8.4
  • Duo 2FA: switch to frameless login and support for universal prompt
  • Docker: support for linux/arm64 (Apple Silicon)
  • Account lists: support account status in table for any account type that supports it (e.g. groups with PPolicy attributes)
  • Windows: allow to set no password expiration via account profile
  • LAM Pro:
    • PPolicy: support to edit existing policies that are not based on "device" (but e.g. on "person")
    • SMTP server settings: settings can be tested before saving
  • Fixed bugs:
    • Selecting entries from a filtered list selection did not work (223)
    • Lamdaemon: support to delete home directories if "rm" command is aliased to "rm -i"
    • Windows: "Managed by" was not changeable, account list rendering of manager/member/managedBy
    • Tree view: allow to add entries of attribute olcModuleLoad

 

8.3
  • PHP 8.2 compatibility
  • Windows users: display name can be hidden in server profile
  • LDAP export: sort entries by DN
  • Security: you can hide login error details in LAM's main configuration
  • 2 factor authentication: allow to remember device (must be activated in server/self service profile)
  • RPM package cleanup
  • LAM Pro:
    • Custom scripts: new wildcard INFO.lamLoginDn for current user
    • PPolicy: allow password policy for groups and hosts
    • Simple security object: allow for hosts
    • Apache Guacamole: added ssh, telnet and kubernetes protocols
  • Fixed bugs:
    • SameSite value for cookies changed to Lax to not break Okta/OpenID
    • Unix users: file upload did not always set memberUid in group (218)

 

8.2
  • PHP 7.4 required
  • Usability improvements
  • DHCP: added "authoritative" option and extra DHCP options + statements
  • LAM Pro:
    • Group of (unique) names/members, Apache Guacamole: support "seeAlso" attribute (hidden by default in server profile)
    • Windows: self service: users with expired passwords or forced password change can update their password (requires bind user to be used for all operations)

 

8.1
  • Allow hostObject for groups and ":" in values
  • Docker: added Let's Encrypt CA certificates
  • LAM Pro:
    • Added support for simpleSecurityObject
    • Added support for Apache Guacamole
    • Group of Names: save last selected account type for new members/owners (170)
  • Fixed bugs:
    • PHP 8.1 does not show proper error message when login failed with LDAP search method
    • Self service issues on PHP 8.1 (181)
    • Custom Fields: switch to Custom Fields tab was required to save an entry (258)
    • Group of unique names/members shared same configuration settings with group of names
    • Shadow last password change not updated during self service password change

 

8.0.1

Fixed bugs:

  • Regression issues due to security fixes (e.g. module settings in server profile)
  • Password change page not working for access level "Change passwords"

8.0
  • PHP 8.1 compatibility
  • Extended user account status and locking options
  • Unix: added Gecos to profile editor
  • 389ds: added hints why login failed if account is locked/deactivated/expired
  • Removed Zarafa support (please switch to Kopano)
  • Tree view: display binary data as base64 encoded text
  • Tree view: better support for move operations and ordered attributes
  • LAM Pro:
    • New captcha providers: hCaptcha and Friendly Captcha
    • PPolicy: allow to specify unlock value for "pwdAccountLockedTime"
  • Fixed bugs:
    • Hidden account is displayed (257)
    • Change of RDN failed for OpenLDAP entries
    • Tree view issues with browser auto-completion (176)
    • Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution (GHSA-r387-grjx-qgvw, CVE-2022-31084)
    • Incorrect Default Permissions (GHSA-q8g5-45m4-q95p, CVE-2022-31087)
    • Incorrect Regular Expressions (GHSA-q9pc-x84w-982x, CVE-2022-31086)
    • Unauthenticated LDAP Injection (GHSA-wxf8-9x99-6gp4, CVE-2022-31088)
    • Reflected XSS (Internet Explorer only) (GHSA-6m3q-5c84-6h6j, CVE-2022-31085)
       

 

7.9.1
  • Fixed bugs:
    • Security issues in PDF editor and profile editor (170, CVE-2022-24851)

 

7.9
  • Tree view:
    • Support multiple roots (e.g. add "cn=config")
    • Added function to check password hashes against a given password
  • Shadow: allow to set shadowLastChange in file upload
  • Docker: upgrade OS to Debian Bullseye
  • LAM Pro:
    • Support multiple TO addresses for license expiration email
    • Custom scripts: $INFO.debug$ wildcard prints all possible wildcards and their values
    • Custom scripts: extra INFO wildcards for password change options
    • Configuration import: allow to select self service profiles to import (168)
  • Fixed bugs:
    • Tree view: check session expiration

 

7.8
  • Restyling of LAM
  • Allow to override global password policy in server profile (160)
  • Do not print random password if sent via email (165)
  • LAM Pro:
    • PowerDNS support
    • Device: allow multiple cn values
  • Fixed bugs:
    • PDF does not contain all group members (249)
    • File upload issue on PHP 8 (153)
    • Export issue on non-Pro version (155)

 

7.7
  • 2-factor authentication with OpenID
  • Send proper response code on failed login
  • LAM Pro:
    • OpenLDAP 2FA support for TOTP
  • Fixed bugs:
    • Issues with list filter if only one result is found (241)
    • Allow to sync empty list of groups in group of names user module (242)
    • Windows lockout duration and password maximum age computed incorrectly
    • Wrong status for nsAccountLock (245)

 

Pages

News

LAM 8.4.RC1 with Docker on Mac and Duo universal prompt support
Sat, 2023-05-13

LAM 8.3 with usability improvements and ability to remember 2FA device
Fri, 2023-03-24

Move of LAM container registry to GitHub
Mon, 2023-03-20

New video on LAM Pro (German)
Sun, 2022-12-25

LAM 8.2 with usability improvements
Sun, 2022-11-27

LAM 8.1 with support for simpleSecurityObject and Apache Guacamole
Thu, 2022-09-22

LAM critical security issue update
Wed, 2022-06-29