All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- [#77] Use
ldapas component name- This removes duplications in the name of the umbrella
lop-idpcomponent
- This removes duplications in the name of the umbrella
- [#77] Make PVC resizes possible
- [#69] Release LDAP additionally as a Helm-based component for usage in LOP-IdP.
- Add component chart resources (
Chart.yaml,values.yaml, StatefulSet, Service, ConfigMap, component patch template). - Add configurable service-account Secret support for
cas(RW),usermgt(RW), andldapMapper(RO), including startup reconciliation.
- Add component chart resources (
- [#71] Add migration of ldap-data from dogu to component
- [#69] Consolidate build and development workflow into one central
Makefilewith dedicated dogu and component targets. - [#69] Extend Jenkins pipeline with component build, test, k3d smoke test, and release publishing stages (component image and chart).
- [#69] Replace
crondwithsupercronicfor password-change notification scheduling to support non-root runtime. - [#69] Send password-change notification mails without
mailuser/revaliases; sender is configured directly via config values.
- [#73] Upgrade base-image to 3.23.3-5
- [#73] Fixed CVE-2026-22184
- [#59] Upgrade OpenLDAP to v2.6.10-r0
- [#65] Upgrade base-image to 3.23.3-4
- This fixes a bug in doguctl, to not check the local config if volume is not mounted.
- [#63] Upgrade base-image to 3.23.3-3
- [#63] Update doguctl to v0.15.0 to fix CVE-2025-61732 and CVE-2025-68121.
- [#61] CVE fixed: cve-2025-15467
- [#61] update base image to v3.23.2-2
- [#55] Set sensible resource requests and limits
- [#53] Added missing config keys to dogu descriptor. This is to distinguish dogu config from local config during the migration to multinode.
- Volume for local config
- Consistently use doguctl to retrieve
openldap_suffixinstead of hardcoding it in some cases.
- [#51] Added config to adjust the maximum size of the database
- Upgrade base-image to v3.21.0-1
- Upgrade base-image to v3.20.3-3
- openldap is updated to v2.6.8
- Upgrade Makefile Version to v9.3.2
- Upgrade dogu-build-lib to v3.0.0
- Upgrade ces-build-lib to v3.1.0
- Relicense to AGPL-3.0-only
- [#45] Upgrade base-image to v3.20.2-1
- this release closes CVE-2024-41110
- [#42] Update Base Image to v3.20.1-2
- this release closes the following CVEs
- CVE-2024-24788
- CVE-2024-24789
- CVE-2024-24790
- update base image to 3.20.1-1 to update
doguctlto 0.11.0 (#42)- openldap is updated to 2.6.7 due to alpine base image upgrade
- Add "openldap-overlay-sssvlv" for server-side-sorting and virtual-list-views
- Added a configuration key to change how many users a single search operation can retrieve at once (#34)
cespersonobjectClass which allows an entry to have an external attribute (#35)
- Update makefiles to 7.10.0
- Update dogu-build-lib to 2.2.0
- Update ces-build-lib to 1.64.0
- Upgrade base image to 3.15.8-1 to fix
curlCVEs (#33)
- Prevent ldapsearch results from being cut after 79 characters (#31)
- Make sure socket path exists and use default socket path for ldap connections at dogu startup as it was before 2.6.2-1
- Move migration logic from startup script to
post-upgrade.sh
- Fixed hard to repair state of ldap dogu when upgrading from 2.4.48-3 => 2.4.58-3 => 2.6.2-x (#29)
- Make sure that all parts of the password policy are installed correctly at each startup (#29)
THIS VERSION HAS BEEN REMOVED FROM REGISTRY. IT MAY CAUSES ERRORS THAT ARE HARD TO FIX
- Upgrade base image to 3.15.3-1
- Upgrade OpenLDAP to v2.6.2.-r0
- Added conversion database format from old hdb to mdb format
- Removed ppolicy schema due to deprecated status
- slapd socket connections corrected
- After updating from version 2.4.48-3, the Dogu ran into an error the first time it was started and then restarted (#26)
- After updating from version 2.4.48-3, the password policy was not available (#26)
- an e-mail notification whenever a users password has been changed by anyone (#21)
- a default password policy (#14)
- This password policy is kept minimalistic. Only the setting of a flag for a mandatory resetting of the password is configured.
- By setting the attribute
PwdResettotruefor a user, he/she must change his/her password when logging in. - For detailed information on the password policy, see password policy documentation
- During the first installation or during an installation after a
purge, the Dogu did not start if no value is stored for the admin user in the etcd (key/config/ldap/admin_mail/). (#19)
- fix service account creation and deletion with the generation of ldap and slapd config at every dogu start #17
- Upgrade to ldap 2.4.58
- Upgrade base image to 3.14.3-1
- Upgrade zlib to fix CVE-2018-25032; #15
- volume
/etc/openldap/slapd.dto store slapd configuration data (#4)
- missing template information for the remove service accounts command
- command to remove service accounts
- upgrade to OpenLDAP 2.4.48
- change user's e-mail address to be unique in the LDAP directory (#8)
- existing user data are kept without change, even those with non-unique e-mail addresses
- updating a person's directory entry will lead to an error
some attributes not uniqueif the (non-unique) e-mail address is supposed to be kept
- Added more dogu build safety via CI/CD
- Added modular makefiles
- Added automated release
- Added upgrade dogu step in Jenkinsfile