You are here
Changes:
- Support running OpenLDAP appliance running as ununprivileged on LXC -
closes #1535.
- Use MDB backend. Previously we were using deprecated HDB backend.
- Install latest upstream release of phpLDAPadmin from GitHub - v1.2.6.2. We
were previously installing from 'master', but that is now tracking v2
development (no v2.x release yet).
- Include Webmin LDAP module by default. Closes #864.
- Note: Please refer to turnkey-core's 16.1 changelog for changes common to
all appliances. Here we only describe changes specific to this appliance.
Links
Changes:
- Updated all relevant Debian packages to Buster/10 versions; including
OpenLDAP (slapd) to 2.4.47 & PHP 7.3 (for phpldapadmin).
- Update phpldapadmin to latest upstream version - 1.2.5. Plus also add
cookie encryption (via setting blowfish seed) and disable anonymous
access.
- Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1) for webserver/
phpldapadmin. (v15.x TurnKey releases supported TLS 1.2, but could fallback
as low as TLSv1).
- Update webserver SSL/TLS cyphers to provide "Intermediate" browser/client
support (suitable for "General-purpose servers with a variety of clients,
recommended for almost all systems"). As provided by Mozilla via
https://ssl-config.mozilla.org/.
- Note: Please refer to turnkey-core's changelog for changes common to all
appliances. Here we only describe changes specific to this appliance.
Links
Changes:
- Include a sleep in the OpenLDAP inithook which resolves intermittant
initialisation issues, including a TLS/SSL issue. Closes #1176 & #1337.
[ Stefan Davis ]
Links
Pages