We have just released the UnboundID LDAP SDK for Java 2.3.0. It’s been about six months since the last release, and there are several new features and bug fixes. It is available for download now from the UnboundID website and the SourceForge project page, and it’s also available in the Maven central repository.
The release notes contain a pretty comprehensive set of changes since the 2.2.0 release, but some of the most significant changes are as follows:
- It is now possible to use DNS SRV records (as described in RFC 2782) to automatically discover available LDAP servers in the environment. The implementation will respect defined priorities and weights, and can be used for individual connections or connection pools.
- Experimental support has been added for the password policy control (as defined in draft-behera-ldap-password-policy) and the no-operation control (as defined in draft-zeilenga-ldap-noop). Even though these drafts are not necessarily finalized, some servers (including the UnboundID Directory Server) have implemented support for them, so it is useful to be able to access them through the LDAP SDK.
- The schema caching mechanism (which makes it possible for client-side determinations to use server schema for more appropriate matching) has been made much more efficient so that multiple connections to the same server and with equivalent perceptions of the schema will reference the same object rather than having separate equivalent objects.
- Updated the LDAP SDK so that operations invoked via the asynchronous API will still respect client-side timeouts.
- A number of schema-related changes have been made to the in-memory directory server. You can now update the schema dynamically through LDAP modify operations. Supported syntaxes and matching rules are now advertised (at least when using the default standard schema). You can configure the server to allow attribute values which violate the associated attribute syntax, or to allow entries with multiple structural object classes (or no structural class at all).
- The in-memory directory server has been updated with support for equality indexes to help speed up certain kinds of search operations (particularly when dealing with more than a handful of entries).
- The in-memory directory server has been updated to always use the “dn:” form in authorization identity response controls. Previously, it could use the “u:” form in responses to SASL PLAIN binds that used the “u:” form in the request. It will also now use the correct value of “” instead of “dn:” to indicate the anonymous authorization identity.
- It is now possible to customize the values that will be displayed for the vendorName and vendorVersion attributes in the root DSE. This can help the server more effectively fool applications which are coded to only work with certain directories.
- The LDAP SDK persistence framework has been updated so that it supports attributes with options (e.g., “userCertificate;binary”). It is now also possible to specify superior object classes that should be included in entries that are created.
- The connection pool implementation has been updated to provide better closed connection and unsolicited response detection for connections operating in synchronous mode.
- The 2.2.0 release added support for using a newly-created connection to retry operations that failed in a manner that indicated the connection may no longer be valid. In the 2.3.0 release, it is now possible to configure that capability based on the type of operation being processed, whereas in the previous version all operation types were handled in an identical manner.
- The LDIFReader has new convenience methods that can be used to read the contents of an LDIF file and retrieve the contents as a list of entries. This can be convenient when working with small LDIF files, especially for testing purposes.
- The LDAP SDK now supports parsing LDAP URLs with an “ldapi” scheme. The LDAP SDK does not provide support for LDAPI (LDAP over UNIX domain sockets) in the out-of-the-box configuration, but it can now parse URLs using an “ldapi” scheme.
- Command-line tools have been updated so that they can specify a tool version. If this is used, then the LDAP SDK can automatically add a “–version” argument to such tools which will cause the version string to be printed to the terminal.
- Some changes were made to help the LDAP SDK be more fully functional on IBM Java VMs. This includes necessary changes to support GSSAPI on IBM VMs, and a workaround for an apparent bug that could result in exceptions from concurrent calls to SocketFactory.createSocket methods.