I published in nethserver-testing an update to nethserver-directory that simplifies the slapd ACL configuration. I really need your help to test it properly: nethserver-directory-3.1.0-1.16.gc493c8d.ns7.noarch.rpm.
The previous nethserver-directory-3.1.0 update fixed an error in the configuration that potentially allowed clear-text password disclosure. Now I want to simplify ACLs for the 7 branch to ease troubleshooting and any kind of future adjustments (until v7 eol, 2024-06-30).
The ACLs update is automatic.
Also the testing package fixes the slapd SSL ciphers to upstream default, but a daemon restart is required to take it into effect.
check ldap clients still connect (!) i.e. roundcube addressbook, sogo, ssh user login, external webapps…
If something goes wrong, restore the configuration backup. I tested it thoroughly on my VM, with an automated test suite. It is bundled in the RPM as documentation. You can find it with:
rpm -qd nethserver-directory
To run the tests:
yum install bats
cd /usr/share/doc/nethserver-directory-3.1.0/bats
bats *.bats
I found no access or authentication issue after installing nethserver-directory-3.1.0-1.16.gc493c8d.ns7.noarch.rpm and restarting slapd.service. I did this in a central openLDAP authentication server running NS 7rc2. Authentication from ejabberd, nextcloud, sogo, ssh and external webapps (trac and cacti) is working as expected. Address book access is also working as expected (both from sogo and thunderbird).
I also run your automated tests (after installing the package and restarting the slapd.service). The output is as follows:
