All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
Added Kerberos schemas by default with security role and database indexing adjustions according to these schemas.
1.4.0 - 2020-06-15
30M+ docker pulls 🎉🎉🎉 thanks to all contributors 💕
- Allow setting ports on ldap and ldaps #403. Thanks to @chirauki !
- Address firewall issues on RHEL in README #394. Thanks to @BirkhoffLee !
- Ensure ca certs are up to date #387. Thanks to @Jyrno42 !
- Install slapd-contrib to include pbkdf2 pw support #365. Thanks to @col-panic !
- Seeding from internal path. #361. Thanks to @dbck !
- Enable openldap uid/gid to be specified at runtime #336. Thanks to @lj020326 !
- Update openldap 2.4.48 to 2.4.50
- LDAP_TLS_PROTOCOL_MIN is deprecated #432. Thanks to @mettacrawler !
- Better handling of environment variables checks #382. Thanks to @obourdon !
- Multi-node replication fixes #420. Thanks to @pcolmer !
- Grant root manage access to database #416. Thanks to @olia-dev !
1.3.0 - 2019-09-29
- Multiarch support
- Update openldap 2.4.47 to 2.4.48 #247
- Upgrade baseimage to light-baseimage:1.2.0 (debian buster)
1.2.5 - 2019-08-16
- Support for docker secrets #325. Thanks to @anagno !
- Add DISABLE_CHOWN environment variable #240
- pqChecker lib to check passwords strength with ppolicy pwdCheckModule
- Fix of incorrectly positioned 'log-helper debug' command #327. Thanks to @turcan !
- Fix domain dn #341. Thanks to @obourdon !
1.2.4 - 2019-03-14
- Excessive RAM usage on 1.2.2, increased 10x from 1.2.1 #242
- Startup issue with 1.2.3 #283
1.2.3 - 2019-01-21
10M+ docker pulls 🎉🎉🎉 thanks to all contributors 💕
- GCE statefulset #241
- Custom dhparam.pem via environment. #254
- Update openldap 2.4.44 to 2.4.47 #247
- Upgrade baseimage to light-baseimage:1.1.2
- Ldaps port numbers in readme #281
- Replication after restart container #264
1.2.2 - 2018-09-04
- Environment variable LDAP_NOFILE to setup a custom ulimit value #237
- Remove schema ambiguity #204
- lidf typo in readme #217
- Ignore all the folders started with . #232
-
Fix self-edit security issue #239
Thanks to Yann Voumard for reporting this and @jonremy for the fix.
1.2.1 - 2018-05-14
- The default "write" access to "*" by "self" in the file "config/bootstrap/ldif/02-security.ldif" allowed anyone to change all the data about himself. This includes the gid and uid numbers what could lead to serious security issues.
This has been changed to olcAccess: to * by self read by dn="cn=admin,{{ LDAP_BASE_DN }}" write by * none"
Thanks to Francesc Escale for reporting this.
1.2.0 - 2018-03-02
- Use mdb as default backend
- startup.sh: Ensure SCHEMAS is sorted #193
- LDAP_ADMIN_PASSWORD with space breaks container setup #167
1.1.11 - 2017-12-19
- Add krb5-kdc-ldap with doc examples #171
- Add support of readonly user in custom bootstrap ldif #162
- Fix NFS issue #169
- Create schemas in a consistent order. #174
1.1.10 - 2017-11-09
- Upgrade baseimage to light-baseimage:1.1.1
- Readme #145 #148
- Let ldapmodify and ldapadd use the same auth #146
- Enable matching uid's and gid's in the host and container. #156
1.1.9 - 2017-07-19
- LDAP_RFC2307BIS_SCHEMA option to use rfc2307bis schema instead of nis default schema
- KEEP_EXISTING_CONFIG option to not change the ldap config
- Upgrade baseimage to light-baseimage:1.1.0 (debian stretch)
1.1.8 - 2017-02-16
- LDAP_ENFORCE_TLS is not working correctly #107
- Unable to reuse volumes after LDAP_TLS_ENFORCE is true #92
1.1.7 - 2016-11-09
- Upgrade baseimage to light-baseimage:0.2.6
1.1.6 - 2016-09-02
- Upgrade baseimage to light-baseimage:0.2.5
- Upgrade to 1.1.5 startup issues with cfssl-helper #73
1.1.5 - 2016-08-02
- Restarting container with new environment #44
- Cannot rerun with customized certificate at 1.1.1 #36
1.1.4 - 2016-07-26
- Remove environment variable LDAP_TLS_PROTOCOL_MIN as it takes no effect, see #69
- Adjust default GnuTLS cipher string according to Red Hat's TLS hardening guide. This by default also restricts the TLS protocol version to 1.2. For reference, see #69
- Fix Error in Adding "Billy" #71
- Add docker-compose.yml example and update kubernetes examples #52
- Update LDAP_TLS_CIPHER_SUITE, remove LDAP_TLS_PROTOCOL_MIN #70
- fixed LDAP_BACKEND for readonly user #62
1.1.3 - 2016-06-09
In this version the new environment variable LDAP_BACKEND let you set the the backend used by your ldap database. By default it's hdb. In comming versions 1.2.x the default will be changed to mdb.
Environment variable LDAP_REPLICATION_HDB_SYNCPROV changed to LDAP_REPLICATION_DB_SYNCPROV
- Use mdb over hdb #50
- Ignore lost+found directories #53
- LDAP_REPLICATION_HDB_SYNCPROV changed to LDAP_REPLICATION_DB_SYNCPROV
- Upgrade baseimage to light-baseimage:0.2.4
- Volume command from Dockerfile #56
1.1.2 - 2016-03-18
- Honor LDAP_LOG_LEVEL on startup #39
- slapd tcp bind is network not interface, and so does not respond on overlay networks #35
- specify base_dn without domain #37
1.1.1 - 2016-02-20
- Upgrade baseimage to light-baseimage:0.2.2
1.1.0 - 2016-01-25
- Use *.startup.yaml environment files to keep configuration secrets
- Use cfssl tool to generate tls certs
- Use log-helper to write leveled log messages
- Allow copy of /container/service and mounted files to /container/run/service dir usefull for write only filesystems and avoid file permissions problems
- Add enforcing TLS options (#26)
- Upgrade baseimage to light-baseimage:0.2.1
- Should SSL certs be copied on load? (#25)
1.0.9 - 2015-12-16
- Makefile with build no cache
- Upgrade baseimage to light-baseimage:0.2.0
1.0.8 - 2015-11-23
- An other startup bug ! whuhu
1.0.7 - 2015-11-20
- Startup bug
1.0.6 - 2015-11-20
- Upgrade baseimage to light-baseimage:0.1.5
1.0.5 - 2015-11-19
- Upgrade baseimage to light-baseimage:0.1.4
- Replication bug when the hostname was changed
1.0.4 - 2015-11-06
- Upgrade baseimage to light-baseimage:0.1.3
1.0.3 - 2015-10-26
- Upgrade baseimage to light-baseimage:0.1.2
- Re-running container with volumes won't start #19
1.0.2 - 2015-08-27
- LDAP_TLS_CIPHER_SUITE
- LDAP_TLS_PROTOCOL_MIN
- LDAP_TLS_VERIFY_CLIENT
1.0.1 - 2015-08-18
- Upgrade baseimage to light-baseimage:0.1.1
- OpenLdap container won't start when dhparam.pem is missing in bound volume #13
1.0.0 - 2015-07-24
- Improve documentation
- Upgrade baseimage to light-baseimage
0.10.2 - 2015-07-14
- Bootstrap config, only on non existing slapd config
- Limit max open file descriptors to fix slapd memory usage (#9)
- Don't disable network access from outside (#8)
- Make log level configurable via environment variable (#7)
- Support for ldaps (#10)
- Unable to start container with the following invocation. (#6)
0.10.1 - 2015-05-17
- LDAPI
- Custom ldap schema
- Auto convert .schema to .ldif
- Docker VOLUME is not needed to be able to stop a container without losing data (#2)
- starting from old data (#3)
0.10.0 - 2015-03-03
New version initial release, no changelog before this sorry.