v0.6.1

Compare Source

Small release, mainly to fix a migration issue with Sqlite and Postgresql.

Added

• Added a link to a community terraform provider (#​1035)

Changed

• The opaque dependency now points to the official crate rather than a fork (#​1040)

Fixed

• Migration of the DB schema from 7 to 8 is now automatic for sqlite, and fixed for postgres (#​1045)
• The startup warning about key_seed applying instead of key_file now has instructions on how to silence it (#​1032)

New services

• OneDev

New Contributors

• @​traverseda made their first contribution in https://github.com/lldap/lldap/pull/1036
• @​tasansga made their first contribution in https://github.com/lldap/lldap/pull/1035
• @​jduepmeier made their first contribution in https://github.com/lldap/lldap/pull/1040
• @​xeoneox made their first contribution in https://github.com/lldap/lldap/pull/1041

Full Changelog: lldap/lldap@v0.6.0...v0.6.1

v0.6.0

Compare Source

Long-awaited release, with the flagship feature of custom attributes! This unlock many integrations, notably Linux user management through PAM.

Thanks to all the contributors who sent some code, some configuration guide, reported a bug or otherwise helped the project!

Breaking

• The endpoint /auth/reset/step1 is now POST instead of GET (#​704)

Added

• Custom attributes are now supported (#​67) ! You can add new fields (string, integers, JPEG or dates) to users and query them. That unlocks many integrations with other services, and allows for a deeper/more customized integration. Special thanks to @​pixelrazor and @​bojidar-bg for their help with the UI.
• Custom object classes (for all users/groups) can now be added (#​833)
• Barebones support for Paged Results Control (no paging, no respect for windows, but a correct response with all the results) (#​698)
• A daily docker image is tagged and released. (#​613)
• A bootstrap script allows reading the list of users/groups from a file and making sure the server contains exactly the same thing. (#​654)
• Make it possible to serve lldap behind a sub-path in (#​752)
• LLDAP can now be found on a custom package repository for opensuse, fedora, ubuntu, debian and centos (Repository link). Thanks @​Masgalor for setting it up and maintaining it.
• There's now an option to force reset the admin password (#​748) optionally on every restart (#​959)
• There's a rootless docker container (#​755)
• entryDN is now supported (#​780)
• Unknown LDAP controls are now detected and ignored (#​787, #​799)
• A community-developed CLI for scripting (#​793)
• Added a way to print raw logs to debug long-running sessions (#​992)

Changed

• The official docker repository is now lldap/lldap
• Removed password length limitation in lldap_set_password tool
• Group names and emails are now case insensitive, but keep their casing (#​666)
• Better error messages (and exit code (#​745)) when changing the private key (#​778, #​1008), using the wrong SMTP port (#​970), using the wrong env variables (#​972)
• Allow member= filters with plain user names (not full DNs) (#​949)
• Correctly detect and refuse anonymous binds (#​974)
• Clearer logging (#​971, #​981, #​982)

Fixed

• Logging out applies globally, not just in the local browser. (#​721)
• It's no longer possible to create the same user twice (#​745)
• Fix wide substring filters (#​738)
• Don't log the database password if provided in the connection URL (#​735)
• Fix a panic when postgres uses a different collation (#​821)
• The UI now defaults to the user ID for users with no display names (#​843)
• Fix searching for users with more than one memberOf filter (#​872)
• Fix compilation on Windows (#​932) and Illumos (#​964)
• The UI now correctly detects whether password resets are enabled. (#​753)
• Fix a missing lowercasing of username when changing passwords through LDAP (#​1012)
• Fix SQLite writers erroring when racing (#​1021)
• LDAP sessions no longer buffer their logs until unbind, causing memory leaks (#​1025)

Performance

• Only expand attributes once per query, not per result (#​687)

Security

• When asked to send a password reset to an unknown email, sleep for 3 seconds and don't print the email in the error (#​887)

New services

Linux user accounts can now be managed by LLDAP, using PAM and nslcd.

• Apereo CAS server
• Carpal
• Gitlab
• Grocy
• Harbor
• Home Assistant
• Jenkins
• Kasm
• Maddy
• Mastodon
• Metabase
• MegaRAC-BMC
• Netbox
• OCIS
• Prosody
• Radicale
• SonarQube
• Traccar
• Zitadel