kanidm

mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00

Author	SHA1	Message	Date
Firstyear	6065f2db60	Add rfc7009 and rfc7662 metadata to oidc discovery (#3046 )	2024-09-17 03:35:43 +00:00
Firstyear	d3891e301f	20240810 SCIM entry basic (#3032 )	2024-09-12 12:53:43 +10:00
Firstyear	f053ff7fba	CreatedAt/ModifiedAt fix (#3034 ) * fix(repl): CreatedAt/ModifiedAt attributes	2024-09-12 11:42:16 +10:00
Firstyear	938ad90f3b	20240906 Attribute as an Enum Type (#3025 ) Changes attribute from a string to an enum - this provides many performance improvements and memory savings throughout the server.	2024-09-09 00:53:10 +00:00
Firstyear	95fc6fc5bf	20240828 Support Larger Images, Allow Custom Domain Icons (#3016 ) Allow setting custom domain icons.	2024-09-05 04:19:27 +00:00
Firstyear	e5a5de8de3	MemberOf in search implies DirectMemberOf (#3024 )	2024-09-04 22:19:40 +10:00
Firstyear	0fac1f301e	20240820 SCIM value (#2992 ) Add the basics of scim value serialisation to entries.	2024-08-29 11:38:00 +10:00
James Hodgkinson	3eae7be0bb	OAuth2 Token Type (#3008 ) * fix(OAuth2): Invalid `token_type` for token introspection Fixes #3005 * fix(aut): `assert_eq` instead of `assert ==` * fix(OAuth2): IANA registry access token types * fix(OAuth2): deserialize case insensitively	2024-08-25 23:30:20 +00:00
Firstyear	c8b9ff3274	Spattering of oauth2 stuff (#3000 ) * fix(oauth2): refresh scope constraints	2024-08-24 14:02:16 +10:00
Firstyear	77938ed85f	Add missing group for application admin (#2991 )	2024-08-21 16:58:31 +10:00
James Hodgkinson	7c3deab2c4	enforcen den clippen (#2990 ) * enforcen den clippen * updating outdated oauth2-related docs * sorry clippy, we tried	2024-08-21 00:32:56 +00:00
Firstyear	fbfea05c6c	20240817 group mail acp (#2982 )	2024-08-21 09:59:50 +10:00
Firstyear	239f4594dd	20240810 application passwords (#2968 ) Add the server side components for application passwords. This adds the needed datatypes and handling via the ldap components. Admin tools will be in a follow up PR. Signed-off-by: Samuel Cabrero <scabrero@suse.de> Co-authored-by: Samuel Cabrero <scabrero@suse.de>	2024-08-20 06:44:37 +00:00
dependabot[bot]	9f4cc984db	Bump the all group with 17 updates (#2986 ) * Bump the all group with 17 updates \| Package \| From \| To \| \| --- \| --- \| --- \| \| [clap](https://github.com/clap-rs/clap) \| `4.5.15` \| `4.5.16` \| \| [clap_complete](https://github.com/clap-rs/clap) \| `4.5.14` \| `4.5.18` \| \| [concread](https://github.com/kanidm/concread) \| `0.5.2` \| `0.5.3` \| \| [js-sys](https://github.com/rustwasm/wasm-bindgen) \| `0.3.69` \| `0.3.70` \| \| [ldap3_client](https://github.com/kanidm/ldap3) \| `0.5.0` \| `0.5.1` \| \| [ldap3_proto](https://github.com/kanidm/ldap3) \| `0.5.0` \| `0.5.1` \| \| [libc](https://github.com/rust-lang/libc) \| `0.2.155` \| `0.2.157` \| \| [lodepng](https://github.com/kornelski/lodepng-rust) \| `3.10.4` \| `3.10.5` \| \| [serde](https://github.com/serde-rs/serde) \| `1.0.206` \| `1.0.208` \| \| [serde_json](https://github.com/serde-rs/json) \| `1.0.124` \| `1.0.125` \| \| [syn](https://github.com/dtolnay/syn) \| `2.0.74` \| `2.0.75` \| \| [tokio](https://github.com/tokio-rs/tokio) \| `1.39.2` \| `1.39.3` \| \| [wasm-bindgen](https://github.com/rustwasm/wasm-bindgen) \| `0.2.92` \| `0.2.93` \| \| [wasm-bindgen-futures](https://github.com/rustwasm/wasm-bindgen) \| `0.4.42` \| `0.4.43` \| \| [wasm-bindgen-test](https://github.com/rustwasm/wasm-bindgen) \| `0.3.42` \| `0.3.43` \| \| [web-sys](https://github.com/rustwasm/wasm-bindgen) \| `0.3.69` \| `0.3.70` \| \| [tower](https://github.com/tower-rs/tower) \| `0.4.13` \| `0.5.0` \| Updates `clap` from 4.5.15 to 4.5.16 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.15...clap_complete-v4.5.16) Updates `clap_complete` from 4.5.14 to 4.5.18 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.14...clap_complete-v4.5.18) Updates `concread` from 0.5.2 to 0.5.3 - [Commits](https://github.com/kanidm/concread/commits) Updates `js-sys` from 0.3.69 to 0.3.70 - [Release notes](https://github.com/rustwasm/wasm-bindgen/releases) - [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustwasm/wasm-bindgen/commits) Updates `ldap3_client` from 0.5.0 to 0.5.1 - [Changelog](https://github.com/kanidm/ldap3/blob/master/RELEASE_NOTES.md) - [Commits](https://github.com/kanidm/ldap3/commits) Updates `ldap3_proto` from 0.5.0 to 0.5.1 - [Changelog](https://github.com/kanidm/ldap3/blob/master/RELEASE_NOTES.md) - [Commits](https://github.com/kanidm/ldap3/commits) Updates `libc` from 0.2.155 to 0.2.157 - [Release notes](https://github.com/rust-lang/libc/releases) - [Changelog](https://github.com/rust-lang/libc/blob/0.2.157/CHANGELOG.md) - [Commits](https://github.com/rust-lang/libc/compare/0.2.155...0.2.157) Updates `lodepng` from 3.10.4 to 3.10.5 - [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.4...v3.10.5) Updates `serde` from 1.0.206 to 1.0.208 - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.206...v1.0.208) Updates `serde_json` from 1.0.124 to 1.0.125 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.124...1.0.125) Updates `syn` from 2.0.74 to 2.0.75 - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/2.0.74...2.0.75) Updates `tokio` from 1.39.2 to 1.39.3 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.39.2...tokio-1.39.3) Updates `wasm-bindgen` from 0.2.92 to 0.2.93 - [Release notes](https://github.com/rustwasm/wasm-bindgen/releases) - [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustwasm/wasm-bindgen/compare/0.2.92...0.2.93) Updates `wasm-bindgen-futures` from 0.4.42 to 0.4.43 - [Release notes](https://github.com/rustwasm/wasm-bindgen/releases) - [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustwasm/wasm-bindgen/commits) Updates `wasm-bindgen-test` from 0.3.42 to 0.3.43 - [Release notes](https://github.com/rustwasm/wasm-bindgen/releases) - [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustwasm/wasm-bindgen/commits) Updates `web-sys` from 0.3.69 to 0.3.70 - [Release notes](https://github.com/rustwasm/wasm-bindgen/releases) - [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustwasm/wasm-bindgen/commits) Updates `tower` from 0.4.13 to 0.5.0 - [Release notes](https://github.com/tower-rs/tower/releases) - [Commits](https://github.com/tower-rs/tower/compare/tower-0.4.13...tower-0.5.0) --- updated-dependencies: - dependency-name: clap dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: clap_complete dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: concread dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: js-sys dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: ldap3_client dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: ldap3_proto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: libc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: lodepng dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: syn dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: wasm-bindgen dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: wasm-bindgen-futures dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: wasm-bindgen-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: web-sys dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: tower dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * updates to source/packages * making the nightly build happy * making the nightly build happy * making the nightly build happy --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2024-08-19 23:22:23 +10:00
Firstyear	36b6fda787	Mail substr index (#2981 )	2024-08-18 02:49:24 +00:00
cuberoot74088	eee2df8894	Improve migration error message (#2959 ) In this migration we have checked for legacy security_keys and not gid. This makes it easier for users to understand what the issue is.	2024-08-08 21:43:03 +00:00
James Hodgkinson	d512954fe6	Docker-and-docs-fixes (#2954 ) * removing VOLUME entry from server container * link fixing * link fixing in docs	2024-08-05 00:27:45 +00:00
Firstyear	3ae8453375	In honour of SebaT, error on db lock acq timeout (#2947 )	2024-08-02 09:29:46 +10:00
Firstyear	1fbe65b351	Add measurement of lock acquisition (#2946 )	2024-08-01 01:43:55 +00:00
Firstyear	329750981e	Update to 1.4.0-dev (#2943 )	2024-08-01 00:02:11 +10:00
James Hodgkinson	2a7a009482	clippying all the things (#2931 ) * clippying all the things	2024-07-26 07:02:37 +00:00
Firstyear	21d3f82aa1	Add scim proto to kanidm, refactor to improve serde performance. (#2933 )	2024-07-26 15:54:28 +10:00
James Hodgkinson	e1a1bff94d	Docs rework (#2919 ) * more markdowny linty things * Fixes #2572 by replacing mdbook-template with github-flavoured and more markdowny alerts	2024-07-23 02:21:56 +00:00
Firstyear	da7ed77dfa	Substring Indexing (#2905 )	2024-07-20 03:12:49 +00:00
Firstyear	c7fcdc3e4e	Strict redirect URL enforcement (#2917 ) Add strict OAuth2 URL enforcement per the RFC. This includes a transition process for the next release so that Admins can come into compliance.	2024-07-20 02:09:50 +00:00
Alin Trăistaru	562f352516	fix typos (#2908 ) * fix typos and misspellings * use proper capitalization * Apply suggestions from code review --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2024-07-18 03:22:20 +00:00
James Hodgkinson	eddec88429	making the internals of kanidmclientconfig public for other users (#2895 ) * making the internals of kanidmclientconfig public for other users * clippyisms	2024-07-15 10:28:23 +00:00
Firstyear	d0e57442d2	Tidy up replication poll interval (#2883 )	2024-07-15 06:16:24 +00:00
Firstyear	a4a06c1172	Add a migration for future versions that will notify and warn about the removal of security keys. (#2885 )	2024-07-12 02:19:43 +00:00
Firstyear	5af33ade0a	Update mtls cert lifetime (#2886 )	2024-07-10 21:35:24 +00:00
Firstyear	b1480e36f0	20240703 htmx (#2870 ) Complete the remainder of the HTMX rewrite of the login page.	2024-07-07 03:36:47 +00:00
Merlijn	4795541719	Offer configuration of images for Oauth2 resources (#2665 )	2024-07-06 12:25:55 +10:00
Firstyear	f9a77ee1f3	2818 2511 oauth2 urls (#2867 ) * Allow multiple origins * Docs * Capitalization 'n stuff --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2024-07-05 23:17:26 +00:00
Firstyear	10e15fd6b3	20240613 performance improvements (#2844 ) Thanks to @Seba-T's work with Orca, we were able to identify a number of performance issues in certain high load conditions. This commit contains fixes for the following issues * Unbounded Memory Growth - due to how ARCache works, to maintain temporal consistency it must retain copies of keys (not values) in a special data set for tracking. The Filter Resolve Cache was using unresolved filters as keys. This caused memory explosions when refint or memberof were updating a group with a large number of members because they would emit a query with hundreds of filter terms that would only be used once and never again, causing the ARCache haunted set to grow without bound. To limit this, we no longer cache large/complex queries for resolution, and in future we may implement some other methods to reduce this like sha256/hmac of the queries. * When creating a new account, dyngroups would be engaged to add the account as a member due to the matching scope. However the change to the dyngroup was triggering an update of all the dyngroups members related memberof attributes. This would mean that adding an account would trigger every other account to be loaded an updated. * When memberof would iterate over leaf entries and update them one at a time. This mean a large number of small fragmented queries in the case of a lot of leaf entries being updated. Now leaf entries are updated in a single stripe once groups are stabilised. * Member of would always trigger it's members to always update. Instead, we should only update members where a difference is observed, or all members if the group's memberof itself has changed since this needs to propogate to all leaf entries. This significantly reduces the amount of writes and operations to examine the changed member of set. * Referential integrity would examine all reference uuids on entries for validity rather than just the reference uuids that were altered within the transaction. This change means that only uuids that were added are validated during an operation. * During async write backs (delayed actions) these were performed one at a time. Instead, when possible this should be done in a single transaction as the write transaction caches all writes in memory until the commit meaning that by batching we reduce overall latency. * In the server there can only be one write transaction and many readers. These are guarded by tokio semaphores that act as fair queues - first in gets the lock next. Due to the design of the server readers would be blocked on the database semaphore, and writers would block on the write semaphore and THEN the database semaphore. This arrangement was creating a situation which unfairly advantaged readers over writers, as any write would first have to become the head of it's queue, and then compete with all readers to access a db transaction. Instead, we now have a reader semaphore with size threads minus 1, clamped at a minimum of 1. This means that provided there are two or more threads, then a writer will always have a database handle available, and readers will pre-queue with each other before queueing on the db ticket. If there is only one thread, then writes and reads will alternate between each other fairly.	2024-06-20 02:50:00 +00:00
Joshua M. Clulow	e591b5f2cc	illumos support (#2838 ) * disable mimalloc on illumos, in part because it immediately segfaults, but also because we prefer libumem and link it into all Rust binaries * switch from fs2 (unmaintained crate) to fs4 which provides the same interface and has wider platform support	2024-06-15 05:20:11 +00:00
Firstyear	9c4e8bb90a	20240611 performance (#2836 ) While basking under the shade of the coolabah tree, I was overcome by an intense desire to improve the performance and memory usage of Kanidm. This pr reduces a major source of repeated small clones, lowers default log level in testing, removes some trace fields that are both large and probably shouldn't be traced, and also changes some lto settings for release builds.	2024-06-12 16:48:49 -07:00
Firstyear	bd6d9284c0	20240607 2417 piv (#2829 ) Add some more ground work for future PIV/x509 authentication.	2024-06-11 00:54:57 +00:00
Firstyear	f39dd7d7a2	Add development taint flag to prevent mismatch of server versions (#2821 ) * Add development taint flag to prevent mismatch of server versions * Update server/lib/src/constants/schema.rs --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2024-06-07 09:53:30 +10:00
James Hodgkinson	b074330ac5	lowering "access search" security log levels (#2819 ) They were very, very noisy, now they're only debug-noisy.	2024-06-06 11:07:23 +10:00
James Hodgkinson	3c01a96348	Better WebAuthn and other error responses (#2608 )	2024-06-05 09:57:16 +10:00
Firstyear	2c0ff46a32	20240530 nightly warnings (#2806 ) * Cleaneup * Lots of ram saving	2024-05-30 20:22:19 +10:00
Firstyear	a8b9dc8ee8	2756 - resolve invalid loading of dyngroups at startup (#2779 ) * 2756 - resolve invalid loading of dyngroups at startup * Add a "patch level" migration for domain one shot fixes	2024-05-28 02:12:44 +00:00
James Hodgkinson	1d0a606e69	WIP: serialization and domain info setting wonkiness (#2791 )	2024-05-28 11:49:30 +10:00
Tobias Krischer	814380a7f4	feat: add support for ldap compare request (#2780 )	2024-05-25 08:28:52 +10:00
Firstyear	1e1414b38b	Add ACP checking to exists operations. (#2790 )	2024-05-24 13:28:01 +10:00
Firstyear	3723abb25d	Allow name write privileges to be withheld (#2773 )	2024-05-23 15:58:49 +10:00
Firstyear	c1235a7186	Check for same version with backup/restore (#2789 )	2024-05-23 01:48:37 +00:00
Firstyear	1e4f6e85ca	Revive Cookies. (#2788 ) * Revive Cookies. * change from tikv-jemalloc to mimalloc.	2024-05-23 00:45:42 +00:00
Firstyear	39ac38e266	Update our domain TGT level (#2776 )	2024-05-17 16:06:14 +10:00
James Hodgkinson	7964f55d59	strip out some debug messages unless really debugging. (#2767 ) * kanidm cli logs on debug level - Fixes #2745 * such clippy like wow * It's important for a wordsmith to know when to get its fixes in. * updootin' wasms	2024-05-14 14:56:55 +10:00

1 2 3 4 5

236 commits