DOC: update CHANGELOG

8f6a20d7 · Timm Fitschen · b8a75ca4 · 8f6a20d7
Verified Commit 8f6a20d7 authored 3 years ago by Timm Fitschen
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,14 +11,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ### Changed

+* `misc/pam_authentication/ldap.conf` is not used for configuring the
+  `ldap_authentication.sh` script anymore.
+  Use `misc/pam_authentication/ldap.env` instead and view the documentation
+  inside the file itself for more information.
+
 ### Deprecated

 ### Removed

 ### Fixed

+* `ldap_authentication.sh <username>` failed on every attempt when used in
+  combination with OpenLDAP with default configuration.
+* `ldap_authentication.sh` allowed empty and even wrong passwords when used in
+  combination with MS Active Directory when AD is configured to allow binding
+  with an empty password.
+
 ### Security

+* `ldap_authentication.sh` allowed empty and even wrong passwords when used in
+  combination with MS Active Directory when AD is configured to allow binding
+  with an empty password. This is only relevant for non-default configurations
+  of the `PAM.pam_script` option in the `usersources.ini`.

 ## [0.7.2] - 2022-03-25
 (Timm Fitschen)