From 098745ebc900788adb3ffdafc3dd196b7f5201aa Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Tue, 29 Oct 2024 16:23:58 +0100 Subject: [PATCH] release: 0.6.0 --- CHANGELOG.md | 82 ++++++++++++++++++++++++++++++++++++++++++++++- Cargo.lock | 8 ++--- README.md | 20 +++++++++--- app/Cargo.toml | 2 +- auth/Cargo.toml | 2 +- server/Cargo.toml | 2 +- 6 files changed, 104 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10c9869..ed10900 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,86 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [0.6.0] 2024-11-09 + +### Breaking + +- The endpoint `/auth/reset/step1` is now `POST` instead of `GET` (#704) + +### Added + +- Custom attributes are now supported (#67) ! You can add new fields (string, integers, JPEG or dates) to users and query them. That unlocks many integrations with other services, and allows for a deeper/more customized integration. Special thanks to @pixelrazor and @bojidar-bg for their help with the UI. +- Custom object classes (for all users/groups) can now be added (#833) +- Barebones support for Paged Results Control (no paging, no respect for windows, but a correct response with all the results) (#698) +- A daily docker image is tagged and released. (#613) +- A bootstrap script allows reading the list of users/groups from a file and making sure the server contains exactly the same thing. (#654) +- Make it possible to serve lldap behind a sub-path in (#752) +- LLDAP can now be found on a custom package repository for opensuse, fedora, ubuntu, debian and centos ([Repository link](https://software.opensuse.org//download.html?project=home%3AMasgalor%3ALLDAP&package=lldap)). Thanks @Masgalor for setting it up and maintaining it. +- There's now an option to force reset the admin password (#748) optionally on every restart (#959) +- There's a rootless docker container (#755) +- entryDN is now supported (#780) +- Unknown LDAP controls are now detected and ignored (#787, #799) +- A community-developed CLI for scripting (#793) +- Added a way to print raw logs to debug long-running sessions (#992) + + +### Changed + +- The official docker repository is now `lldap/lldap` +- Removed password length limitation in lldap_set_password tool +- Group names and emails are now case insensitive, but keep their casing (#666) +- Better error messages (and exit code (#745)) when changing the private key (#778, #1008), using the wrong SMTP port (#970), using the wrong env variables (#972) +- Allow `member=` filters with plain user names (not full DNs) (#949) +- Correctly detect and refuse anonymous binds (#974) +- Clearer logging (#971, #981, #982) + +### Fixed + +- Logging out applies globally, not just in the local browser. (#721) +- It's no longer possible to create the same user twice (#745) +- Fix wide substring filters (#738) +- Don't log the database password if provided in the connection URL (#735) +- Fix a panic when postgres uses a different collation (#821) +- The UI now defaults to the user ID for users with no display names (#843) +- Fix searching for users with more than one `memberOf` filter (#872) +- Fix compilation on Windows (#932) and Illumos (#964) +- The UI now correctly detects whether password resets are enabled. (#753) +- Fix a missing lowercasing of username when changing passwords through LDAP (#1012) +- Fix SQLite writers erroring when racing (#1021) +- LDAP sessions no longer buffer their logs until unbind, causing memory leaks (#1025) + +### Performance + +- Only expand attributes once per query, not per result (#687) + +### Security + +- When asked to send a password reset to an unknown email, sleep for 3 seconds and don't print the email in the error (#887) + +### New services + +Linux user accounts can now be managed by LLDAP, using PAM and nslcd. + +- Apereo CAS server +- Carpal +- Gitlab +- Grocy +- Harbor +- Home Assistant +- Jenkins +- Kasm +- Maddy +- Mastodon +- Metabase +- MegaRAC-BMC +- Netbox +- OCIS +- Prosody +- Radicale +- SonarQube +- Traccar +- Zitadel + ## [0.5.0] 2023-09-14 ### Breaking @@ -71,7 +151,7 @@ systems, including PAM authentication. ## [0.4.3] 2023-04-11 The repository has changed from `nitnelave/lldap` to `lldap/lldap`, both on GitHub -and on DockerHub (although we will keep publishing the images to +and on DockerHub (although we will keep publishing the images to `nitnelave/lldap` for the foreseeable future). All data on GitHub has been migrated, and the new docker images are available both on DockerHub and on the GHCR under `lldap/lldap`. diff --git a/Cargo.lock b/Cargo.lock index 51645b7..3f3e64e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2499,7 +2499,7 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "lldap" -version = "0.5.1-alpha" +version = "0.6.0" dependencies = [ "actix", "actix-files", @@ -2526,7 +2526,7 @@ dependencies = [ "futures-util", "graphql_client 0.11.0", "hmac 0.12.1", - "http 1.1.0", + "http 0.2.12", "image", "itertools", "juniper", @@ -2575,7 +2575,7 @@ dependencies = [ [[package]] name = "lldap_app" -version = "0.5.1-alpha" +version = "0.6.0" dependencies = [ "anyhow", "base64 0.13.1", @@ -2606,7 +2606,7 @@ dependencies = [ [[package]] name = "lldap_auth" -version = "0.4.0" +version = "0.6.0" dependencies = [ "chrono", "curve25519-dalek", diff --git a/README.md b/README.md index 99f4bc1..572abeb 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,15 @@ services: # You can also set a different database: # - LLDAP_DATABASE_URL=mysql://mysql-user:password@mysql-server/my-database # - LLDAP_DATABASE_URL=postgres://postgres-user:password@postgres-server/my-database + # If using SMTP, set the following variables + # - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true + # - LLDAP_SMTP_OPTIONS__SERVER=smtp.example.com + # - LLDAP_SMTP_OPTIONS__PORT=465 # Check your smtp providor's documentation for this setting + # - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=TLS # How the connection is encrypted, either "NONE" (no encryption, port 25), "TLS" (sometimes called SSL, port 465) or "STARTTLS" (sometimes called TLS, port 587). + # - LLDAP_SMTP_OPTIONS__USER=no-reply@example.com # The SMTP user, usually your email address + # - LLDAP_SMTP_OPTIONS__PASSWORD=PasswordGoesHere # The SMTP password + # - LLDAP_SMTP_OPTIONS__FROM=no-reply # The header field, optional: how the sender appears in the email. The first is a free-form name, followed by an email between <>. + # - LLDAP_SMTP_OPTIONS__TO=admin # Same for reply-to, optional. ``` Then the service will listen on two ports, one for LDAP and one for the web @@ -474,10 +483,13 @@ create users, set passwords, add them to groups and so on. Users can also connect to the web UI and change their information, or request a password reset link (if you configured the SMTP client). -Creating and managing custom attributes is currently in Beta. It's not -supported in the Web UI. The recommended way is to use -[Zepmann/lldap-cli](https://github.com/Zepmann/lldap-cli), a -community-contributed CLI frontend. +You can create and manage custom attributes through the Web UI, or through the +community-contributed CLI frontend ( +[Zepmann/lldap-cli](https://github.com/Zepmann/lldap-cli)). This is necessary +for some service integrations. + +The [bootstrap.sh](scripts/bootstrap.sh) script can enforce a list of +users/groups/attributes from a given file, reflecting it on the server. LLDAP is also very scriptable, through its GraphQL API. See the [Scripting](docs/scripting.md) docs for more info. diff --git a/app/Cargo.toml b/app/Cargo.toml index aee6f61..c767e11 100644 --- a/app/Cargo.toml +++ b/app/Cargo.toml @@ -6,7 +6,7 @@ homepage = "https://github.com/lldap/lldap" license = "GPL-3.0-only" name = "lldap_app" repository = "https://github.com/lldap/lldap" -version = "0.5.1-alpha" +version = "0.6.0" include = ["src/**/*", "queries/**/*", "Cargo.toml", "../schema.graphql"] [dependencies] diff --git a/auth/Cargo.toml b/auth/Cargo.toml index 6d11fd1..e68fda7 100644 --- a/auth/Cargo.toml +++ b/auth/Cargo.toml @@ -6,7 +6,7 @@ homepage = "https://github.com/lldap/lldap" license = "GPL-3.0-only" name = "lldap_auth" repository = "https://github.com/lldap/lldap" -version = "0.4.0" +version = "0.6.0" [features] default = ["opaque_server", "opaque_client"] diff --git a/server/Cargo.toml b/server/Cargo.toml index f0ecdb7..609625c 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -8,7 +8,7 @@ keywords = ["cli", "ldap", "graphql", "server", "authentication"] license = "GPL-3.0-only" name = "lldap" repository = "https://github.com/lldap/lldap" -version = "0.5.1-alpha" +version = "0.6.0" [dependencies] actix = "0.13"