List of Changes for Laserfiche Directory Server 10.4.3 Update 1

March 25, 2020 | KB: 1014136
Directory Server 10.4.3

Summary

This article details the list of changes for Laserfiche Directory Server 10.4.3 Update 1.

  • When setting credentials for querying Active Directory (AD) or LDAP directories, the credentials are no longer audited.
  • Large Laserfiche Directory Server instances (tens of thousands of users) are able to migrate users from one group to another without unintended users losing group membership.
  • When Laserfiche end applications are on a different domain than the Security Token Service (STS), single sign out is no longer broken due to browser cross site cookie policy changes. For more information, see Knowledge Base article 1014094

The update includes the following files:

  • LFDS.exe (Version 10.4.3.319)
  • LMAdminWeb.dll (Version 10.4.3.319)
  • STS.Core.dll (Version 10.4.3.319)
  • WebSTS.LFDS.dll (Version 10.4.3.319)
  • Web.config (STS)
  • app.min.js

Resolution

Click the following link to download a ZIP file containing the hotfix.

[link temporarily removed]

  1. Stop the Laserfiche Directory Server service (LicenseManagerWCF). Make sure that the LFDS.exe process has stopped before installing the update.
  2. Extract and run LFDS_1043_KB1014136.msp on the computer hosting Directory Server.
  3. Ensure the Laserfiche Directory Server service is started back up.
  4. Manually alter the Security Token Service (STS) Web.config file in order to complete the cross-site cookie fix:
    1. Open the Directory Server STS's web.config file in a text editor. The default path is C:\Program Files\Laserfiche\Directory Server\Web\WebSTS\Web.config.
    2. Look for the <system.web> block.
    3. Within the <system.web> block, add the following lines: 
      <httpCookies sameSite="None" httpOnlyCookies="true" requireSSL="true" />
<sessionState cookieSameSite="None" />
    4. Under the <system.identityModel.services> block, look for the <federationConfiguration> block.
    5. Within the <federationConfiguration> block, modify the cookieHandler element to require secure cookies: 
      <cookieHandler path="/LFDSSTS" name="STSAuth" requireSsl="true" />
    6. Save your changes to the STS web.config file.

Additional Information

After installing the patch:

  • If the IdentityProviderEvent logs are not needed then navigate to the AuditLog folder and search for IdentityProviderEvent. Delete all the log files and empty the recycling bin.
  • If the IdentityProviderEvent logs are needed then use the log sanitization script in Knowledge Base article 1014135 to scrub the IdentityProviderEvent logs of any sensitive data.

If uninstalling the patch:

  • If error Failed to uninstall update (error: 0x00000BC2) is encountered when uninstalling the patch, this is no cause for concern. This means that a restart of the machine is recommended.