LemonLDAP::NG 2.19 is out!
This is a new release for 2.0 major version including fixes improvements and new features.
⚠ Please follow upgrade notes if you upgrade from a previous version!
🔐 Security
Some security improvements have been done:
- Password complexity checks are now done by POST instead of GET (see #3132)
- Session ID can be hashed in backend, to avoid been able to retrieve the ID when reading the session backend (see #3075). This is not enabled by default, you have to update configuration parameter "hashedSessionStore"
🌟 Improvements and new features
OpenID Connect
ANSSI (French gov security agency) has published some recommendations on OpenID Connect usage: Recommandations pour la sécurisation de la mise en oeuvre du protocole OpenID Connect
LemonLDAP::NG can now be configured to comply with all these recommendations, for example by protecting the metadata endpoint, forbid HS* algorithms or require JWS authentication.
See our dedicated documentation page to know how configure your instance.
Second factor (2FA)
Some new features on 2FA system:
- Users can now retry a 2FA instead of restarting the full authentication process (see #3080)
- Okta can be used as 2FA provider (see #3038)
Audit logs
This feature is in beta mode. It allows to write your own logging class to format the log as you need.
See our documentation.
Jitsi Meet JWT authentication
We create a specific issuer module to be able to return JWT to Jitsi, which is now to official method for Single Sign On.
See our documentation.
📃 Changelog
The full changelog can be found here.
⬇ Download
Use the official repositories (Debian/RPM), our Docker image or get the archives.
👏 Credits
A lot of people and organizations have contributed to this version, thanks to them!
- Core team: Maxime Besson, David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot
- Organizations : Gendarmerie Nationale, Linagora, Worteks, Orange, Fiducial, SITIV, Ministère de l'Agriculture, Douanes, INRAE, Groupe Avem
- Community (issues opening, tests, patches, pull requests) : Xavier Bachelot, Phlippe Lhardy, Gabriele Licari, Daniel Berteaud, Soisik Froger, Abhishek Pai
If you use LemonLDAP::NG and enjoy it, please let us know:
- https://lemonldap-ng.org/references.html
- https://www.openhub.net/p/lemonldap-ng
- http://alternativeto.net/software/lemonldap-ng/
- https://comptoir-du-libre.org/softwares/view/101
- https://framalibre.org/content/lemonldapng
- https://fosstodon.org/@lemonldapng
- http://twitter.com/lemonldapng
- https://www.facebook.com/lemonldapng/