIRSERVER-1810 - Test case org.apache.directory.server.replication.ClientServerReplicationIT.testModDn() fails permanently
  • DIRSERVER-1845 - Sporadic failure on CollectivAttributeServiceIT
  • DIRSERVER-1855 - java.lang.IllegalStateException: Can’t overwrite cause at org.apache.directory.server.core.authz.GroupCache.initialize(GroupCache.java:190)
  • DIRSERVER-1860 - Invalid DN in returned entry
  • DIRSERVER-1870 - Persistent control is not decoded properly
  • DIRSERVER-1873 - Searching on member attribute (multivalued) for groups is not working as expected
  • DIRSERVER-1884 - Incorrect length specified in PaswordUtil.splitCredentials
  • DIRSERVER-1885 - The JDBM index cache configuration is not used at all
  • DIRSERVER-1888 - Some pwdPolicy schema AT are incorrect
  • DIRSERVER-1894 - Multi-Master replicated startup does not complete
  • DIRSERVER-1900 - Password hashing interceptor is not encrypting the passwords
  • DIRSERVER-1902 - Concurrent reads cause LDAP:Error 80, LDAP: Error 1 and LDAP: error code 49 errors
  • DIRSERVER-1905 - KeytabDecoder should use ‘/’ instead of ‘' to separate principal name components
  • DIRSERVER-1906 - We still store entryUUID associated with ‘top’ in the OC index
  • DIRSERVER-1909 - Integer cannot be cast to java.lang.Long in JdbmTable prevents service start
  • DIRSERVER-1911 - Incorrect installation presumption toward user naming convention
  • DIRSERVER-1917 - Class Cast Exception when doing paged search
  • DIRSERVER-1921 - Indexes dont work on distinguishedNameMatch attributeType
  • DIRSERVER-1922 - Not Operator in Ldap Filter on Indexed Attributes
  • DIRSERVER-1928 - PasswordPolicy should be ignored from Admin session
  • DIRSERVER-1932 - Password policy pwdMinAge check should check for required reset
  • DIRSERVER-1948 - NPE in AuthenticationInterceptor when password policy is in place and user does not have a pwdChangedTime
  • DIRSERVER-1953 - “entryDn” attribute is not returned when requested along with wildcard attribute symbol *
  • DIRSERVER-1954 - Second startup of an embedded server fails (after an ungraceful shutdown of the first startup)
  • DIRSERVER-1955 - Directory Apacheds sends wrong empty response for password policy request
  • DIRSERVER-1957 - chpass/passwd failure (Linux)
  • DIRSERVER-1959 - Certificates corruption during replication
  • DIRSERVER-1961 - Searches wth Object level scope and non-existing attribute assertion in filter are not working
  • DIRSERVER-1962 - Replication Consumer “Enabled” checkbox not working
  • DIRSERVER-1963 - Add contextCSN attribute to the list of ignored attributes in ReplicationConsumerImpl

Improvements

  • DIRSERVER-1081 - Injecting more information in the opContext structure
  • DIRSERVER-1294 - Add size() and hasNext() methods to cursors
  • DIRSERVER-1338 - Allow non-Jdbm schema partition
  • DIRSERVER-1460 - Add locale to configuration
  • DIRSERVER-1534 - Improving implementation of loading LDIF files during startup
  • DIRSERVER-1601 - New index to add : PrescriptiveACI, member, uniqueMember
  • DIRSERVER-1634 - Add a DN cache for Stores
  • DIRSERVER-1676 - Provide a set of error codes along with an AuthenticationException to indicate its root cause.
  • DIRSERVER-1716 - Add a ParentIdAndRdn cache
  • DIRSERVER-1920 - Refactor DefaultDirectoryServiceFactory/DefaultDirectoryService for extensability
  • DIRSERVER-1926 - Supply Entry to PasswordValidator instead of username
  • DIRSERVER-1935 - Include password policy control in the password modify extended operation response if requested

New Features

  • DIRSERVER-264 - Add Support for Sort Control
  • DIRSERVER-265 - In-memory backend storage support
  • DIRSERVER-442 - Synchronize suffix entries in configuration with entry on disk
  • DIRSERVER-1030 - Add CascadeControl and add functionality to cascade modify and delete effects
  • DIRSERVER-1246 - Add shell scripts and batch files for clients
  • DIRSERVER-1263 - Add authz schema
  • DIRSERVER-1852 - Sort the entry based on the DN before returning them
  • DIRSERVER-1886 - Add configuration schema elements for Mavibot partition
  • DIRSERVER-1889 - Credentials cache for Kerberos
  • DIRSERVER-1898 - Authentication mechanism: PKCS5S2

Task

  • DIRSERVER-575 - Convert all non-forwarding (out of band) nextInterceptor calls to use the proxy with bypass instructions

We have also fixed many Kerberos related issues :

Bugs

  • DIRKRB-28 - Allow setting searchBaseDN
  • DIRKRB-30 - Decoding incoming request over TCP fails
  • DIRKRB-96 - Unable to obtain ticket after changing the password

Tasks

  • DIRKRB-31 - Create the Authenticator grammar
  • DIRKRB-32 - Create the EncTicketPart grammar
  • DIRKRB-33 - Create the AS-REQ grammar
  • DIRKRB-34 - Create the AS-REP grammar
  • DIRKRB-35 - Create the TGS-REQ grammar
  • DIRKRB-36 - Create the TGS-REP grammar
  • DIRKRB-37 - Create the AP-REQ grammar
  • DIRKRB-38 - Create the AP-REP grammar
  • DIRKRB-39 - Create the KRB-SAFE grammar
  • DIRKRB-40 - Create the KRB-PRIV grammar
  • DIRKRB-41 - Create the KRB-CRED grammar
  • DIRKRB-42 - Create the EncASRepPart grammar
  • DIRKRB-43 - Create the EncTGSRepPart grammar
  • DIRKRB-44 - Create the EncAPRepPart grammar
  • DIRKRB-45 - Create the EncKrbPrivPart grammar
  • DIRKRB-46 - Create the EncKrbCredPart grammar
  • DIRKRB-47 - Create the KRB-ERROR grammar
  • DIRKRB-48 - Create the PA-DATA grammar
  • DIRKRB-49 - Create the Checksum grammar
  • DIRKRB-50 - Create the TransitedEncoding grammar
  • DIRKRB-51 - Create the KDC-REQ-BODY grammar
  • DIRKRB-52 - Create the KDC-REP grammar
  • DIRKRB-53 - Create the EncKDCRepPart grammar
  • DIRKRB-54 - Create the LastReq grammar
  • DIRKRB-55 - Create the KRB-SAFE-BODY grammar
  • DIRKRB-56 - Create the KrbCredInfo grammar
  • DIRKRB-57 - Create the METHOD-DATA grammar
  • DIRKRB-58 - Create the TYPED-DATA grammar
  • DIRKRB-59 - Create the PA-ENC-TIMESTAMP grammar
  • DIRKRB-60 - Create the PA-ENC-TS-ENC grammar
  • DIRKRB-61 - Create the ETYPE-INFO-ENTRY grammar
  • DIRKRB-62 - Create the ETYPE-INFO grammar
  • DIRKRB-63 - Create the ETYPE-INFO2-ENTRY grammar
  • DIRKRB-64 - Create the ETYPE-INFO2 grammar
  • DIRKRB-65 - Create the AD-IF-RELEVANT grammar
  • DIRKRB-66 - Create the AD-KDCIssued grammar
  • DIRKRB-67 - Create the AD-AND-OR grammar
  • DIRKRB-68 - Create the AD-MANDATORY-FOR-KDC grammar
  • DIRKRB-69 - Create the Ticket grammar
  • DIRKRB-70 - Create the EncryptedData grammar
  • DIRKRB-71 - Create the PrincipalName grammar
  • DIRKRB-72 - Create the HostAddresses grammar
  • DIRKRB-73 - Create the HostAddress grammar
  • DIRKRB-74 - Create the AuthorizationData grammar
  • DIRKRB-75 - Create the EncryptionKey grammar
  • DIRKRB-76 - Create the KDC-REQ grammar
  • DIRKRB-77 - Adapt the error messages we use in grammars
  • DIRKRB-78 - Add tests for all the grammars

ApacheDS 2.0.0-M15 released posted on August 18th, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M15, the fifteenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M15:

Bugs

  • DIRSERVER-1325 - Simple Authentication can not be disabled
  • DIRSERVER-1490 - Not 100% sure, but the DN caches we have in the server might not be updated when doing a Move
  • DIRSERVER-1871 - Logging Not Working in M14
  • DIRSERVER-1872 - The JournalInterceptor is not present in the configuration
  • DIRSERVER-1874 - Persistent search is not considering the scope of the search
  • DIRSERVER-1875 - Persistent search is not filtering the attributes before returning entries
  • DIRSERVER-1879 - Incorrect check on result code done in the PwdModifyResponseImpl constructor
  • DIRSERVER-1880 - ApacheDS failed to start on boot
  • DIRSERVER-1882 - KertabEncoder.write() method should take into account the size of the entries list to determine the buffer size
  • DIRSERVER-1883 - Searching for entries starting at the rootDSE does not work

Improvement

  • DIRSERVER-1049 - [PERF] Speed improvement in Search operation
  • DIRSERVER-1519 - [perf] The MoveAndRename operation is not optimal

Downloads are available here

ApacheDS 2.0.0-M14 released posted on July 1st, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M14, the fourteenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

This release does not contain any change, but it depends on a new version of the Apache LDAP API, which contains a fix for a critical bug.

This is a critical version, and anyone using 2.0.0-M13 should replace it with this version.

Downloads are available here

ApacheDS 2.0.0-M13 released posted on June 25th, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M13, the thirteenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M13:

Bugs

  • DIRSERVER-1325 - Simple Authentication can not be disabled
  • DIRSERVER-1490 - Not 100% sure, but the DN caches we have in the server might not be updated when doing a Move
  • DIRSERVER-1491 - Improve schema extractor
  • DIRSERVER-1500 - Error searching children of known element.
  • DIRSERVER-1521 - dc=example,dc=com DIT no longer exists as a default partition (DIT) in 1.5.7?
  • DIRSERVER-1579 - Various problems using moddn operation
  • DIRSERVER-1661 - Kerberos tests not working with JDK 1.6.0_27 and JDK 1.7.0
  • DIRSERVER-1806 - The DelegatedAuthIT test does not test a delegated authentication
  • DIRSERVER-1829 - bug in initializing authenticators for AuthenticatorInterceptor
  • DIRSERVER-1836 - When extedning an interceptor, the operation are executed twice
  • DIRSERVER-1840 - Wrong default duration for ads-repllogmaxidle
  • DIRSERVER-1846 - Configuring SSL/Start TLS keystore does not accept backward slash () in path
  • DIRSERVER-1849 - Invalid prefixes format for password stored using SHA-2 hashing mechanisms (SHA-256, SHA-384, SHA-512)
  • DIRSERVER-1862 - Concurrent searches and adds may break the backend

Improvement

  • DIRSERVER-289 - Configure an optional password message digest algorithm which is applied on userPassword attribute values at add and modify operations.
  • DIRSERVER-1236 - Store an AttributeEntry object in filter’s node
  • DIRSERVER-1310 - Improve the way we handle controls encoding/decoding
  • DIRSERVER-1346 - Use ServiceLifecycleListener to avoid having System.out messages for service start/stop events.
  • DIRSERVER-1447 - loadAllEnabled() method is taking way too long
  • DIRSERVER-1489 - Provide access to remote connection info
  • DIRSERVER-1511 - Some operations are present in the Partition interface when they should not
  • DIRSERVER-1617 - Add a feature to support TLS in DelegatingAuthenticator
  • DIRSERVER-1801 - The authenticator cache is invalidated too frequently

New Feature

  • DIRSERVER-275 - Add Support for LDAP Password Modify Extended Operation
  • DIRSERVER-434 - Add Support for Paged Search Results Control
  • DIRSERVER-866 - Initialization with another backend than JDBM for the system partition
  • DIRSERVER-1203 - RFC2307bis Support is missing
  • DIRSERVER-1837 - The DelegatingAuthenticator does not support SSL/StartTLS/SASL

Task

  • DIRSERVER-710 - Exception tree should be reviewed

This is a critical version, and anyone using 2.0.0-M12 should replace it with this version.

Downloads are available here

ApacheDS 2.0.0-M12 released posted on May 2nd, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M12, the twelwth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M12:

Bugs

  • DIRSERVER-1798 - The AdministrativePoint interceptor is always activated, even if it’s not part of the config
  • DIRAPI-80] - Cannot issue a direct operation without having connected to the server
  • DIRSERVER-1143 - ldappasswd fails to bind
  • DIRSERVER-1584 - document how to limit the available ciphers for ldaps (how to disable SSL3_RSA_RC4_40_MD5 : SSL_EXPORT SSL3_RSA_DES_40_CBC_SHA)
  • DIRSERVER-1812 - The default admin account should never get locked forever
  • DIRSERVER-1814 - Using anon connection results in UnbindRequestHandler reporting ‘LdapNoSuchObjectException: ERR_268 Cannot find a partition for '
  • DIRSERVER-1826 - The ads-pwdFailureCountInterval is not taken into account
  • DIRSERVER-1834 - Broken backend when using AT with no EQUALITY MR

This is a critical version, and anyone using 2.0.0-M11 should replace it with this version.

Downloads are available here

ApacheDS 2.0.0-M11 released posted on March 3rd, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M11, the eleventh milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M11:

Bugs

  • DIRSERVER-1281 - StreamCorruptedException after brutal shutdown
  • DIRSERVER-1797 - The AdministrativeRole AT is not indexed, leadings to huge delay when starting the server
  • DIRSERVER-1798 - The AdministrativePoint interceptor is always activated, even if it’s not part of the config
  • DIRSERVER-1799 - When deleting values from an existing entry, the presence index might get out of date
  • DIRSERVER-1802 - Disabling an authenticator results in a NPE
  • DIRSERVER-1803 - When the SimpleAuthenticator is disabled, and the auth level is set to SIMPLE, we can bind freely
  • DIRSERVER-1804 - [patch] Fix ApacheDS code to allow control and reduce number of outputted logs
  • DIRSERVER-1805 - The replication janitor thread is not stopped correctly when the server is stopped
  • DIRSERVER-1321 - Clarify relationship between partition.syncOnWrite and apacheDS.syncPeriodMillis configuration attributes
  • DIRSERVER-1322 - Auto inferring context entry
  • DIRSERVER-1808 - We should evaluate the Scope and any other index in a fliter only when the # of candidate is above a threshold
  • DIRKRB-85 - @CreateKdcServer should include searchBaseDn attribute
  • DIRKRB-86 - The Kerberos server badly need some logging…

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don’t have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M10 released posted on January 29th, 2013

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M10, the tenth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M10:

Bugs

  • DIRSERVER-1704 - Inconistency in Master-Slave Replication
  • DIRSERVER-1740 - REPLICATION data loss
  • DIRSERVER-1772 - Improve the replication logs
  • DIRSERVER-1788 - ConfigurationReader fails to correctly read byte[] values
  • DIRSERVER-1789 - Changes to an existing replication consumer may not be taken into account
  • DIRSERVER-1790 - When we restart the server, some user index are lost
  • DIRSERVER-1791 - Interrupting a search on the client side cause the connection to be closed by the server
  • DIRSERVER-1792 - Replication and Modification of ACIs

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don’t have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M8 released posted on October 12th, 2012

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M8, the eigth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M8:

Bugs

  • DIRSERVER-1458 - Cursor API generic usage is totally wrong
  • DIRSERVER-1624 - Index are not created when added after the server has been started
  • DIRSERVER-1655 - Possible incorrect insertion of modifications in the consumer log
  • DIRSERVER-1659 - the apacheds.sh/bat files contains a hard coded revision. This is not good
  • DIRSERVER-1663 - NPE when doing add/delete and search at the same time on the same entries
  • DIRSERVER-1677 - Dependencies cleanup
  • DIRSERVER-1689 - testNoSearchByNonAdmin does not throw an LdapNoPermissionException, as expected
  • DIRSERVER-1706 - be sure we close the cursors when the session expires and if we have paged searches or persistent search going on
  • DIRSERVER-1709 - Adding an index does not create the index if the server is already started
  • DIRSERVER-1710 - The memory default (128M) is not enouh in most case
  • DIRSERVER-1715 - Implement backward browse for DescendantCursor and ChildrenCursor
  • DIRSERVER-1718 - Problems when adding a schema containing one or more uppercased letters
  • DIRSERVER-1722 - The PagedSearchIT.testPagedSearchWrongCookie() test blocks randomly the build
  • DIRSERVER-1723 - Potential LRUCache exhaustion with searches
  • DIRSERVER-1726 - DefaultPasswordValidator always throws PasswordPolicyException when consecutive non-letter chars are in RDN
  • DIRSERVER-1727 - LDAP Searches against boolean attributes with booleanMatch equality never return matches
  • DIRSERVER-1732 - ERR_04131 The value is expected to be a String
  • DIRSERVER-1735](https://issues.apache.org/jira/browse/DIRSERVER-1735) - When ads-pwdmaxage attribute is set to more then 2147483, then all user passwords are expirer forever.
  • DIRSERVER-1737 - ApacheDS should be able to start even when one of its indexed attributes can’t be found in the schema manager
  • DIRSERVER-1738 - Can’t restart ApacheDS after setting a value superior to Integer.MAX_VALUE in an AT with Integer syntax
  • DIRSERVER-1739 - LDAP Searches Slow
  • DIRSERVER-1744 - Compex LDAP search filters returning unmatched objects
  • DIRSERVER-1747 - Presence index is not up to date when the server is started
  • DIRSERVER-1748 - EqualityEvaluator does not work correctly

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don’t have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M7 released posted on May 21st, 2012

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M7, the seventh milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M7:

Bugs

  • DIRSERVER-1093 - the ResourceRecordEncoder and QuestionRecordEncoder have bug for empty domainName
  • DIRSERVER-1697 - Creation of new syntax fails due to ERR_277 Attribute m-obsolete not declared in objectClasses of entry
  • DIRSERVER-1698 - Search on entries with multiple AVA in RDN does not work correctly if the initial RDN order is not used
  • DIRSERVER-1702 - Adding an index through annotation does not work
  • DIRSERVER-1712 - If the index are created using their alias, they are deleted immediately
  • DIRSERVER-1711 - Index initialization is taking way too much time
  • DIRSERVER-1713 - Error on console with first start of clean system

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don’t have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here

ApacheDS 2.0.0-M6 released posted on February 29th, 2012

The Apache Directory team is pleased to announce the release of ApacheDS 2.0.0-M6, the sixth milestone towards a 2.0 version.

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.

Here is the release note for Apache Directory ApacheDS 2.0.0-M6:

Bugs

  • DIRSERVER-1644 - User provided value is not retained during rename operation
  • DIRSERVER-1681 - adding entries with attribute userCertificate;binary fails with “No such attribute”
  • DIRSERVER-1692 - Unable to add a JPEG image to an entry due to an ‘Invalid Attribute Syntax’ error
  • DIRSERVER-1693 - Renaming an entry when the RDN uses a case insensitive AT should be possible
  • DIRSERVER-1694 - Renaming an existing entry with a DN containing upper cased chars will not store the CN as provided
  • DIRSERVER-1696 - Creation of an entry like cn=test1+cn=test2, ou=system should not be allowed
  • DIRSERVER-1699 - DN/RDN handling is incorrect when there are some escaped values into them
  • DIRSERVER-1700 - Version in Root DSE is reported as ‘$pom.version’

Note that this is a milestone, and some parts of the API or configuration can change before the 2.0 GA. We don’t have any defined time frame for the 2.0-GA release, we do expect to release a few more milestones before reaching the 2.0-GA.

Downloads are available here