No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 7: | Line 7: | ||
* Name: [[User:mhonek|Matus Honek]] | * Name: [[User:mhonek|Matus Honek]] | ||
* Email: mhonek@redhat.com | * Email: mhonek@redhat.com | ||
* Release notes | * Release notes ticket: [https://pagure.io/fedora-docs/release-notes/issue/89 #89] | ||
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | ||
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address> | * FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address> | ||
| Line 23: | Line 23: | ||
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | ||
--> | --> | ||
* Tracker bug: | * Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1531487 #1531487] | ||
== Detailed Description == | == Detailed Description == | ||
Latest revision as of 14:50, 2 March 2018
OpenLDAP: Drop TCP wrappers support
Summary
As per [1], TCP wrappers are being deprecated in Fedora. Also, as per [2], upstream discourages its usage in favour of other means of protection (e.g. firewall). After this change OpenLDAP will no longer be affected by TCP wrappers configuration.
Owner
- Name: Matus Honek
- Email: mhonek@redhat.com
- Release notes ticket: #89
Current status
Detailed Description
After this change, OpenLDAP will not be configured with --enable-wrappers resulting in potential TCP wrappers configuration having no effect on OpenLDAP (i.e. slapd binary executable). Please, use other means of protection for the OpenLDAP server.
Benefit to Fedora
This change is due to the deprecation of TCP wrappers, details may be found in [3]
Scope
- Proposal owners: Remove dependency of OpenLDAP on TCP wrappers. See [4].
- Other developers: None
- Release engineering: Part of #7029
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
Users should use other means of protection. TCP wrappers protection ceases to work.
How To Test
Running the following should not return anything:
ldd /usr/sbin/slapd | grep libwrap
User Experience
Users are encouraged to check their security configuration.
Dependencies
N/A
Contingency Plan
- Contingency mechanism: Reverting the change
- Contingency deadline: Beta freeze?
- Blocks release? No
Documentation
N/A
Release Notes
Fedora 28 removes support for tcp_wrappers. Therefore, OpenLDAP no longer supports them. Please, use other means of protection.