Go-lang LDAP Authentication (GLAuth) has released version 2.3.0 of its lightweight LDAP server, providing a secure and easy-to-use solution for development, home lab use, or CI/CD environments.

The release introduces both new features and bug fixes to enhance the functionality and stability of the server software. However, it is important to note that there is a breaking change in this version, as the groups table has been renamed to ldapgroups.

The main feature of the v2.3.0 release include an update to the migration code, which now supports table names. In addition to the new feature, a bug fix has been implemented in this release, also regarding ldapgroups.

With this latest release, GLAuth continues to provide a reliable and efficient LDAP server solution for users in development, home lab, and CI/CD environments. The project’s commitment to security, ease of use, and continuous improvement is commendable.

For more information and to download the latest version of GLAuth, visit the official GitHub repository.

The latest release of glauth, a secure and easy-to-use LDAP server with configurable backends, brings several important updates and fixes. Version v2.2.1 focuses on resolving plugin incompatibility issues and introduces the ability to use custom S3 endpoints.

One of the key improvements in this maintenance release is the fix to plugin incompatibility. The developers have addressed this issue and apologize for any inconvenience caused by the previous version. The pull requests included in this release cover various aspects of the project. Some of the other notable updates include organizing users as an organizational unit, removing references to deprecated io/ioutil, updating TRIM_FLAGS to use -trimpath, and preparing for future releases by implementing sum types.

Kubernetes 1.28 introduces several security enhancements to improve the user experience and address the evolving needs of its users. The enhancements include the use of CEL-based admission policies and webhook match conditions, reduction of secret-based service account tokens, ensuring secure image pulling, container image signature handling based on sigstore, KMS v2 improvements, and an Auth API to get self-user attributes. These enhancements provide better security, performance, and management of Kubernetes clusters, ensuring that only verified and secure images are used and that sensitive data remains encrypted. As Kubernetes becomes more essential, these enhancements play a critical role in ensuring the security and reliability of container orchestration platforms.

Source: CNCF Blog.

The New Stack has posted a guide on how to harden n Ubuntu server. Ubuntu is a popular choice for container deployments, but many admins and DevOps teams overlook the importance of securing the operating system itself. The article provides a guide to hardening Ubuntu to ensure a secure foundation for deployments. The steps include:

1. Schedule regular upgrades to ensure the server is patched against the latest threats.

2. Change sudo and SSH settings.

3. Install and configure fail2ban to automatically ban IP addresses that attempt to compromise the server via SSH.

4. Secure shared memory by mounting /run/shm with certain privileges.

5. Enable and configure the Uncomplicated Firewall (UFW) and allow SSH connections.

By following these steps, admins and DevOps teams can significantly enhance the security of their Ubuntu Server deployments. Head over to The New Stack and read the guide!

Source: The New Stack.

In this tutorial, we’ll deploy Bitwarden on Docker Swarm. It’s based on an earlier tutorial on this site, where we deployed Docker Swarm on DigitalOcean. Bitwarden is a password manager with support for self-hosting. We’ll use bitwarden_rs, an unofficial Bitwarden API server implementation, as it’s a bit faster than the default implementation. Bitwarden_rs is written in Rust and is compatible with the official Bitwarden clients. Bitwarden has the following features, among others: