diff --git a/allow-anon-bind.patch b/allow-anon-bind.patch
index 028b8cb..5273244 100644
--- a/allow-anon-bind.patch
+++ b/allow-anon-bind.patch
@@ -1,22 +1,66 @@
-Remove the check requiring a bind_dn
+commit b6d8e26e92b78b58a3dd22fae7b74be27ef2e37a
+Author: John Thiltges <jthiltges2@unl.edu>
+Date:   Thu Feb 21 16:21:37 2019 -0600
 
-The code assumes an Active Directory server. For a non-AD server, it works
-fine with an anonymous bind.
+    Remove the checks requiring a bind_dn
+    
+    The code assumes an Active Directory server. For a non-AD server such as OpenLDAP, it works fine with an anonymous bind.
 
-diff -r -U3 duoauthproxy-2.4.12-src.orig/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py duoauthproxy-2.4.12-src/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py
---- duoauthproxy-2.4.12-src.orig/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py	2015-08-04 08:39:11.000000000 -0500
-+++ duoauthproxy-2.4.12-src/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py	2015-10-16 10:53:07.624913666 -0500
-@@ -293,13 +293,6 @@
-             ldap_filter = None
+diff --git a/pkgs/duoauthproxy/duoauthproxy/lib/util.py b/pkgs/duoauthproxy/duoauthproxy/lib/util.py
+index a19ad54..c9165cb 100644
+--- a/pkgs/duoauthproxy/duoauthproxy/lib/util.py
++++ b/pkgs/duoauthproxy/duoauthproxy/lib/util.py
+@@ -344,16 +344,13 @@ def parse_ad_client(config):
+         'auth_type', ldap.client.AD_AUTH_TYPES,
+         ldap.client.AD_AUTH_TYPE_NTLM_V2, str.lower)
  
-         # validate configuration
--        if (auth_type == ldap.client.AD_AUTH_TYPE_PLAIN and not bind_dn):
--            raise base.ConfigError(
--                'Missing required configuration item: if \'auth_type\' '
--                'is \'plain\', then \'bind_dn\' is required')
--        else:
--            bind_dn = bind_dn or '<ROOT>'
+-    # service_account_username, service_account_password are optional
+-    # for auth_type = AD_AUTH_TYPE_SSPI; mandatory otherwise
+-    is_sspi = (auth_type == ldap.client.AD_AUTH_TYPE_SSPI)
+     service_account_username = config.get_str(
+         'service_account_username',
+-        '' if is_sspi else None)
++        '')
+     service_account_password = config.get_protected_str(
+         'service_account_password_protected',
+         'service_account_password',
+-        '' if is_sspi else None)
++        '')
+ 
+     timeout = config.get_int('timeout', 10)
+     search_dn = config.get_str('search_dn')
+@@ -380,11 +377,6 @@ def parse_ad_client(config):
+     else:
+         ldap_filter = None
+ 
+-    # A blank bind_dn will be rejected with auth-type plain in validation
+-    # otherwise we supply a default
+-    if not bind_dn:
+-        bind_dn = '<ROOT>'
 -
-         if (auth_type == ldap.client.AD_AUTH_TYPE_PLAIN
-             and transport_type == ldap.client.AD_TRANSPORT_CLEAR):
-             log.msg('WARNING: you have selected cleartext (plain) authentication for Active Directory')
+     warning_message = warn_insecure_settings(auth_type, transport_type)
+     if warning_message:
+         log.msg(warning_message)
+diff --git a/pkgs/duoauthproxy/duoauthproxy/lib/validation/config/check/ad_client.py b/pkgs/duoauthproxy/duoauthproxy/lib/validation/config/check/ad_client.py
+index 772e0cb..b85b57c 100644
+--- a/pkgs/duoauthproxy/duoauthproxy/lib/validation/config/check/ad_client.py
++++ b/pkgs/duoauthproxy/duoauthproxy/lib/validation/config/check/ad_client.py
+@@ -54,7 +54,7 @@ def check_required_keys(config, toolbox):
+     # the value. Validation will happen in check_config_values and we don't
+     # want duplicate errors if the auth_type config is invalid.
+     auth_type = config.get('auth_type') or ldap.client.AD_AUTH_TYPE_NTLM_V2
+-    if auth_type.lower() != ldap.client.AD_AUTH_TYPE_SSPI:
++    if auth_type.lower() not in (ldap.client.AD_AUTH_TYPE_SSPI, ldap.client.AD_AUTH_TYPE_PLAIN):
+         if not toolbox.test_config_has_key(config, 'service_account_username'):
+             problems.append(MissingKey(key='service_account_username'))
+ 
+@@ -183,9 +183,6 @@ def check_valid_bind_dn_for_auth_type(config, toolbox):
+                                     ldap.client.AD_AUTH_TYPES,
+                                     ldap.client.AD_AUTH_TYPE_NTLM_V2)
+         has_bind_dn = toolbox.test_config_has_value(config, 'bind_dn')
+-        if auth_type == ldap.client.AD_AUTH_TYPE_PLAIN and not has_bind_dn:
+-            problems.append(UnmetDependency(message='bind_dn is required for '
+-                                                    'auth_type %s' % auth_type))
+     except ConfigError:
+         problems.append(SkippedTest(
+             test=check_valid_bind_dn_for_auth_type.__name__, key='auth_type'))
diff --git a/authproxy.sample-openldap.cfg b/authproxy.sample-openldap.cfg
index b925c15..a8b9d89 100644
--- a/authproxy.sample-openldap.cfg
+++ b/authproxy.sample-openldap.cfg
@@ -5,9 +5,9 @@ host_3=ldap3.example.edu
 search_dn=ou=People,dc=example,dc=edu
 auth_type=plain
 username_attribute=uid
-service_account_username=
-service_account_password=
-bind_dn=
+#service_account_username=
+#service_account_password=
+#bind_dn=
 
 [ldap_server_auto]
 ikey=IIIIIIIIIIIIIIIIIIII
diff --git a/duoauthproxy.spec b/duoauthproxy.spec
index f8612b1..68deeac 100644
--- a/duoauthproxy.spec
+++ b/duoauthproxy.spec
@@ -1,53 +1,58 @@
 Name:           duoauthproxy
-Version:        2.4.12
+Version:        2.14.0
+%define srctag  bd60798
 Release:        1%{?dist}
 Summary:        Duo Authentication Proxy
 
 Group:          System Environment/Daemons
 License:        Commercial
-URL:            https://www.duosecurity.com/docs/ldap
+URL:            https://duo.com/docs/authproxy-reference
 Source0:        https://dl.duosecurity.com/duoauthproxy-%{version}-src.tgz
 Source1:        authproxy.sample-openldap.cfg
-Patch0:         non-interactive-install.patch
-Patch1:         allow-anon-bind.patch
+Patch0:         allow-anon-bind.patch
 
 %define svc_user    nobody
 %define install_dir /opt/%{name}
 %global debug_package %{nil}
 
-BuildRequires: python-devel
-BuildRequires: openssl-devel
-BuildRequires: perl
+# Bytecode compilation fails in lib2to3/tests/data/py3_test_grammar.py
+%global _python_bytecompile_errors_terminate_build 0
 
-# Needed by the init script
-Requires: initscripts
-Requires: chkconfig
+BuildRequires: gcc
+BuildRequires: libffi-devel
+BuildRequires: make
+BuildRequires: perl
+BuildRequires: python-devel
+BuildRequires: zlib-devel
+%{?systemd_requires}
 
 %description
 Proxies RADIUS or LDAP authentication attempts and adds Duo authentication
 
 %prep
-%setup -q -n %{name}-%{version}-src
+%setup -q -n %{name}-%{version}-%{srctag}-src
 %patch0 -p1
-%patch1 -p1
 
 # Sample config
 cp -p %{SOURCE1} conf
 
-# Set username in authproxyctl
-perl -p -i -e "s/^USER_DEFAULT = None$/USER_DEFAULT = '%{svc_user}'/g" pkgs/duoauthproxy/scripts/authproxyctl
+# Set username in authproxyctl and duoauthproxy.tap
+perl -p -i -e "s/^USER_DEFAULT = None$/USER_DEFAULT = '%{svc_user}'/g" \
+    pkgs/duoauthproxy/scripts/authproxyctl \
+    pkgs/duoauthproxy/scripts/duoauthproxy.tap
 
 %build
-make
+#make %{_smp_mflags}
+make -j1
 
 %install
 rm -rf %{buildroot}
 
 # The included installer doesn't work with buildroots, so we install manually
-#duoauthproxy-build/install
+#duoauthproxy-build/install --install-dir=%{buildroot}%{install_dir} --service-user=%{svc_user} --create-init-script=yes
 
 ########################################################
-# Extract the RHEL init script from the python installer
+# Extract the systemd service file from the python installer
 mv duoauthproxy-build/install install.py
 
 cat > get_init.py << EOF
@@ -55,27 +60,53 @@ import install
 params = {'service_user': '%{svc_user}',
           'install_dir':  '%{install_dir}' }
 
-print install.INITSCRIPT_REDHAT_TMPL % params
+print install.INITSCRIPT_SYSTEMD_TMPL % params
 EOF
 python get_init.py > init
-install -D init %{buildroot}/%{_initddir}/%{name}
+install -D init %{buildroot}/%{_unitdir}/%{name}.service
 
 ########################################################
 # Install the application
 mkdir -p %{buildroot}/%{install_dir}
 cp -a duoauthproxy-build/* %{buildroot}/%{install_dir}
 
+# Remove static libraries from install
+# - They are not needed at runtime
+# - libpython2.7.a is installed with 555 perms and RPM symbol stripping fails
+find %{buildroot} -name '*.a' -delete
+
+# Remove headers and manpages
+rm -rf %{buildroot}/%{install_dir}/usr/local/include \
+       %{buildroot}/%{install_dir}/usr/local/openssl/include \
+       %{buildroot}/%{install_dir}/usr/local/*/man
+
+# Fix the python interpreter path
+pkgs/Python-2.7.14/Tools/scripts/pathfix.py -i %{install_dir}/usr/local/bin/python \
+  %{buildroot}/%{install_dir}/usr/local/bin \
+  %{buildroot}/%{install_dir}/usr/local/lib/python2.7/cgi.py \
+  %{buildroot}/%{install_dir}/usr/local/bin/{2to3,authproxy,authproxy_connectivity_tool,authproxyctl,authproxy_primary_only,authproxy_support,automat-visualize,cftp,ckeygen,conch,easy_install,easy_install-2.7,idle,install,m2r,mailmail,netaddr,pbr,pydoc,pyhtmlizer,python2.7-config,tkconch,trial,twist,twistd}
+# And remove backup files
+rm %{buildroot}/%{install_dir}/usr/local/bin/*~ \
+   %{buildroot}/%{install_dir}/usr/local/lib/python2.7/cgi.py~
+
+# Remove unnecessary OpenSSL pieces which drag in perl
+rm %{buildroot}/%{install_dir}/usr/local/openssl/{misc/tsget,misc/CA.pl,bin/c_rehash}
+
+# Add symlinks for Duo components
+ln -s -t %{buildroot}/%{install_dir}/bin ../usr/local/bin/{authproxy,authproxy_connectivity_tool,authproxy_primary_only,authproxy_support,authproxyctl}
+
+# Switch over to the bundled python for byte-compilation
+%define __python %{buildroot}/%{install_dir}/usr/local/bin/python
+
 %clean
 rm -rf %{buildroot}
 
 %post
-/sbin/chkconfig --add %{name}
-
+%systemd_post %{name}.service
 %preun
-if [ $1 = 0 ]; then # Final removal
-    /sbin/service %{name} stop >/dev/null 2>&1 || :
-    /sbin/chkconfig --del %{name}
-fi
+%systemd_preun %{name}.service
+%postun
+%systemd_postun_with_restart %{name}.service
 
 %files
 %defattr(-,root,root,-)
@@ -84,13 +115,17 @@ fi
 %config(noreplace) %attr(640,%{svc_user},%{svc_user}) %{install_dir}/conf/authproxy.cfg
 %{install_dir}/conf/authproxy.sample-openldap.cfg
 %{install_dir}/doc
-%{install_dir}/include
-%{install_dir}/lib
-%{install_dir}/lib64
 %attr(750,%{svc_user},%{svc_user}) %{install_dir}/log
 %attr(750,%{svc_user},%{svc_user}) %{install_dir}/run
-%{_initddir}/%{name}
+%{install_dir}/usr
+%{_unitdir}/%{name}.service
 
 %changelog
+* Thu Feb 21 2019 John Thiltges <> 2.14.0-1
+- Upstream release 2.14.0
+
+* Mon May 16 2016 John Thiltges <> 2.4.17-1
+- Upstream release 2.4.17
+
 * Fri Oct 16 2015 John Thiltges <> 2.4.12-1
 - Initial package
diff --git a/non-interactive-install.patch b/non-interactive-install.patch
deleted file mode 100644
index 1134ddf..0000000
--- a/non-interactive-install.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/scripts/install b/scripts/install
-index 9542fd9..079dc23 100755
---- a/scripts/install
-+++ b/scripts/install
-@@ -374,7 +374,7 @@ class AuthproxyInstaller(object):
- 
-     def install(self):
-         # user interaction
--        self.show_license()
-+        #self.show_license()
-         self.get_install_dir()
-         self.get_user()
- 
-@@ -620,7 +620,10 @@ class AuthproxyInstaller(object):
-             print 'Failed to create uninstall script: %s' % e
- 
- def main(argv):
--    installer = AuthproxyInstaller()
-+    installer = AuthproxyInstaller(
-+            install_dir=AuthproxyInstaller.INSTALL_DIR_DEFAULT,
-+            service_user=AuthproxyInstaller.USER_DEFAULT,
-+            do_initscript=True)
-     try:
-         installer.install()
-         return 0