#149 Add #89 'OpenLDAP: Drop TCP wrappers support'
Merged 5 years ago by sclark. Opened 5 years ago by sclark.
fedora-docs/ sclark/release-notes iss89  into  f28

@@ -38,3 +38,11 @@ 

  == OpenLDAP defaults to use only Shared System Certificates

  

  OpenLDAP clients and server now use the https://fedoraproject.org/wiki/Features/SharedSystemCertificates[system-wide certificate store] by default, instead of `/etc/openldap/certs`.

+ 

+ 

+ == OpenLDAP drops TCP wrappers support

+ 

+ Fedora has https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers[deprecated the use of TCP wrappers].

+ The OpenLDAP project also https://www.openldap.org/doc/admin24/security.html#TCP%20Wrappers[discourages their use] and recommends that an IP firewall is used instead.

+ With this update, OpenLDAP will not be configured with `--enable-wrappers` and so any TCP wrappers configuration will have no effect on OpenLDAP.

+ Other means should be used to protect the OpenLDAP server.

This PR is the draft release note for Issue #89 'OpenLDAP: Drop TCP wrappers support'. @mhonek please would you review the text and let me know if anything needs to be added, changed or removed?

Given this is a release note I would change wording of After this change, OpenLDAP will not be ... to something like With this update, OpenLDAP is no longer ...

rebased onto 073d628

5 years ago

Thank you, @mhonek. I have made the change you suggested.

Pull-Request has been merged by sclark

5 years ago
Metadata