Skip to content

Releases: dbaarda/LightLdapd

LightLdapd 1.0.0

02 Jan 03:52
@dbaarda dbaarda
v1.0.0
d9883ae
Compare
Choose a tag to compare
LightLdapd 1.0.0 Latest
Latest

Overview

This is the first release since forking (with permission) from entente. It has enough functionality to support clients using libnss-ldap and libpam-ldap for authentication and/or passwd/group/shadow account information. It supports TLS encryption and doesn't have to run as root, so provided it is configured correctly it should be safe to use on untrusted networks with untrusted clients.

Included Changes

  • Forked LightLdapd project from entente.

    With permission and thanks to Sergey Urbanovich, the author of entente.

  • Changed name from entente to lightldapd.

    The forked project is now named LightLdapd, and the binary and cfgs have been renamed to lightldapd.

  • Changed license from MIT to GPLv3.

    This means we require contributions to come back rather than spawn private forks. I have confirmed with the entente author this is OK.

  • Improve project documentation:

    Add documentation based on templates in http://minkirri.apana.org.au/~abo/projects/prjdocs/.

  • Tidy code.

    Reformat again using a different preferred style without tabs. Change make tidy target to reformat using tidyc tool.

  • #9,#10 Improve design.

    Restructured using ldap_server, ldap_connection, ldap_request, ldap_reply structs, copying the design of https://github.com/taf2/libebb.

  • Extend Search support.

    Extended search support enough to support libnss-ldap clients, exporting the local nsswitch view of passwd/group/etc.

    #3 Add support for typesOnly and attribute selection.

  • #2 Optimize Search.

    Added Filter_scope() analysis to figure out what the search is constrained to instead of scanning everything.

  • #4 Add StartTLS support.

    StartTLS support with security checking before allowing bind implemented using mbedtls.

  • #13 Make served users/groups configurable.

    Support serving only some user/group ranges using -U and -G arguments to specify uid/gid ranges to export.

Known Issues

  • #8 Add tests.

    Currently there are no tests.

  • #12 Add logging.

    Using syslog. Or using glib's logging?

  • #1 Extend search functionality.

    Add support for substrings, greaterOrEqual, lessOrEqual, approxMatch searches.

  • #14 Add support for a RootDSE.

    This gives clients the ability to discover supported functionality. See https://ldapwiki.com/wiki/RootDSE for details.

  • #7 Make debian package create a lightldap user.

    It should create a lightldapd user and run lightldapd with '-u lightldapd' instead of running as root. Maybe also optionally set a password for lightldapd, add lightldapd to group shadow, and run it with '-r lightldapd' to optionally support exporting shadow.

  • #5 Add support for other request types.

    Add enough write support to allow passwd changes from clients.

  • #15 Add support for other schemas.

    Add simple support for custom schemas, ideally enough to support windows auth for samba etc.

Assets 8