Environment
NetIQ LDAP Proxy 1.x
Situation
Where is a comprehensive list of all LDAP Proxy fixes since LDAP Proxy 1.0 was released?
Additional Information
______________________________________________________________________________________________________________________
LDAP Proxy Server 1.5 Support Pack 3 (1.5.3)
May 2019
Enhancement
- Added the ability to have if-srch conditions with a connection route policy (Bug 998819)
- Allow connection route policies to work with search conditions (Bug 1115701)
- Added OpenSSL 1.0.2q to resolve potential security vulnerabilities (Bug 1114377) (CVE: CVE-2016-2107)
Proxy Engine
- LDAP Proxy becomes non-responsive with many sockets in a CLOSE_WAIT state (Bug 1121678)
- NLPD crash in ssl3_read () from /opt/novell/lib64/libssl.so.1.0.0 (Bug 1064633)
- NLP unable to load when using certificates where DNS name is longer than 45 characters (Bug 1114379)
Configuration
- Passwdstore not working (Bug 1024479)
Policy
- NLPD cores with longer filters and \28 or \29 encoding (Bug 1119329)
Installer
- We now install novell-libstdc++6 package if the one present in the system is incompatible leading to startup failure (Bug 1120597)
Documentation
- Numerous errors in the Admin guide corrected. (Bug 1030237\1121021\)
______________________________________________________________________________________________________________________
LDAP Proxy NLPManager 1.5 Support Pack 2 (1.5.2a: nlpmanager)
October 2016
- Enhancement: can now save the monitoring and trending configuration. Provisioning removed. (Bug 993442/1001863)
- Enhancement: validates the configuration of the XML file (Bug 999815)
- Additional platform support: SLES 12 SP1 and RHEL 7.2 (Bug 996923)
______________________________________________________________________________________________________________________
LDAP Proxy Server 1.5 Support Pack 2 (1.5.2: Server-Side)
March 2016
- NLPcert Enhancement: Proxy no longer requires an eDirectory server to manage an AD certificate. (Bug 877959\896425)
- Enhancement: additional Proxy platform support for SLES 12 and RH 7 [includes 7.2.]. (Bug 965992)
- Enhancement: IPv6 is supported. (Bug 969810)
- Enhancement: LDAP Proxy now accepts ECDSA certificates. (Bug 964918)
- Enhancement for converting old certificates to the new format. (Bug 965101)
- Enhancement: to allow for SSLv3 to be used on the listeners. (Bug 965398)
- Enhancement: eDirectory 9.0 support (Bug 969913)
- Enhancement: NICI upgraded to 3.0 (Bug 965976)
- Enhancement: proxy now evaluates whether any certificate in the back-end server chain is revoked. (Bug 966669)
- Enhancement: proxy can connect to listeners configured with certificates issued by SubCAs. (Bug 966806)
- Formatted IP and DNS validation in the subjectName is now implemented. (Bug 966814)
- SSLv2 is explicitly disabled (Bug 909027)
- Could not verify chain when using an AD backend with SubCA. (Bug 948372)
- Alert messages when NAM Identity server connects to the LDAP Proxy of SSL\TLS. (Bug 909027)
- Documentation overhaul (Bug 507448, 965069)
______________________________________________________________________________________________________________________
LDAP Proxy 1.5.0 Hot Fix 2
April 2015
- Poodle Fix: Padding Oracle On Downgraded Legacy Encryption attack through SSLv3 (Bug 908379) (CVE-2014-3566)
- OpenSSL downgrade to SSLv3 (Bug 892895) [CVE-2014-3508]
______________________________________________________________________________________________________________________
LDAP Proxy 1.5.0 (Orchid)
June 2014
- Enhancement: added support for hash based routing (Bug 784660)
- Enhancement: Proxy now supports IPv6 addresses (Bug 861038)
- Enhancement: added support for persistent moddncache (Bug 863445/868808)
- Enhancement: provide support for XDAS logging (Bug 866899)
- Branding changes (Bug 871360)
- Coverity fixes (Bug 863968/873189)
- Update the eDir SDK (Bug 860530)
- Support for Backup LDAPProxy (Bug 461405)
- Can now use 3rd party CA for the proxy listener (Bug 491084)
- LDAP Proxy and restricting anonymous user (Bug 495418)
- LDAP Proxy: Monitoring: average Times in cn=monitor displays huge number (Bug 503803)
- Number of monitor threads running shows a very high number (Bug 520129)
- Proxy dumps core during shutdown (Bug 521919)
- Proxy dumps core due to memory corruption with inline=false (Bug 521935)
- Proxy now supports SLES 10 SP4 and higher (Bug 726072)
- Failed to install if eDirectory is already installed (Bug 865550)
- Add support for IPv6 restrictions (Bug 865732)
______________________________________________________________________________________________________________________
LDAP Proxy 1.0.1 (Lily)
December 2014
- LDAP Proxy should allow setting of derefalias option via policy (Bug 784584)
- LDAP search response time via proxy is higher by a large margin compared to direct eDirectory (Bug 784591)
- ldapsearch with base fails when "derefalias-reset" is set in the search request policy (Bug 785613)
- Ldap Proxy Patch Install issues (Bug 785499)
______________________________________________________________________________________________________________________
Original FCS version of LDAP Proxy 1.0 (Lotus)
October 2011
LDAP Proxy Server 1.5 Support Pack 3 (1.5.3)
May 2019
Enhancement
- Added the ability to have if-srch conditions with a connection route policy (Bug 998819)
- Allow connection route policies to work with search conditions (Bug 1115701)
- Added OpenSSL 1.0.2q to resolve potential security vulnerabilities (Bug 1114377) (CVE: CVE-2016-2107)
Proxy Engine
- LDAP Proxy becomes non-responsive with many sockets in a CLOSE_WAIT state (Bug 1121678)
- NLPD crash in ssl3_read () from /opt/novell/lib64/libssl.so.1.0.0 (Bug 1064633)
- NLP unable to load when using certificates where DNS name is longer than 45 characters (Bug 1114379)
Configuration
- Passwdstore not working (Bug 1024479)
Policy
- NLPD cores with longer filters and \28 or \29 encoding (Bug 1119329)
Installer
- We now install novell-libstdc++6 package if the one present in the system is incompatible leading to startup failure (Bug 1120597)
Documentation
- Numerous errors in the Admin guide corrected. (Bug 1030237\1121021\)
______________________________________________________________________________________________________________________
LDAP Proxy NLPManager 1.5 Support Pack 2 (1.5.2a: nlpmanager)
October 2016
- Enhancement: can now save the monitoring and trending configuration. Provisioning removed. (Bug 993442/1001863)
- Enhancement: validates the configuration of the XML file (Bug 999815)
- Additional platform support: SLES 12 SP1 and RHEL 7.2 (Bug 996923)
______________________________________________________________________________________________________________________
LDAP Proxy Server 1.5 Support Pack 2 (1.5.2: Server-Side)
March 2016
- NLPcert Enhancement: Proxy no longer requires an eDirectory server to manage an AD certificate. (Bug 877959\896425)
- Enhancement: additional Proxy platform support for SLES 12 and RH 7 [includes 7.2.]. (Bug 965992)
- Enhancement: IPv6 is supported. (Bug 969810)
- Enhancement: LDAP Proxy now accepts ECDSA certificates. (Bug 964918)
- Enhancement for converting old certificates to the new format. (Bug 965101)
- Enhancement: to allow for SSLv3 to be used on the listeners. (Bug 965398)
- Enhancement: eDirectory 9.0 support (Bug 969913)
- Enhancement: NICI upgraded to 3.0 (Bug 965976)
- Enhancement: proxy now evaluates whether any certificate in the back-end server chain is revoked. (Bug 966669)
- Enhancement: proxy can connect to listeners configured with certificates issued by SubCAs. (Bug 966806)
- Formatted IP and DNS validation in the subjectName is now implemented. (Bug 966814)
- SSLv2 is explicitly disabled (Bug 909027)
- Could not verify chain when using an AD backend with SubCA. (Bug 948372)
- Alert messages when NAM Identity server connects to the LDAP Proxy of SSL\TLS. (Bug 909027)
- Documentation overhaul (Bug 507448, 965069)
______________________________________________________________________________________________________________________
LDAP Proxy 1.5.0 Hot Fix 2
April 2015
- Poodle Fix: Padding Oracle On Downgraded Legacy Encryption attack through SSLv3 (Bug 908379) (CVE-2014-3566)
- OpenSSL downgrade to SSLv3 (Bug 892895) [CVE-2014-3508]
______________________________________________________________________________________________________________________
LDAP Proxy 1.5.0 (Orchid)
June 2014
- Enhancement: added support for hash based routing (Bug 784660)
- Enhancement: Proxy now supports IPv6 addresses (Bug 861038)
- Enhancement: added support for persistent moddncache (Bug 863445/868808)
- Enhancement: provide support for XDAS logging (Bug 866899)
- Branding changes (Bug 871360)
- Coverity fixes (Bug 863968/873189)
- Update the eDir SDK (Bug 860530)
- Support for Backup LDAPProxy (Bug 461405)
- Can now use 3rd party CA for the proxy listener (Bug 491084)
- LDAP Proxy and restricting anonymous user (Bug 495418)
- LDAP Proxy: Monitoring: average Times in cn=monitor displays huge number (Bug 503803)
- Number of monitor threads running shows a very high number (Bug 520129)
- Proxy dumps core during shutdown (Bug 521919)
- Proxy dumps core due to memory corruption with inline=false (Bug 521935)
- Proxy now supports SLES 10 SP4 and higher (Bug 726072)
- Failed to install if eDirectory is already installed (Bug 865550)
- Add support for IPv6 restrictions (Bug 865732)
______________________________________________________________________________________________________________________
LDAP Proxy 1.0.1 (Lily)
December 2014
- LDAP Proxy should allow setting of derefalias option via policy (Bug 784584)
- LDAP search response time via proxy is higher by a large margin compared to direct eDirectory (Bug 784591)
- ldapsearch with base fails when "derefalias-reset" is set in the search request policy (Bug 785613)
- Ldap Proxy Patch Install issues (Bug 785499)
______________________________________________________________________________________________________________________
Original FCS version of LDAP Proxy 1.0 (Lotus)
October 2011