From Fedora Project Wiki
m
(https://pagure.io/fesco/issue/1767#comment-483346)
Line 67: Line 67:
 
Fedora 28 removes support for tcp_wrappers. Therefore, OpenLDAP no longer supports them. Please, use other means of protection.
 
Fedora 28 removes support for tcp_wrappers. Therefore, OpenLDAP no longer supports them. Please, use other means of protection.
  
[[Category:ChangeAnnounced]]
+
[[Category:ChangeReadyForFesco]]
 
<!-- When your change proposal page is completed and ready for review and announcement -->
 
<!-- When your change proposal page is completed and ready for review and announcement -->
 
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
 
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Revision as of 08:16, 7 December 2017

OpenLDAP: Drop TCP wrappers support

Summary

As per [1], TCP wrappers are being deprecated in Fedora. Also, as per [2], upstream discourages its usage in favour of other means of protection (e.g. firewall). After this change OpenLDAP will no longer be affected by TCP wrappers configuration.

Owner

  • Name: Matus Honek
  • Email: mhonek@redhat.com
  • Release notes owner:

Current status

  • Targeted release: Fedora 28
  • Last updated: 2017-12-07
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

After this change, OpenLDAP will not be configured with --enable-wrappers resulting in potential TCP wrappers configuration having no effect on OpenLDAP (i.e. slapd binary executable). Please, use other means of protection for the OpenLDAP server.

Benefit to Fedora

This change is due to the deprecation of TCP wrappers, details may be found in [3]

Scope

  • Proposal owners: Remove dependency of OpenLDAP on TCP wrappers. See [4].
  • Other developers: None
  • Policies and guidelines: N/A
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

Users should use other means of protection. TCP wrappers protection ceases to work.

How To Test

Running the following should not return anything:

ldd /usr/sbin/slapd  | grep libwrap

User Experience

Users are encouraged to check their security configuration.

Dependencies

N/A

Contingency Plan

  • Contingency mechanism: Reverting the change
  • Contingency deadline: Beta freeze?
  • Blocks release? No

Documentation

N/A

Release Notes

Fedora 28 removes support for tcp_wrappers. Therefore, OpenLDAP no longer supports them. Please, use other means of protection.