Viewer

  LDAP Bridge Changelog

File: Changelog_ldproxy.txt
Size: 7 KBytes
MD5: A40BEE4A9D2944FB6C918540CD2ECCCF

1.2.6
     - 'nolock_dn' and 'nodelay_dn' incompatibility solved.
     - Added Docker start mode with '/opt/ldproxy/bin/ldproxy start docker'.

1.2.5
     - 'nodelay_dn' added in the configuration.

1.2.4
     - Connections leak during high load fixed.
     - Upgraded OpenSSL to version 1.1.1d.

1.2.3
     - Fixed a crash occuring with more than 1024 simultaneous connections.
     - Upgraded OpenLDAP to version 2.4.28.
       Changelog: https://www.openldap.org/software/release/changes.html
     - Cleaned the configuration file.
     - Upgraded OpenSSL to version 1.1.1c (including security fixes).
       Set 'TLSProtocolMin 3.0' setting in conf/ldproxy.conf if you need
       support for older protocols (ie. SSLv3).
     - Added support for SASL methods.
     - Fixed a SOAP timeout issue in libopenotp.
     - Fixed some file permissions.
     - Fixed issues with multiple server URLs introduced in 1.2.3-2.
     - Upgraded libopenotp to version 1.0.21 (stability).
     
1.2.2
     - Logs improved, op number added.
     - Certificate autorenew added.
     - Multiple binds in the same connection handled with ldap backend (generated
       an assert in previous version).
     - Authentication with the UserPrincipalName handled (with an Active Directory
       backend).

1.2.1
     - Openldap updated to 2.4.47.
     - Openssl updated to 1.0.2q.
     - Threads number configuration added.
     - Logs improvements, 'conn' value added to all logs.
     - Packaging app changed for deb and rpm
     - domain/client inversion in client conf corrected.
     - rpm script typo correction with systemd file.
     - LimitNOFILE=65536 added with systemd.
     - Case sensitivity removed for ignored_dn, nolock_dn and denied_dn in ldproxy.conf.
     - Chase-referrals option added per ldap backend.
     - Restart on failure added with systemd.

1.2.0
     - Manage multiple ldap backends, each ldap configuration should be in a section.
     - Add wildcard matching support for ignored and denied dn's.
     - 'default_domain' parameter is replaced by 'domain'.
     - Better integration of ca cert for ldap backends.
     - Set folders permissions for debian package.
     - *.schema files in conf folder are automatically included.
     - TLSCACertificateFile is added for the certificate chain.
     - Change exit value to LSB Init Script Actions standard.
     - Add 'security', 'idletimeout', 'conn_max_pending' and 'conn_max_pending_auth'
       parameters in ldproxy.conf.
     - Change file permissions in install scripts.
     - Append instead of overwrite log file at startup.
     - Update of libopenotp (timeout fixes).
     - Change hidden splad.ini configurations.
       > Add ldap-tls and TLSCipherSuite parameters.
     - Add ldap-bind user DN in the setup script.
     - Add possibility to set ldap-bind per client configuration.
     - Remove default values for client_id and domaine if not set in conf.
     - Fixed a typo and improved the setup script.
     - Re-added bind_dn and bind_pw settings in the config file.
     - Add ldap_uri1 configuration in the setup script.
     - Use 8443 instead of 443 for cacert, nodelist and certificate generation.
     - Fixed slapd.ini (it raised an assert at startup).
     - Correcting client default values.

1.1.0
     - This version requires OpenOTP server version >= 1.3.9.
     - Removed conf/slapd.conf and conf/openotp.conf files.
       > The OpenLDAP config is located in an ini file under the lib/ directory.
       > conf/openotp.conf is renamed to conf/ldproxy.conf for any future version.
       > The conf/ directory now only contains ldproxy.conf and certificate file.
     - slapd.crt and slapd.key are replaced by ldproxy.crt and ldproxy.key.
     - The default LDAP listener ports are now 10389 and 10636.
       > Create a conf/ldproxy.env if you need to change the port numbers.
       > For example in ldproxy.env set PORT_STD=369 and PORT_SSL=636.
     - Openotp authentication done with DN instead of UID.
     - Add log level (openldap loglevel) for the debug mode:
       /opt/ldproxy/bin/ldproxy debug <loglevel>.
     - Prevent ldproxy starting if the configuration is not correct.
     - The number of clients, ignored_dn, denied_dn and nolock_dn are now unlimited.
     - Openotp bind/pwd removed from slapd.conf.
     - Ignored_dn is moved from slapd.conf to openotp.conf.
     - Denied_usernames and nolock_usernames replaced by denied_dn and nolock_dn.
     - Client name added in the config.

1.0.7
     - Upgraded OpenSSL to version 1.0.2o (including security fixes).
     - Upgraded OpenLDAP to version 2.4.46.
     - Ignored DN can now be a container.
     - Updated OpenSSL to version version 1.0.2n.
     - New setup wizard with server URL auto-configuration and SSL certificate signed
       by WebADM CA (Rsignd).
     - denied_usernames, nolock_usernames and cached_usernames support wildcard matching.
     - Fixed a memory leak in the libopenotp with SSL connections.

1.0.6
     - Added the 'denied_usernames' configuration to the openotp.conf file to deny
       some user IDs wihout sending any OpenOTP request.
     - Upgraded OpenSSL to version 1.0.2l and OpenLDAP to version 2.4.45.
     - Fixed mixed client IP address / remote IP address (requires WebADM 1.5.13).
     - Fixed segfault with 389 directory.

1.0.5
     - With two servers it is now possible to configure server_url1 & server_url2.
     - Corrected some very small memory leaks.
     - Upgraded OpenSSL and libOpenOTP libraries.
     - Upgraded OpenLDAP to version 2.4.44.
     - Added the 'nolock_usernames' option for service polling (like in RadiusBridge).
     - Changed default schema configurations in slapd.conf.
       > Please adjust slapd.conf with schema definitions from slapd.conf.default.

1.0.4
     - Fixed LDProxy ignoring userPrincipalName, same issue as 1.0.3.
       During an upgrade, do use the new schemas included in
       slapd.conf.default.
     - The timeout value for the SOAP messages is significantly
       increased (10 to 30), as the new RCDevs libs garantee that the
       service we're contacting is probably live, and the new push login
       can take time.
     - LDProxy now no longer checks the certificate of the backend LDAP
       service if served over SSL/TLS. Go to lib/ldap.ini to reverse that.

1.0.3
     - Fixed LDProxy ignoring the sAMAccountName attributes of Active
       Directory accounts.

1.0.2
     - Fixed an issue where using https:// in openotp.conf and contacting
       the backend LDAP server using SLL/TLS would crash the service
       during startup.

1.0.0
     - First official version.