diff --git a/.dockerignore b/.dockerignore index 7b2bf09..c947f9d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -16,6 +16,7 @@ Dockerfile # Don't track docs *.md LICENSE +CHANGELOG.md docs/* example_configs/* diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..133f8e6 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,60 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.3.0] - 2022-07-08 + +### Breaking +As part of the update, the database will do a one-time automatic migration to +add UUIDs and group creation times. + +### Added + - Added support and documentation for many services: + - Apache Guacamole + - Bookstack + - Calibre + - Dolibarr + - Emby + - Gitea + - Grafana + - Jellyfin + - Matrix Synapse + - NextCloud + - Organizr + - Portainer + - Seafile + - Syncthing + - WG Portal + - New migration tool from OpenLDAP. + - New docker images for alternate architectures (arm64, arm/v7). + - Added support for LDAPS. + - New readonly group. + - Added UUID attribute for users and groups. + - Frontend now uses the refresh tokens to reduce the number of logins needed. + +### Changed + - Much improved logging format. + - Simplified API login. + - Allowed non-admins to run search queries on the content they can see. + - "cn" attribute now returns the Full Name, not Username. + - Unknown attributes now warn instead of erroring. + - Introduced a list of attributes to silence those warnings. + +### Deprecated + - Deprecated "cn" as LDAP username, "uid" is the correct attribute. + +### Fixed + - Usernames, objectclass and attribute names are now case insensitive. + - Handle "1.1" and other wildcard LDAP attributes. + - Handle "memberOf" attribute. + - Handle fully-specified scope. + +### Security + - Prevent SQL injections due to interaction between two libraries. + +## [0.2.0] - 2021-11-27 diff --git a/README.md b/README.md index bdc571e..173b993 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,9 @@ many backends, from KeyCloak to Authelia to Nextcloud and align="right" /> +It comes with a frontend that makes user management easy, and allows users to +edit their own details or reset their password by email. + The goal is _not_ to provide a full LDAP server; if you're interested in that, check out OpenLDAP. This server is a user management system that is: * simple to setup (no messing around with `slapd`), @@ -79,7 +82,7 @@ truth for users, via LDAP. The image is available at `nitnelave/lldap`. You should persist the `/data` folder, which contains your configuration, the database and the private key -file (unless you move them in the config). +file. Configure the server by copying the `lldap_config.docker_template.toml` to `/data/lldap_config.toml` and updating the configuration values (especially the @@ -140,12 +143,9 @@ To bring up the server, just run `cargo run`. The default config is in ### Cross-compilation -No Docker image is provided for other architectures, due to the difficulty of -setting up cross-compilation inside a Docker image. +Docker images are provided for AMD64, ARM64 and ARM/V7. -Some pre-compiled binaries are provided for each release, starting with 0.2. - -If you want to cross-compile, you can do so by installing +If you want to cross-compile yourself, you can do so by installing [`cross`](https://github.com/rust-embedded/cross): ```sh @@ -189,24 +189,32 @@ Testing group membership through `memberOf` is supported, so you can have a filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`. The administrator group for LLDAP is `lldap_admin`: anyone in this group has -admin rights in the Web UI. +admin rights in the Web UI. Most LDAP integrations should instead use a user in +the `lldap_readonly` group, to avoid granting full administration access to +many services. ### Sample client configurations Some specific clients have been tested to work and come with sample configuration files, or guides. See the [`example_configs`](example_configs) folder for help with: + - [Apache Guacamole](example_configs/apacheguacamole.md) - [Authelia](example_configs/authelia_config.yml) - [Bookstack](example_configs/bookstack.env.example) - [Calibre-Web](example_configs/calibre_web.md) - [Dolibarr](example_configs/dolibarr.md) + - [Emby](example_configs/emby.md) - [Gitea](example_configs/gitea.md) + - [Grafana](example_configs/grafana_ldap_config.toml) - [Jellyfin](example_configs/jellyfin.md) - [Jisti Meet](example_configs/jitsi_meet.conf) - [KeyCloak](example_configs/keycloak.md) - [Matrix](example_configs/matrix_synapse.yml) - [Organizr](example_configs/Organizr.md) + - [Portainer](example_configs/portainer.md) - [Seafile](example_configs/seafile.md) + - [Syncthing](example_configs/syncthing.md) + - [WG Portal](example_configs/wg_portal.env.example) ## Comparisons with other services diff --git a/app/Cargo.toml b/app/Cargo.toml index 42e20b1..80201cc 100644 --- a/app/Cargo.toml +++ b/app/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lldap_app" -version = "0.3.0-alpha.1" +version = "0.3.0" authors = ["Valentin Tolmer "] edition = "2021" diff --git a/server/Cargo.toml b/server/Cargo.toml index 981095c..99d50d9 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -2,7 +2,7 @@ authors = ["Valentin Tolmer "] edition = "2021" name = "lldap" -version = "0.3.0-rc.1" +version = "0.3.0" [dependencies] actix = "0.12"