release: 0.6.0

CHANGELOG.md

@@ -5,6 +5,86 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.0] 2024-11-09
+
+### Breaking
+
+- The endpoint `/auth/reset/step1` is now `POST` instead of `GET` (#704)
+
+### Added
+
+- Custom attributes are now supported (#67) ! You can add new fields (string, integers, JPEG or dates) to users and query them. That unlocks many integrations with other services, and allows for a deeper/more customized integration. Special thanks to @pixelrazor and @bojidar-bg for their help with the UI.
+- Custom object classes (for all users/groups) can now be added (#833)
+- Barebones support for Paged Results Control (no paging, no respect for windows, but a correct response with all the results) (#698)
+- A daily docker image is tagged and released. (#613)
+- A bootstrap script allows reading the list of users/groups from a file and making sure the server contains exactly the same thing. (#654)
+- Make it possible to serve lldap behind a sub-path in (#752)
+- LLDAP can now be found on a custom package repository for opensuse, fedora, ubuntu, debian and centos ([Repository link](https://software.opensuse.org//download.html?project=home%3AMasgalor%3ALLDAP&package=lldap)). Thanks @Masgalor for setting it up and maintaining it.
+- There's now an option to force reset the admin password (#748) optionally on every restart (#959)
+- There's a rootless docker container (#755)
+- entryDN is now supported (#780)
+- Unknown LDAP controls are now detected and ignored (#787, #799)
+- A community-developed CLI for scripting (#793)
+- Added a way to print raw logs to debug long-running sessions (#992)
+
+
+### Changed
+
+- The official docker repository is now `lldap/lldap`
+- Removed password length limitation in lldap_set_password tool
+- Group names and emails are now case insensitive, but keep their casing (#666)
+- Better error messages (and exit code (#745)) when changing the private key (#778, #1008), using the wrong SMTP port (#970), using the wrong env variables (#972)
+- Allow `member=` filters with plain user names (not full DNs) (#949)
+- Correctly detect and refuse anonymous binds (#974)
+- Clearer logging (#971, #981, #982)
+
+### Fixed
+
+- Logging out applies globally, not just in the local browser. (#721)
+- It's no longer possible to create the same user twice (#745)
+- Fix wide substring filters (#738)
+- Don't log the database password if provided in the connection URL (#735)
+- Fix a panic when postgres uses a different collation (#821)
+- The UI now defaults to the user ID for users with no display names (#843)
+- Fix searching for users with more than one `memberOf` filter (#872)
+- Fix compilation on Windows (#932) and Illumos (#964)
+- The UI now correctly detects whether password resets are enabled. (#753)
+- Fix a missing lowercasing of username when changing passwords through LDAP (#1012)
+- Fix SQLite writers erroring when racing (#1021)
+- LDAP sessions no longer buffer their logs until unbind, causing memory leaks (#1025)
+
+### Performance
+
+- Only expand attributes once per query, not per result (#687)
+
+### Security
+
+- When asked to send a password reset to an unknown email, sleep for 3 seconds and don't print the email in the error (#887)
+
+### New services
+
+Linux user accounts can now be managed by LLDAP, using PAM and nslcd.
+
+- Apereo CAS server
+- Carpal
+- Gitlab
+- Grocy
+- Harbor
+- Home Assistant
+- Jenkins
+- Kasm
+- Maddy
+- Mastodon
+- Metabase
+- MegaRAC-BMC
+- Netbox
+- OCIS
+- Prosody
+- Radicale
+- SonarQube
+- Traccar
+- Zitadel
+
 ## [0.5.0] 2023-09-14
 
 ### Breaking
@@ -71,7 +151,7 @@ systems, including PAM authentication.
 ## [0.4.3] 2023-04-11
 
 The repository has changed from `nitnelave/lldap` to `lldap/lldap`, both on GitHub
-and on DockerHub (although we will keep publishing the images to 
+and on DockerHub (although we will keep publishing the images to
 `nitnelave/lldap` for the foreseeable future). All data on GitHub has been
 migrated, and the new docker images are available both on DockerHub and on the
 GHCR under `lldap/lldap`.

Cargo.lock

@@ -2499,7 +2499,7 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 
 [[package]]
 name = "lldap"
-version = "0.5.1-alpha"
+version = "0.6.0"
 dependencies = [
  "actix",
  "actix-files",
@@ -2526,7 +2526,7 @@ dependencies = [
  "futures-util",
  "graphql_client 0.11.0",
  "hmac 0.12.1",
- "http 1.1.0",
+ "http 0.2.12",
  "image",
  "itertools",
  "juniper",
@@ -2575,7 +2575,7 @@ dependencies = [
 
 [[package]]
 name = "lldap_app"
-version = "0.5.1-alpha"
+version = "0.6.0"
 dependencies = [
  "anyhow",
  "base64 0.13.1",
@@ -2606,7 +2606,7 @@ dependencies = [
 
 [[package]]
 name = "lldap_auth"
-version = "0.4.0"
+version = "0.6.0"
 dependencies = [
  "chrono",
  "curve25519-dalek",

README.md

@@ -163,6 +163,15 @@ services:
       # You can also set a different database:
       # - LLDAP_DATABASE_URL=mysql://mysql-user:password@mysql-server/my-database
       # - LLDAP_DATABASE_URL=postgres://postgres-user:password@postgres-server/my-database
+      # If using SMTP, set the following variables
+      # - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true
+      # - LLDAP_SMTP_OPTIONS__SERVER=smtp.example.com
+      # - LLDAP_SMTP_OPTIONS__PORT=465 # Check your smtp providor's documentation for this setting
+      # - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=TLS # How the connection is encrypted, either "NONE" (no encryption, port 25), "TLS" (sometimes called SSL, port 465) or "STARTTLS" (sometimes called TLS, port 587).
+      # - LLDAP_SMTP_OPTIONS__USER=no-reply@example.com # The SMTP user, usually your email address
+      # - LLDAP_SMTP_OPTIONS__PASSWORD=PasswordGoesHere # The SMTP password
+      # - LLDAP_SMTP_OPTIONS__FROM=no-reply <no-reply@example.com> # The header field, optional: how the sender appears in the email. The first is a free-form name, followed by an email between <>.
+      # - LLDAP_SMTP_OPTIONS__TO=admin <admin@example.com> # Same for reply-to, optional.
 ```
 
 Then the service will listen on two ports, one for LDAP and one for the web
@@ -474,10 +483,13 @@ create users, set passwords, add them to groups and so on. Users can also
 connect to the web UI and change their information, or request a password reset
 link (if you configured the SMTP client).
 
-Creating and managing custom attributes is currently in Beta. It's not
-supported in the Web UI. The recommended way is to use
-[Zepmann/lldap-cli](https://github.com/Zepmann/lldap-cli), a
-community-contributed CLI frontend.
+You can create and manage custom attributes through the Web UI, or through the
+community-contributed CLI frontend (
+[Zepmann/lldap-cli](https://github.com/Zepmann/lldap-cli)). This is necessary
+for some service integrations.
+
+The [bootstrap.sh](scripts/bootstrap.sh) script can enforce a list of
+users/groups/attributes from a given file, reflecting it on the server.
 
 LLDAP is also very scriptable, through its GraphQL API. See the
 [Scripting](docs/scripting.md) docs for more info.

app/Cargo.toml

@@ -6,7 +6,7 @@ homepage = "https://github.com/lldap/lldap"
 license = "GPL-3.0-only"
 name = "lldap_app"
 repository = "https://github.com/lldap/lldap"
-version = "0.5.1-alpha"
+version = "0.6.0"
 include = ["src/**/*", "queries/**/*", "Cargo.toml", "../schema.graphql"]
 
 [dependencies]

auth/Cargo.toml

@@ -6,7 +6,7 @@ homepage = "https://github.com/lldap/lldap"
 license = "GPL-3.0-only"
 name = "lldap_auth"
 repository = "https://github.com/lldap/lldap"
-version = "0.4.0"
+version = "0.6.0"
 
 [features]
 default = ["opaque_server", "opaque_client"]

server/Cargo.toml

@@ -8,7 +8,7 @@ keywords = ["cli", "ldap", "graphql", "server", "authentication"]
 license = "GPL-3.0-only"
 name = "lldap"
 repository = "https://github.com/lldap/lldap"
-version = "0.5.1-alpha"
+version = "0.6.0"
 
 [dependencies]
 actix = "0.13"