turnkey-openldap-18.1 (1) turnkey; urgency=low

  * v18.1 rebuild - includes latest Debian & TurnKey packages.

  * Install missing libldap-common package. Fixes SSL/TLS connections.
    Closes #1939 (see related Webmin fix below).

  * Configuration console (confconsole) - v2.1.6:
    - Bugfix broken DNS-01 Let's Encrypt challenge - closes #1876 & #1895.
      Fixed in v2.1.5 - already included in some appliances.
    - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962.
    - General dehydrated-wrapper code cleanup - now passes shellcheck.

  * Web management console (webmin):
    - Updated default OpenLDAP module ldap.conf path - part of #1939.
    - Replace webmin-shell with webmin-xterm module by default - closes #1904.

  * Reduce log noise by creating ntpsec log dir - closes #1952.

  * Includes new 'tkl-upgrade-php' helper script - to allow easy update/change
    of PHP version - closes #1892.
    [Marcos Méndez @ POPSOLUTIONS <https://github.com/marcos-mendez>]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 05 Jul 2024 10:54:12 +0000

turnkey-openldap-18.0 (1) turnkey; urgency=low

  * Debian default OpenLDAP (slapd) updated to v2.5.13.

  * phpLDAPadmin (web UI for administering LDAP servers) now installed from
    Debian repos (was previously manually installed from upstream source).

  * Ensure hashfile includes URL to public key - closes #1864.

  * Include webmin-logviewer module by default - closes #1866.

  * Upgraded base distribution to Debian 12.x/Bookworm.

  * Configuration console (confconsole):
    - Support for DNS-01 Let's Encrypt challenges.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    - Refactor network interface code to ensure that it works as expected and
      supports more possible network config (e.g. hotplug interfaces & wifi).
    - Show error message rather than stacktrace when window resized to
      incompatable resolution - closes  #1609.
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Bugfix exception when quitting configuration of mail relay.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Improve code quality: implement typing, fstrings and make (mostly) PEP8
      compliant.
      [Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis

  * Firstboot Initialization (inithooks):
    - Refactor start up (now hooks into getty process, rather than having it's
      own service).
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
      is included in dhcp info when set via inithooks.
    - Package turnkey-make-ssl-cert script (from common overlay - now packaged
      as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    - Refactor run script - use bashisms and general tidying.
    - Show blacklisted password characters more nicely.
    - Misc packaging changes/improvements.
    - Support returning output from MySQL - i.e. support 'SELECT'. (Only
      applies to apps that include MySQL/MariaDB).

  * Web management console (webmin):
    - Upgraded webmin to v2.105.
    - Removed stunnel reverse proxy (Webmin hosted directly now).
    - Ensure that Webmin uses HTTPS with default cert
      (/etc/ssl/private/cert.pem).
    - Disabled Webmin Let's Encrypt (for now).

  * Web shell (shellinabox):
    - Completely removed in v18.0 (Webmin now has a proper interactive shell).

  * Backup (tklbam):
    - Ported dependencies to Debian Bookworm; otherwise unchanged.

  * Security hardening & improvements:
    - Generate and use new TurnKey Bookworm keys.
    - Automate (and require) default pinning for packages from Debian
      backports. Also support non-free backports.

  * IPv6 support:
    - Adminer (only on LAMP based apps) listen on IPv6.
    - Nginx/NodeJS (NodeJS based apps only) listen on IPv6.

  * Misc bugfixes & feature implementations:
    - Remove rsyslog package (systemd journal now all that's needed).
    - Include zstd compression support.
    - Enable new non-free-firmware apt repo by default.
    - Improve turnkey-artisan so that it works reliably in cron jobs (only
      Laravel based LAMP apps).

  * Debian default PHP updated to v8.2.

  * DEV: Add support for setting max_execution_time & max_input_vars in
    php.ini via appliance Makefile (PHP_MAX_EXECUTION_TIME &
    PHP_MAX_INPUT_VARS).

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 19 Dec 2023 04:44:25 +0000

turnkey-openldap-17.1 (1) turnkey; urgency=low

  * Updated all Debian packages to latest.
    [ autopatched by buildtasks ]

  * Patched bugfix release. Closes #1734.
    [ autopatched by buildtasks ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 14 Feb 2023 06:07:02 +0000

turnkey-openldap-17.0 (1) turnkey; urgency=low

  * Install new lighttpd-mod-openssl package and tweak Lighty config to enable
    it. (LigHTTPd now supports both GNUTLS and OpenSSL, so the appropriate
    package now needs to be separately installed and explictly enabled).

  * Update addresess samba schema archives changing to plain text files.
    [ Mattie Darden <mattie@turnkeylinux.org> ]

  * Addresses LigHTTPd config error due to changes made in common directory.
    [ Mattie Darden <mattie@turnkeylinux.org> ]

  * Refactor python inithooks overlay to be comopatible with v17.x
    [ Mattie Darden <mattie@turnkeylinux.org> ]

  * Note: Please refer to turnkey-core's 17.0 changelog for changes common to
    all appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 30 Dec 2022 02:19:31 +0000

turnkey-openldap-16.1 (1) turnkey; urgency=low

  * Support running OpenLDAP appliance running as ununprivileged on LXC -
    closes #1535.

  * Use MDB backend. Previously we were using deprecated HDB backend.

  * Install latest upstream release of phpLDAPadmin from GitHub - v1.2.6.2. We
    were previously installing from 'master', but that is now tracking v2
    development (no v2.x release yet).

  * Include Webmin LDAP module by default. Closes #864.

  * Note: Please refer to turnkey-core's 16.1 changelog for changes common to
    all appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 23 Feb 2021 16:02:38 +1100

turnkey-openldap-16.0 (1) turnkey; urgency=low

  * Updated all relevant Debian packages to Buster/10 versions; including
    OpenLDAP (slapd) to 2.4.47 & PHP 7.3 (for phpldapadmin).

  * Update phpldapadmin to latest upstream version - 1.2.5. Plus also add
    cookie encryption (via setting blowfish seed) and disable anonymous
    access.

  * Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1) for webserver/
    phpldapadmin. (v15.x TurnKey releases supported TLS 1.2, but could fallback
    as low as TLSv1).

  * Update webserver SSL/TLS cyphers to provide "Intermediate" browser/client
    support (suitable for "General-purpose servers with a variety of clients,
    recommended for almost all systems"). As provided by Mozilla via
    https://ssl-config.mozilla.org/.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 02 Jul 2020 15:54:14 +1000

turnkey-openldap-15.1 (1) turnkey; urgency=low

  * Include a sleep in the OpenLDAP inithook which resolves intermittant
    initialisation issues, including a TLS/SSL issue. Closes #1176 & #1337.
    [ Stefan Davis ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Mon, 24 Jun 2019 15:22:34 +1000

turnkey-openldap-15.0 (1) turnkey; urgency=low

  * Includes PHP7.0 (installed from Debian repos)

  * Updated PHP default settings

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Vlad Kuzmenko <vlad@turnkeylinux.org>  Fri, 29 Jun 2018 01:39:42 +0200

turnkey-openldap-14.2 (1) turnkey; urgency=low

  * Installed security updates

  * Added nsspam account with access to authenticate and change users in order
    to support using LDAP as authentication from NSS/PAM

    - Changes come from https://github.com/jstruebel/openldap-nsspam.git

  * Changed the default group populated in the database to support using it
    as the auth backend for NSS/PAM from other TKL appliances

    - Changes come from https://github.com/jstruebel/openldap-nsspam.git

  * Added custom templates to phpLDAPAdmin to support user/group management
    for the NSS/PAM changes above

    - Changes come from https://github.com/jstruebel/openldap-pla.git

  * Added Samba schema to ldap database and corresponding custom templates
    to phpLDAPAdmin

    - Changes come from https://github.com/jstruebel/openldap-samba.git

  * Added OpenSSH public key schema to ldap database

    - Changes come from https://github.com/jstruebel/openldap-sshlpk.git

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.i

 -- Jonathan Struebel <jonathan.struebel@gmail.com>  Tue, 02 May 2017 14:37:40 -0700

turnkey-openldap-14.1 (1) turnkey; urgency=low

  * Fix LigHTTPd bug in 15regen-sllcert (#512).

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 18 Feb 2016 15:19:03 +1100

turnkey-openldap-14.0 (1) turnkey; urgency=low

  * Latest Debian Jessie package version of OpenLDAP.

  * Lastest phpldap installed from upstream git

  * Other maintence work performed by Jonathan Struebel
    https://github.com/jstruebel

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.i

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 14 Aug 2015 19:59:21 +1000

turnkey-openldap-13.0 (1) turnkey; urgency=low

  * Latest Debian Wheezy package version of OpenLDAP.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 10 Oct 2013 18:38:30 +0300

turnkey-openldap-12.1 (1) turnkey; urgency=low

  * Upgraded to latest version of phpLDAPadmin.

  * Upstream source component versions:

    phpldapadmin    1.2.3

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Fri, 05 Apr 2013 08:00:00 +0200

turnkey-openldap-12.0 (1) turnkey; urgency=low

  * Initial public release of TurnKey OpenLDAP, based on TKLPatch submitted
    by Adrian Moya.

  * Set LDAP domain and admin password on firstboot (convenience, security).

  * Regenerates all secrets during installation / firstboot (security).

  * TLS support for ldaps out of the box (security).

  * Includes phpLDAPadmin for web based LDAP administration, with SSL
    support out of the box (convenience, security).

  * Includes Users/Groups OU and default PosixGroup (convenience).

  * Major component versions

    slapd           2.4.23-7.2
    ldap-utils      2.4.23-7.2
    gnutls-bin      2.8.6-1+squeeze2
    lighttpd        1.4.28-2+squeeze1
    php5-ldap       5.3.3-7+squeeze13
    phpldapadmin    1.2.2 (upstream archive)

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 01 Aug 2012 08:00:00 +0200

