LemonLDAP::NG 2.18 is out!

This is a new release for 2.0 major version including fixes improvements and new features.

⚠ Please follow upgrade notes if you upgrade from a previous version!

Some regressions have been found in 2.18.0, please be sure to use at least 2.18.1

🔐 Security

A small security issue has been fixed: we now enforce Safe Jail in lemonldap-ng.ini to disable the possibility for someone having only access to Manager to disable it. See #2980

🌟 Improvements and new features

OpenID Connect

A lot of improvements of this release are linked to OpenID Connect protocol:

  • JWT encryption (JWE)
  • New supported algorithms: EC* and PS*
  • Parameter acr_values can now be used to require a specific authentication level
  • Add client_secret_jwt and private_key_jwt authentication mechanisms

Second Factors (2FA)

First, we improved the user experience (UX):

  • User is now redirected to 2FA Manager after registering its device
  • User can remember its 2FA with Trusted Browser plugin

A big evolution has also been done in WebAuthn (FIDO2) to manage attestation validation

Password management

Some improvements for password management:

  • Password strength indicator relying on zxcvbn
  • Possibility to trigger password reset through CLI
  • Encryption of password if password is stored in session

📃 Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM), our Docker image or get the archives.

👏 Credits

A lot of people and organizations have contributed to this version, thanks to them!

  • Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
  • Organizations : Gendarmerie Nationale, Worteks, Linagora, Orange, INRAE, CNAM, Université de Limoges, Université Lyon 2, Ministère de l'Agriculture, Fiducial, Métropole de Lyon
  • Community (issues opening, tests, patches, pull requests) : Xavier Bachelot, Mickael Bride, Bruno MATEU,  Emmanuel Decoux, Jérôme Lagrue, Antoine Gallavardin, Hadrien Pelissier, Dave Conroy, Raphaël Odienne, Marek Wójtowicz

If you use LemonLDAP::NG and enjoy it, please let us know: