LAM 9.0 with security fix, usability updates and custom scripts enhancements

• New configuration file format for main configuration and server profiles (applied on save, old format can still be read)
• Unix users: allow to create group with same name via account profile (#332)
• Group of (unique) names, organisational roles: added member/owner count to PDF fields
• Windows: display password expiration date
• Usability improvements (342, 350, 372)
• LAM Pro:
  • Request access: added comment field for owners/approvers (339)
  • Custom scripts: support custom label for module (329)
  • Custom scripts: support grouping of manual scripts (329)
  • Custom scripts: allow interactive parameters for manual scripts (327)
  • Cron jobs: new script to run all types of cron jobs (runCronJobs.sh), the scripts cron.sh and cronGlobal.sh are deprecated
  • Docker: added option to run cron jobs (346)
  • Windows: use msDS-UserPasswordExpiryTimeComputed for password expiration job (387)
• Fixed bugs:
  • Security fix: Set arbitrary config values due to improper input validation for config values (GHSA-6cp9-j5r7-xhcc, CVE-2024-52792)
  • Windows: show more than 1000 LDAP entries when paged results is activated in server profile
  • WebAuthn: support DNs larger than 64 bytes (358)
  • Wildcard replacements do not work without switching to the module tab (379)

LAM 9.0.RC1 with usability updates and custom scripts enhancements

• New configuration file format for main configuration and server profiles (applied on save, old format can still be read)
• Unix users: allow to create group with same name via account profile (#332)
• Group of (unique) names, organisational roles: added member/owner count to PDF fields
• Windows: display password expiration date
• Usability improvements (342, 350, 372)
• LAM Pro:
  • Request access: added comment field for owners/approvers (339)
  • Custom scripts: support custom label for module (329)
  • Custom scripts: support grouping of manual scripts (329)
  • Custom scripts: allow interactive parameters for manual scripts (327)
  • Cron jobs: new script to run all types of cron jobs (runCronJobs.sh), the scripts cron.sh and cronGlobal.sh are deprecated
  • Docker: added option to run cron jobs (346)
  • Windows: use msDS-UserPasswordExpiryTimeComputed for password expiration job (387)
• Fixed bugs:
  • Windows: show more than 1000 LDAP entries when paged results is activated in server profile
  • WebAuthn: support DNs larger than 64 bytes (358)
  • Wildcard replacements do not work without switching to the module tab (379)

LAM 8.9 with extended request access module

• Windows user: support for room number and personal title (needs to be activated in module settings) (343, 344)
• Usability improvements (354)
• LAM Pro:
  • Custom scripts: added wildcard for server/self service profile name (325)
  • Self registration: added option to generate password
  • Request access: allow to define an expiration time for memberships/ownerships (284)
  • Request access: support additional group next to owners (300)
  • Request access: auto-refresh views (#324)
• Fixed bugs:
  • Unix users: error log messages on file upload

LAM 8.9.RC1 with extended request access module

• Windows user: support for room number and personal title (needs to be activated in module settings) (343, 344)
• Usability improvements (354)
• LAM Pro:
  • Custom scripts: added wildcard for server/self service profile name (325)
  • Self registration: added option to generate password
  • Request access: allow to define an expiration time for memberships/ownerships (284)
  • Request access: support additional group next to owners (300)
  • Request access: auto-refresh views (#324)
• Fixed bugs:
  • Unix users: error log messages on file upload

LAM 8.8 with enhanced request access module

• PHP 8.1 or higher required
• New module to manage SSH keys in AD/Samba 4 (using "altSecurityIdentities") (304)
• Samba 3: dropped support for LM password hashes (307)
• Personal: support locked password on file upload (322)
• Configuration: added filter for available account modules
• LAM Pro:
  • Request access: request data can be imported and exported as part of configuration (282)
  • Request access: added approveLink and rejectLink in approval mails (289)
  • Request access: added history (283)
  • Request access: allow to request group ownership (285)
• Fixed bugs:
  • Custom Fields: LDAP search select list - wrong value for empty option (334)
  • Windows user: "Password does not expire" option sent even when not modified (340)
  • Windows user: Do not add securityPrincipal object class for existing accounts (341)

LAM 8.8.RC1 with enhanced request access module

• PHP 8.1 or higher required
• New module to manage SSH keys in AD/Samba 4 (using "altSecurityIdentities") (304)
• Samba 3: dropped support for LM password hashes (307)
• Personal: support locked password on file upload (322)
• Configuration: added filter for available account modules
• LAM Pro:
  • Request access: request data can be imported and exported as part of configuration (282)
  • Request access: added approveLink and rejectLink in approval mails (289)
  • Request access: added history (283)
  • Request access: allow to request group ownership (285)
• Fixed bugs:
  • Custom Fields: LDAP search select list - wrong value for empty option (334)

LAM 8.7 with PHP 8.3 compatibility and passwordless SSO login for self service

• PHP 8.3 compatibility
• Mail attributes can be configured centrally in LAM's main configuration (273)
• LAM Pro:
  • Cron job to deactivate inactive accounts based on lastBind overlay data (265)
  • Request access: support Windows groups (266)
  • Request access: usability improvements (278, 279)
  • Self service: passwordless SSO login supported for Okta and OpenID
• Fixed bugs:
  • Security fix: Log file handling (GHSA-fm9w-7m7v-wxqv)
  • User self registration creates accounts only with SSHA hash (287)
  • PHP error when no FreeRadius profiles were found (302)
  • PHP notices (303)
  • Self service reports "Password is too young to change" (305)
  • Self service password reset does not set "shadowLastChange" when not set before (306)

LAM 8.7.RC1 with PHP 8.3 compatibility and passwordless SSO login for self service

• PHP 8.3 compatibility
• Mail attributes can be configured centrally in LAM's main configuration (273)
• LAM Pro:
  • Cron job to deactivate inactive accounts based on lastBind overlay data (265)
  • Request access: support Windows groups (266)
  • Request access: usability improvements (278, 279)
  • Self service: passwordless SSO login supported for Okta and OpenID
• Fixed bugs:
  • User self registration creates accounts only with SSHA hash (287)

LAM 8.6 with new "Request access" module for self service and Docker update

• LAM requires PHP 8.0.2 or later
• Docker: upgrade to Debian 12
• LAM Pro:
  • Request access: new module to allow users to request group memberships via self service
  • Custom scripts: support to specify the subtype of an account
  • Custom fields: Display groups in server profile as accordion (236)
  • PPolicy and Shadow cron jobs for password expiration notification: added option to ignore expiration warning time
• Fixed bugs:
  • Docker image contains Apache with vulnerabilities (2)

LAM 8.6.RC1 with new "Request access" module for self service and Docker update

• LAM requires PHP 8.0.2 or later
• Docker: upgrade to Debian 12
• LAM Pro:
  • Request access: new module to allow users to request group memberships via self service
  • Custom scripts: support to specify the subtype of an account
  • Custom fields: Display groups in server profile as accordion (236)
  • PPolicy and Shadow cron jobs for password expiration notification: added option to ignore expiration warning time