History of Issues Resolved in the NetIQ LDAP Proxy

  • 7016328
  • 18-Mar-2015
  • 03-Jul-2019

Environment

NetIQ LDAP Proxy 1.x

Situation

Where is a comprehensive list of all LDAP Proxy fixes since LDAP Proxy 1.0 was released?

Additional Information

______________________________________________________________________________________________________________________
LDAP Proxy Server 1.5 Support Pack 3 (1.5.3)
May 2019

Enhancement
- Added the ability to have if-srch conditions with a connection route policy  (Bug 998819)
- Allow connection route policies to work with search conditions  (Bug 1115701)
- Added OpenSSL 1.0.2q to resolve potential security vulnerabilities  (Bug 1114377) (CVE: CVE-2016-2107)

Proxy Engine
- LDAP Proxy becomes non-responsive with many sockets in a CLOSE_WAIT state  (Bug 1121678)
- NLPD crash in ssl3_read () from /opt/novell/lib64/libssl.so.1.0.0  (Bug 1064633)
- NLP unable to load when using certificates where DNS name is longer than 45 characters  (Bug 1114379)
Configuration
- Passwdstore not working  (Bug 1024479)

Policy
- NLPD cores with longer filters and \28 or \29 encoding  (Bug 1119329)

Installer
- We now install novell-libstdc++6 package if the one present in the system is incompatible leading to startup failure  (Bug 1120597)

Documentation
- Numerous errors in the Admin guide corrected.  (Bug 1030237\1121021\)

______________________________________________________________________________________________________________________
LDAP Proxy NLPManager 1.5 Support Pack 2 (1.5.2a: nlpmanager)   
October 2016
- Enhancement: can now save the monitoring and trending configuration.  Provisioning removed.  (Bug 993442/1001863)
- Enhancement: validates the configuration of the XML file  (Bug 999815)
- Additional platform support: SLES 12 SP1 and RHEL 7.2  (Bug 996923)

______________________________________________________________________________________________________________________
LDAP Proxy Server 1.5 Support Pack 2 (1.5.2: Server-Side)
March 2016
- NLPcert Enhancement: Proxy no longer requires an eDirectory server to manage an AD certificate.  (Bug 877959\896425)
- Enhancement: additional Proxy platform support for SLES 12 and RH 7 [includes 7.2.].  (Bug 965992)
- Enhancement: IPv6 is supported.  (Bug 969810)
- Enhancement: LDAP Proxy now accepts ECDSA certificates.  (Bug 964918)
- Enhancement for converting old certificates to the new format.  (Bug 965101)
- Enhancement: to allow for SSLv3 to be used on the listeners.  (Bug 965398)
- Enhancement: eDirectory 9.0 support  (Bug 969913)
- Enhancement: NICI upgraded to 3.0  (Bug 965976)
- Enhancement: proxy now evaluates whether any certificate in the back-end server chain is revoked.  (Bug 966669)
- Enhancement: proxy can connect to listeners configured with certificates issued by SubCAs.  (Bug 966806)
- Formatted IP and DNS validation in the subjectName is now implemented.  (Bug 966814)
- SSLv2 is explicitly disabled  (Bug 909027)
- Could not verify chain when using an AD backend with SubCA.  (Bug 948372)
- Alert messages when NAM Identity server connects to the LDAP Proxy of SSL\TLS.  (Bug 909027)
- Documentation overhaul  (Bug 507448, 965069)

______________________________________________________________________________________________________________________
LDAP Proxy 1.5.0 Hot Fix 2
April 2015
- Poodle Fix: Padding Oracle On Downgraded Legacy Encryption attack through SSLv3  (Bug 908379) (CVE-2014-3566)
- OpenSSL downgrade to SSLv3  (Bug 892895) [CVE-2014-3508]
 
______________________________________________________________________________________________________________________
LDAP Proxy 1.5.0  (Orchid)
June 2014

- Enhancement: added support for hash based routing  (Bug 784660)
- Enhancement: Proxy now supports IPv6 addresses  (Bug 861038)
- Enhancement: added support for persistent moddncache  (Bug 863445/868808)
- Enhancement: provide support for XDAS logging  (Bug 866899)
- Branding changes  (Bug 871360)
- Coverity fixes  (Bug 863968/873189)
- Update the eDir SDK  (Bug 860530)
- Support for Backup LDAPProxy (Bug 461405)
- Can now use 3rd party CA for the proxy listener  (Bug 491084)
- LDAP Proxy and restricting anonymous user  (Bug 495418)
- LDAP Proxy: Monitoring: average Times in cn=monitor displays huge number  (Bug 503803)
- Number of monitor threads running shows a very high number  (Bug 520129)
- Proxy dumps core during shutdown  (Bug 521919)
- Proxy dumps core due to memory corruption with inline=false  (Bug 521935)
- Proxy now supports SLES 10 SP4 and higher  (Bug 726072)
- Failed to install if eDirectory is already installed  (Bug 865550)
- Add support for IPv6 restrictions  (Bug 865732)

______________________________________________________________________________________________________________________
LDAP Proxy 1.0.1  (Lily)
December 2014
 
- LDAP Proxy should allow setting of derefalias option via policy (Bug 784584)
- LDAP search response time via proxy is higher by a large margin compared to direct eDirectory (Bug 784591)
- ldapsearch with base fails when "derefalias-reset" is set in the search request policy (Bug 785613)
- Ldap Proxy Patch Install issues (Bug 785499)
 
______________________________________________________________________________________________________________________
Original FCS version of LDAP Proxy 1.0  (Lotus)
October 2011