starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 00:05:50 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity
10 releases 11 tags
  • v0.6.2 5e83ed8eb0

    v0.6.2 Stable

    kerem released this 2025-08-18 01:06:44 +03:00 | 73 commits to main since this release

    📅 Originally published on GitHub: Sun, 17 Aug 2025 22:07:10 GMT
    🏷️ Git tag created: Sun, 17 Aug 2025 22:06:44 GMT

    [0.6.2] 2025-07-21

    Small release, focused on LDAP improvements and ongoing maintenance.

    Added

    • LDAP
      • Support for searching groups by their groupid
      • Support for whoamiOID
      • Support for creating groups
      • Support for subschema entry
    • Custom assets path.
    • New endpoint for requesting client settings

    Changed

    • A missing JWT secret now prevents startup.
    • Attributes with invalid characters (such as underscores) cannot be created anymore.
    • Searching custom (string) attributes is now case insensitive.
    • Using the top-level firstName, lastName and avatar GraphQL fields for users is now deprecated. Use the attributes field instead.

    Fixed

    • lldap_set_password now uses the system's SSL certificates.

    Cleanups

    • Split the main lldap crate into many sub-crates
    • Various dependency version bumps
    • Upgraded to 2024 Rust edition
    • Docs/FAQ improvements

    Bootstrap script

    • Custom attributes support
    • Read the paswsord from a file
    • Resilient to no user or group files

    New services

    • Discord integration (Discord role to LLDAP user)
    • HashiCorp
    • Jellyfin 2FA with Duo
    • Kimai
    • Mailcow
    • Peertube
    • Penpot
    • PgAdmin
    • Project Quay
    • Quadlet
    • Snipe-IT
    • SSSD
    • Stalwart
    • UnifiOS

    New Contributors

    Full Changelog: https://github.com/lldap/lldap/compare/v0.6.1...v0.6.2

    Downloads
  • v0.6.1 acd39d20b1

    v0.6.1 Stable

    kerem released this 2024-11-23 00:47:49 +03:00 | 185 commits to main since this release

    📅 Originally published on GitHub: Fri, 22 Nov 2024 21:48:41 GMT
    🏷️ Git tag created: Fri, 22 Nov 2024 21:47:49 GMT

    Small release, mainly to fix a migration issue with Sqlite and Postgresql.

    Added

    • Added a link to a community terraform provider (#1035)

    Changed

    • The opaque dependency now points to the official crate rather than a fork (#1040)

    Fixed

    • Migration of the DB schema from 7 to 8 is now automatic for sqlite, and fixed for postgres (#1045)
    • The startup warning about key_seed applying instead of key_file now has instructions on how to silence it (#1032)

    New services

    • OneDev

    New Contributors

    Full Changelog: https://github.com/lldap/lldap/compare/v0.6.0...v0.6.1

    Downloads
  • v0.6.0 098745ebc9

    v0.6.0 Stable

    kerem released this 2024-11-09 23:46:49 +03:00 | 196 commits to main since this release

    📅 Originally published on GitHub: Sat, 09 Nov 2024 20:50:07 GMT
    🏷️ Git tag created: Sat, 09 Nov 2024 20:46:49 GMT

    Long-awaited release, with the flagship feature of custom attributes! This unlock many integrations, notably Linux user management through PAM.

    Thanks to all the contributors who sent some code, some configuration guide, reported a bug or otherwise helped the project!

    Breaking

    • The endpoint /auth/reset/step1 is now POST instead of GET (#704)

    Added

    • Custom attributes are now supported (#67) ! You can add new fields (string, integers, JPEG or dates) to users and query them. That unlocks many integrations with other services, and allows for a deeper/more customized integration. Special thanks to @pixelrazor and @bojidar-bg for their help with the UI.
    • Custom object classes (for all users/groups) can now be added (#833)
    • Barebones support for Paged Results Control (no paging, no respect for windows, but a correct response with all the results) (#698)
    • A daily docker image is tagged and released. (#613)
    • A bootstrap script allows reading the list of users/groups from a file and making sure the server contains exactly the same thing. (#654)
    • Make it possible to serve lldap behind a sub-path in (#752)
    • LLDAP can now be found on a custom package repository for opensuse, fedora, ubuntu, debian and centos (Repository link). Thanks @Masgalor for setting it up and maintaining it.
    • There's now an option to force reset the admin password (#748) optionally on every restart (#959)
    • There's a rootless docker container (#755)
    • entryDN is now supported (#780)
    • Unknown LDAP controls are now detected and ignored (#787, #799)
    • A community-developed CLI for scripting (#793)
    • Added a way to print raw logs to debug long-running sessions (#992)

    Changed

    • The official docker repository is now lldap/lldap
    • Removed password length limitation in lldap_set_password tool
    • Group names and emails are now case insensitive, but keep their casing (#666)
    • Better error messages (and exit code (#745)) when changing the private key (#778, #1008), using the wrong SMTP port (#970), using the wrong env variables (#972)
    • Allow member= filters with plain user names (not full DNs) (#949)
    • Correctly detect and refuse anonymous binds (#974)
    • Clearer logging (#971, #981, #982)

    Fixed

    • Logging out applies globally, not just in the local browser. (#721)
    • It's no longer possible to create the same user twice (#745)
    • Fix wide substring filters (#738)
    • Don't log the database password if provided in the connection URL (#735)
    • Fix a panic when postgres uses a different collation (#821)
    • The UI now defaults to the user ID for users with no display names (#843)
    • Fix searching for users with more than one memberOf filter (#872)
    • Fix compilation on Windows (#932) and Illumos (#964)
    • The UI now correctly detects whether password resets are enabled. (#753)
    • Fix a missing lowercasing of username when changing passwords through LDAP (#1012)
    • Fix SQLite writers erroring when racing (#1021)
    • LDAP sessions no longer buffer their logs until unbind, causing memory leaks (#1025)

    Performance

    • Only expand attributes once per query, not per result (#687)

    Security

    • When asked to send a password reset to an unknown email, sleep for 3 seconds and don't print the email in the error (#887)

    New services

    Linux user accounts can now be managed by LLDAP, using PAM and nslcd.

    • Apereo CAS server
    • Carpal
    • Gitlab
    • Grocy
    • Harbor
    • Home Assistant
    • Jenkins
    • Kasm
    • Maddy
    • Mastodon
    • Metabase
    • MegaRAC-BMC
    • Netbox
    • OCIS
    • Prosody
    • Radicale
    • SonarQube
    • Traccar
    • Zitadel
    Downloads
  • v0.5.0 6f04530700

    v0.5.0 Stable

    kerem released this 2023-09-14 21:36:32 +03:00 | 378 commits to main since this release

    📅 Originally published on GitHub: Thu, 14 Sep 2023 18:39:18 GMT
    🏷️ Git tag created: Thu, 14 Sep 2023 18:36:32 GMT

    What's changed

    Breaking

    • Emails and UUIDs are now enforced to be unique.
      • If you have several users with the same email, you'll have to disambiguate
        them. You can do that by either issuing SQL commands directly
        (UPDATE users SET email = 'x@x' WHERE user_id = 'bob';), or by reverting
        to a 0.4.x version of LLDAP and editing the user through the web UI.
        An error will prevent LLDAP 0.5+ from starting otherwise.
      • This was done to prevent account takeover for systems that allow to
        login via email.

    Added

    • The server private key can be set as a seed from an env variable (#504).
      • This is especially useful when you have multiple containers, they don't
        need to share a writeable folder.
    • Added support for changing the password through a plain LDAP Modify
      operation (as opposed to an extended operation), to allow Jellyfin
      to change password (#620).
    • Allow creating a user with multiple objectClass (#612).
    • Emails now have a message ID (#608).
    • Added a warning for browsers that have WASM/JS disabled (#639).
    • Added support for querying OUs in LDAP (#669).
    • Added a button to clear the avatar in the UI (#358).

    Changed

    • Groups are now sorted by name in the web UI (#623).
    • ARM build now uses musl (#584).
    • Improved logging.
    • Default admin user is only created if there are no admins (#563).
      • That allows you to remove the default admin, making it harder to
        bruteforce.

    Fixed

    • Fixed URL parsing with a trailing slash in the password setting utility
      (#597).

    New services

    • Ejabberd
    • Ergo
    • LibreNMS
    • Mealie
    • MinIO
    • OpnSense
    • PfSense
    • PowerDnsAdmin
    • Proxmox
    • Squid
    • Tandoor recipes
    • TheLounge
    • Zabbix-web
    • Zulip

    In addition to all that, there was significant progress towards https://github.com/lldap/lldap/issues/67,
    user-defined attributes. That complex feature will unblock integration with many
    systems, including PAM authentication.

    New Contributors

    Full Changelog: https://github.com/lldap/lldap/compare/v0.4.3...v0.5.0

    Downloads
  • v0.4.3 252132430c

    v0.4.3 Stable

    kerem released this 2023-04-11 16:01:41 +03:00 | 470 commits to main since this release

    📅 Originally published on GitHub: Tue, 11 Apr 2023 13:03:41 GMT
    🏷️ Git tag created: Tue, 11 Apr 2023 13:01:41 GMT

    The repository has changed from nitnelave/lldap to lldap/lldap, both on GitHub
    and on DockerHub (although we will keep publishing the images to
    nitnelave/lldap for the foreseeable future). All data on GitHub has been
    migrated, and the new docker images are available both on DockerHub and on the
    GHCR under lldap/lldap.

    Added

    • EC private keys are not supported for LDAPS.

    Changed

    • SMTP user no longer has a default value (and instead defaults to unauthenticated).

    Fixed

    • WASM payload is now delivered uncompressed to Safari due to a Safari bug.
    • Password reset no longer redirects to login page.
    • NextCloud config should add the "mail" attribute.
    • GraphQL parameters are now urldecoded, to support special characters in usernames.
    • Healthcheck correctly checks the server certificate.

    New services

    • Home Assistant
    • Shaarli
    Downloads
  • v0.4.2 afe91c7cc0

    v0.4.2 Stable

    kerem released this 2023-03-27 12:07:24 +03:00 | 501 commits to main since this release

    📅 Originally published on GitHub: Mon, 27 Mar 2023 09:37:03 GMT
    🏷️ Git tag created: Mon, 27 Mar 2023 09:07:24 GMT

    Added

    • Add support for MySQL/MariaDB/PostgreSQL, in addition to SQLite.
    • Healthcheck command for docker setups.
    • User creation through LDAP.
    • IPv6 support.
    • Dev container for VsCode.
    • Add support for DN LDAP filters.
    • Add support for SubString LDAP filters.
    • Add support for LdapCompare operation.
    • Add support for unencrypted/unauthenticated SMTP connection.
    • Add a command to setup the database schema.
    • Add a tool to set a user's password from the command line.
    • Added consistent release artifacts.

    Changed

    • Payload is now compressed, reducing the size to 700kb.
    • entryUUID is returned in the default LDAP fields.
    • Slightly improved support for LDAP browsing tools.
    • Password reset can be identified by email (instead of just username).
    • Various front-end improvements, and support for dark mode.
    • Add content-type header to the password reset email, fixing rendering issues in some clients.
    • Identify groups with "cn" instead of "uid" in memberOf field.

    Removed

    • Removed dependency on nodejs/rollup.

    Fixed

    • Email is now using the async API.
    • Fix handling of empty/null names (display, first, last).
    • Obscured old password field when changing password.
    • Respect user setting to disable password resets.
    • Fix handling of "present" filters with unknown attributes.
    • Fix handling of filters that could lead to an ambiguous SQL query.

    New services

    • Authentik
    • Dell iDRAC
    • Dex
    • Kanboard
    • NextCloud + OIDC or Authelia
    • Nexus
    • SUSE Rancher
    • VaultWarden
    • WeKan
    • WikiJS
    • ZendTo

    Dependencies (highlights)

    • Upgraded Yew to 0.19
    • Upgraded actix to 0.13
    • Upgraded clap to 4
    • Switched from sea-query to sea-orm 0.11

    New Contributors

    A special shout-out to @pixelrazor and @martadinata666 for their help with this release!

    Full Changelog: https://github.com/nitnelave/lldap/compare/v0.4.1...v0.4.2

    Downloads
  • v0.4.1 32f28d664e

    v0.4.1 Stable

    kerem released this 2022-10-10 18:46:34 +03:00 | 609 commits to main since this release

    📅 Originally published on GitHub: Mon, 10 Oct 2022 15:49:32 GMT
    🏷️ Git tag created: Mon, 10 Oct 2022 15:46:34 GMT

    [0.4.1] - 2022-10-10

    Added

    • Added support for STARTTLS for SMTP.
    • Added support for user profile pictures, including importing them from OpenLDAP.
    • Added support for every config value to be specified in a file.
    • Added support for PKCS1 keys.

    Changed

    • The dn attribute is no longer returned as an attribute (it's still part of the response).
    • Empty attributes are no longer returned.
    • The docker image now uses the locally-downloaded assets.
    Downloads
  • v0.4.0 91d12a7e97

    v0.4.0 Stable

    kerem released this 2022-07-08 20:02:20 +03:00 | 674 commits to main since this release

    📅 Originally published on GitHub: Fri, 08 Jul 2022 17:06:58 GMT
    🏷️ Git tag created: Fri, 08 Jul 2022 17:02:20 GMT

    v0.4.0

    Quick update to replace lldap_readonly with 2 groups lldap_password_manager and lldap_strict_readonly.

    Breaking

    The lldap_readonly group has been renamed lldap_password_manager (migration happens automatically) and a new lldap_strict_readonly group was introduced.

    Added

    • A new lldap_strict_readonly group allows granting readonly rights to users (not able to change other's passwords, in particular).

    Changed

    • The lldap_readonly group is renamed lldap_password_manager since it still allows users to change (non-admin) passwords.

    Removed

    • The lldap_readonly group was removed.
    Downloads
  • v0.3.0 6701027002

    v0.3.0 Stable

    kerem released this 2022-07-08 15:49:01 +03:00 | 678 commits to main since this release

    📅 Originally published on GitHub: Fri, 08 Jul 2022 12:54:54 GMT
    🏷️ Git tag created: Fri, 08 Jul 2022 12:49:01 GMT

    v0.3.0

    This new release brings LLDAP to a stable point where it should be compatible with most services and can be safely used as main source of truth for managing users!

    Thanks to all the new contributors who helped make this release and continue to improve LLDAP 🎆

    Breaking

    As part of the update, the database will do a one-time automatic migration to
    add UUIDs and group creation times.

    Added

    • Added support and documentation for many services:
      • Apache Guacamole
      • Bookstack
      • Calibre
      • Dolibarr
      • Emby
      • Gitea
      • Grafana
      • Jellyfin
      • Matrix Synapse
      • NextCloud
      • Organizr
      • Portainer
      • Seafile
      • Syncthing
      • WG Portal
    • New migration tool from OpenLDAP.
    • New docker images for alternate architectures (arm64, arm/v7).
    • Added support for LDAPS.
    • New readonly group.
    • Added UUID attribute for users and groups.
    • Frontend now uses the refresh tokens to reduce the number of logins needed.

    Changed

    • Much improved logging format.
    • Simplified API login.
    • Allowed non-admins to run search queries on the content they can see.
    • "cn" attribute now returns the Full Name, not Username.
    • Unknown attributes now warn instead of erroring.
      • Introduced a list of attributes to silence those warnings.

    Deprecated

    • Deprecated "cn" as LDAP username, "uid" is the correct attribute.

    Fixed

    • Usernames, objectclass and attribute names are now case insensitive.
    • Handle "1.1" and other wildcard LDAP attributes.
    • Handle "memberOf" attribute.
    • Handle fully-specified scope.

    Security

    • Prevent SQL injections due to interaction between two libraries.

    New Contributors

    Thanks to all contributors, old and new. A special welcome to these new contributors:

    • @Sblop
    • @abbiewade
    • @haveachin
    • @JaidenW
    • @matthewstrasiotto
    • @dada513
    • @publicdesert
    • @martadinata666
    • @MickMorley
    • @martin-leydier
    • @alduraibi
    • @grehund
    • @adepssimius
    Downloads
  • v0.2.0 6191fb226a

    v0.2.0 Stable

    kerem released this 2021-11-28 02:55:35 +03:00 | 807 commits to main since this release

    📅 Originally published on GitHub: Mon, 29 Nov 2021 09:14:23 GMT
    🏷️ Git tag created: Sat, 27 Nov 2021 23:55:35 GMT

    This release implements many of the missing nice-to-haves from the MVP:

    • Password changing through LDAP, for password reset through other services (e.g. Authelia, KeyCloak).
    • Password reset through the Web UI.
    • LDAP protocol improvements to add support for various services (Authelia, KeyCloak, Jitsi Meet and more)
    • Cross-compilation support for ARM (Raspberry Pi) and more.

    But also:

    • Better test code coverage.
    • Refactoring for future app and config improvements.
    • Small UI changes (disabled buttons while requests are loading).
    • Better documentation.

    Thank you to those who contributed to this release:

    • @kaysond
    • @draganczukp
    • @bunkerman
    • @Bleala
    Downloads