Version 3.26 (August 2024)
New features and enhancements
Supported platforms, database management systems, and other third-party products
LDAP Synchronization Tool now supports the following products:
Operating systems
- Red Hat Enterprise Linux (RHEL) 9, 64-bit
- Rocky Linux 9, 64-bit
- Rocky Linux 8, 64-bit
- Ubuntu Server 22.04 LTS, 64-bit
Software libraries
LDAP Synchronization Tool now includes the following (updated) third-party libraries:
- Cyrus SASL 2.1.28
Fixes and other updates
Issue OAS-21241: LDAP Synchronization Tool Configuration Utility memory issues
Description: Two memory issues with the LDAP Synchronization Tool Configuration Utility were reported. The first issue does not impede functionally and occurs only when you close the application, resulting in a core dump.
The second issue occurs when the application starts. It does not affect all environments, but if it occurs, the UI does not work correctly and the application will finally terminate unexpectedly.
Affects: LDAP Synchronization Tool on Red Hat Enterprise Linux 8
Status: This issue has been fixed.
Issue OAS‑17306 (Support case CS0114443): Limitations when renaming organizational units
Description: LDAP Synchronization Tool cannot correctly mirror existing organizational units (OU) that were renamed on the source LDAP data store and contain child OUs. If the renamed OU has no child OU, then LDAP Synchronization Tool will create a new OU on the destination data store and move all related users correctly.
Affects: LDAP Synchronization Tool 3.21–3.25
Status: The documentation has been updated. The LDAP Synchronization Tool Administrator Guide now explains the limitations when organizational units are renamed.
Deprecated components and features
PDF documentation (Deprecated)
You can view the user documentation of most OneSpan products online already at https://community.onespan.com/documentation, and we plan to shift exclusively to online documentation.
This means that PDF documentation will be completely removed in future major releases of LDAP Synchronization Tool (currently planned for 3.27).
Supported platforms and third-party products
LDAP Synchronization Tool no longer supports the following products:
Operating systems
- CentOS 7
Version 3.25 (January 2024)
New features and enhancements
Supported platforms, database management systems, and other third-party products
LDAP Synchronization Tool now supports the following products:
Software libraries
LDAP Synchronization Tool now includes the following (updated) third-party libraries:
- Boost C++ libraries 1.83.0
-
cURL 8.4.0
This version of cURL fixes a couple of security vulnerabilities, including CVE-2023-38545 and CVE-2023-38546.
- gSOAP 2.8.129
- libxml2 2.11.5
- OpenSSL 3.0.9
- SQLite 3.43.2
- wxWidgets 3.2.2.1
Fixes and other updates
Issue OAS‑19310: Unhandled error if connection to OneSpan Authentication Server breaks during synchronization
Description: If the connection to OneSpan Authentication Server is lost while user synchronization is under way, the synchronization process stops and is not resumed. Administrators do not receive information about the status of the current operation.
Affects: LDAP Synchronization Tool 3.21–3.24
Status: This issue has been fixed. If the connection to the server is lost during user synchronization, information about the error and the synchronization status will be included in the trace file. Depending on the synchronization status, the process will be terminated or resumed.
Deprecated components and features
Supported platforms and third-party products
LDAP Synchronization Tool no longer supports the following products:
Operating systems
- Windows Server 2012 R2
- Windows Server 2012
Version 3.24 (July 2023)
New features and enhancements
Simplified LDAP server connection test
In previous versions, the LDAP Synchronization Tool Configuration Utility provided two separate buttons to test the LDAP server connection settings in a profile. The Test connection button tested the connection, and the Test login button tested the logon credentials. To avoid confusion and simplify the workflow, those two buttons were replaced with a single Test button that tests all LDAP connection settings if possible.
Supported platforms, database management systems, and other third-party products
LDAP Synchronization Tool now supports the following products:
Operating systems
- Windows Server 2022
Software libraries
LDAP Synchronization Tool now includes the following (updated) third-party libraries:
-
cURL 8.1.2
This version of cURL fixes a couple of security vulnerabilities, including CVE-2023-23916.
- OpenSSL 1.1.1u
-
zlib 1.2.12-r2
This version of zlib fixes a couple of security vulnerabilities, including CVE-2022-37434.
Version 3.23 (July 2022)
New features and enhancements
Configuration Utility improvements
The LDAP Synchronization Tool Configuration Utility has been improved for more clarity and user-friendliness.
Synchronization options in the Profiles > Options tab have been updated and re-structured as follows:
- Update users list: Created by LDAP synchronization only has been renamed to Already synchronized by LST.
- Update users list: Not created by LDAP synchronization has been renamed to Never synchronized by LST.
- Mirror organizational unit structure is now a subitem of Include LDAP children.
- Create missing organizational units is now a subitem of Mirror organizational unit structure and is by default enabled.
For a detailed description of the synchronization options, refer to the LDAP Synchronization Tool Administrator Guide.
Supported platforms, database management systems, and other third-party products
LDAP Synchronization Tool now supports the following products:
Operating systems
- Red Hat Enterprise Linux 8, 64-bit
- Ubuntu Server 20.04 LTS, 64-bit
Fixes and other updates
Issue OAS-11397 (Support case CS0069469): Password attribute in LDAP Synchronization ToolConfiguration Utility
Description: In the Configuration Utility you can specify the Password attribute as a field to be synchronized, although LDAP Synchronization Tool does not support password synchronization.
Status: This issue has been fixed. The Password attribute is no longer available for synchronization.
Issue OAS-6399 (Support case CS0046036): User deletion fails if Reporting scenario is disabled
Description: If the Reporting scenario of OneSpan Authentication Server is disabled, Active Directory users cannot be deleted on the server. The reason is that before a user can be deleted, OneSpan Authentication Server checks if reports are assigned to the user. This check is only possible if the Reporting scenario is enabled.
Affects: LDAP Synchronization Tool 1.3–3.22
Status: This issue has been fixed. You can now specify a successor user who will take ownership of all items that may prevent the deletion of the target user (e.g. reports, tasks, or pending operations). For more information, refer to the LDAP Synchronization ToolAdministrator Guide.
Issue OAS-6052: Unit selector removed from Tracing page
Description: It is no longer possible to select the unit for the Rotate on size option in the tracing settings. Instead, the size is always specified in MB.
Any values specified in KB or GB in previous LDAP Synchronization Tool versions will be rounded to the nearest integer MB value.
Deprecated components and features
Supported platforms and third-party products
LDAP Synchronization Tool no longer supports the following products:
Operating systems
- Ubuntu Server 16.04 LTS, 64-bit
- Red Hat Enterprise Linux line 6
- CentOS line 6
Version 3.22 (October 2021)
New features and enhancements
Authenticator is moved along with user
(OAS-4880, OAS‑1541, support cases CS0032978, CS0033132, CS0041046, CS0046178)
If a user has been moved to another organizational unit in the LDAP data store, LDAP Synchronization Tool will now move the user and all assigned authenticators to the new organizational unit in the OneSpan Authentication Server data store. This feature replaces the behavior in previous product versions, where moved users were deleted and re-created in OneSpan Authentication Server, and any assigned authenticators were unassigned.
Please note the following to make the most of this new feature:
- Because one additional SOAP command is executed per user, the first synchronization with LDAP Synchronization Tool 3.22 may take longer by approximately 25 per cent.
-
Before the first synchronization, it is recommended that you select the following profile options in the LDAP Synchronization Tool Configuration Utility:
- Create users
- Delete users
- Update users – All
- Enable created users
- Include LDAP children
- Mirror organizational unit structure
- (OPTIONAL) Create missing organizational units
- Return Digipass to OAS synchronization root on delete
The SyncTest and SyncNow command-line utilities will test/synchronize only enabled profiles if no <profile_list> parameter is provided.
Support for fully qualified domain names (FQDN)
LDAP Synchronization Tool now supports fully qualified domain names (FQDN) to specify the server location of LDAP servers and OneSpan Authentication Server instances. This allows you to specify the same FQDN that is set in TLS/SSL certificates used for server verification.
Fixes and other updates
Issue OAS‑10065 (Support case CS0064700): Special characters not escaped in JSON output
Description: LDAP Synchronization Tool includes several command-line utilities that can be used to test synchronization results, validate profiles, and trigger synchronization. The utilities do not properly escape special characters in their JSON output.
Affects: LDAP Synchronization Tool 3.20–3.21
Status: This issue has been fixed.
Deprecated components and features
Supported platforms and third-party products
LDAP Synchronization Tool no longer supports the following products:
LDAP data stores
- NetIQ eDirectory 8.8 SP8
Future platform support changes
This section summarizes upcoming changes of supported platforms and other third-party products that will become effective in future versions. You are highly encouraged to plan and modify your deployments accordingly to allow future upgrades.
Version 3.23
LDAP Synchronization Tool 3.23 will no longer support the following products:
Operating systems
- Ubuntu Server 16.04 LTS, 64-bit
- Red Hat Enterprise Linux line 6
- CentOS line 6
- No support is planned for CentOS line 8/Stream 8.
Version 3.21 (April 2021)
New features and enhancements
Supported platforms, database management systems, and other third-party products
LDAP Synchronization Tool now supports the following products:
Operating systems
- Red Hat Enterprise Linux 7, 64-bit (version 7.8 and later)
- Red Hat Enterprise Linux 6, 64-bit (version 6.10 and later)
- CentOS 7, 64-bit (version 7.8 and later)
- CentOS 6, 64-bit (version 6.10 and later)
Fixes and other updates
Issue OAS‑5233: Panel size issue in LDAP Synchronization Tool Configuration Utility
Description: The elements of the inner panels of the LDAP and OAS tabs found in the Profiles panel of the LDAP Synchronization Tool Configuration Utility are too large, which causes a vertical scroll bar to appear.
Status: This issue has been fixed.
Issue OAS-2045 (Support Case CS0043800): Improved time handling in LDAP Synchronization Tool Configuration Utility
Description: Due to an incorrect GUI element, you cannot specify an interval in the Repeat interval field when configuring profile options.
Affects: LDAP Synchronization Tool 3.20
Status: This issue has been fixed.
Deprecated components and features
SOAP support
LDAP Synchronization Tool no longer uses the SEAL protocol but supports SOAP instead. The default value for the SOAP ports is 8888. To ensure full functionality, adapt and configure your client configuration accordingly:
-
Adapt the SSL settings:
-
Windows: The certificate must now be imported to the Windows certificate store.
-
Linux: The path to the certificate must be specified via the LDAP Synchronization Tool Configuration Utility (Profiles > OAS tab).
-
-
Change the port information to use the SOAP port (8888).
- If you have implemented a firewall or some routing or port forwarding mechanism, you may need to update your configuration.
Once you have completed these steps (if applicable), change the used protocol ID of the relevant client component(s) from SEAL to SOAP on the authentication servers.
Deleting user records
With the use of the SOAP protocol, LDAP Synchronization Tool no longer supports the removal of UserObjectScope items from the Active Directory data store.
OneSpan Authentication Server does not use or create UserObjectScope items; if they are created (by third-party software), they are stored in Active Directory.
If you are using OneSpan Authentication Server with an Active Directory data store and if there are UserObjectScope items stored along with an Active Directory user, you need to remove these items manually before the corresponding user record can be deleted from the server.
Supported platforms and third-party products
LDAP Synchronization Tool no longer supports the following products:
Operating systems
- Red Hat Enterprise Linux 6.0–6.9, 32- and 64-bit
- CentOS 7.0–7.7, 32- and 64-bit