LemonLDAP::NG 2.19 is out!

This is a new release for 2.0 major version including fixes improvements and new features.

⚠ Please follow upgrade notes if you upgrade from a previous version!

🔐 Security

Some security improvements have been done:

  • Password complexity checks are now done by POST instead of GET (see #3132)
  • Session ID can be hashed in backend, to avoid been able to retrieve the ID when reading the session backend (see #3075). This is not enabled by default, you have to update configuration parameter "hashedSessionStore"

🌟 Improvements and new features

OpenID Connect

ANSSI (French gov security agency) has published some recommendations on OpenID Connect usage: Recommandations pour la sécurisation de la mise en oeuvre du protocole OpenID Connect

LemonLDAP::NG can now be configured to comply with all these recommendations, for example by protecting the metadata endpoint, forbid HS* algorithms or require JWS authentication.

See our dedicated documentation page to know how configure your instance.

Second factor (2FA)

Some new features on 2FA system:

  • Users can now retry a 2FA instead of restarting the full authentication process (see #3080)
  • Okta can be used as 2FA provider (see #3038)

Audit logs

This feature is in beta mode. It allows to write your own logging class to format the log as you need.

See our documentation.

Jitsi Meet JWT authentication

We create a specific issuer module to be able to return JWT to Jitsi, which is now to official method for Single Sign On.

See our documentation.

📃 Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM), our Docker image or get the archives.

👏 Credits

A lot of people and organizations have contributed to this version, thanks to them!

  • Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
  • Organizations : Gendarmerie Nationale, Linagora, Worteks, Orange, Fiducial, SITIV, Ministère de l'Agriculture, Douanes, INRAE, Groupe Avem
  • Community (issues opening, tests, patches, pull requests) : Xavier Bachelot, Phlippe Lhardy, Gabriele Licari, Daniel Berteaud, Soisik Froger, Abhishek Pai

If you use LemonLDAP::NG and enjoy it, please let us know: