1.2.18 (October 2023)
- Allow multiple interfaces in ldproxy.env: INTERFACE="1.2.3.4 5.6.7.8"
- Upgraded OpenSSL to version 3.1.3.
- Fixed segfault in a specific login failure.
1.2.17 (July 2023)
- Upgraded libopenotp to version 1.0.28.
- Added a ‘renew’ launcher command to renew the SSL certificate and trust
bundle and reload the daemon.
> The renewal can be scheduled via a cron command.
1.2.16 (June 2023)
- Fixed a startup error when ca_cert is set in the config file.
- var_log_t selinux context added on logs.
- Upgraded OpenSSL to version 3.1.1.
1.2.15 (May 2022)
- API key support added.
- Upgraded OpenSSL to version 3.1.0.
- Upgraded libopenotp to version 1.0.27.
1.2.14 (March 2022)
- Upgraded OpenSSL to version 1.1.1t.
- Upgraded OpenLDAP to version 2.6.4.
- Updated libcrypt.so.1 dependency in rpm.
1.2.13 (December 2022)
- Upgraded libopenotp to version 1.0.26.
1.2.12 (December 2022)
- Upgraded OpenSSL to version 1.1.1s.
- Upgraded zlib to version 1.2.13.
1.2.11 (July 2022)
- Upgraded OpenSSL to version 1.1.1q.
- Upgraded OpenLDAP to version 2.6.3.
1.2.10 (September 2021)
- Upgraded OpenSSL to version 1.1.1l.
- Upgraded OpenLDAP to version 2.5.7.
- Upgraded libopenotp to version 1.0.24.
- Duplicate 'nolock' and 'nodelay' solved.
- 'ppolicy' overlay added.
- Domain\username format handled in bind DN for compatibility with Active Directory.
- OpenOTP login response message is forwarded through LDAPResult diagnosticMessage if it fails.
1.2.9 (March 30 2021)
- Upgraded OpenSSL to version 1.1.1k.
- Upgraded OpenLDAP to version 2.4.58.
1.2.8
- Upgraded OpenSSL to version 1.1.1i.
- Upgraded OpenLDAP to version 2.4.57.
1.2.7
- Upgraded OpenSSL to version 1.1.1g.
- Upgraded OpenLDAP to version 2.4.30.
- Added support for OpenOTP v1.5 and voice biometrics.
- UTF-8 verification added on password and username.
1.2.6
- 'nolock_dn' and 'nodelay_dn' incompatibility solved.
- Added Docker start mode with '/opt/ldproxy/bin/ldproxy start docker'.
1.2.5
- 'nodelay_dn' added in the configuration.
1.2.4
- Connections leak during high load fixed.
- Upgraded OpenSSL to version 1.1.1d.
1.2.3
- Fixed a crash occuring with more than 1024 simultaneous connections.
- Upgraded OpenLDAP to version 2.4.28.
Changelog: https://www.openldap.org/software/release/changes.html
- Cleaned the configuration file.
- Upgraded OpenSSL to version 1.1.1c (including security fixes).
Set 'TLSProtocolMin 3.0' setting in conf/ldproxy.conf if you need
support for older protocols (ie. SSLv3).
- Added support for SASL methods.
- Fixed a SOAP timeout issue in libopenotp.
- Fixed some file permissions.
- Fixed issues with multiple server URLs introduced in 1.2.3-2.
- Upgraded libopenotp to version 1.0.21 (stability).
1.2.2
- Logs improved, op number added.
- Certificate autorenew added.
- Multiple binds in the same connection handled with ldap backend (generated
an assert in previous version).
- Authentication with the UserPrincipalName handled (with an Active Directory
backend).
1.2.1
- Openldap updated to 2.4.47.
- Openssl updated to 1.0.2q.
- Threads number configuration added.
- Logs improvements, 'conn' value added to all logs.
- Packaging app changed for deb and rpm
- domain/client inversion in client conf corrected.
- rpm script typo correction with systemd file.
- LimitNOFILE=65536 added with systemd.
- Case sensitivity removed for ignored_dn, nolock_dn and denied_dn in ldproxy.conf.
- Chase-referrals option added per ldap backend.
- Restart on failure added with systemd.
1.2.0
- Manage multiple ldap backends, each ldap configuration should be in a section.
- Add wildcard matching support for ignored and denied dn's.
- 'default_domain' parameter is replaced by 'domain'.
- Better integration of ca cert for ldap backends.
- Set folders permissions for debian package.
- *.schema files in conf folder are automatically included.
- TLSCACertificateFile is added for the certificate chain.
- Change exit value to LSB Init Script Actions standard.
- Add 'security', 'idletimeout', 'conn_max_pending' and 'conn_max_pending_auth'
parameters in ldproxy.conf.
- Change file permissions in install scripts.
- Append instead of overwrite log file at startup.
- Update of libopenotp (timeout fixes).
- Change hidden slapd.ini configurations.
> Add ldap-tls and TLSCipherSuite parameters.
- Add ldap-bind user DN in the setup script.
- Add possibility to set ldap-bind per client configuration.
- Remove default values for client_id and domain if not set in conf.
- Fixed a typo and improved the setup script.
- Re-added bind_dn and bind_pw settings in the config file.
- Add ldap_uri1 configuration in the setup script.
- Use 8443 instead of 443 for cacert, nodelist and certificate generation.
- Fixed slapd.ini (it raised an assert at startup).
- Correcting client default values.
1.1.0
- This version requires OpenOTP server version >= 1.3.9.
- Removed conf/slapd.conf and conf/openotp.conf files.
> The OpenLDAP config is located in an ini file under the lib/ directory.
> conf/openotp.conf is renamed to conf/ldproxy.conf for any future version.
> The conf/ directory now only contains ldproxy.conf and certificate file.
- slapd.crt and slapd.key are replaced by ldproxy.crt and ldproxy.key.
- The default LDAP listener ports are now 10389 and 10636.
> Create a conf/ldproxy.env if you need to change the port numbers.
> For example in ldproxy.env set PORT_STD=369 and PORT_SSL=636.
- Openotp authentication done with DN instead of UID.
- Add log level (openldap loglevel) for the debug mode:
/opt/ldproxy/bin/ldproxy debug <loglevel>.
- Prevent ldproxy starting if the configuration is not correct.
- The number of clients, ignored_dn, denied_dn and nolock_dn are now unlimited.
- Openotp bind/pwd removed from slapd.conf.
- Ignored_dn is moved from slapd.conf to openotp.conf.
- Denied_usernames and nolock_usernames replaced by denied_dn and nolock_dn.
- Client name added in the config.
1.0.7
- Upgraded OpenSSL to version 1.0.2o (including security fixes).
- Upgraded OpenLDAP to version 2.4.46.
- Ignored DN can now be a container.
- Updated OpenSSL to version version 1.0.2n.
- New setup wizard with server URL auto-configuration and SSL certificate signed
by WebADM CA (Rsignd).
- denied_usernames, nolock_usernames and cached_usernames support wildcard matching.
- Fixed a memory leak in the libopenotp with SSL connections.
1.0.6
- Added the 'denied_usernames' configuration to the openotp.conf file to deny
some user IDs without sending any OpenOTP request.
- Upgraded OpenSSL to version 1.0.2l and OpenLDAP to version 2.4.45.
- Fixed mixed client IP address / remote IP address (requires WebADM 1.5.13).
- Fixed segfault with 389 directory.
1.0.5
- With two servers it is now possible to configure server_url1 & server_url2.
- Corrected some very small memory leaks.
- Upgraded OpenSSL and libOpenOTP libraries.
- Upgraded OpenLDAP to version 2.4.44.
- Added the 'nolock_usernames' option for service polling (like in RadiusBridge).
- Changed default schema configurations in slapd.conf.
> Please adjust slapd.conf with schema definitions from slapd.conf.default.
1.0.4
- Fixed LDProxy ignoring userPrincipalName, same issue as 1.0.3.
During an upgrade, do use the new schemas included in
slapd.conf.default.
- The timeout value for the SOAP messages is significantly
increased (10 to 30), as the new RCDevs libs guarantee that the
service we're contacting is probably live, and the new push login
can take time.
- LDProxy now no longer checks the certificate of the backend LDAP
service if served over SSL/TLS. Go to lib/ldap.ini to reverse that.
1.0.3
- Fixed LDProxy ignoring the sAMAccountName attributes of Active
Directory accounts.
1.0.2
- Fixed an issue where using https:// in openotp.conf and contacting
the backend LDAP server using SLL/TLS would crash the service
during startup.
1.0.0
- First official version.
- Allow multiple interfaces in ldproxy.env: INTERFACE="1.2.3.4 5.6.7.8"
- Upgraded OpenSSL to version 3.1.3.
- Fixed segfault in a specific login failure.
1.2.17 (July 2023)
- Upgraded libopenotp to version 1.0.28.
- Added a ‘renew’ launcher command to renew the SSL certificate and trust
bundle and reload the daemon.
> The renewal can be scheduled via a cron command.
1.2.16 (June 2023)
- Fixed a startup error when ca_cert is set in the config file.
- var_log_t selinux context added on logs.
- Upgraded OpenSSL to version 3.1.1.
1.2.15 (May 2022)
- API key support added.
- Upgraded OpenSSL to version 3.1.0.
- Upgraded libopenotp to version 1.0.27.
1.2.14 (March 2022)
- Upgraded OpenSSL to version 1.1.1t.
- Upgraded OpenLDAP to version 2.6.4.
- Updated libcrypt.so.1 dependency in rpm.
1.2.13 (December 2022)
- Upgraded libopenotp to version 1.0.26.
1.2.12 (December 2022)
- Upgraded OpenSSL to version 1.1.1s.
- Upgraded zlib to version 1.2.13.
1.2.11 (July 2022)
- Upgraded OpenSSL to version 1.1.1q.
- Upgraded OpenLDAP to version 2.6.3.
1.2.10 (September 2021)
- Upgraded OpenSSL to version 1.1.1l.
- Upgraded OpenLDAP to version 2.5.7.
- Upgraded libopenotp to version 1.0.24.
- Duplicate 'nolock' and 'nodelay' solved.
- 'ppolicy' overlay added.
- Domain\username format handled in bind DN for compatibility with Active Directory.
- OpenOTP login response message is forwarded through LDAPResult diagnosticMessage if it fails.
1.2.9 (March 30 2021)
- Upgraded OpenSSL to version 1.1.1k.
- Upgraded OpenLDAP to version 2.4.58.
1.2.8
- Upgraded OpenSSL to version 1.1.1i.
- Upgraded OpenLDAP to version 2.4.57.
1.2.7
- Upgraded OpenSSL to version 1.1.1g.
- Upgraded OpenLDAP to version 2.4.30.
- Added support for OpenOTP v1.5 and voice biometrics.
- UTF-8 verification added on password and username.
1.2.6
- 'nolock_dn' and 'nodelay_dn' incompatibility solved.
- Added Docker start mode with '/opt/ldproxy/bin/ldproxy start docker'.
1.2.5
- 'nodelay_dn' added in the configuration.
1.2.4
- Connections leak during high load fixed.
- Upgraded OpenSSL to version 1.1.1d.
1.2.3
- Fixed a crash occuring with more than 1024 simultaneous connections.
- Upgraded OpenLDAP to version 2.4.28.
Changelog: https://www.openldap.org/software/release/changes.html
- Cleaned the configuration file.
- Upgraded OpenSSL to version 1.1.1c (including security fixes).
Set 'TLSProtocolMin 3.0' setting in conf/ldproxy.conf if you need
support for older protocols (ie. SSLv3).
- Added support for SASL methods.
- Fixed a SOAP timeout issue in libopenotp.
- Fixed some file permissions.
- Fixed issues with multiple server URLs introduced in 1.2.3-2.
- Upgraded libopenotp to version 1.0.21 (stability).
1.2.2
- Logs improved, op number added.
- Certificate autorenew added.
- Multiple binds in the same connection handled with ldap backend (generated
an assert in previous version).
- Authentication with the UserPrincipalName handled (with an Active Directory
backend).
1.2.1
- Openldap updated to 2.4.47.
- Openssl updated to 1.0.2q.
- Threads number configuration added.
- Logs improvements, 'conn' value added to all logs.
- Packaging app changed for deb and rpm
- domain/client inversion in client conf corrected.
- rpm script typo correction with systemd file.
- LimitNOFILE=65536 added with systemd.
- Case sensitivity removed for ignored_dn, nolock_dn and denied_dn in ldproxy.conf.
- Chase-referrals option added per ldap backend.
- Restart on failure added with systemd.
1.2.0
- Manage multiple ldap backends, each ldap configuration should be in a section.
- Add wildcard matching support for ignored and denied dn's.
- 'default_domain' parameter is replaced by 'domain'.
- Better integration of ca cert for ldap backends.
- Set folders permissions for debian package.
- *.schema files in conf folder are automatically included.
- TLSCACertificateFile is added for the certificate chain.
- Change exit value to LSB Init Script Actions standard.
- Add 'security', 'idletimeout', 'conn_max_pending' and 'conn_max_pending_auth'
parameters in ldproxy.conf.
- Change file permissions in install scripts.
- Append instead of overwrite log file at startup.
- Update of libopenotp (timeout fixes).
- Change hidden slapd.ini configurations.
> Add ldap-tls and TLSCipherSuite parameters.
- Add ldap-bind user DN in the setup script.
- Add possibility to set ldap-bind per client configuration.
- Remove default values for client_id and domain if not set in conf.
- Fixed a typo and improved the setup script.
- Re-added bind_dn and bind_pw settings in the config file.
- Add ldap_uri1 configuration in the setup script.
- Use 8443 instead of 443 for cacert, nodelist and certificate generation.
- Fixed slapd.ini (it raised an assert at startup).
- Correcting client default values.
1.1.0
- This version requires OpenOTP server version >= 1.3.9.
- Removed conf/slapd.conf and conf/openotp.conf files.
> The OpenLDAP config is located in an ini file under the lib/ directory.
> conf/openotp.conf is renamed to conf/ldproxy.conf for any future version.
> The conf/ directory now only contains ldproxy.conf and certificate file.
- slapd.crt and slapd.key are replaced by ldproxy.crt and ldproxy.key.
- The default LDAP listener ports are now 10389 and 10636.
> Create a conf/ldproxy.env if you need to change the port numbers.
> For example in ldproxy.env set PORT_STD=369 and PORT_SSL=636.
- Openotp authentication done with DN instead of UID.
- Add log level (openldap loglevel) for the debug mode:
/opt/ldproxy/bin/ldproxy debug <loglevel>.
- Prevent ldproxy starting if the configuration is not correct.
- The number of clients, ignored_dn, denied_dn and nolock_dn are now unlimited.
- Openotp bind/pwd removed from slapd.conf.
- Ignored_dn is moved from slapd.conf to openotp.conf.
- Denied_usernames and nolock_usernames replaced by denied_dn and nolock_dn.
- Client name added in the config.
1.0.7
- Upgraded OpenSSL to version 1.0.2o (including security fixes).
- Upgraded OpenLDAP to version 2.4.46.
- Ignored DN can now be a container.
- Updated OpenSSL to version version 1.0.2n.
- New setup wizard with server URL auto-configuration and SSL certificate signed
by WebADM CA (Rsignd).
- denied_usernames, nolock_usernames and cached_usernames support wildcard matching.
- Fixed a memory leak in the libopenotp with SSL connections.
1.0.6
- Added the 'denied_usernames' configuration to the openotp.conf file to deny
some user IDs without sending any OpenOTP request.
- Upgraded OpenSSL to version 1.0.2l and OpenLDAP to version 2.4.45.
- Fixed mixed client IP address / remote IP address (requires WebADM 1.5.13).
- Fixed segfault with 389 directory.
1.0.5
- With two servers it is now possible to configure server_url1 & server_url2.
- Corrected some very small memory leaks.
- Upgraded OpenSSL and libOpenOTP libraries.
- Upgraded OpenLDAP to version 2.4.44.
- Added the 'nolock_usernames' option for service polling (like in RadiusBridge).
- Changed default schema configurations in slapd.conf.
> Please adjust slapd.conf with schema definitions from slapd.conf.default.
1.0.4
- Fixed LDProxy ignoring userPrincipalName, same issue as 1.0.3.
During an upgrade, do use the new schemas included in
slapd.conf.default.
- The timeout value for the SOAP messages is significantly
increased (10 to 30), as the new RCDevs libs guarantee that the
service we're contacting is probably live, and the new push login
can take time.
- LDProxy now no longer checks the certificate of the backend LDAP
service if served over SSL/TLS. Go to lib/ldap.ini to reverse that.
1.0.3
- Fixed LDProxy ignoring the sAMAccountName attributes of Active
Directory accounts.
1.0.2
- Fixed an issue where using https:// in openotp.conf and contacting
the backend LDAP server using SLL/TLS would crash the service
during startup.
1.0.0
- First official version.
