All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
2.0.1 - 2019-07-16
- For every authentication or token review request a new ldap connection is used, instead using a single connection for all requests. This resolves problems where the single connection went unresponsive (gyselroth#27).
2.0.0 - 2019-06-12
- Prometheus exporter on route "/metrics" (basic auth protected)
- BREAKING: Extra-Attributes and groups are now no longer included in the JWT issued after user authentication. Extra-Attributes and group memberships are now resolved during the token review and are included in the token review response
- Internal: Use ldapts instead of ldapjs as ldap library
- Fix membership resolution for ldap objects without any membership
- BREAKING: LDAP StartTLS is no longer supported
- BREAKING: LDAP reconnect logic (now there's a new connection for every request)
1.3.0 - 2019-01-07
- Failed authentication sends a WWW-Authenticate header in the HTTP response
- Default loglevel is now info (was debug)
- Update node to latest 8.x LTS in docker image
- LDAP related logging
- Configuration parameter whether to use StartTLS for LDAP or not (enabled by default).
- Single group memberships are returned as a string (instead of an array) by LDAP in some cases and broke the membership resolution. This is now handled correctly.
- Fixed units in README for LDAP reconnect config parameters.
1.2.1 - 2018-07-19
- LDAP reconnect logic (with configurable parameters)
1.2.0 - 2018-04-20
- Configuration parameters for LDAP connection and operation timeouts.
- Configurable mapping between LDAP and kubernetes attributes.
1.1.0 - 2018-03-27
- TLS (HTTPS) support (enabled by default).
- Log error if a DN is not in a canonicalizable format.
1.0.0 - 2018-03-27
- Initial key functionality