2068740 – [RFE] Rebase on UnboundID LDAP SDK for Java 6.0.4

Bug 2068740 - [RFE] Rebase on UnboundID LDAP SDK for Java 6.0.4

Summary: [RFE] Rebase on UnboundID LDAP SDK for Java 6.0.4

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-distribution
Classification:	oVirt
Component:	unboundid-ldapsdk
Sub Component:
Version:	4.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	ovirt-4.5.2
Target Release:	4.5.2
Assignee:	Sandro Bonazzola
QA Contact:	Pavol Brilla
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2068741 2092478
TreeView+	depends on / blocked

Reported:	2022-03-26 11:52 UTC by Sandro Bonazzola
Modified:	2022-08-30 08:47 UTC (History)
CC List:	3 users (show)
Fixed In Version:	unboundid-ldapsdk-6.0.4-1
Clone Of:
Environment:
Last Closed:	2022-08-30 08:47:42 UTC
oVirt Team:	Integration
Embargoed:
Flags:	mperina: ovirt-4.5+ pm-rhel: planning_ack? pm-rhel: devel_ack? gdeolive: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHV-45456	0	None	None	None	2022-03-26 11:59:30 UTC

Description Sandro Bonazzola 2022-03-26 11:52:54 UTC

Description of problem:
In CentOS Virt SIG we are shipping 4.0.14.
Upstream released 6.0.4 but the interesting part of the rebase comes from 6.0.0 release notes: https://github.com/pingidentity/ldapsdk/releases/tag/6.0.0

> One of the biggest changes that we’ve made in this release is that we’ve deprecated support for the TLSv1 and TLSv1.1 protocol versions in accordance with RFC 8996. By default, the LDAP SDK will prefer using TLSv1.3, but it can fall back to using TLSv1.2 if the newer protocol is not supported by the client JVM or by the directory server. The older TLSv1 and TLSv1.1 protocol versions can still be enabled if necessary (either programmatically or by setting system properties), but given that they are no longer considered secure, and given that TLSv1.2 became an official standard over twelve years ago, the far better option would be to use a directory server release from sometime in the last decade.

There's also a licensing change happened in 5.0 release: https://github.com/pingidentity/ldapsdk/releases/tag/5.0.0

> UnboundID LDAP SDK for Java 5.0.0, now available under the Apache License


I don't see a reason to rush the change in, but looks like a good idea to rebase on latest release.

Comment 1 Sandro Bonazzola 2022-05-02 15:00:57 UTC

Builds available here:
- https://cbs.centos.org/koji/buildinfo?buildID=39177
- https://cbs.centos.org/koji/buildinfo?buildID=39178

Not pushed to testing repos yet, waiting for corresponding changes in ovirt-engine-extension-aaa-ldap tracked in bug #2068741

Comment 2 Pavol Brilla 2022-08-10 13:24:24 UTC

# yum deplist *unboundid-ldapsdk-6.0.4*; yum list unboundid-ldapsdk-6.0.4
Last metadata expiration check: 0:10:34 ago on Wed 10 Aug 2022 04:13:13 PM IDT.
package: unboundid-ldapsdk-6.0.4-1.el8ev.noarch
  dependency: java-headless
   provider: java-1.8.0-openjdk-headless-1:1.8.0.342.b07-2.el8_6.x86_64
  dependency: javapackages-filesystem
   provider: javapackages-filesystem-5.3.0-1.module+el8+2447+6f56d9a6.noarch
Last metadata expiration check: 0:10:35 ago on Wed 10 Aug 2022 04:13:13 PM IDT.
Installed Packages
unboundid-ldapsdk.noarch                                                                    6.0.4-1.el8ev

Comment 3 Sandro Bonazzola 2022-08-30 08:47:42 UTC

This bugzilla is included in oVirt 4.5.2 release, published on August 10th 2022.
Since the problem described in this bug report should be resolved in oVirt 4.5.2 release, it has been closed with a resolution of CURRENT RELEASE.
If the solution does not work for you, please open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.