LemonLDAP::NG 2.17 is out!

This is a new release for 2.0 major version including fixes improvements and new features.

⚠ Please follow upgrade notes if you upgrade from a previous version!

🔐 Security

2 security issues have been fixed:

  • Issue #2946: userControl regexp is not applied by authSlave
  • Issue #2931: open redirection due to incorrect escape handling in URI userinfo

🌟 Improvements and new features


Improvement of logout flow with several connected CAS applications


The administrator can now choose the key size before generating the certificatie for SAML signing and encryption.

Implementation of urn:oasis:names:tc:SAML:profiles:subject-id:req in SAML federations

OpenID Connect

Better management of keys rotations

RS256 is now the default ID Token signature algorithm

Improve compatibility for native applications

Possibility to externalize configuration (like what was done for SAML)

Front-Channel and Back-Channel logout

Second Factors (2FA)

Better accountability of 2FA devices


Cassandra can now be used to store configurations and sessions


A filter can be configured to match groups, which give the possibility to have different groups object classes in the directory


Icons of the menu can now be Font Awesome icons instead of images.

The full application menu can be requested by a REST webservice to be displayed in another portal

Manager API

New endpoint for Login History


Improve Radius support for 2FA and authentication

📃 Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM), our Docker image or get the archives.

👏 Credits

A lot of people and organizations have contributed to this version, thanks to them!

  • Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
  • Organizations : Gendarmerie Nationale, Worteks, Linagora, SITIV, e-collectivites, Orange, INRAE, Adoma, CNAM
  • Community (issues opening, tests, patches, pull requests) : Tung Tran, Xavier Bachelot, Alexandre KARIM, David Manso, Emmanuel Decoux, Far Fade, Jérémie Lesage, Soisik Froger, Walter Bender, Philippe Lhardy, Matt Marjanovic, Romain Leclerc, Boris Cerati

If you use LemonLDAP::NG and enjoy it, please let us know: