Commits (47)
......@@ -37,6 +37,8 @@ Before release
- Check Debian packages quality
$ cme check dpkg
- Update doc/admin/documentation.rst to display vulnerable packaged versions
For minor release
-----------------
......
......@@ -85,6 +85,7 @@
},
"authentication" : "Demo",
"cfgAuthor" : "The LemonLDAP::NG team",
"cfgDate" : "1627287638",
"cfgNum" : 1,
"cfgVersion" : "2.1.0",
"cookieName" : "lemonldap",
......
lemonldap-ng (2.0.12) focal; urgency=medium
* Bugs:
* #2153: logout forward url pointing to a protected application cause infinite redirection (pdata)
* #2439: Unable to configure oidcOPMetaDataJSON and oidcOPMetaDataJWKS trough lemonldap-ng-cli
* #2453: Manager API: missing doc and array handling of additional audiences
* #2455: llng-fastcgi-server exited with signal 13
* #2459: Debian packages: missing dependency to gsfonts may break Captcha
* #2460: "Underlying object can't load conf" in v2.0.11
* #2463: Portal plugin hooks triggered multiple times after reload
* #2469: mySessionAuthorizedRWKeys causes internal server error when removing OIDC consent
* #2474: OAuth2 endpoints should return an error when multiple client authentication methods are used
* #2475: OIDC: Invalid error code returned in badAuthRequest
* #2477: [security:low] Wildcard in virtualhost allows being redirected to untrusted domains
* #2480: Set an authLevel and disable ReAuthentication plugin leads to an endless loop
* #2481: missing _utime in OIDC Client Credential sessions
* #2482: unexpected persistent sessions appear since 2.0.10
* #2483: Second factor removal does not work when hiding session ids from manager
* #2487: Incorrect error reporting in convertSessions
* #2489: Do not grant the openid scope during Resource Owner Password Grant
* #2493: Unable to register a new configuration attribute with CLI when option force is enabled and backend is RDBI
* #2495: [security:medium] XSS on register form
* #2498: convertSessions does not filter sessionKind correctly
* #2503: REST/SOAP exported attributes are not sent by REST server
* #2509: Local password policy: Allowing ALL special characters does not work
* #2511: expires_in in token response has the wrong JSON type in some cases
* #2513: LLNG 2.0.11 : SAML SLO from IDP to SP with POST Binding blocked by browser
* #2518: SAML: persistent NameID is empty when using "unspecified" format on SP side
* #2520: Missing translations for DBI configuration
* #2525: Gracefully handle invalid perl expression in CAS/SAML/OIDC
* #2529: [bug] OIDC userinfo as jwt not readable
* #2531: calling to_json with hash containing file handle fails
* #2534: CDA does not work with wildcard vhosts
* #2535: [security:low] Incorrect regexp construction in isTrustedUrl lets attacker steal session on CDA application
* #2539: [security:high, CVE-2021-35472] session cache corruption can lead to authorization bypass or spoofing
* #2541: Misleading TOTP options
* #2543: [security:low] 2FA bypass with sfOnlyUpgrade and totp2fDisplayExistingSecret
* #2547: Parameter oidcRPMetaDataOptionsUserInfoSignAlg is missing in Manager
* #2548: OpenID Connect ACR value can't be configured with something else than 'loa-...'
* #2549: [security:low, CVE-2021-35473] OAuth2 handler does not verify access token validity
* #2550: Token endpoint should only emit ID token when scope contains "openid"
* New features:
* #1976: FindUser plugin
* #2451: CrowdSec plugin to query Crowdsec server
* #2458: CheckDevOps plugin
* #2510: Hook on password change
* #2532: add oidcGenerateCode hook
* #2554: Remove OIDC checksession iframe from metadata
* Improvements:
* #2260: Missing elements in sphinx documentation (mongodb)
* #2419: Support JWT as OAuth 2.0 Bearer Access Tokens
* #2424: Feature: Scope Rules
* #2454: Append a Show/Hide password button into login form
* #2456: Prevent DevOps handler to send hidden session attributes
* #2462: Use timezone provided in input dates in extended function "checkDate"
* #2465: Force OIDC error messages to use JSON
* #2472: Loading metadata can be slow due to parsing of default certificate bundle
* #2484: Hook for populating client credential session
* #2488: Allow selection of AssertionConsumerServiceURL in IDP-Initiated SAML login
* #2496: Add new option to ignore undeclared OIDC scopes
* #2499: add key mapper for convertSession
* #2502: Resource Owner Password fails with PE_FIRSTACCESS when using Auth::Choice
* #2506: CAS: add an option to forbid host-based matching
* #2521: Avoid browsers parameter hide placeholder
* #2533: add hooks for CAS issuer
* #2536: optimize SingleSession to avoid unneeded session fetches
* #2544: Default 2FA register timeout is too low
* #2557: Avoid browsers to store new, old and confirmed password during update process
* #2562: Add --user/--group options to lmConfigEditor and lemonldap-ng-cli (user:group hardcoded to apache may not work correctly)
* Templates:
* #1976: FindUser plugin
* #2454: Append a Show/Hide password button into login form
* #2458: CheckDevOps plugin
* #2495: [security:medium] XSS on register form
* #2521: Avoid browsers parameter hide placeholder
* #2541: Misleading TOTP options
* #2557: Avoid browsers to store new, old and confirmed password during update process
-- Clément <clem.oudot@gmail.com> Thu, 22 Jul 2021 17:41:44 +0200
lemonldap-ng (2.0.11) focal; urgency=medium
* Bugs:
......
lemonldap-ng (2.0.12-1) unstable; urgency=medium
* New release. See changes on our website:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
-- Clement OUDOT <clement@oodo.net> Thu, 22 Jul 2021 22:00:00 +0100
lemonldap-ng (2.0.11-1) unstable; urgency=medium
* New release. See changes on our website:
......
......@@ -46,6 +46,7 @@ Options:
- ``-c``: job configuration file (mandatory)
- ``-r oldkey=newkey``: rename session keys during conversion (optional, can be given multiple times)
- ``-x key``: remove session keys during conversion (optional, can be given multiple times)
- ``-i``: ignore errors. By default errors will stop the script
execution
- ``-d``: print debugging output
......@@ -174,6 +174,11 @@ and is stored in the LemonLDAP::NG bin/ directory, for example
This script must be run as root, it will then use the Apache
user and group to access configuration.
.. tip::
You can change the user and group by setting ``--user`` and
``--group`` options in the command line.
The script uses the ``editor`` system command, that links to your
favorite editor. To change it:
......@@ -276,6 +281,11 @@ You can use accessors (options) to change the behavior:
configuration.
- -force: set it to 1 to save a configuration earlier than latest.
Additional options:
- --user=<user>: change user running the script
- --group=<group>: change group running the script
Some examples:
::
......@@ -283,6 +293,7 @@ Some examples:
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -cfgNum 10 get exportedHeaders/test1.example.com
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set notification 1
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -sep ',' get macros,_whatToTrace
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli get portal --user=nginx --group=nginx
.. tip::
......
......@@ -51,6 +51,7 @@ Debian
.. tip::
Following Debian Policy, LLNG packages are never upgraded in published distributions. However, security patches are backported by maintenance teams *(except some inor ones)*.
See `Security tracker <https://security-tracker.debian.org/tracker/source-package/lemonldap-ng>`__
=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
Debian dist LLNG version Secured Maintenance LTS Limit `Extended LTS <https://wiki.debian.org/LTS/Extended>`__ Limit
......@@ -60,9 +61,9 @@ Debian dist LLNG version Se
**8** Jessie `1.3.3 </documentation/1.3/>`__ |clean| CVE-2019-19791 tagged as minor **None** [1]_ June 2020 Probably 2023
**9** Stretch `1.9.7 </documentation/1.9/>`__ |clean| CVE-2019-19791 tagged as minor `Debian LTS Team <https://www.debian.org/lts/>`__ June 2022
\ *Stretch-backports* `2.0.2 </documentation/2.0/>`__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 *None* *June 2019*
\ Stretch-backports-sloppy `2.0.9 </documentation/2.0/>`__ |bad| *Maybe none*, "best effort" [3]_ Until Debian 11 release [4]_
\ Stretch-backports-sloppy `2.0.11 </documentation/2.0/>`__ |maybe| *Maybe none*, "best effort" [3]_ Until Debian 11 release [4]_
**10** Buster `2.0.2 </documentation/2.0/>`__ |clean| CVE-2019-19791 tagged as minor `Debian Security Team <https://security-team.debian.org/>`__ Probably July 2024
\ Buster-backports `2.0.11 </documentation/2.0/>`__ |clean| `LLNG Team </team>`__ Until Debian 11 release [4]_
\ Buster-backports `2.0.11 </documentation/2.0/>`__ |clean| `LLNG Team </team>`, "best effort" [3]_ Until Debian 11 release [4]_
\ Bullseye `2.0.11 </documentation/2.0/>`__ |clean| `Debian Security Team <https://security-team.debian.org/>`__ Probably July 2026
**Next** Testing Latest [5]_ |clean| `LLNG Team </team>`__
=========== ======================== ======================================== ===================================================== ============================================================ =============================== =============================================================
......@@ -86,12 +87,9 @@ Ubuntu dist LLNG version Secured
14.04 Trusty `1.2.5 </documentation/1.2/>`__ |maybe| No known vulnerability None
16.04 Xenial [9]_ `1.4.6 </documentation/1.4/>`__ |bad| CVE-2019-12046, CVE-2019-13031 None
18.04 Bionic [9]_ `1.9.16 </documentation/1.9/>`__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2020-24660 None
18.10 Cosmic `1.9.17 </documentation/1.9/>`__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2020-24660 None
19.04 Disco `2.0.2 </documentation/2.0/>`__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941, CVE-2020-24660 None
19.10 Eoan `2.0.5 </documentation/2.0/>`__ |bad| CVE-2019-15941, CVE-2020-24660 None
20.04 Focal [9]_ `2.0.7 </documentation/2.0/>`__ |bad| CVE-2020-24660 None
20.10 Groovy `2.0.8 </documentation/2.0/>`__ |bad| CVE-2020-24660 None
21.04 Hirsute `2.0.11 </documentation/2.0/>`__ |clean| None
20.04 Focal [9]_ `2.0.7 </documentation/2.0/>`__ |bad| CVE-2020-24660, CVE-2021-35472, CVE-2021-35473 None
20.10 Groovy `2.0.8 </documentation/2.0/>`__ |bad| CVE-2020-24660, CVE-2021-35472, CVE-2021-35473 None
21.04 Hirsute `2.0.11 </documentation/2.0/>`__ |bad| CVE-2021-35472, CVE-2021-35473 None
=========== ============= ================================ ==================================================================== ===========
Bug report
......@@ -139,8 +137,9 @@ Other
Possible `Extended LTS <https://wiki.debian.org/LTS/Extended>`__
.. [3]
updated by `LLNG Team </team>`__ until dependencies are compatible,
however this distribution seems unmaintained now
updated by `LLNG Team </team>`__ until dependencies are compatible.
Don't use backports unless you plan to update your system because
backports are not covered by Debian Security Policy
.. [4]
around September 2021
......
......@@ -6,6 +6,18 @@ used both for storing configuration and
:doc:`sessions<mongodbsessionbackend>`. You need to install Perl MongoDB
module to be able to use this backend.
For Debian, you can install mongodb module with:
::
apt install libmongodb-perl
For CentOS:
::
yum install perl-MongoDB
See :doc:`how to change configuration backend<changeconfbackend>` to
change your configuration database.
......
......@@ -20,6 +20,21 @@ Perl module (version ⩾ 0.15 required). You also need a recent version of
client <http://search.cpan.org/~mongodb/MongoDB-v1.2.2/>`__ (version ⩾
1.00 required).
For Debian, you can install mongodb module and Apache::Session module with:
::
apt install libmongodb-perl
cpan Apache::Session::MongoDB
For CentOS:
::
yum install perl-MongoDB
cpan Apache::Session::MongoDB
In the manager: set
`Apache::Session::MongoDB <http://search.cpan.org/perldoc?Apache::Session::MongoDB>`__
in ``General parameters`` » ``Sessions`` » ``Session storage`` »
......
......@@ -32,7 +32,7 @@ Name Comment Example
**sentinels** Redis sentinels list 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379
**service** Sentinel service name mymaster
**password** password (== requirepass) ChangeMe
**select** Redis DB 1
**database** Redis DB 1
**Index** Fields to index refer to :ref:`fieldstoindex`
============= =========================== ===============================================
......
......@@ -60,6 +60,7 @@ casAuthnLevel CAS authentication level
casSrvMetaDataOptions Root of CAS server options ✔ [1]
casStorage Apache::Session module to store CAS user data ✔
casStorageOptions Apache::Session module parameters ✔
casStrictMatching Disable host-based matching of CAS services ✔
cda Enable Cross Domain Authentication ✔ ✔
certificateResetByMailCeaAttribute ✔
certificateResetByMailCertificateAttribute ✔
......@@ -75,6 +76,8 @@ cfgDate Timestamp of the current
cfgLog Configuration update log ✔ ✔
cfgNum Enable Cross Domain Authentication ✔ ✔
cfgVersion Version of LLNG which build configuration ✔ ✔
checkDevOps Enable check DevOps ✔
checkDevOpsDownload Enable check DevOps download field ✔
checkState Enable CheckState plugin ✔
checkStateSecret Secret token for CheckState plugin ✔
checkTime Timeout to check new configuration in local cache ✔ ✔ ✔
......@@ -110,6 +113,10 @@ corsAllow_Origin Allowed origine for Cros
corsEnabled Enable Cross-Origin Resource Sharing ✔
corsExpose_Headers Exposed headers for Cross-Origin Resource Sharing ✔
corsMax_Age MAx-age for Cross-Origin Resource Sharing ✔
crowdsec CrowdSec plugin activation ✔
crowdsecAction CrowdSec action ✔
crowdsecKey CrowdSec API key ✔
crowdsecUrl Base URL of CrowdSec local API ✔
cspConnect Authorized Ajax destination for Content-Security-Policy ✔
cspDefault Default value for Content-Security-Policy ✔
cspFont Font source for Content-Security-Policy ✔
......@@ -273,9 +280,9 @@ log4perlConfFile Log4Perl logger configur
logLevel Log level, must be set in .ini ✔ ✔ ✔ ✔
logger technical logger ✔ ✔ ✔ ✔
loginHistoryEnabled Enable login history ✔
logoutServices Send logout through GET request to these services ✔
lwpOpts Options given to LWP::UserAgent
lwpSslOpts SSL options given to LWP::UserAgent
logoutServices Send logout trough GET request to these services ✔
lwpOpts Options passed to LWP::UserAgent ✔
lwpSslOpts SSL options passed to LWP::UserAgent ✔
macros Macros ✔
mail2fActivation Mail second factor activation ✔
mail2fAuthnLevel Authentication level for users authenticated by Mail second factor ✔
......@@ -333,6 +340,7 @@ oidcServiceAllowAuthorizationCodeFlow OpenID Connect allow aut
oidcServiceAllowDynamicRegistration OpenID Connect allow dynamic client registration ✔
oidcServiceAllowHybridFlow OpenID Connect allow hybrid flow ✔
oidcServiceAllowImplicitFlow OpenID Connect allow implicit flow ✔
oidcServiceAllowOnlyDeclaredScopes OpenID Connect allow only declared scopes ✔
oidcServiceAuthorizationCodeExpiration OpenID Connect global code TTL ✔
oidcServiceDynamicRegistrationExportedVars OpenID Connect exported variables for dynamic registration ✔
oidcServiceDynamicRegistrationExtraClaims OpenID Connect extra claims for dynamic registration ✔
......@@ -403,6 +411,7 @@ portalDisplayPasswordPolicy Display policy in passwo
portalDisplayRefreshMyRights Display link to refresh the user session ✔
portalDisplayRegister Display register button in portal ✔
portalDisplayResetPassword Display reset password button in portal ✔
portalEnablePasswordDisplay Allow to display password in login form ✔
portalErrorOnExpiredSession Show error if session is expired ✔
portalErrorOnMailNotFound Show error if mail is not found in password reset process ✔
portalForceAuthn Enable force to authenticate when displaying portal ✔
......@@ -534,6 +543,7 @@ sfEngine Second factor engine
sfExtra Extra second factors ✔
sfManagerRule Rule to display second factor Manager link ✔
sfOnlyUpgrade Only trigger second factor on session upgrade ✔
sfRegisterTimeout Timeout for 2F registration process ✔
sfRemovedMsgRule Display a message if at leat one expired SF has been removed ✔
sfRemovedNotifMsg Notification message ✔
sfRemovedNotifRef Notification reference ✔
......
......@@ -46,7 +46,7 @@ Custom CSS file
You can define a custom CSS file, for example ``custom.css``, which will
be loaded after default CSS files. This file needs to be created in the
static repository
(``/usr/share/lemonldap-ng/portal/htdocs/static/boostrap/css``).
(``/usr/share/lemonldap-ng/portal/htdocs/static/bootstrap/css``).
Then set this value in Custom CSS parameter :
``bootstrap/css/custom.css``.
......@@ -114,11 +114,17 @@ To achieve this, you can create a rule in the Manager: select
``General Parameters`` > ``Portal`` > ``Customization`` >
``Skin display rules`` on click on "New key". Then fill the two fields;
- **Rule**: a Perl expression (you can use %ENV hash to get environment
variables, or $_url to get URL called before redirection, or $ipAddr
to use user IP address). If the rule evaluation is true, the
corresponding skin is applied.
- **Skin**: the name of the skin to use.
- **Key**: a Perl expression (you can use ``%ENV`` hash to get environment
variables, or ``$_url`` to get URL called before redirection, or ``$ipAddr``
to use user IP address). If the rule evaluation is true, the corresponding
skin is applied.
- **Value**: the name of the skin to use.
Example:
```
$_url =~ m#^http://test1.example.com#
```
Skin files
~~~~~~~~~~
......
......@@ -77,3 +77,7 @@ You can also add some other parameters
# LWP::UserAgent parameters
proxyOptions = { timeout => 5 }
`User` and `Password` parameters are only used if the entry point `index.fcgi/config`
is protected by a basic authentication. Thus, handlers will make requests to the portal
using these parameters.
......@@ -68,6 +68,10 @@ Name Comment Example
**password** Password to use for auth basic mechanism
=================== ======================================== ==================================================
`user` and `password` parameters are only used if the entry point `index.fcgi/sessions/global`
is protected by a basic authentication. Thus, handlers will make requests to the portal
using these parameters.
.. attention::
......@@ -86,7 +90,7 @@ configuration (for example, access by IP range):
# REST/SOAP functions for sessions access (disabled by default)
<Location /index.fcgi/sessions>
Require 192.168.2.0/24
Require ip 192.168.2.0/24
</Location>
Real session backend
......
......@@ -78,12 +78,12 @@ configuration (for example, access by IP range):
# SOAP functions for sessions management (disabled by default)
<Location /index.fcgi/adminSessions>
Require 192.168.2.0/24
Require ip 192.168.2.0/24
</Location>
# SOAP functions for sessions access (disabled by default)
<Location /index.fcgi/sessions>
Require 192.168.2.0/24
Require ip 192.168.2.0/24
</Location>
Real session backend
......
......@@ -30,13 +30,40 @@ None
2.0.12
------
Security
~~~~~~~~
* **CVE-2021-35473**: Access token lifetime is not verified with OAuth2 Handler (see `issue 2549 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549>`__)
* **CVE-2021-35472**: Session cache corruption can lead to authorization bypass or spoofing (see `issue 2539 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539>`__)
* 2FA bypass with sfOnlyUpgrade and totp2fDisplayExistingSecret (see `issue 2543 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2543>`__)
* Incorrect regexp construction in isTrustedUrl lets attacker steal session on CDA application (see `issue 2535 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2535>`__)
* XSS on register form (see `issue 2495 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2495>`__)
* Wildcard in virtualhost allows being redirected to untrusted domains (see `issue 2477 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2477>`__)
Portal templates changes
~~~~~~~~~~~~~~~~~~~~~~~~
If you customized the HTML mail content, you must update them to use HTML::Template variables (this was changed to fix XSS injections).
For session variables, replace for example ``$cn`` by ``<TMPL_VAR NAME="session_cn" ESCAPE=HTML>``, and for other variables, replace for example ``$url`` by ``<TMPL_VAR NAME="url" ESCAPE=HTML>``.
Some changes have been made to include new plugins (FindUser and CheckDevOps), you need to report them only if you have a custom theme and you want to use these plugins
To benefit from the new feature allowing to show password on login form, adapt ``standardform.tpl`` (see `changes <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/bdeb1e70d98ddc89316b0912d9d5ee6d11d0bee5#fbbcec1fdc36cc042eeaa83274a32ef2231fe977_23_23>`__)
To disable password store in browser when changing password (this was already possible for login form), adapt ``password.tpl`` (see `changes <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/466b6a3241fff5013d27b3dd22982e5e26ed7dfb#0ae060b3d1e289f08f510c268ed72de5dcafe425_36_35>`__)
To fix placeholder display in password field when password store is disabled in browser, adapt ``password.tpl`` (see `changes <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/547d80985290495d33ed72a388e9ddf482980354#fbbcec1fdc36cc042eeaa83274a32ef2231fe977_21_20>`__)
See also "Simplification of TOTP options" below.
Client Credential sessions missing expiration time
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you started using Client Credential grants in 2.0.11, you may have encountered
`issue 2481 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2481>`__.
Because of this bug, the created sessions may never be purged by the `purgeCentralCache` script.
Because of this bug, the created sessions may never be purged by the ``purgeCentralCache`` script.
In order to detect these sessions, you can run the following command:
......@@ -78,7 +105,7 @@ The following options have been removed from TOTP configuration:
* Display existing secret (``totp2fDisplayExistingSecret``)
* Change existing secret (``totp2fUserCanChangeKey``)
As a consequence, users who are *not* using the default `bootstrap` skin may need to ajust their ``totp2fregister.tpl`` template:
As a consequence, users who are *not* using the default ``bootstrap`` skin may need to ajust their ``totp2fregister.tpl`` template:
* Move ``#divToHide`` from the ``.col-md-6`` div to the ``.card`` div
* Change::
......
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 8"
.TH llng-fastcgi-server 8 "2021-07-09" "perl v5.32.1" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 8 "2021-08-01" "perl v5.32.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -40,6 +40,7 @@
"Cookie::Baker::XS" : "0",
"Crypt::URandom" : "0",
"DBI" : "0",
"Date::Parse" : "0",
"LWP::Protocol::https" : "0",
"Net::LDAP" : "0",
"SOAP::Lite" : "0",
......
......@@ -26,6 +26,7 @@ recommends:
Cookie::Baker::XS: '0'
Crypt::URandom: '0'
DBI: '0'
Date::Parse: '0'
LWP::Protocol::https: '0'
Net::LDAP: '0'
SOAP::Lite: '0'
......
......@@ -47,6 +47,7 @@ WriteMakefile(
'Convert::Base32' => 0,
'Cookie::Baker::XS' => 0,
'Crypt::URandom' => 0,
'Date::Parse' => 0,
'String::Random' => 0,
'DBI' => 0,
'Net::LDAP' => 0,
......