New TurnKey OpenLDAP version (16.1)

Changes:

  • Support running OpenLDAP appliance running as ununprivileged on LXC - closes #1535.
  • Use MDB backend. Previously we were using deprecated HDB backend.
  • Install latest upstream release of phpLDAPadmin from GitHub - v1.2.6.2. We were previously installing from 'master', but that is now tracking v2 development (no v2.x release yet).
  • Include Webmin LDAP module by default. Closes #864.
  • Note: Please refer to turnkey-core's 16.1 changelog for changes common to all appliances. Here we only describe changes specific to this appliance.

Links

New TurnKey OpenLDAP version (16.0)

Changes:

  • Updated all relevant Debian packages to Buster/10 versions; including OpenLDAP (slapd) to 2.4.47 & PHP 7.3 (for phpldapadmin).
  • Update phpldapadmin to latest upstream version - 1.2.5. Plus also add cookie encryption (via setting blowfish seed) and disable anonymous access.
  • Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1) for webserver/ phpldapadmin. (v15.x TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1).
  • Update webserver SSL/TLS cyphers to provide "Intermediate" browser/client support (suitable for "General-purpose servers with a variety of clients, recommended for almost all systems"). As provided by Mozilla via https://ssl-config.mozilla.org/.
  • Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance.

Links

New TurnKey OpenLDAP version (15.1)

Changes:

  • Include a sleep in the OpenLDAP inithook which resolves intermittant initialisation issues, including a TLS/SSL issue. Closes #1176 & #1337. [ Stefan Davis ]

Links