Bugfixes

[2.1.1] - 2025-12-12

Fixed

• #246 - Nested OU support: LDAP functions now search for user DNs instead of constructing them
• Environment variable _FILE suffix handling for Docker secrets now processed early in entrypoint
• Group creation UX: button text, attributes tab visibility during creation, MFA tab appearing after creation
• Form structure bugs causing multiple handlers to trigger on single form submission

Passwords and storage

This release fixes a couple of reported issues and adds:

• Optionally use LDAP for application data (session data, password reset tokens): this data is normally stored inside the container, so gets lost if the container restarts. Using LDAP for storage will allow for container restarts without losing that data, and also allow you to horizontally scale containers.
• Self-service password reset: users can now use the 'forgotten your password' link - this sends a password reset link to their email address so they can change their password. This is only available if SMTP is configured.
• Emails when passwords are changed/reset: you can optionally enable email notifications if someone changes a password, e.g. an administrator can be notified when users change their passwords, or users can be notified if an admin resets their password or they (or someone else logged in as them) change their password.

Luminary

This release adds a number of new features, fixes a number of reported issues and updates a number of components.

Highlights are:

The project has been renamed to "Luminary" to help avoid confusion with LDAP Account Manager (LAM)
MFA support for LDAP-backed one-time-passwords
Password complexity enforcement (including support for the LDAP ppolicy overlay)
Auditing
Users' "My profile" page where they can manage specific attributes

The CHANGELOG.md has more information on what's been updated or added.

Note that the new docker image name is wheelybird/luminary. wheelybird/ldap-user-manager will no longer be updated.

Moon day release

This adds the ability to select which LDAP attribute you use to log in with.

Sardines day release

This adds ARGON2 password support, thanks to @dr-waterstorm

Porridge day release

This fixes a couple of bugs as well as updates to ensure SHOW_POSIX_ATTRIBUTES works as intended when creating new accounts.

Licorice day release

• Groups can have user-defined attributes and objectclasses. Attributes are editable.
• Any variable can be populated from a file's contents by adding _FILE to the end of the variable name and specifying a filepath.
• Multi-value attributes are now supported. Adding a + to the end of the attribute name will allow you to add/remove fields in the attributes forms.
• Binary attributes are now supported. Adding a ^ to the end of the attribute name will allow you to choose a file to upload for that attribute. If the file's a JPEG then the image is displayed in the form.
• The user and group lists can be filtered, making it easy to find entries in long lists.
• Setting SHOW_POSIX_ATTRIBUTES to FALSE (the default) hides superfluous Posix-related fields, making the interface much simpler.
• Numerous bugfixes

Rat Catcher's Day Release

What's new?

• Base image upgraded to PHP 8
• You can now customise emails
• Fixes for working behind a proxy
• Can work without needing an internet connection
• Other tweaks and bug fixes

Attributes galore!

This release adds:

• The ability to specify which attribute is used to identify accounts - for example you can now choose to use cn (common name). This lets people use existing LDAP directories.

• The ability to specify additional objectClasses to use when creating accounts as well as any extra attributes to show in the form.

• An updated Dockerfile has been updated to allow builds on multiple architectures. ARM builds have been pushed to Docker Hub.

• The usual bugfixes and some feature requests.

This release removes:

• The Helm (Kubernetes) configuration. It was really out-of-date and I have no time to maintain them.

The Helm configuration files have been removed as they were really out-of-date and I

Christmas jingles

• Request accounts via email
• Send users an email when resetting the password
• Groups are listed on the user account list
• Auto-detect the RFC2307BIS schema
• Bug fixes
• Christmas