LAM 8.4 with Docker on Mac and Duo universal prompt support

• Duo 2FA: switch to frameless login and support for universal prompt
• Docker: support for linux/arm64 (Apple Silicon)
• Account lists: support account status in table for any account type that supports it (e.g. groups with PPolicy attributes)
• Windows: allow to set no password expiration via account profile
• Accessibility improvements
• LAM Pro:
  • PPolicy: support to edit existing policies that are not based on "device" (but e.g. on "person")
  • SMTP server settings: settings can be tested before saving
• Fixed bugs:
  • Selecting entries from a filtered list selection did not work (223)
  • Lamdaemon: support to delete home directories if "rm" command is aliased to "rm -i"
  • Windows: "Managed by" was not changeable, account list rendering of manager/member/managedBy
  • Tree view: allow to add entries of attribute olcModuleLoad

LAM 8.4.RC1 with Docker on Mac and Duo universal prompt support

• Duo 2FA: switch to frameless login and support for universal prompt
• Docker: support for linux/arm64 (Apple Silicon)
• Account lists: support account status in table for any account type that supports it (e.g. groups with PPolicy attributes)
• Windows: allow to set no password expiration via account profile
• LAM Pro:
  • PPolicy: support to edit existing policies that are not based on "device" (but e.g. on "person")
  • SMTP server settings: settings can be tested before saving
• Fixed bugs:
  • Selecting entries from a filtered list selection did not work (223)
  • Lamdaemon: support to delete home directories if "rm" command is aliased to "rm -i"
  • Windows: "Managed by" was not changeable, account list rendering of manager/member/managedBy
  • Tree view: allow to add entries of attribute olcModuleLoad

LAM 8.3 with usability improvements and ability to remember 2FA device

• PHP 8.2 compatibility
• Windows users: display name can be hidden in server profile
• LDAP export: sort entries by DN
• Security: you can hide login error details in LAM's main configuration
• 2 factor authentication: allow to remember device (must be activated in server/self service profile)
• RPM package cleanup
• LAM Pro:
  • Custom scripts: new wildcard INFO.lamLoginDn for current user
  • PPolicy: allow password policy for groups and hosts
  • Simple security object: allow for hosts
  • Apache Guacamole: added ssh, telnet and kubernetes protocols
• Fixed bugs:
  • SameSite value for cookies changed to Lax to not break Okta/OpenID
  • Unix users: file upload did not always set memberUid in group (218)

LAM 8.3.RC1 with usability improvements and ability to remember 2FA device

• PHP 8.2 compatibility
• Windows users: display name can be hidden in server profile
• LDAP export: sort entries by DN
• Security: you can hide login error details in LAM's main configuration
• 2 factor authentication: allow to remember device (must be activated in server/self service profile)
• RPM package cleanup
• LAM Pro:
  • Custom scripts: new wildcard INFO.lamLoginDn for current user
  • PPolicy: allow password policy for groups and hosts
  • Simple security object: allow for hosts
  • Apache Guacamole: added ssh, telnet and kubernetes protocols
• Fixed bugs:
  • SameSite value for cookies changed to Lax to not break Okta/OpenID

LAM 8.2 with usability improvements

• PHP 7.4 required
• Usability improvements
• DHCP: added "authoritative" option and extra DHCP options + statements
• LAM Pro:
  • Group of (unique) names/members, Apache Guacamole: support "seeAlso" attribute (hidden by default in server profile)
  • Windows: self service: users with expired passwords or forced password change can update their password (requires bind user to be used for all operations)

LAM 8.2.RC1 with usability improvements

This release requires at least PHP 7.4. It adds improvements to DHCP and group of names. Windows users can update expired passwords via self service.

LAM 8.1 with support for simpleSecurityObject and Apache Guacamole

• Allow hostObject for groups and ":" in values
• Docker: added Let's Encrypt CA certificates
• LAM Pro:
  • Added support for simpleSecurityObject
  • Added support for Apache Guacamole
  • Group of Names: save last selected account type for new members/owners (170)
• Fixed bugs:
  • PHP 8.1 does not show proper error message when login failed with LDAP search method
  • Self service issues on PHP 8.1 (181)
  • Custom Fields: switch to Custom Fields tab was required to save an entry (258)
  • Group of unique names/members shared same configuration settings with group of names
  • Shadow last password change not updated during self service password change

LAM 8.1.RC1 with support for simpleSecurityObject and Apache Guacamole

• Allow hostObject for groups and ":" in values
• Docker: added Let's Encrypt CA certificates
• LAM Pro:
  • Added support for simpleSecurityObject
  • Added support for Apache Guacamole
  • Group of Names: save last selected account type for new members/owners (170)
• Fixed bugs:
  • PHP 8.1 does not show proper error message when login failed with LDAP search method
  • Self service issues on PHP 8.1 (181)
  • Custom Fields: switch to Custom Fields tab was required to save an entry (258)
  • Group of unique names/members shared same configuration settings with group of names
  • Shadow last password change not updated during self service password change

LAM 8.0.1 bugfix release

• Fixed bugs:
  • Regression issues due to security fixes (e.g. module settings in server profile)
  • Password change page not working for access level "Change passwords"

LAM 8.0 with important security fixes, PHP 8.1 compatibility and new captcha providers

• PHP 8.1 compatibility
• Extended user account status and locking options
• Unix: added Gecos to profile editor
• 389ds: added hints why login failed if account is locked/deactivated/expired
• Removed Zarafa support (please switch to Kopano)
• Tree view: display binary data as base64 encoded text
• Tree view: better support for move operations and ordered attributes
• LAM Pro:
  • New captcha providers: hCaptcha and Friendly Captcha
  • PPolicy: allow to specify unlock value for "pwdAccountLockedTime"
• Fixed bugs:
  • Hidden account is displayed (257)
  • Change of RDN failed for OpenLDAP entries
  • Tree view issues with browser auto-completion (176)
  • Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution (GHSA-r387-grjx-qgvw, CVE-2022-31084)
  • Incorrect Default Permissions (GHSA-q8g5-45m4-q95p, CVE-2022-31087)
  • Incorrect Regular Expressions (GHSA-q9pc-x84w-982x, CVE-2022-31086)
  • Unauthenticated LDAP Injection (GHSA-wxf8-9x99-6gp4, CVE-2022-31088)
  • Reflected XSS (Internet Explorer only) (GHSA-6m3q-5c84-6h6j, CVE-2022-31085)