LemonLDAP::NG 2.0.15 is out!


This is a new release for 2.0 major version including fixes improvements and new features.

⚠ Please follow upgrade notes if you upgrade from a previous version!

🔐 Security

2 security issues have been fixed:

  • Issue #2758 (CVE-2022-37186): Session destroyed on portal but still valid on handlers while there is activity
  • Issue #2709: Session ID reflected in AJAX request to portal

🌟 Improvements and new features

RHEL 9

We now provide packages for RHEL / CentOS / Alma Linux / Rocky Linux 9, thanks to a big help of the community.

Use our yum/dnf repository as explained in the installation documentation.

OpenID Connect Refresh Tokens in authentication module

The OIDC client module can now read and store Refresh Tokens, and use them to get new Access Tokens.

Custom Captcha module

Captcha internal API has been created to allow usage of other Captcha modules. See man page of Lemonldap::NG::Portal::Captcha to know how to integrate your own Captcha module.

Remember authentication choice

You can now enable a plugin to let users remember their authentication choice. The user will then be redirected automatically instead of having to click on the logo or tab

OpenID Connect logout confirmation bypass

You can disable confirmation when logout is asked by a Relying Party, the logout will be done on portal and use will be redirected back to RP if a valid redirection URI has been set in logout request.

Hooks for SAML and OIDC authentication modules

New hooks have been added to customize authentication requests, for example to set a specific requested authentication context in SAML request.

FastCGI client package

The SSOaaS client is now available as a specific package.

IDP selection rules for CAS and OIDC

Since a long time we were able to configure a rule to autoselect an SAML IDP for a user. This is now possible also for CAS servers an OIDC providers.

Resend Second Factor code

Some 2FA modules send a code to user. User can now ask to resend the code if the previous one was not transmitted.

New lemonldap-ng-cli subcommand: merge

To import several changes at once, you can now use the merge action. Learn more by reading lemonldap-ng-cli documentation.

📃 Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM), our Docker image or get the archives.

👏 Credits

A lot of people and organizations have contributed to this version, thanks to them!

  • Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
  • Organizations : Gendarmerie Nationale, Worteks, CNAM, Orange, Clermont Métropole, Douanes, FER Genève, INRAE, CCSD, Mairie de Nanterre, SITIV, Ministère de l'Agriculture
  • Community (issues opening, tests, patches, pull requests) : Mickael Bride, Svgta, Albert Rinceau, Simon Hoggart, Xavier Bachelot, BEZY Rémy, Guillaume Carpentier, Antoine Gallavardin, Benjamin Demarteau, Slaven Rezic, Daniel Berteaud, andy tan, Eero Häkkinen.

If you use LemonLDAP::NG and enjoy it, please let us know: