Skip to main content

The most recent patch for this version is 6.3.1.  Learn more  

Release notes

LDAP Attribute Connector features, bug fixes, and known issues by release date.

Version 6.3.1

What's new

  • Vulnerability fixes

    Internal libraries were updated to address vulnerabilities.

  • Online documentation updates

    Documentation updates regarding the following:

    • Vulnerabilities report instructions

      LDAP Attribute Connector documentation is now updated with instructions on how to download vulnerabilities report from S3.

Version 6.3.0

What's new

  • Tracing using OpenTelemetry

    Tracing can now be used in the LDAP Attribute Connector, which can track key events that relate to the LDAP Server requests.

    The tracing functionality in the LDAP Attribute Connector is based on OpenTelemetry (OT) and is supported only in conjunction with Access Decision Service (ADS). The spans for the LDAP Server requests will be created if OpenTelemetry is enabled for ADS itself and within the context of the spans of ADS.

    For each LDAP Server request, a span for the whole request is defined in the trace. Each span associated with an LDAP Server request contains both the query and the returned values. To preserve the confidentiality of data, when tracing is enabled, the attribute values are by default sanitized. This visibility of data is configurable.

Fixed issues

  • Error when retrieving a date with more than one decimal place

    Retrieving a date from an LDAP server, formatted as GeneralizedTime with more than one decimal place in the fraction section, for example, "YYYYMMDD000000.000Z", caused a "500" error. This has been fixed, and the handling of dates is compliant with the GeneralizedTime format (see IETF RFC 4517 §3.3.13).

    note

    The precision for the fraction of a second is limited to three decimal places. This limitation applies to both retrieving and sending values from the LDAP Attribute Connector.

Version 6.2.0

What's new

  • Configurable mapping of the dateTime field format

    A feature toggle has been implemented to toggle the format of the dateTime field. The default operation uses Generalized Time as the format for the dateTime field. When the toggle is enabled the XACML format of the dateTime field will be used, which is the way it has been represented up to and including version LDAP AC 6.1.1.

Version 6.1.1

Fixed issues

  • Only one key value populated in the search filter

    An internal change in APS 6.2.7 caused a regression. If an LDAP attribute connector had more than one key in a search filter string, only the first key value would be populated when the LDAP attribute connector was invoked. This has been fixed.

  • Parameter substitution did not use escaped strings

    Previously, parameter substitution in LDAP filter strings was implemented using simple string replacement without proper escaping. This created a vulnerability for injection-style attacks. This has been fixed. LDAP filter parameters are now replaced using properly escaped strings, in accordance with the LDAP specification.

Known issues

  • SQL Filter Service incompatibility

    The LDAP Attribute Connector 6.X does not work with SQL Filter Service 2.1.0 and earlier.

Version 6.0.0

What's new

  • Change of fully qualified name

    The fully qualified name for the LDAPAttributeFinder has been changed to com.axiomatics.attributeconnector.ldap.LDAPAttributeFinder. (The previous form was com.axiomatics.pip.ldap.ldapAttributeFinder.)