• Windows user: support for room number and personal title (needs to be activated in module settings) (343, 344)
• Usability improvements (354)
• LAM Pro:
  • Custom scripts: added wildcard for server/self service profile name (325)
  • Self registration: added option to generate password
  • Request access: allow to define an expiration time for memberships/ownerships (284)
  • Request access: support additional group next to owners (300)
  • Request access: auto-refresh views (#324)
• Fixed bugs:
  • Unix users: error log messages on file upload
     

• PHP 8.1 or higher required
• New module to manage SSH keys in AD/Samba 4 (using "altSecurityIdentities") (304)
• Samba 3: dropped support for LM password hashes (307)
• Personal: support locked password on file upload (322)
• Configuration: added filter for available account modules
• LAM Pro:
  • Request access: request data can be imported and exported as part of configuration (282)
  • Request access: added $$approveLink$$ and $$rejectLink$$ in approval mails (289)
  • Request access: added history (283)
  • Request access: allow to request group ownership (285)
• Fixed bugs:
  • Custom Fields: LDAP search select list - wrong value for empty option (334)
  • Windows user: "Password does not expire" option sent even when not modified (340)
  • Windows user: Do not add securityPrincipal object class for existing accounts (341)
     

• PHP 8.3 compatibility
• Mail attributes can be configured centrally in LAM's main configuration (273)
• LAM Pro:
  • Cron job to deactivate inactive accounts based on lastBind overlay data (265)
  • Request access: support Windows groups (266)
  • Request access: usability improvements (278, 279)
  • Self service: passwordless SSO login supported for Okta and OpenID
• Fixed bugs:
  • Security fix: Log file handling (GHSA-fm9w-7m7v-wxqv)
  • User self registration creates accounts only with SSHA hash (287)
  • PHP error when no FreeRadius profiles were found (302)
  • PHP notices (303)
  • Self service reports "Password is too young to change" (305)
  • Self service password reset does not set "shadowLastChange" when not set before (306)
    
     

• LAM requires PHP 8.0.2 or later
• Docker: upgrade to Debian 12
• LAM Pro:
  • Request access: new module to allow users to request group memberships via self service
  • Custom scripts: support to specify the subtype of an account
  • Custom fields: Display groups in server profile as accordion (236)
  • PPolicy and Shadow cron jobs for password expiration notification: added option to ignore expiration warning time

• Multi edit tool: allow attribute placeholders in values
• Accessibility improvements
• LAM Pro:
  • Custom fields: support "\" in date regex for text fields
  • MIT Kerberos: replaced realm setting in profile editor with user name (e.g. to be able set "$user@LAM.LOCAL")
• Fixed bugs:
  • Custom fields: issues when same field name is used in multiple groups, field names are now generated by LAM (235)
  • Custom scripts: preDelete script causes error message for return code 0 (246)

• Duo 2FA: switch to frameless login and support for universal prompt
• Docker: support for linux/arm64 (Apple Silicon)
• Account lists: support account status in table for any account type that supports it (e.g. groups with PPolicy attributes)
• Windows: allow to set no password expiration via account profile
• Accessibility improvements
• LAM Pro:
  • PPolicy: support to edit existing policies that are not based on "device" (but e.g. on "person")
  • SMTP server settings: settings can be tested before saving
• Fixed bugs:
  • Selecting entries from a filtered list selection did not work (223)
  • Lamdaemon: support to delete home directories if "rm" command is aliased to "rm -i"
  • Windows: "Managed by" was not changeable, account list rendering of manager/member/managedBy
  • Tree view: allow to add entries of attribute olcModuleLoad

• PHP 8.2 compatibility
• Windows users: display name can be hidden in server profile
• LDAP export: sort entries by DN
• Security: you can hide login error details in LAM's main configuration
• 2 factor authentication: allow to remember device (must be activated in server/self service profile)
• RPM package cleanup
• LAM Pro:
  • Custom scripts: new wildcard INFO.lamLoginDn for current user
  • PPolicy: allow password policy for groups and hosts
  • Simple security object: allow for hosts
  • Apache Guacamole: added ssh, telnet and kubernetes protocols
• Fixed bugs:
  • SameSite value for cookies changed to Lax to not break Okta/OpenID
  • Unix users: file upload did not always set memberUid in group (218)

• PHP 7.4 required
• Usability improvements
• DHCP: added "authoritative" option and extra DHCP options + statements
• LAM Pro:
  • Group of (unique) names/members, Apache Guacamole: support "seeAlso" attribute (hidden by default in server profile)
  • Windows: self service: users with expired passwords or forced password change can update their password (requires bind user to be used for all operations)

• Allow hostObject for groups and ":" in values
• Docker: added Let's Encrypt CA certificates
• LAM Pro:
  • Added support for simpleSecurityObject
  • Added support for Apache Guacamole
  • Group of Names: save last selected account type for new members/owners (170)
• Fixed bugs:
  • PHP 8.1 does not show proper error message when login failed with LDAP search method
  • Self service issues on PHP 8.1 (181)
  • Custom Fields: switch to Custom Fields tab was required to save an entry (258)
  • Group of unique names/members shared same configuration settings with group of names
  • Shadow last password change not updated during self service password change

Fixed bugs:

• Regression issues due to security fixes (e.g. module settings in server profile)
• Password change page not working for access level "Change passwords"