PingDirectory suite of products 10.0.0.6 (June 2025)
Fixed a server installation issue with Java 17 and Red Hat
Fixed DS-49716 PingDirectory, PingDirectoryProxy, PingDataSync
We fixed an issue that could prevent installing or running servers using Java 17 or later on Red Hat Enterprise Linux (RHEL) systems when the operating system itself is configured to run in FIPS-compliant mode.
This operating system setting is unrelated to whether the PingDirectory server is set up to run in FIPS-compliant mode.
Fixed a userRoot issue for server upgrades
Fixed DS-49281 PingDirectory
We fixed an issue that caused some server upgrades to fail. During an upgrade, the update tool added userRoot entries for inverted static group support to the server configuration after the userRoot backend had been removed.
Fixed the failure behavior for dsreplication initialize
Fixed DS-49890 PingDirectory
We fixed an issue where a PingDirectory server would continue sending binary data
to the destination server after a failed attempt to initialize using dsreplication initialize.
This behavior interfered with further initialization attempts from any other server.
Removed the restart prompt when changing a certificate alias
Fixed DS-45174 PingDirectory, PingDirectoryProxy, PingDataSync
We removed the prompt to restart the LDAP connection handler component after changing the ssl-cert-nickname configuration property because a restart isn’t required.
Fixed a SCIM 2.0 PUT issue with attribute values
Fixed DS-49619 PingDirectory
We fixed an issue where SCIM 2.0 PUT operations involving multivalued complex attributes would incorrectly remove some of the values.
Fixed a SCIM issue with modifying ds-pwp-modifiable-state-json
Fixed DS-49781 PingDirectory
We fixed an issue where SCIM requests that attempted to modify the ds-pwp-modifiable-state-json attribute would fail.
Changed proxy transformation requirements for mapped attributes
Fixed DS-48958 PingDirectoryProxy
We updated the attribute mapping proxy transformation to require that both the source and target attribute types are defined in the local schema.
This change ensures that the server uses the correct logic when interacting with values of those attributes (for example, to identify whether the attribute type is declared as single-valued or multivalued so that it can properly format the values in REST API responses). The server now prevents adding a new instance of this proxy transformation if either of the attribute types isn’t defined in the schema. It also logs a warning message on startup if any existing instance of the transformation references an undefined attribute type.
Excluded some password attributes from sync sources
Fixed DS-49212 PingDataSync
We changed the resync tool to exclude unicodePwd automatically from
AD sync sources and password from PingOne sync sources.
By design, the resync tool updates the existing values for included
attributes at the destination to match what’s found at the source.
If resync can’t retrieve an attribute value at the source, it removes
any existing values at the destination. Because resync can’t retrieve
these password attributes from their sources, we’ve excluded them from
the attributes for resync consideration, to avoid disrupting the values
at the destination.
You can still include these attributes manually in a resync operation by
providing the --includeSourceAttr argument.