Skip to content

Releases: g0dsCookie/ldapauthd

v1.3.0

14 Apr 12:28
@g0dsCookie g0dsCookie
v1.3.0
7e8b65a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.0 Latest
Latest

Added

  • Added new option LDAPAUTHD_SESSION_PREFIX
    • This allows to use a single memcached for multiple ldapauthd instances

Updated

  • Updated container to use latest alpine3.11
Assets 2
Loading

v1.2.3

06 Aug 06:40
@g0dsCookie g0dsCookie
v1.2.3
de3f002
Compare
Choose a tag to compare
v1.2.3

Fixed

  • Retry memcache connection on ConnectionError before raising an exception
    • This introduced the new option LDAPAUTHD_SESSION_RETRY which accepts the count after which the login attempt should fail
Assets 2
Loading

v1.2.2

28 Jun 09:39
@g0dsCookie g0dsCookie
1.2.2
0d4d8c6
Compare
Choose a tag to compare
v1.2.2

Fixed

  • Use X-Forward-Proto on 307 Redirection instead of hard-coded http
Assets 2
Loading

v1.2.1

14 Jun 07:59
@g0dsCookie g0dsCookie
v1.2.1
2f6662f
Compare
Choose a tag to compare
v1.2.1

Fixed

  • On many concurrent requests there was a race-condition with pymemcache resulting in socket timeouts and errors
Assets 2
Loading

v1.2.0

17 May 09:59
@g0dsCookie g0dsCookie
v1.2.0
8b5e90b
Compare
Choose a tag to compare
v1.2.0

Added

  • Authentication sessions
  • Single-Sign-On with Authentication sessions and LDAPAUTHD_SESSION_DOMAIN

Changed

  • HTTP Headers are now latin1-encoded instead of utf8

New Configurations

  • LDAPAUTHD_SESSION_STORAGE defines the storage backend for sessions. Currently only memcached is available
  • LDAPAUTHD_SESSION_DOMAIN defines the domain for the cookie. This allows your to use Single-Sign-On if configured correctly.
    • For example you have 2 websites running on example.org and sub.example.org. If you set LDAPAUTHD_SESSION_DOMAIN=.example.org the session from example.org will also be available on sub.example.org
  • LDAPAUTHD_SESSION_HOST defines the hostname for your storage backend.
  • LDAPAUTHD_SESSION_TTL defines the maximum seconds a session is valid.
Assets 2
Loading

v1.1.1

22 Feb 08:22
@g0dsCookie g0dsCookie
v1.1.1
20e07dd
Compare
Choose a tag to compare
v1.1.1

Changed

  • Boolean config values are now case-insensitive. Alternatively you can use 0=false or 1=true
Assets 2
Loading

v1.1.0

21 Feb 12:36
@g0dsCookie g0dsCookie
v1.1.0
a8a473a
Compare
Choose a tag to compare
v1.1.0

Added

  • LDAP_LOGLEVEL to manually set the loglevel for ldap3. Normally you don't need this
  • Logs from ldap3 will be statically logged as ERROR
  • LDAP_ATTRIBUTES to specify any ldap attribute and map them to http response headers.
  • LDAP_ROLEHEADER to specify the http header name for the matched role, if any.
  • This includes a change of how LDAP_ALLOWEDUSERS and LDAP_ALLOWEDGROUPS are parsed, see below

Changed

  • LDAP_ALLOWEDUSERS is now parsed as (json) dictionary: {"username": "role"}
  • LDAP_ALLOWEDGROUPS is now parsed as (json) dictionary: {"cn=mygroup,ou=myou,dc=example,dc=org": "role"}
  • HTTP access logs are now properly logged with ldapauthd logger instead of default HTTP logger

Removed

  • LDAPAUTHD_FORWARD_USER and LDAPAUTHD_FORWARD_EMAIL has been removed in favor of LDAP_ATTRIBUTES
Assets 2
Loading

v1.0.0

19 Feb 14:26
@g0dsCookie g0dsCookie
v1.0.0
7e848a6
Compare
Choose a tag to compare
v1.0.0
  • Now supports X-Forwarded-User/X-Forwarded-Email (#4)
Assets 2
Loading

v0.2.0

19 Feb 14:08
@g0dsCookie g0dsCookie
v0.2.0
2767517
Compare
Choose a tag to compare
v0.2.0
  • Now using ldap3 instead of python-ldap
  • It is now possible to use multiple ldap servers as backend (#3)
Assets 2
Loading

v0.1.1

18 Feb 09:03
@g0dsCookie g0dsCookie
v0.1.1
4dab5c4
Compare
Choose a tag to compare
v0.1.1

Fixed

  • LDAP_SSL_VALIDATE=False now works as expected (#1)
  • The daemon may now bind to ports <=1023 (#2)
Assets 2
Loading