I published in nethserver-testing an update to nethserver-directory that simplifies the slapd ACL configuration. I really need your help to test it properly: nethserver-directory-3.1.0-1.16.gc493c8d.ns7.noarch.rpm.
/cc @stef @transocean @areguera @quality_team
The previous nethserver-directory-3.1.0 update fixed an error in the configuration that potentially allowed clear-text password disclosure. Now I want to simplify ACLs for the 7 branch to ease troubleshooting and any kind of future adjustments (until v7 eol, 2024-06-30).
The ACLs update is automatic.
Also the testing package fixes the slapd SSL ciphers to upstream default, but a daemon restart is required to take it into effect.
I suggest this procedure to test the package:
- create a configuration backup
yum --enablerepo=nethserver-testing update nethserver-directorysystemctl restart slapd- check ldap clients still connect (!) i.e. roundcube addressbook, sogo, ssh user login, external webapps…
If something goes wrong, restore the configuration backup. I tested it thoroughly on my VM, with an automated test suite. It is bundled in the RPM as documentation. You can find it with:
rpm -qd nethserver-directory
To run the tests:
yum install bats
cd /usr/share/doc/nethserver-directory-3.1.0/bats
bats *.bats
Now I need your help to validate it on your side!