- LAM requires PHP 8.0.2 or later
- Docker: upgrade to Debian 12
- LAM Pro:
- Request access: new module to allow users to request group memberships via self service
- Custom scripts: support to specify the subtype of an account
- Custom fields: Display groups in server profile as accordion (236)
- PPolicy and Shadow cron jobs for password expiration notification: added option to ignore expiration warning time
8.6
8.5
- Multi edit tool: allow attribute placeholders in values
- Accessibility improvements
- LAM Pro:
- Custom fields: support "\" in date regex for text fields
- MIT Kerberos: replaced realm setting in profile editor with user name (e.g. to be able set "$user@LAM.LOCAL")
- Fixed bugs:
- Custom fields: issues when same field name is used in multiple groups, field names are now generated by LAM (235)
- Custom scripts: preDelete script causes error message for return code 0 (246)
8.4
- Duo 2FA: switch to frameless login and support for universal prompt
- Docker: support for linux/arm64 (Apple Silicon)
- Account lists: support account status in table for any account type that supports it (e.g. groups with PPolicy attributes)
- Windows: allow to set no password expiration via account profile
- Accessibility improvements
- LAM Pro:
- PPolicy: support to edit existing policies that are not based on "device" (but e.g. on "person")
- SMTP server settings: settings can be tested before saving
- Fixed bugs:
- Selecting entries from a filtered list selection did not work (223)
- Lamdaemon: support to delete home directories if "rm" command is aliased to "rm -i"
- Windows: "Managed by" was not changeable, account list rendering of manager/member/managedBy
- Tree view: allow to add entries of attribute olcModuleLoad
8.3
- PHP 8.2 compatibility
- Windows users: display name can be hidden in server profile
- LDAP export: sort entries by DN
- Security: you can hide login error details in LAM's main configuration
- 2 factor authentication: allow to remember device (must be activated in server/self service profile)
- RPM package cleanup
- LAM Pro:
- Custom scripts: new wildcard INFO.lamLoginDn for current user
- PPolicy: allow password policy for groups and hosts
- Simple security object: allow for hosts
- Apache Guacamole: added ssh, telnet and kubernetes protocols
- Fixed bugs:
- SameSite value for cookies changed to Lax to not break Okta/OpenID
- Unix users: file upload did not always set memberUid in group (218)
8.2
- PHP 7.4 required
- Usability improvements
- DHCP: added "authoritative" option and extra DHCP options + statements
- LAM Pro:
- Group of (unique) names/members, Apache Guacamole: support "seeAlso" attribute (hidden by default in server profile)
- Windows: self service: users with expired passwords or forced password change can update their password (requires bind user to be used for all operations)
8.1
- Allow hostObject for groups and ":" in values
- Docker: added Let's Encrypt CA certificates
- LAM Pro:
- Added support for simpleSecurityObject
- Added support for Apache Guacamole
- Group of Names: save last selected account type for new members/owners (170)
- Fixed bugs:
- PHP 8.1 does not show proper error message when login failed with LDAP search method
- Self service issues on PHP 8.1 (181)
- Custom Fields: switch to Custom Fields tab was required to save an entry (258)
- Group of unique names/members shared same configuration settings with group of names
- Shadow last password change not updated during self service password change
8.0.1
Fixed bugs:
- Regression issues due to security fixes (e.g. module settings in server profile)
- Password change page not working for access level "Change passwords"
8.0
- PHP 8.1 compatibility
- Extended user account status and locking options
- Unix: added Gecos to profile editor
- 389ds: added hints why login failed if account is locked/deactivated/expired
- Removed Zarafa support (please switch to Kopano)
- Tree view: display binary data as base64 encoded text
- Tree view: better support for move operations and ordered attributes
- LAM Pro:
- New captcha providers: hCaptcha and Friendly Captcha
- PPolicy: allow to specify unlock value for "pwdAccountLockedTime"
- Fixed bugs:
- Hidden account is displayed (257)
- Change of RDN failed for OpenLDAP entries
- Tree view issues with browser auto-completion (176)
- Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution (GHSA-r387-grjx-qgvw, CVE-2022-31084)
- Incorrect Default Permissions (GHSA-q8g5-45m4-q95p, CVE-2022-31087)
- Incorrect Regular Expressions (GHSA-q9pc-x84w-982x, CVE-2022-31086)
- Unauthenticated LDAP Injection (GHSA-wxf8-9x99-6gp4, CVE-2022-31088)
- Reflected XSS (Internet Explorer only) (GHSA-6m3q-5c84-6h6j, CVE-2022-31085)
7.9.1
- Fixed bugs:
- Security issues in PDF editor and profile editor (170, CVE-2022-24851)
7.9
- Tree view:
- Support multiple roots (e.g. add "cn=config")
- Added function to check password hashes against a given password
- Shadow: allow to set shadowLastChange in file upload
- Docker: upgrade OS to Debian Bullseye
- LAM Pro:
- Support multiple TO addresses for license expiration email
- Custom scripts: $INFO.debug$ wildcard prints all possible wildcards and their values
- Custom scripts: extra INFO wildcards for password change options
- Configuration import: allow to select self service profiles to import (168)
- Fixed bugs:
- Tree view: check session expiration