8.0
- PHP 8.1 compatibility
- Extended user account status and locking options
- Unix: added Gecos to profile editor
- 389ds: added hints why login failed if account is locked/deactivated/expired
- Removed Zarafa support (please switch to Kopano)
- Tree view: display binary data as base64 encoded text
- Tree view: better support for move operations and ordered attributes
- LAM Pro:
- New captcha providers: hCaptcha and Friendly Captcha
- PPolicy: allow to specify unlock value for "pwdAccountLockedTime"
- Fixed bugs:
- Hidden account is displayed (257)
- Change of RDN failed for OpenLDAP entries
- Tree view issues with browser auto-completion (176)
- Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution (GHSA-r387-grjx-qgvw, CVE-2022-31084)
- Incorrect Default Permissions (GHSA-q8g5-45m4-q95p, CVE-2022-31087)
- Incorrect Regular Expressions (GHSA-q9pc-x84w-982x, CVE-2022-31086)
- Unauthenticated LDAP Injection (GHSA-wxf8-9x99-6gp4, CVE-2022-31088)
- Reflected XSS (Internet Explorer only) (GHSA-6m3q-5c84-6h6j, CVE-2022-31085)
7.9.1
- Fixed bugs:
- Security issues in PDF editor and profile editor (170, CVE-2022-24851)
7.9
- Tree view:
- Support multiple roots (e.g. add "cn=config")
- Added function to check password hashes against a given password
- Shadow: allow to set shadowLastChange in file upload
- Docker: upgrade OS to Debian Bullseye
- LAM Pro:
- Support multiple TO addresses for license expiration email
- Custom scripts: $INFO.debug$ wildcard prints all possible wildcards and their values
- Custom scripts: extra INFO wildcards for password change options
- Configuration import: allow to select self service profiles to import (168)
- Fixed bugs:
- Tree view: check session expiration
7.8
- Restyling of LAM
- Allow to override global password policy in server profile (160)
- Do not print random password if sent via email (165)
- LAM Pro:
- PowerDNS support
- Device: allow multiple cn values
- Fixed bugs:
- PDF does not contain all group members (249)
- File upload issue on PHP 8 (153)
- Export issue on non-Pro version (155)
7.7
- 2-factor authentication with OpenID
- Send proper response code on failed login
- LAM Pro:
- OpenLDAP 2FA support for TOTP
- Fixed bugs:
- Issues with list filter if only one result is found (241)
- Allow to sync empty list of groups in group of names user module (242)
- Windows lockout duration and password maximum age computed incorrectly
- Wrong status for nsAccountLock (245)
7.6
- Allow to store whole LAM configuration in MySQL database
- Docker: new options for configuration location and LAM Pro license
- Full PHP 8 compatibility
- Replaced tree view and moved it to tools menu
- Wildcards in edit screen support lower-case mode (e.g. "$_firstname")
- Windows: more fields can be hidden
- LAM Pro:
- Export/Import of cron jobs
- Mail server encryption type can be configured (TLS/SSL/none)
- User self registration: support to define uid field to use constant or custom validation
- Group of names user module: allow to sync memberships from other user
- Custom fields:
- Support password change dialog in user edit view
- Added date and email validation for text fields
- Support password reset page for password fields
- New field types: LDAP date, LDAP date and time
- Password self reset: fields on first page can be prefilled by URL parameter
- Fixed bugs:
- Truncated mail text field in "LAM Pro password mail settings" and 2FA base URLs
- 389ds: support password change and force password in one save action
7.5
- PHP 7.3 required
- PHP 8.0 compatibility (except tree view)
- Support copying LDAP entries from account list
- Account/PDF profiles: management of global templates and logos
- Group of names: allow filter by member/owner (#151)
- General information: link to groups (#152)
- LAM Pro:
- Self registration: support binary attributes (e.g. for jpegPhoto)
- Self registration: support custom mail attributes and mail from constant value (149)
- Self registration: evaluate autorange at account creation (154)
- MIT Kerberos: check Kerberos password policy on password change, better error handling
- Self Service: new field to show user's quota values
- Self Service: allow to create Unix home directory during registration
- Custom type: allow for user/group/host to be able to reuse existing modules
7.4
- Argond2id support for password hashes (requires PHP 7.3) (#113)
- 2-factor authentication:
- Support for Okta
- WebAuthn devices can be named in Self Service and WebAuthn tool
- LAM Pro:
- MIT Kerberos policies support
- User self registration: added admin approval option and info mail for user after creation
7.3
- PHP 7.4 compatibility
- Configuration export and import
- Server profiles support to specify a part of the DN to hide
- Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2)
- Better error messages on login when account is expired/deactivated/...
- Personal/Windows: photo can be uploaded via webcam
- Windows users: group display format can be configured (cn/dn)
- Support PBKDF2-SHA512 password hashes
- LAM Pro:
- Windows: new cron job to send users a summary of their managed groups
- Fixed bugs:
- Unix groups: memberUid was not deleted correctly when forced sync with group of names is active
7.2
- Unix: allow to create group with same name during user creation
- LAM Pro:
- EMail sending can be done via SMTP without local mail server
- License expiration warning can be sent via email or disabled
- Fixed bugs:
- Captcha don't show anymore in Self Service login page (213)
- Unix memberships cannot be changed. This issue can also affect other membership relations.
