gandc/lldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
917 Commits 7 Branches 10 Tags
95337e2cd82eae6ffa119d2a6a5f2385139adabd
Commit Graph

234 Commits

Author SHA1 Message Date
Valentin Tolmer
95337e2cd8 server: Remove session-wide logging, add session_uuid to message logs 2024-11-04 21:47:26 +01:00
Valentin Tolmer
143eb70bee server: Only use a single connection with SQlite 
Several writer connections can lock the DB and cause other inserts to fail.

A single connection should be enough given the usual workloads
 2024-10-30 15:35:47 +01:00
Valentin Tolmer
35fe521cbe server: Correctly handle removal of the display_name attribute 2024-10-29 15:33:46 +01:00
Valentin Tolmer
c8601b9169 server: Correctly handle attempts to probe for password resets 2024-10-28 20:09:46 +01:00
Valentin Tolmer
f0fcc88f1d server: Fix env warning for nested keys 2024-10-28 16:23:25 +01:00
Valentin Tolmer
c08ddecd32 server: Fix missing lowercasing when changing passwords through LDAP 2024-10-28 16:06:25 +01:00
Valentin Tolmer
a190fe7ddf server: return custom attributes when asked for all attributes 2024-10-26 19:07:08 +02:00
Valentin Tolmer
52c917d967 server: improve key_seed warning 2024-10-22 00:48:40 +02:00
Valentin Tolmer
f01daae6a8 server: Fix env variable warning 2024-10-22 00:48:29 +02:00
Valentin Tolmer
305b272cdf app: Add support for group attributes 2024-10-22 00:37:38 +02:00
Valentin Tolmer
56eee6908e server: Add a way to print raw logs 
If the variable LLDAP_RAW_LOG is set, the logs will be both formatted with tracing_forest and printed raw
 2024-10-10 21:27:36 +02:00
Valentin Tolmer
17bcd7645b app: Clean up code, don't error on admin empty email 2024-10-05 23:10:40 +02:00
Austin Alvarado
dcba3d17dc app: Add support for user-created attributes 
Note: This PR doesn't handle errors around Jpeg files very well.

Co-authored-by: Bojidar Marinov <bojidar.marinov.bg@gmail.com>
Co-authored-by: Austin Alvarado <pixelrazor@gmail.com>
 2024-09-30 23:53:14 +02:00
Valentin Tolmer
1f3f73585b server: Add logging for password resets, add name for successful opaque logins 2024-09-26 22:51:34 +02:00
Valentin Tolmer
0c6a92a8fa server: Clarify logging of login attempts and failures 2024-09-26 20:43:19 +02:00
Valentin Tolmer
10a820f2a2 server: detect anonymous binds and return a correct error 2024-09-11 22:19:58 +02:00
Valentin Tolmer
01f97f5ed4 server: clean up the expected keys 2024-09-10 23:25:33 +02:00
Valentin Tolmer
f14aa2284c server: Detect unknown env variables (e.g. due to typos) 2024-09-08 21:45:36 +02:00
Valentin Tolmer
65e2103365 server: Simplify the debug print of various structs 
And use derive_more more liberally to simplify the impls
 2024-09-08 00:43:58 +02:00
Valentin Tolmer
5db0072cfa server: clarify SMTP error message 
SMTP docs for many email providers use SSL to mean SSL/TLS, and TLS to mean STARTTLS, causing endless confusion. This should hopefully help.
 2024-09-07 23:50:43 +02:00
Valentin Tolmer
1d8d3eb73f server: Fix attribute name 2024-09-07 22:27:20 +02:00
Valentin Tolmer
6cf0f6df06 server: map email and display_name from attributes into user fields 2024-08-28 00:25:23 +02:00
Valentin Tolmer
b1384818d2 server: Add a is_readonly attribute to the schema 2024-08-27 23:04:24 +02:00
Valentin Tolmer
3ec44a58be server: Allow password reset every time the server starts 2024-08-26 12:53:25 +02:00
Valentin Tolmer
2c79a40a73 server: Mask the details of SMTP errors, sleep when failing to send an email 2024-08-21 16:19:13 +02:00
Valentin Tolmer
dc26f97117 server: Fix compilation on Windows 2024-08-18 20:12:03 +02:00
Valentin Tolmer
ee7f9c9f41 server: Update ldap3_proto dependency 2024-08-16 23:47:06 +02:00
Valentin Tolmer
fa9c503de7 server: Add support for memberOf with plain user names, relax hard errors 
This should help when the client sends some invalid-looking queries as part of a bigger filter
 2024-08-16 23:21:20 +02:00
Bojidar Marinov
049a360506 server: Lookup first_name/last_name in the right list of attributes (#943) 
Note the std::mem::take(&mut user.attributes) further up that zeroes out user.attributes
 2024-07-31 23:55:07 +02:00
Valentin Tolmer
6f46ffd1e4 clippy: new fixes 2024-06-16 12:18:46 +02:00
Valentin Tolmer
5c5b87d5af app,server: Switch /reset/step1 to a POST request 
Otherwise, caching can become an issue. Also, it's not an idempotent request.
 2024-02-09 00:20:31 +01:00
Valentin Tolmer
96f5b31e0c server: Add graphQL methods to manage custom LDAP object classes 2024-02-06 22:39:05 +01:00
Valentin Tolmer
4955b7fac1 server: Add support for the custom LDAP object classes in LDAP filters 2024-02-06 22:39:05 +01:00
Valentin Tolmer
646fe32645 server: Add support for custom LDAP object classes for users and groups 2024-02-05 22:51:02 +01:00
Valentin Tolmer
b82a2d5705 server: Treat the database password as a secret 2024-01-22 23:12:33 +01:00
Valentin Tolmer
addd453287 server: don't error on global searches if only one side fails 2024-01-22 22:30:54 +01:00
Valentin Tolmer
e308a5e9a1 server: Add the attribute schema to the attributes in graphql 
And make sure that we only request the schema once per top-level query
 2024-01-21 23:25:57 +01:00
Valentin Tolmer
bd0a58b476 server: clean up the attributes, relax the substring filter conditions 
This consolidates both user and group attributes in their map_{user,group}_attribute as the only point of parsing. It adds support for custom attribute filters for groups, and makes a SubString filter on an unknown attribute resolve to just false.
 2024-01-17 23:44:25 +01:00
Valentin Tolmer
6f905b1ca9 server: update ldap3_proto dependency 
This will fix the issue with some unhandled controls, this time for sure
 2024-01-16 17:52:15 +01:00
Valentin Tolmer
2ea17c04ba server: Move the definition of UserId down to lldap_auth 2024-01-15 23:48:59 +01:00
Valentin Tolmer
c4be7f5b6f server: Serialize attribute values when searching 
This should fix #763 and allow filtering by custom attribute values.
 2024-01-13 13:37:46 +01:00
Valentin Tolmer
337101edea server: update ldap3_proto dependency 
This will fix the issue with some unhandled controls
 2024-01-08 16:10:11 +01:00
Valentin Tolmer
0d48b7f8c9 server: add support for entryDN 2023-12-31 08:27:25 +01:00
Valentin Tolmer
f2b1e73929 server: Add a check for a changing private key 
This checks that the private key used to encode the passwords has not
changed since last successful startup, leading to a corruption of all
the passwords. Lots of common scenario are covered, with various
combinations of key in a file or from a seed, set in the config file or
in an env variable or through CLI, and so on.
 2023-12-29 15:37:52 +01:00
Valentin Tolmer
ff0ea51121 server: Add an option to force reset the admin password 2023-12-22 08:27:35 +01:00
Valentin Tolmer
272c84c574 server: make attributes names, group names and emails case insensitive 
In addition, group names and emails keep their casing
 2023-12-15 23:21:22 +01:00
MinerSebas
70d85524db app: make it possible to serve lldap behind a sub-path 2023-12-07 18:21:49 +01:00
Valentin Tolmer
4f72153bd4 server: Disallow deleting hardcoded attributes 2023-11-05 16:19:04 +01:00
Valentin Tolmer
829c3f2bb1 server: Prevent regular users from modifying non-editable attributes 2023-11-05 16:06:45 +01:00
Valentin Tolmer
504227eb13 server: Add JWTs to the DB 
Otherwise, logging out doesn't actually blacklist the JWT
 2023-10-30 21:59:48 +01:00