turnkey-openldap-18.1 (1) turnkey; urgency=low * v18.1 rebuild - includes latest Debian & TurnKey packages. * Install missing libldap-common package. Fixes SSL/TLS connections. Closes #1939 (see related Webmin fix below). * Configuration console (confconsole) - v2.1.6: - Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895. Fixed in v2.1.5 - already included in some appliances. - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962. - General dehydrated-wrapper code cleanup - now passes shellcheck. * Web management console (webmin): - Updated default OpenLDAP module ldap.conf path - part of #1939. - Replace webmin-shell with webmin-xterm module by default - closes #1904. * Reduce log noise by creating ntpsec log dir - closes #1952. * Includes new 'tkl-upgrade-php' helper script - to allow easy update/change of PHP version - closes #1892. [Marcos Méndez @ POPSOLUTIONS ] -- Jeremy Davis Fri, 05 Jul 2024 10:54:12 +0000 turnkey-openldap-18.0 (1) turnkey; urgency=low * Debian default OpenLDAP (slapd) updated to v2.5.13. * phpLDAPadmin (web UI for administering LDAP servers) now installed from Debian repos (was previously manually installed from upstream source). * Ensure hashfile includes URL to public key - closes #1864. * Include webmin-logviewer module by default - closes #1866. * Upgraded base distribution to Debian 12.x/Bookworm. * Configuration console (confconsole): - Support for DNS-01 Let's Encrypt challenges. [ Oleh Dmytrychenko github: @NitrogenUA ] - Support for getting Let's Encrypt cert via IPv6 - closes #1785. - Refactor network interface code to ensure that it works as expected and supports more possible network config (e.g. hotplug interfaces & wifi). - Show error message rather than stacktrace when window resized to incompatable resolution - closes #1609. [ Stefan Davis ] - Bugfix exception when quitting configuration of mail relay. [ Oleh Dmytrychenko github: @NitrogenUA ] - Improve code quality: implement typing, fstrings and make (mostly) PEP8 compliant. [Stefan Davis & Jeremy Davis * Firstboot Initialization (inithooks): - Refactor start up (now hooks into getty process, rather than having it's own service). [ Stefan Davis ] - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname is included in dhcp info when set via inithooks. - Package turnkey-make-ssl-cert script (from common overlay - now packaged as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl. - Refactor run script - use bashisms and general tidying. - Show blacklisted password characters more nicely. - Misc packaging changes/improvements. - Support returning output from MySQL - i.e. support 'SELECT'. (Only applies to apps that include MySQL/MariaDB). * Web management console (webmin): - Upgraded webmin to v2.105. - Removed stunnel reverse proxy (Webmin hosted directly now). - Ensure that Webmin uses HTTPS with default cert (/etc/ssl/private/cert.pem). - Disabled Webmin Let's Encrypt (for now). * Web shell (shellinabox): - Completely removed in v18.0 (Webmin now has a proper interactive shell). * Backup (tklbam): - Ported dependencies to Debian Bookworm; otherwise unchanged. * Security hardening & improvements: - Generate and use new TurnKey Bookworm keys. - Automate (and require) default pinning for packages from Debian backports. Also support non-free backports. * IPv6 support: - Adminer (only on LAMP based apps) listen on IPv6. - Nginx/NodeJS (NodeJS based apps only) listen on IPv6. * Misc bugfixes & feature implementations: - Remove rsyslog package (systemd journal now all that's needed). - Include zstd compression support. - Enable new non-free-firmware apt repo by default. - Improve turnkey-artisan so that it works reliably in cron jobs (only Laravel based LAMP apps). * Debian default PHP updated to v8.2. * DEV: Add support for setting max_execution_time & max_input_vars in php.ini via appliance Makefile (PHP_MAX_EXECUTION_TIME & PHP_MAX_INPUT_VARS). -- Jeremy Davis Tue, 19 Dec 2023 04:44:25 +0000 turnkey-openldap-17.1 (1) turnkey; urgency=low * Updated all Debian packages to latest. [ autopatched by buildtasks ] * Patched bugfix release. Closes #1734. [ autopatched by buildtasks ] -- Jeremy Davis Tue, 14 Feb 2023 06:07:02 +0000 turnkey-openldap-17.0 (1) turnkey; urgency=low * Install new lighttpd-mod-openssl package and tweak Lighty config to enable it. (LigHTTPd now supports both GNUTLS and OpenSSL, so the appropriate package now needs to be separately installed and explictly enabled). * Update addresess samba schema archives changing to plain text files. [ Mattie Darden ] * Addresses LigHTTPd config error due to changes made in common directory. [ Mattie Darden ] * Refactor python inithooks overlay to be comopatible with v17.x [ Mattie Darden ] * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Fri, 30 Dec 2022 02:19:31 +0000 turnkey-openldap-16.1 (1) turnkey; urgency=low * Support running OpenLDAP appliance running as ununprivileged on LXC - closes #1535. * Use MDB backend. Previously we were using deprecated HDB backend. * Install latest upstream release of phpLDAPadmin from GitHub - v1.2.6.2. We were previously installing from 'master', but that is now tracking v2 development (no v2.x release yet). * Include Webmin LDAP module by default. Closes #864. * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Tue, 23 Feb 2021 16:02:38 +1100 turnkey-openldap-16.0 (1) turnkey; urgency=low * Updated all relevant Debian packages to Buster/10 versions; including OpenLDAP (slapd) to 2.4.47 & PHP 7.3 (for phpldapadmin). * Update phpldapadmin to latest upstream version - 1.2.5. Plus also add cookie encryption (via setting blowfish seed) and disable anonymous access. * Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1) for webserver/ phpldapadmin. (v15.x TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1). * Update webserver SSL/TLS cyphers to provide "Intermediate" browser/client support (suitable for "General-purpose servers with a variety of clients, recommended for almost all systems"). As provided by Mozilla via https://ssl-config.mozilla.org/. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Thu, 02 Jul 2020 15:54:14 +1000 turnkey-openldap-15.1 (1) turnkey; urgency=low * Include a sleep in the OpenLDAP inithook which resolves intermittant initialisation issues, including a TLS/SSL issue. Closes #1176 & #1337. [ Stefan Davis ] -- Jeremy Davis Mon, 24 Jun 2019 15:22:34 +1000 turnkey-openldap-15.0 (1) turnkey; urgency=low * Includes PHP7.0 (installed from Debian repos) * Updated PHP default settings * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Vlad Kuzmenko Fri, 29 Jun 2018 01:39:42 +0200 turnkey-openldap-14.2 (1) turnkey; urgency=low * Installed security updates * Added nsspam account with access to authenticate and change users in order to support using LDAP as authentication from NSS/PAM - Changes come from https://github.com/jstruebel/openldap-nsspam.git * Changed the default group populated in the database to support using it as the auth backend for NSS/PAM from other TKL appliances - Changes come from https://github.com/jstruebel/openldap-nsspam.git * Added custom templates to phpLDAPAdmin to support user/group management for the NSS/PAM changes above - Changes come from https://github.com/jstruebel/openldap-pla.git * Added Samba schema to ldap database and corresponding custom templates to phpLDAPAdmin - Changes come from https://github.com/jstruebel/openldap-samba.git * Added OpenSSH public key schema to ldap database - Changes come from https://github.com/jstruebel/openldap-sshlpk.git * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance.i -- Jonathan Struebel Tue, 02 May 2017 14:37:40 -0700 turnkey-openldap-14.1 (1) turnkey; urgency=low * Fix LigHTTPd bug in 15regen-sllcert (#512). * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Thu, 18 Feb 2016 15:19:03 +1100 turnkey-openldap-14.0 (1) turnkey; urgency=low * Latest Debian Jessie package version of OpenLDAP. * Lastest phpldap installed from upstream git * Other maintence work performed by Jonathan Struebel https://github.com/jstruebel * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance.i -- Jeremy Davis Fri, 14 Aug 2015 19:59:21 +1000 turnkey-openldap-13.0 (1) turnkey; urgency=low * Latest Debian Wheezy package version of OpenLDAP. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Thu, 10 Oct 2013 18:38:30 +0300 turnkey-openldap-12.1 (1) turnkey; urgency=low * Upgraded to latest version of phpLDAPadmin. * Upstream source component versions: phpldapadmin 1.2.3 * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Fri, 05 Apr 2013 08:00:00 +0200 turnkey-openldap-12.0 (1) turnkey; urgency=low * Initial public release of TurnKey OpenLDAP, based on TKLPatch submitted by Adrian Moya. * Set LDAP domain and admin password on firstboot (convenience, security). * Regenerates all secrets during installation / firstboot (security). * TLS support for ldaps out of the box (security). * Includes phpLDAPadmin for web based LDAP administration, with SSL support out of the box (convenience, security). * Includes Users/Groups OU and default PosixGroup (convenience). * Major component versions slapd 2.4.23-7.2 ldap-utils 2.4.23-7.2 gnutls-bin 2.8.6-1+squeeze2 lighttpd 1.4.28-2+squeeze1 php5-ldap 5.3.3-7+squeeze13 phpldapadmin 1.2.2 (upstream archive) * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Wed, 01 Aug 2012 08:00:00 +0200