Long-awaited release, with the flagship feature of custom attributes! This unlock many integrations, notably Linux user management through PAM.
Thanks to all the contributors who sent some code, some configuration guide, reported a bug or otherwise helped the project!
Breaking
The endpoint /auth/reset/step1 is now POST instead of GET (#704)
Added
Custom attributes are now supported (#67) ! You can add new fields (string, integers, JPEG or dates) to users and query them. That unlocks many integrations with other services, and allows for a deeper/more customized integration. Special thanks to @pixelrazor and @bojidar-bg for their help with the UI.
Custom object classes (for all users/groups) can now be added (#833)
Barebones support for Paged Results Control (no paging, no respect for windows, but a correct response with all the results) (#698)
A daily docker image is tagged and released. (#613)
A bootstrap script allows reading the list of users/groups from a file and making sure the server contains exactly the same thing. (#654)
Make it possible to serve lldap behind a sub-path in (#752)
LLDAP can now be found on a custom package repository for opensuse, fedora, ubuntu, debian and centos (Repository link). Thanks @Masgalor for setting it up and maintaining it.
There's now an option to force reset the admin password (#748) optionally on every restart (#959)
There's a rootless docker container (#755)
entryDN is now supported (#780)
Unknown LDAP controls are now detected and ignored (#787, #799)
A community-developed CLI for scripting (#793)
Added a way to print raw logs to debug long-running sessions (#992)
Changed
The official docker repository is now lldap/lldap
Removed password length limitation in lldap_set_password tool
Group names and emails are now case insensitive, but keep their casing (#666)
Better error messages (and exit code (#745)) when changing the private key (#778, #1008), using the wrong SMTP port (#970), using the wrong env variables (#972)
Allow member= filters with plain user names (not full DNs) (#949)
Correctly detect and refuse anonymous binds (#974)
Clearer logging (#971, #981, #982)
Fixed
Logging out applies globally, not just in the local browser. (#721)
It's no longer possible to create the same user twice (#745)
Fix wide substring filters (#738)
Don't log the database password if provided in the connection URL (#735)
Fix a panic when postgres uses a different collation (#821)
The UI now defaults to the user ID for users with no display names (#843)
Fix searching for users with more than one memberOf filter (#872)
Fix compilation on Windows (#932) and Illumos (#964)
The UI now correctly detects whether password resets are enabled. (#753)
Fix a missing lowercasing of username when changing passwords through LDAP (#1012)
Fix SQLite writers erroring when racing (#1021)
LDAP sessions no longer buffer their logs until unbind, causing memory leaks (#1025)
Performance
Only expand attributes once per query, not per result (#687)
Security
When asked to send a password reset to an unknown email, sleep for 3 seconds and don't print the email in the error (#887)
New services
Linux user accounts can now be managed by LLDAP, using PAM and nslcd.