OpenDS 1.0.0-build003 is now available

I have just uploaded OpenDS 1.0.0-build003, built from revision 2550 of our source tree, to our weekly builds folder. The direct link to download the core server is The direct link to download the DSML gateway is

I have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL, or visit for more information.

Detailed information about this build is available at Some of the changes that have been incorporated since OpenDS 1.0.0-build002 include:
  • Revision 2446 (Issue #1986) -- Update the graphical and command-line setup mechanisms to attempt to detect and prevent install paths into directories containing a percent sign, especially on Windows.

  • Revision 2447 (Issue #2006) -- Update QuickSetup to prevent users from choosing the same ports for different protocols (like LDAP and LDAPS).

  • Revision 2448 (Issue #221) -- Add a general framework that may be used to allow OpenDS to send e-mail messages. Also, add an SMTP alert handler that can be used to send e-mail messages in response to administrative alerts generated within the server.

  • Revision 2449 (Issue #452) -- Add a new "targetcontrol" facility to the access control framework that can be used to restrict which clients are allowed to use specified request controls.

  • Revision 2457 (Issue #1819) -- Provide the ability to define certain configuration options as "advanced". This will make it possible to hide these options in administrative interfaces like dsconfig unless the user explicitly requests to see advanced options.

  • Revision 2461 (Issue #1849) -- Fix a problem with the evaluation of the debugsearchindex operational attribute (used to provide information about index processing performed during a search) in which evaluation was not correct with double-negation (a "NOT" inside a "NOT").

  • Revision 2475 (Issue #1015) -- Update a number of the command-line tools provided with OpenDS so that they include improved debugging support. When used in "--verbose" mode, they can now trace the contents of incoming and outgoing LDAP messages and ASN.1 elements in many cases.

  • Revision 2479 (Issue #443) -- Add a new access control "extop" keyword that can be used to restrict which extended operations may be invoked for a given client.

  • Revision 2480 (Issue #1831) -- Provide initial support for an "--interactive" mode for the dsconfig tool. This provides a basic text-based, menu-driven interface for interacting with the server configuration, although there are a number of known issues that still need to be addressed with this capability.

  • Revision 2483 (Issue #1971) -- Allow partial non-append imports for a backend with multiple base DNs (i.e., allow content under one base DN to be imported without impacting content below other base DNs in the same backend).

  • Revision 2499 (Issue #38) -- Provide a mechanism for performing VLV indexing, which makes it possible to efficiently use virtual list view and server-side sorting for searches that might not otherwise be indexed and/or inefficient.

  • Revision 2500 -- Fix a problem in access control evaluation in which use of the targetattr keyword to match all attributes except a named list could incorrectly grant access to operational attributes.

  • Revision 2503 (Issue #429, 478, 2025) -- Add support for a new disconnect client task that can be used to allow an appropriately-privileged administrator (needing at least the "disconnect-client" privilege) to terminate a client connection if the need arises. Also, add a "Get Connection ID" extended operation that can be used to allow a client to get the connection ID associated with its connection.

  • Revision 2505 (Issue #2024) -- Implement support for restricting the set of tasks that can be invoked in the server. Only those tasks which are listed in the ds-cfg-allowed-task attribute in the cn=config entry may be invoked in the server.

  • Revision 2508 (Issue #1683) -- Provide a mechanism to disable privileges in the server if necessary. If a given privilege is disabled, then it will be assumed that all clients have that privilege.

  • Revision 2509 (Issue #1787) -- Provide a configuration option that makes it possible for an administrator to control whether responses to failed bind operations should be allowed to include an error message that explains the problem. By default, this message will not be included for security reasons, but administrators may configure the server to allow it to be sent to provide the client with information about the reason for the failure.

  • Revision 2512 (Issue #2027) -- Provide a way to configure each alert handler with an explicit set of alert types that will be allowed or ignored. This makes it possible to restrict the types of alerts that a given alert handler will be asked to process.

  • Revision 2514 (Issue #118) -- Update the server to provide support for an idle time limit configuration option for LDAP clients. That is, it is now possible to configure the server to automatically terminate a client connection if it has remained unused for too long. The idle time limit is a server-wide configuration option, but it can be overridden on a per-user basis.

  • Revision 2515 (Issue #2026) -- Ensure that processes launched by QuickSetup will use the same JVM as is used to run QuickSetup, even if an alternate JAVA_HOME is configured in the environment.

  • Revision 2521 -- Update the status panel utility so that it can communicate with the server over a secure communication channel. If the server certificate is not trusted, the user will be prompted about whether to accept it.

  • Revision 2529 (Issue #2033, 2034) -- Update the task backend to provide the ability to send an e-mail message whenever a task is complete. The set of recipients may be configured on a per-task basis, and it is possible to specify whether the message should always be sent or only if the task fails.

  • Revision 2533 (Issue #1991) -- Improve the "dsconfig list-properties" output and make its usage more consistent with other dsconfig subcommands.

  • Revision 2535 (Issue #2032) -- Update the password policy to ensure that the sum of the minimum password age and the password expiration warning interval should always be less than the maximum password age (if the corresponding options are configured). This will prevent undesirable configurations, like a minimum age that is greater than the maximum age, or sending expiration warning messages to the client during a time when the user is not allowed to change the password.

  • Revision 2539 -- Update the access control handler to provide the ability to control whether a smart referral (i.e., a named subordinate reference as per RFC 3296) should be returned to the client.

  • Revision 2542 -- Fix a problem with the way that the Netscape password expired control was being encoded to ensure that it always has an appropriate value.


Post a Comment:
Comments are closed for this entry.



Top Tags
« April 2014