UnboundID LDAP SDK for Java 6.0.10

We have just released version 6.0.10 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for the 6.0.10 release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

• We added a new ReusableReferralConnector interface that makes it possible to create referral connectors that can be reused for following multiple referrals. We’ve added a new PooledReferralConnector implementation that uses connection pools for improved performance when following multiple referrals.

• We fixed an issue in which the parallel-update tool could write malformed data to the reject log file when multiple write operations were rejected concurrently.

• We added a PLAINBindRequest.encodeCredentials method that can be used to retrieve the encoded credentials for a SASL PLAIN bind request.

• We added JSONNumber.getValueAsInteger and getValueAsLong methods that will return the value of a JSON number as an Integer or Long, but only if the conversion can be made losslessly. The methods will return null if the value is a floating-point number, or if the value is outside the supported range for the data type.

• We added a StaticUtils.getBacktrace method that can be used to retrieve a compact, single-line string representation of a stack trace representing the code location from which the method was called.

• We added support for a new Ping-proprietary “access log field” request control, which can be used to indicate that the server should include a specified set of name-value pairs in the access log message for the associated operation. We also updated the ldapsearch and ldapmodify tools to add a new --accessLogField argument to include this control in requests.

• We added support for a new Ping-proprietary “generate access token” request control that can be included in a bind request to indicate that the server should include an access token in a corresponding response control included in the response to a successful bind operation. That access token can be used to authenticate to the Ping Identity Directory Server with the OAUTHBEARER SASL mechanism. This may be especially useful when initially authenticating to the Directory Server with a mechanism that relies on single-use credentials (e.g., UNBOUNDID-TOTP, UNBOUNDID-DELIVERED-OTP, or UNBOUNDID-YUBIKEY-OTP) because it allows you to establish multiple connections (e.g., using a connection pool or to replace connections that are no longer valid). We also updated the ldapsearch and ldapmodify tools to add a new --generateAccessToken argument to request that the server return an access token in the bind response.

• We updated support for the ds-pwp-state-json virtual attribute to include the has-password-encoded-with-non-current-settings field, which may indicate whether the user has a password that is encoded with settings that are different from the current configuration for the associated password storage scheme, and the non-current-password-storage-scheme-settings-explanations field, which may explain the ways in which the password encoding differs from the current configuration.

• We updated the documentation to include the latest versions of draft-ietf-kitten-scram-2fa, draft-melnikov-scram-bis, and draft-melnikov-scram-sha3-512 in the set of LDAP-related specifications.