Bump unboundid-ldapsdk from 5.0.1 to 5.1.2

[dependabot-preview]

Bumps unboundid-ldapsdk from 5.0.1 to 5.1.2.

Release notes

Sourced from unboundid-ldapsdk's releases.

UnboundID LDAP SDK for Java 5.1.2

We have just released version 5.1.2 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. The release notes provide a pretty comprehensive overview of what’s changed since the 5.1.1 release, but here’s a summary:

Server-Agnostic Updates

• We added a new parallel-update command-line tool that can be used to apply changes read from an LDIF file against an LDAP server using multiple concurrent threads.

• We updated the ldapmodify and ldapdelete tools so that they will now default to retrying failed operations on a newly established connection if the failure suggests that the connection made for the initial attempt is no longer valid. This was previously available through the --retryFailedOperations argument, but it is now the default behavior, and a --neverRetry argument can be used if retry support is not wanted.

• We added a new OIDRegistry class that provides a registry of object identifiers used in LDAP, including things like schema elements, controls, extended operations, and other sources. Each item in the registry has a name, an OID, and a type, and it may also have an origin string and a URL that may be used to retrieve additional information about the item.

• We added a new oid-lookup command-line tool that can be used to search the OID registry to find items with a given OID, name, type, or other content.

• We added a new ldap-result-code command-line tool that can be used to list all defined result codes and search for result codes with a given name or integer value.

• We updated the LDAP listener framework and the in-memory directory server to support mutual TLS authentication, in which the server requests a certificate chain from the client and validates any chain that the client provides.

• We updated the logic used to generate temporary self-signed certificates for use by the in-memory-directory-server and ldap-debugger command-line tools so that the certificates will be more acceptable to a wider range of clients. The certificate will now only be valid for one year, as some TLS clients balk at peer certificates with very long lifetimes. The subject alternative name extension will also default to only using canonical host names and IP addresses that are associated with non-loopback interfaces.

• We added a new argument value validator that can be used to restrict command-line argument values to those that represent valid DNS host names. It can optionally accept or reject values that are numeric IP addresses, can accept or reject unqualified host names, and can accept or reject unresolvable host names.

• We added a new SASLClientBindHandler class that can be used to invoke SASL bind operations that use a javax.security.sasl.SaslClient object to perform the actual SASL processing. We also added an LDAPConnection.applySASLSecurityLayer method that can be used to add a security layer that has been negotiated with a SaslClient to an established, clear-text connection.

• We updated the HostNameSSLSocketVerifier to automatically trust any certificate when the client used a loopback IP address (not a host name, even if that name is associated with a loopback interface) as the address for the server. This is in accordance with the W3C Secure Contexts Candidate Recommendation, section 3.2.

• We updated the HostNameSSLSocketVerifier and TrustAllSSLSocketVerifier classes to implement the javax.net.ssl.HostnameVerifier interface.

• We updated the LDIF writer to improve human readability for the comments that it can automatically add for base64-encoded values.

• We updated the manage-certificates command-line tool to add support for a new retrieve-server-certificate subcommand, which will retrieve the certificate chain from a specified server and optionally write a PEM-encoded or DER-encoded representation of the certificate(s) to a specified file.

• We fixed an issue with the manage-certificates trust-server-certificate command that only caused it to wait for 60 milliseconds rather than the intended 60 seconds when trying to establish a connection to the target server.

• We updated ldapsearch to add a new “dns-only” output format. If this format is selected, then the output will contain only the DNs of matching entries.

• We updated support for the OAUTHBEARER SASL mechanism to make it possible to include arbitrary key-value pairs in the SASL credentials.

• We fixed an issue in the command-line tool framework that affected tools that provide support for automatically writing the output to a file. The output file was never explicitly closed, which could cause problems in cases where the tool was invoked programmatically, and then an attempt was made to subsequently use the output from code in the same JVM.

• We added a new StaticUtils.isIANAReservedIPAddress method that can be used to determine whether a provided IPv4 or IPv6 address is contained in an IANA-reserved range.

• We updated the ChangeLogEntry class so that it will fall back to using the includedAttributes attribute if the deletedEntryAttrs attribute does not exist in changelog entries that represent a delete operation.

• We updated the LDAP SDK’s support for passphrase-based encryption to make it possible to explicitly specify the type of cipher that should be used. Previously, you could only request either a baseline level of protection (which should be available in all supported Java versions) or the strongest supported level of protection (which might not be available in some JVMs)

• We added a new X.509 trust manager that will never trust any certificate chain. This is primarily intended for testing purposes.

• We updated the documentation to include the latest versions of the draft-melnikov-scram-sha-512, draft-melnikov-scram-sha3-512, and draft-ietf-kitten-password-storage drafts in the set of LDAP-related specifications.

Updates Specific to the Ping Identity Directory Server

• We added client-side support for a new ds-pwp-modifiable-state-json operational attribute that can be used to retrieve and manipulate a select set of password policy state information in a user’s entry.

Changelog

Sourced from unboundid-ldapsdk's changelog.

          <div align="right">

${TARGET="offline"} LDAP SDK Home Page ${TARGET="offline"} Product Information

          <h2>Release Notes</h2>
      &lt;h3&gt;Version 5.1.2&lt;/h3&gt;
  &amp;lt;p&amp;gt;
    The following changes were made between the 5.1.1 and 5.1.2 releases:
  &amp;lt;/p&amp;gt;

  &amp;lt;ul&amp;gt;
    &amp;lt;li&amp;gt;
      Added a parallel-update command-line tool that can be used to apply changes read
      from an LDIF file against an LDAP server using multiple concurrent threads for
      higher throughput than single-threaded tools like ldapmodify.  It properly
      handles dependencies between concurrent operations (for example, it will delay
      adding a child entry if the add for its parent is still in progress), and it
      also supports retrying operations that fail in a way that indicates that the
      operation might succeed if attempted after all other operations have completed.
      Any changes that cannot be processed successfully will be written to a reject
      file for later examination.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Updated the ldapmodify and ldapdelete tools so that they will now retry failed
      operations by default on a newly established connection if the failure indicates
      that the underlying connection may no longer be valid.  This behavior was
      previously available if the --retryFailedOperations argument was provided, and
      that argument is still available (but hidden) to preserve backward compatibility
      with scripts that use it, but it now has no effect.  A new --neverRetry argument
      has been added that can disable this feature if the retry functionality should
      be disabled.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Added a new OIDRegistry class that provides a registry of object identifiers
      used by LDAP schema elements, controls, extended operations, and other sources.
      Each item has an OID, name, and type, and it may optionally have an origin
      string and a URL to content that can provide additional information about the
      item.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;

Commits

• 420e416 Add an ldap-result-code tool
• a4d0fb1 Update the LDAP OID reference
• 822a5d0 Update to draft-ietf-kitten-password-storage-02
• afbb8d8 Provide programmatic access to an OID registry
• b55fae1 Add manage-certificates retrieve-server-cert
• 41db57c Close the command-line tool output file
• 662d13c Add updated SCRAM drafts for 512-bit SHA2 and SHA3
• 259a465 Add a dns-only ldapsearch output format
• 03ac13a Improve LDIF writer base64 comments
• 9152091 SSL socket verifier updates
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[coveralls]

Coverage remained the same at 91.518% when pulling 30ebdd0 on dependabot/maven/com.unboundid-unboundid-ldapsdk-5.1.2 into 0d28ed0 on master.

[dependabot-preview]

Superseded by #72.