LemonLDAP::NG 2.18 is out!

This is a new release for 2.0 major version including fixes improvements and new features.

⚠ Please follow upgrade notes if you upgrade from a previous version!

🔐 Security

A small security issue has been fixed: we now enforce Safe Jail in lemonldap-ng.ini to disable the possibility for someone having only access to Manager to disable it. See #2980

🌟 Improvements and new features

OpenID Connect

A lot of improvements of this release are linked to OpenID Connect protocol:

• JWT encryption (JWE)
• New supported algorithms: EC* and PS*
• Parameter acr_values can now be used to require a specific authentication level
• Add client_secret_jwt and private_key_jwt authentication mechanisms

Second Factors (2FA)

First, we improved the user experience (UX):

• User is now redirected to 2FA Manager after registering its device
• User can remember its 2FA with Trusted Browser plugin

A big evolution has also been done in WebAuthn (FIDO2) to manage attestation validation

Password management

Some improvements for password management:

• Password strength indicator relying on zxcvbn
• Possibility to trigger password reset through CLI
• Encryption of password if password is stored in session

📃 Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM), our Docker image or get the archives.

👏 Credits

A lot of people and organizations have contributed to this version, thanks to them!

• Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
• Organizations : Gendarmerie Nationale, Worteks, Linagora, Orange, INRAE, CNAM, Université de Limoges, Université Lyon 2, Ministère de l'Agriculture, Fiducial, Métropole de Lyon
• Community (issues opening, tests, patches, pull requests) : Xavier Bachelot, Mickael Bride, Bruno MATEU,  Emmanuel Decoux, Jérôme Lagrue, Antoine Gallavardin, Hadrien Pelissier, Dave Conroy, Raphaël Odienne, Marek Wójtowicz

If you use LemonLDAP::NG and enjoy it, please let us know:

• https://lemonldap-ng.org/references.html
• https://www.openhub.net/p/lemonldap-ng
• http://alternativeto.net/software/lemonldap-ng/
• https://comptoir-du-libre.org/softwares/view/101
• https://framalibre.org/content/lemonldapng
• https://fosstodon.org/@lemonldapng
• http://twitter.com/lemonldapng
• https://www.facebook.com/lemonldapng/