UnboundID LDAP SDK for Java 7.0.4

Neil Wilson — Fri, 05 Dec 2025 16:34:08 -0000

We have just released version 7.0.4 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for this release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

We added a “discard results” search result listener that can be used in cases where a search should be performed, but the actual matching entries and references aren’t needed (for example, if you only need to know the number of matching entries).
We added client-side support for a W3C trace context request control that can be included in requests sent to the latest versions of the Ping Identity Directory Server or ForgeRock Directory Services. This can be used to convey information for use in distributed tracing (e.g., via OpenTelemetry).
We improved debug logging when adding or removing servers from the blacklist used to temporarily avoid creating connections to a server when using the round robin and fewest connections server set.
We updated the PropertyManager class to make it possible to cache property values for faster access with less contention. Caching is disabled by default, although you can enable it by specifying a maximum cache duration. You can also programmatically clear the cache and pre-populate the cache based on currently defined system properties and environment variables.
We improved performance and reduced contention when retrieving the values of environment variables from the JVM process.
We updated the documentation to include the latest revisions of draft-bouchez-scram-mcf and draft-codere-ldapsyntax in the set of LDAP-related specifications.

UnboundID LDAP SDK for Java 7.0.3

Neil Wilson — Mon, 16 Jun 2025 19:32:34 -0000

We have just released version 7.0.3 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for this release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

We fixed an issue in which the LDAP SDK did not properly handle certificates with a notBefore or notAfter timestamp that fell in the year 2049 if that timestamp was encoded with the antiquated UTCTime syntax (which only uses two digits to encode the year). It incorrectly used a year of 1949 instead of 2049.
We updated the ldifmodify tool so that it will report an error if any of the sourceLDIF, changesLDIF, or targetLDIF arguments refer to the same file. Previously, the tool would run, but could yield incomplete results if an input file was also used as an output file.
We updated the IP address argument value validator to improve performance and to catch additional types of malformed IPv4 addresses that were previously accepted due to leniency in Java’s InetAddress.getByName implementation.
We simplified and improved the toLowerCase, toUpperCase, and getBytes methods in the StaticUtils class. The former implementations were more efficient than the versions provided in the Java String class in older Java versions when primarily dealing with ASCII strings, but this is no longer the case in newer versions of Java where strings are backed by byte arrays rather than character arrays.
We updated client-side support for the Ping-proprietary transaction settings request control to make it possible to request that the server acquire a lock using a client-specified scope under a specified set of conditions. This allows more control in the event of lock conflicts in cases where the client is able to determine which operations are most likely to conflict with each other. For example, in a multi-tenant server, it may be useful to specify a scope that includes a tenant-specific identifier so that only operations associated with that tenant will be affected by the scoped lock.
We also updated the transaction settings request control to make it possible to override the conditions under which the server may attempt to acquire a single-writer lock. This was previously only controlled through the server configuration.
We improved error reporting in the dump-dns tool for use with the Ping Identity Directory Server.
We updated client-side support for the Ping Identity Directory Server’s version monitor entry to handle attributes used to indicate whether the server is running in FIPS 140-2-compliant or FIPS 140-3-compliant mode.
We updated the documentation to include the newest versions of the draft-bucksch-sasl-passkey, draft-bucksch-sasl-rememberme, draft-codere-ldapsyntax, draft-ietf-kitten-sasl-ht, draft-ietf-kitten-sasl-rememberme, and draft-schmaus-kitten-sasl-ht specifications.

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Neil Wilson — Tue, 21 Jan 2025 17:33:18 -0000

I assume that you’re asking about SSL-encrypted client connections using the LDAP SDK. In that case, there are two ways to do it:

If you’re creating individual connections, then you’ll want to use a constructor that allows you to provide a SocketFactory, and then use SSLUtil to create an instance of an SSLSocketFactory.
If you’re creating a connection pool, then you’ll probably want to use a ServerSet to create the connections, and you would configure your ServerSet with the appropriate SSLSocketFactory.

You can find the class-level documentation for the SSLUtil class at https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/util/ssl/SSLUtil.html, and it has a pretty good description of what’s involved, as well as a couple of code examples.

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Sammy — Mon, 20 Jan 2025 11:43:43 -0000

Thank you so much. That helped a lot. Could you please tell how can I connect to LDAP server with SSL?

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Neil Wilson — Thu, 16 Jan 2025 19:13:29 -0000

To do this, you’ll create your own custom LDAPListenerRequestHandler, not unlike the ProxyRequestHandler. You can absolutely use that as your model for creating your new version.

The LDAPListener framework would handle all of the work of accepting connections, creating an LDAPListenerClientConnection for each of them, and in the process would invoke your request handler’s newInstance method so that you can create an instance of your request handler that is specifically intended for dealing with communication with that one client. You’d want to have a member variable in your request handler that allows you to keep a handle to the LDAPListenerClientConnection provided to the newInstance method so that you can use it if you need to send back things like search result entries, search result references, or intermediate responses.

Whenever the client submits a request, then the LDAPListnerClientConnection will read and decode that request, and will then invoke the appropriate method in your request handler based on the type of requested operation. For example, if the client sends a search request, then the LDAPListenerClientConnection will invoke your request handler’s processSearchRequest method. That method can then communicate with the two external sources that you want to aggregate to identify the appropriate content to return. For each entry you want to send back to the client, then you’d call the LDAPListenerClientConnection.sendSearchResultEntry method on the connection used to create that instance of your request handler. And when you’ve sent all entries, or if an error occurs during processing that prevents it from continuing, then your processSearchRequest would return an LDAPMessage that represents the final search result done message to return to the client.

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Sammy — Thu, 16 Jan 2025 16:34:20 -0000

How can I create something like ProxySearchResultListner I need to send the data back to client. Is it possible to do other than using LDAPListnerClientConnection

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Sammy — Thu, 16 Jan 2025 15:58:12 -0000

Ahh okay... Is there any way I can access it?

Actually I have a requirement where I need to create a proxy which will receive the query and in turn query two ldap datasource, combine the data with few attributes added and send the data back to client. I came across the ProxyRequestHandler and I wanted to create something similar to it. Over there I came across this class. Could you please help me here...I should I approach this

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Neil Wilson — Thu, 16 Jan 2025 15:36:03 -0000

You shouldn’t be creating LDAPListenerClientConnection objects in your code. LDAPListenerClientConnection instances should only be created by LDAPListener, and they’re used to maintain all the state around a client connection that is established to the LDAPListener. And in the course of creating an LDAPListenerClientConnection, it calls LDAPListenerRequestHandler.newInstance to create a new instance of the request handler that is specifically to be used in interacting with that connection.

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Sammy — Thu, 16 Jan 2025 11:28:17 -0000

Hello all,
I want to understand the class LDAPListenerClientConnection.java. The class takes a LDAPListner object socket and a requestHandler. As I have seen we already pass the socket and the requestHandler detail while creating LDAPListnerConfig object which we pass to LDAPListner to create its object. Am I understanding this correct or the socket and requestHandler here are something different 🤔

UnboundID LDAP SDK 7.0.2

Neil Wilson — Wed, 04 Dec 2024 21:18:06 -0000

We have just released version 7.0.2 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for this release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

We added support for using the 2.x version of the Bouncy Castle FIPS-compliant security provider, which provides support for FIPS 140-3 compliance. The 1.x version of the library, offering FIPS 140-2 compliance, is still supported. To use the LDAP SDK in this mode, you should ensure that the necessary jar files are in the classpath, and then you should call CryptoHelper.setUseFIPSMode("BCFIPS2") as early as possible in the life of the application.
We added a new PropertyManager class that can be used to retrieve the value of specified properties using either system properties or environment variables. Values can be optionally parsed as Booleans, numbers, or comma-delimited lists. Most uses of system properties within the LDAP SDK have been updated to support the new PropertyManager mechanism so that it’s possible to set values as environment variables as an alternative to system properties.
We fixed a bug in the SSLUtil.certificateToString method that prevented it from including the notBefore and notAfter timestamps in the string representation.
We added client-side support for the Ping Identity Directory Server’s new to-be-deleted accessibility state for use with the get subtree accessibility and set subtree accessibility extended operations.
We updated the MoveSubtree utility class to provide the ability to use the new to-be-deleted accessibility state (as an alternative to the hidden state) for the target subtree before starting to remove entries from the source server.
We added a new SubtreeAccessibilityState.isMoreRestrictiveThan method that can be used to determine whether one accessibility state is considered more restrictive than another.
Updated the documentation to include the latest versions of the following LDAP-related specifications:
draft-coretta-ldap-subnf-01
draft-coretta-oiddir-radit
draft-coretta-oiddir-radsa
draft-coretta-oiddir-radua
draft-coretta-oiddir-roadmap
draft-coretta-oiddir-schema
draft-ietf-kitten-scram-2fa
draft-melnikov-sasl2
draft-melnikov-scram-bis
draft-melnikov-scram-sha-512
draft-melnikov-scram-sha3-512

Recent posts to Discussion

UnboundID LDAP SDK for Java 7.0.4

UnboundID LDAP SDK for Java 7.0.3

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Understanding LDAPListenerClientConnection.java and SearchTransforemers

Understanding LDAPListenerClientConnection.java and SearchTransforemers

UnboundID LDAP SDK 7.0.2