OpenLDAP: Drop TCP wrappers support

Summary

As per [1], TCP wrappers are being deprecated in Fedora. Also, as per [2], upstream discourages its usage in favour of other means of protection (e.g. firewall). After this change OpenLDAP will no longer be affected by TCP wrappers configuration.

Owner

• Name: Matus Honek
• Email: mhonek@redhat.com
• Release notes ticket: #89

Current status

• Targeted release: Fedora 28
• Last updated: 2018-03-02
• Tracker bug: #1531487

Detailed Description

After this change, OpenLDAP will not be configured with --enable-wrappers resulting in potential TCP wrappers configuration having no effect on OpenLDAP (i.e. slapd binary executable). Please, use other means of protection for the OpenLDAP server.

Benefit to Fedora

This change is due to the deprecation of TCP wrappers, details may be found in [3]

Scope

• Proposal owners: Remove dependency of OpenLDAP on TCP wrappers. See [4].

• Other developers: None

• Release engineering: Part of #7029
  • List of deliverables: N/A (not a System Wide Change)

• Policies and guidelines: N/A

• Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

Users should use other means of protection. TCP wrappers protection ceases to work.

How To Test

Running the following should not return anything:

ldd /usr/sbin/slapd  | grep libwrap

User Experience

Users are encouraged to check their security configuration.

Dependencies

N/A

Contingency Plan

• Contingency mechanism: Reverting the change
• Contingency deadline: Beta freeze?
• Blocks release? No

Documentation

N/A

Release Notes

Fedora 28 removes support for tcp_wrappers. Therefore, OpenLDAP no longer supports them. Please, use other means of protection.