LemonLDAP::NG 2.0.14 is out!

This is a new release for 2.0 major version including fixes improvements and new features.

⚠ Please follow upgrade notes if you upgrade from a previous version!

🔐 Security

2 minor security issues have been fixed:

  • Issue #2612 (CVE-2021-40874): RESTServer pwdConfirm always returns true with Combination + Kerberos
  • Issue #2596: Open redirect in CAS gateway mode

🌟 Improvements and new features

WebAuthn (FIDO 2)

LemonLDAP::NG can now use WebAuthn standard for second factor authentication (2FA), see documentation.

As U2F (FIDO 1) is now deprecated with Chrome, a migration to WebAuthn is needed. See how to migrate existing U2F devices.

New website

The old dokuwiki site has been shut down and replaced by a new static website: https://lemonldap-ng.org/.

All technical documentation is managed with Sphinx and published in a sub directory: https://lemonldap-ng.org/documentation/latest/.

Risk based authentication

Now plugins can impact the authentication risk level, which can be used to force a second factor authentication or refuse the connection, see documentation.

A first plugin is available: New Location Warning Plugin.

Patterns with log4perl

Since 2.0 we can use log4perl to manage logs. In 2.0.14, some patterns have been added to ease logs customization. For example the IP address, user id and session id, or any environment variable, can be written for each log output. See documentation.

TOTP encryption

You can now encrypt TOTP secrets stored in persistent sessions. See documentation.

CAS service URL declaration

It is now possible to define several service URL for a CAS application.

Warning: this impact the Manager API which now expect an array instead a string for this parameter.

📃 Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM) or get the archives.

👏 Credits

Thanks to the governmental CERT of Luxembourg (GOVCERT.LU) for funding the implementation of WebAuthn.

  • Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
  • Organizations : Gendarmerie Nationale, Worteks, CCSD, Orange, GOVCERT.LU
  • Community (issues opening, tests, patches, pull requests) : Alexandre Karim, Stephan Voeth, Albert Rinceau, Jérémie Pierson, Olivier Gouëllain, Andreas Deschka, Mathieu MD, David Mandelberg, Hervé Guiguin, Simon Chopin, Christophe Segui, Alexandre Souppart

If you use LemonLDAP::NG and enjoy it, please let us know: