Was updating an instance on an older Ubuntu 20 focal and … seems the 5.12.0-1 Ubuntu package now requires the ldap module with version higher than 8.2, but this is not currently available via the sury repo for installs on focal . 5.11.0-1 did not require php-ldap.
The sury-based ldap module is not found when searching (maybe there isn’t one)… it appears that this depends on the OS in this case, which is the older version 7.4:
# apt search php-ldap
Sorting... Done
Full Text Search... Done
php-ldap/focal 2:7.4+75 all
LDAP module for PHP [default]
Because of the missing dependency, it will show passbolt-ce-server is an available update, but will not install, and there is no message regarding ldap unless running apt update passbolt-ce-server.
Q: Can ldap be reverted to an optional requirement?
Yes, I know many users have numerous reasons for not being able to upgrade, but that’s not my concern. The linked passbolt download page shows focal is still supported.
My concern is more that it broke but I couldn’t find anything announcing that it would, and I am curious why ldap is now a required module (as some users don’t use ldap features).
I guess I’m arguing more towards exclusion, and not inclusion of older packages. The focal instance in the case above is running php8.4.
Not sure if by “supported” you mean passbolt-supported or Ubuntu-supported, but I will always be ok with any changes that are communicated. If the Ubuntu package is not meant any longer for focal, I would expect the passbolt focal repo link should not still work. But maybe it just needs to be brought down?
Hey Garrett, thanks for raising this and good to see you albeit not in ideal situation for you!
You’re right that our support policy and distro compatibility story are not clearly documented today, and that’s on us. We also didn’t test this combination specifically.
A few clarifications:
Ubuntu Focal is no longer supported, despite the repository naming still suggesting otherwise. The repo naming is an old mistake we did, as passbolt is having a rolling release, it is not built for one or more specific versions.
In general, we aim to support the current Ubuntu LTS and the previous LTS for as long as reasonably possible.
Since passbolt follows a rolling release model, we can’t commit to fixed OS EOL dates. Realistically, users should expect roughly ~18 months of mileage from a supported distro version, similarly to our API version support window.
LDAP is now mandatory because we’re actively merging the CE and PRO codebases to make transitions between editions much smoother going forward.
As a follow-up action on our side, we’ll improve the hosting documentation to make distro support/EOL expectations much clearer.
This is great, thanks. It sounds like I became an unofficial legacy tester - awesome!!
Since the update process is not using the same flow as the install script, maybe a message in the healthcheck is a good place for package users (or all users) to indicate not just old version, but also unsupported. Based on what you were saying, it might be good to remove jammy from the install scripts.
