drop Apache 2.2 support

lam-packaging/RPM/lam.apache.conf

@@ -4,13 +4,7 @@ Alias /lam /usr/share/ldap-account-manager
 <Directory /usr/share/ldap-account-manager>
   Options +FollowSymLinks
   AllowOverride All
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Allow from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all granted
-  </IfModule>
+  Require all granted
   DirectoryIndex index.html
 </Directory>
 
@@ -20,67 +14,31 @@ Alias /lam /usr/share/ldap-account-manager
 
 <Directory /var/lib/ldap-account-manager/tmp/internal>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /var/lib/ldap-account-manager/sess>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /var/lib/ldap-account-manager/config>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /usr/share/ldap-account-manager/lib>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /usr/share/ldap-account-manager/help>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /usr/share/ldap-account-manager/locale>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 

lam-packaging/debian/control

@@ -13,7 +13,7 @@ Depends: php5 (>= 5.4.26) | php (>= 7), php5-ldap | php-ldap, php5-gd | php-gd,
  php5 | php-zip, php5 | php-xml, php5-imagick | php-imagick,
  libapache2-mod-php5 | libapache2-mod-php | php5-fpm | php-fpm,
  php-tcpdf, php-phpseclib (>= 2.0),
- apache2 | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
+ apache2 (>= 2.4.0) | httpd, fonts-dejavu, debconf (>= 0.2.26) | debconf-2.0, ${misc:Depends}
 Recommends: php-apc | php-opcache
 Suggests: ldap-server, php5-mcrypt | php-mcrypt, ldap-account-manager-lamdaemon, perl
 Description: webfrontend for managing accounts in an LDAP directory

lam-packaging/debian/lam.apache.conf

@@ -4,13 +4,7 @@ Alias /lam /usr/share/ldap-account-manager
 <Directory /usr/share/ldap-account-manager>
   Options +FollowSymLinks
   AllowOverride All
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Allow from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all granted
-  </IfModule>
+  Require all granted
   DirectoryIndex index.html
 </Directory>
 
@@ -20,67 +14,31 @@ Alias /lam /usr/share/ldap-account-manager
 
 <Directory /var/lib/ldap-account-manager/tmp/internal>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /var/lib/ldap-account-manager/sess>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /var/lib/ldap-account-manager/config>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /usr/share/ldap-account-manager/lib>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /usr/share/ldap-account-manager/help>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 
 <Directory /usr/share/ldap-account-manager/locale>
   Options -Indexes
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Directory>
 

lam/.htaccess

@@ -1,11 +1,5 @@
 <Files *>
   Options +FollowSymLinks
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Allow from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all granted
-  </IfModule>
+  Require all granted
   DirectoryIndex index.html
 </Files>

lam/HISTORY

@@ -1,5 +1,6 @@
 September 2018 6.5
   - Password change possible via LDAP EXOP operation (set LDAP_EXOP as password hash)
+  - Dropped suppurt for Apache 2.2
   - Upload: allow to overwrite existing accounts
   - Kolab updates
   - LAM Pro:

lam/config/.htaccess

@@ -1,9 +1,3 @@
 <Files *>
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Files>

lam/docs/manual-sources/appendix-security.xml

@@ -319,7 +319,7 @@ semodule -i httpdlocal.pp</programlisting>
 
       <para><inlinemediaobject>
           <imageobject>
-            <imagedata fileref="images/selfServiceProxy.png" />
+            <imagedata fileref="images/selfServiceProxy.png"/>
           </imageobject>
         </inlinemediaobject></para>
 
@@ -333,8 +333,7 @@ semodule -i httpdlocal.pp</programlisting>
         CustomLog /var/log/apache2/lam-proxy-access.log combined
         DocumentRoot /var/www/lam-proxy
         &lt;Proxy *&gt;
-            Order deny,allow
-            Allow from all
+            Require all granted
         &lt;/Proxy&gt;
         SSLProxyEngine on
         SSLEngine on

lam/docs/manual-sources/appendix-selfResetSchema.xml

@@ -1,245 +1,241 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
-  <appendix id="a_passwordSelfResetSchema">
-    <title>Setup password self reset schema (LAM Pro)</title>
+<appendix id="a_passwordSelfResetSchema">
+  <title>Setup password self reset schema (LAM Pro)</title>
 
-    <section id="passwordSelfResetSchema_new">
-      <title>New installation</title>
+  <section id="passwordSelfResetSchema_new">
+    <title>New installation</title>
 
-      <para>Please see <link
-      linkend="passwordSelfResetSchema_update">here</link> if you want to
-      upgrade an existing schema version.</para>
+    <para>Please see <link
+    linkend="passwordSelfResetSchema_update">here</link> if you want to
+    upgrade an existing schema version.</para>
 
-      <para><emphasis role="bold">Schema installation</emphasis></para>
+    <para><emphasis role="bold">Schema installation</emphasis></para>
 
-      <para>Please install the schema that comes with LAM Pro. The schema
-      files are located in:</para>
+    <para>Please install the schema that comes with LAM Pro. The schema files
+    are located in:</para>
 
-      <itemizedlist>
-        <listitem>
-          <para>tar.bz2: docs/schema</para>
-        </listitem>
+    <itemizedlist>
+      <listitem>
+        <para>tar.bz2: docs/schema</para>
+      </listitem>
 
-        <listitem>
-          <para>DEB: /usr/share/doc/ldap-account-manager/docs/schema</para>
-        </listitem>
+      <listitem>
+        <para>DEB: /usr/share/doc/ldap-account-manager/docs/schema</para>
+      </listitem>
 
-        <listitem>
-          <para>RPM:
-          /usr/share/doc/ldap-account-manager-{VERSION}/schema</para>
-        </listitem>
-      </itemizedlist>
+      <listitem>
+        <para>RPM: /usr/share/doc/ldap-account-manager-{VERSION}/schema</para>
+      </listitem>
+    </itemizedlist>
 
-      <literallayout>
+    <literallayout>
 </literallayout>
 
-      <para><emphasis role="bold">OpenLDAP with slapd.conf
-      configuration</emphasis></para>
+    <para><emphasis role="bold">OpenLDAP with slapd.conf
+    configuration</emphasis></para>
 
-      <para>For a configuration with slapd.conf-file copy
-      passwordSelfReset.schema to /etc/ldap/schema/ and add this line to
-      slapd.conf:</para>
+    <para>For a configuration with slapd.conf-file copy
+    passwordSelfReset.schema to /etc/ldap/schema/ and add this line to
+    slapd.conf:</para>
 
-      <literallayout>  include         /etc/ldap/schema/passwordSelfReset.schema
+    <literallayout>  include         /etc/ldap/schema/passwordSelfReset.schema
 
 </literallayout>
 
-      <para><emphasis role="bold">OpenLDAP with slapd.d
-      configuration</emphasis></para>
+    <para><emphasis role="bold">OpenLDAP with slapd.d
+    configuration</emphasis></para>
 
-      <para>For slapd.d configurations you need to upload the schema file
-      passwordSelfReset.ldif via ldapadd command:</para>
+    <para>For slapd.d configurations you need to upload the schema file
+    passwordSelfReset.ldif via ldapadd command:</para>
 
-      <para>ldapadd -x -W -H ldap://localhost -D "cn=admin,o=test,c=de" -f
-      passwordSelfReset.ldif</para>
+    <para>ldapadd -x -W -H ldap://<emphasis>localhost</emphasis> -D
+    "<emphasis>cn=admin,o=test,c=de</emphasis>" -f
+    passwordSelfReset.ldif</para>
 
-      <para>Please replace "localhost" with your LDAP server and
-      "cn=admin,o=test,c=de" with your LDAP admin user (usually starts with
-      cn=admin or cn=manager).</para>
+    <para>Please replace "<emphasis>localhost</emphasis>" with your LDAP
+    server and "<emphasis>cn=admin,o=test,c=de</emphasis>" with your LDAP
+    admin user (usually starts with cn=admin or cn=manager).</para>
 
-      <literallayout>
+    <literallayout>
 </literallayout>
 
-      <para><emphasis role="bold">389 server</emphasis></para>
+    <para><emphasis role="bold">389 server</emphasis></para>
 
-      <para>Please replace INSTANCE with installation ID, e.g.
-      slapd-389ds.</para>
+    <para>Please replace INSTANCE with installation ID, e.g.
+    slapd-389ds.</para>
 
-      <literallayout>  cp passwordSelfReset-389server.ldif /etc/dirsrv/INSTANCE/schema/70pwdreset.ldif
+    <literallayout>  cp passwordSelfReset-389server.ldif /etc/dirsrv/INSTANCE/schema/70pwdreset.ldif
   systemctl restart dirsrv.target
 
 </literallayout>
 
-      <para><emphasis role="bold">Samba 4</emphasis></para>
+    <para><emphasis role="bold">Samba 4</emphasis></para>
 
-      <para>The schema files are passwordSelfReset-Samba4-attributes.ldif and
-      passwordSelfReset-Samba4-objectClass.ldif.</para>
+    <para>The schema files are passwordSelfReset-Samba4-attributes.ldif and
+    passwordSelfReset-Samba4-objectClass.ldif.</para>
 
-      <para>First, you need to edit them and replace "DOMAIN_TOP_DN" with your
-      LDAP suffix (e.g. dc=samba4,dc=test).</para>
+    <para>First, you need to edit them and replace "DOMAIN_TOP_DN" with your
+    LDAP suffix (e.g. dc=samba4,dc=test).</para>
 
-      <para>Then install the attribute and afterwards the object class schema
-      file:</para>
+    <para>Then install the attribute and afterwards the object class schema
+    file:</para>
 
-      <literallayout>  ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
+    <literallayout>  ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-attributes.ldif --option="dsdb:schema update allowed"=true
   ldbmodify -H /var/lib/samba/private/sam.ldb passwordSelfReset-Samba4-objectClass.ldif --option="dsdb:schema update allowed"=true
 
 </literallayout>
 
-      <para><emphasis role="bold">Windows</emphasis></para>
+    <para><emphasis role="bold">Windows</emphasis></para>
 
-      <para>The schema file is passwordSelfReset-Windows.ldif.</para>
+    <para>The schema file is passwordSelfReset-Windows.ldif.</para>
 
-      <para>First, you need to edit it and replace "DOMAIN_TOP_DN" with your
-      LDAP suffix (e.g. dc=windows,dc=test).</para>
+    <para>First, you need to edit it and replace "DOMAIN_TOP_DN" with your
+    LDAP suffix (e.g. dc=windows,dc=test).</para>
 
-      <para>Then install the schema file as administrator on a command
-      line:</para>
+    <para>Then install the schema file as administrator on a command
+    line:</para>
 
-      <literallayout>  ldifde -v -i -f passwordSelfReset-Windows.ldif
+    <literallayout>  ldifde -v -i -f passwordSelfReset-Windows.ldif
 
 </literallayout>
 
-      <para>This allows to set a security question + answer for each
-      account.</para>
-    </section>
+    <para>This allows to set a security question + answer for each
+    account.</para>
+  </section>
 
-    <section id="passwordSelfResetSchema_update">
-      <title>Schema update</title>
+  <section id="passwordSelfResetSchema_update">
+    <title>Schema update</title>
 
-      <para>The schema files are located in:</para>
+    <para>The schema files are located in:</para>
 
-      <itemizedlist>
-        <listitem>
-          <para>tar.bz2: docs/schema/updates</para>
-        </listitem>
+    <itemizedlist>
+      <listitem>
+        <para>tar.bz2: docs/schema/updates</para>
+      </listitem>
 
-        <listitem>
-          <para>DEB:
-          /usr/share/doc/ldap-account-manager/docs/schema/updates</para>
-        </listitem>
+      <listitem>
+        <para>DEB:
+        /usr/share/doc/ldap-account-manager/docs/schema/updates</para>
+      </listitem>
 
-        <listitem>
-          <para>RPM:
-          /usr/share/doc/ldap-account-manager-{VERSION}/schema/updates</para>
-        </listitem>
-      </itemizedlist>
+      <listitem>
+        <para>RPM:
+        /usr/share/doc/ldap-account-manager-{VERSION}/schema/updates</para>
+      </listitem>
+    </itemizedlist>
 
-      <literallayout>
+    <literallayout>
 </literallayout>
 
-      <para>Schema versions:</para>
+    <para>Schema versions:</para>
 
-      <orderedlist>
-        <listitem>
-          <para>Initial version (LAM Pro 3.6 - 4.4)</para>
-        </listitem>
+    <orderedlist>
+      <listitem>
+        <para>Initial version (LAM Pro 3.6 - 4.4)</para>
+      </listitem>
 
-        <listitem>
-          <para>Added passwordSelfResetBackupMail (LAM Pro 4.5 - 5.5)</para>
-        </listitem>
+      <listitem>
+        <para>Added passwordSelfResetBackupMail (LAM Pro 4.5 - 5.5)</para>
+      </listitem>
 
-        <listitem>
-          <para>Multiple security questions (LAM Pro 5.6)</para>
-        </listitem>
-      </orderedlist>
+      <listitem>
+        <para>Multiple security questions (LAM Pro 5.6)</para>
+      </listitem>
+    </orderedlist>
 
-      <literallayout>
+    <literallayout>
 </literallayout>
 
-      <para><emphasis role="bold">OpenLDAP with slapd.conf
-      configuration</emphasis></para>
+    <para><emphasis role="bold">OpenLDAP with slapd.conf
+    configuration</emphasis></para>
 
-      <para>Install the schema file like a <link
-      linkend="passwordSelfResetSchema_new">new install</link> (skip
-      modification of slapd.conf file).</para>
+    <para>Install the schema file like a <link
+    linkend="passwordSelfResetSchema_new">new install</link> (skip
+    modification of slapd.conf file).</para>
 
-      <literallayout>
+    <literallayout>
 </literallayout>
 
-      <para><emphasis role="bold">OpenLDAP with slapd.d
-      configuration</emphasis></para>
+    <para><emphasis role="bold">OpenLDAP with slapd.d
+    configuration</emphasis></para>
 
-      <para>The upgrade requires to stop the LDAP server.</para>
+    <para>The upgrade requires to stop the LDAP server.</para>
 
-      <para>Steps:</para>
+    <para>Steps:</para>
 
-      <orderedlist>
-        <listitem>
-          <para>Stop OpenLDAP with e.g. "/etc/init.d/slapd stop"</para>
-        </listitem>
+    <orderedlist>
+      <listitem>
+        <para>Stop OpenLDAP with e.g. "/etc/init.d/slapd stop"</para>
+      </listitem>
 
-        <listitem>
-          <para>Delete the old schema file. It is located in e.g.
-          "/etc/ldap/slapd.d/cn=config/cn=schema" and called
-          "cn={XX}passwordselfreset.ldif" (XX can be any number)</para>
-        </listitem>
+      <listitem>
+        <para>Delete the old schema file. It is located in e.g.
+        "/etc/ldap/slapd.d/cn=config/cn=schema" and called
+        "cn={XX}passwordselfreset.ldif" (XX can be any number)</para>
+      </listitem>
 
-        <listitem>
-          <para>Start OpenLDAP with e.g. "/etc/init.d/slapd start"</para>
-        </listitem>
+      <listitem>
+        <para>Start OpenLDAP with e.g. "/etc/init.d/slapd start"</para>
+      </listitem>
 
-        <listitem>
-          <para>Install the schema file like a <link
-          linkend="passwordSelfResetSchema_new">new install</link></para>
-        </listitem>
-      </orderedlist>
+      <listitem>
+        <para>Install the schema file like a <link
+        linkend="passwordSelfResetSchema_new">new install</link></para>
+      </listitem>
+    </orderedlist>
 
-      <literallayout>
+    <literallayout>
 </literallayout>
 
-      <para><emphasis role="bold">Samba 4</emphasis></para>
+    <para><emphasis role="bold">Samba 4</emphasis></para>
 
-      <para>Install the these update files by following the install
-      instructions in the file. In case you you upgrade with a version
-      difference of 2 or more you will need to apply all intermediate update
-      scripts.</para>
+    <para>Install the these update files by following the install instructions
+    in the file. In case you you upgrade with a version difference of 2 or
+    more you will need to apply all intermediate update scripts.</para>
 
-      <itemizedlist>
-        <listitem>
-          <para>samba4_version_1_to_2_attributes.ldif (upgrade from version 1
-          only)</para>
-        </listitem>
+    <itemizedlist>
+      <listitem>
+        <para>samba4_version_1_to_2_attributes.ldif (upgrade from version 1
+        only)</para>
+      </listitem>
 
-        <listitem>
-          <para>samba4_version_1_to_2_objectClass.ldif (upgrade from version 1
-          only)</para>
-        </listitem>
+      <listitem>
+        <para>samba4_version_1_to_2_objectClass.ldif (upgrade from version 1
+        only)</para>
+      </listitem>
 
-        <listitem>
-          <para>samba4_version_2_to_3_attributes.ldif (upgrade from version
-          2)</para>
-        </listitem>
+      <listitem>
+        <para>samba4_version_2_to_3_attributes.ldif (upgrade from version
+        2)</para>
+      </listitem>
 
-        <listitem>
-          <para>samba4_version_2_to_3_objectClass.ldif (upgrade from version
-          2)</para>
-        </listitem>
-      </itemizedlist>
+      <listitem>
+        <para>samba4_version_2_to_3_objectClass.ldif (upgrade from version
+        2)</para>
+      </listitem>
+    </itemizedlist>
 
-      <para>Please note that attributes file needs to be installed
-      first.</para>
+    <para>Please note that attributes file needs to be installed first.</para>
 
-      <literallayout>
+    <literallayout>
 </literallayout>
 
-      <para><emphasis role="bold">Windows</emphasis></para>
+    <para><emphasis role="bold">Windows</emphasis></para>
 
-      <para>Install the file(s) by following the install instructions in the
-      file. In case you you upgrade with a version difference of 2 or more you
-      will need to apply all intermediate update scripts.</para>
+    <para>Install the file(s) by following the install instructions in the
+    file. In case you you upgrade with a version difference of 2 or more you
+    will need to apply all intermediate update scripts.</para>
 
-      <itemizedlist>
-        <listitem>
-          <para>windows_version_1_to_2.ldif (upgrade from version 1
-          only)</para>
-        </listitem>
+    <itemizedlist>
+      <listitem>
+        <para>windows_version_1_to_2.ldif (upgrade from version 1 only)</para>
+      </listitem>
 
-        <listitem>
-          <para>windows_version_2_to_3.ldif (upgrade from version 2)</para>
-        </listitem>
-      </itemizedlist>
-    </section>
-  </appendix>
- 
+      <listitem>
+        <para>windows_version_2_to_3.ldif (upgrade from version 2)</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+</appendix>

lam/help/.htaccess

@@ -1,9 +1,3 @@
 <Files *>
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Files>

lam/lib/.htaccess

@@ -1,9 +1,3 @@
 <Files *>
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Files>

lam/locale/.htaccess

@@ -1,9 +1,3 @@
 <Files *>
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Files>

lam/sess/.htaccess

@@ -1,9 +1,3 @@
 <Files *>
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Files>

lam/tmp/internal/.htaccess

@@ -1,9 +1,3 @@
 <Files *>
-  <IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-  </IfModule>
-  <IfModule mod_authz_core.c>
-    Require all denied
-  </IfModule>
+  Require all denied
 </Files>