| |
@@ -38,3 +38,11 @@
|
| |
== OpenLDAP defaults to use only Shared System Certificates
|
| |
|
| |
OpenLDAP clients and server now use the https://fedoraproject.org/wiki/Features/SharedSystemCertificates[system-wide certificate store] by default, instead of `/etc/openldap/certs`.
|
| |
+
|
| |
+
|
| |
+ == OpenLDAP drops TCP wrappers support
|
| |
+
|
| |
+ Fedora has https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers[deprecated the use of TCP wrappers].
|
| |
+ The OpenLDAP project also https://www.openldap.org/doc/admin24/security.html#TCP%20Wrappers[discourages their use] and recommends that an IP firewall is used instead.
|
| |
+ With this update, OpenLDAP will not be configured with `--enable-wrappers` and so any TCP wrappers configuration will have no effect on OpenLDAP.
|
| |
+ Other means should be used to protect the OpenLDAP server.
|
| |
This PR is the draft release note for Issue #89 'OpenLDAP: Drop TCP wrappers support'. @mhonek please would you review the text and let me know if anything needs to be added, changed or removed?