kanidm

mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00

Author	SHA1	Message	Date
Firstyear	002ab13698	Add code_challenge_methods_supported to OIDC discovery (#2525 )	2024-02-15 09:17:08 +10:00
Firstyear	7567514044	Release 1.1.0-rc.16 (#2483 )	2024-02-07 04:39:02 +00:00
Firstyear	cdbaefe23d	Fix for incorrect domain migration rollbacks (#2482 )	2024-02-07 13:11:55 +10:00
Firstyear	9050188b29	Add tools for remigration and domain level raising (#2481 )	2024-02-06 10:01:06 +00:00
Firstyear	ddea9c6699	Support SPN in groups claim (#2474 )	2024-02-06 03:56:04 +00:00
Firstyear	23cc2e7745	Fix RUV trim (#2466 ) Fixes two major issues with replication. The first was related to server refreshes. When a server was refreshed it would retain it's server unique id. If the server had lagged and was disconnected from replication and administrator would naturally then refresh it's database. This meant that on next tombstone purge of the server, it's RUV would jump ahead causing it's refresh-supplier to now believe it was lagging (which was not the case). In the situation where a server is refreshed, we reset the servers unique replication ID which avoids the RUV having "jumps". The second issue was related to RUV trimming. A server which had older RUV entries (say from servers that have been trimmed) would "taint" and re-supply those server ID's back to nodes that wanted to trim them. This also meant that on a restart of the server, that if the node had correctly trimmed the server ID, it would be re-added in memory. This improves RUV trimming by limiting what what compare and check as a supplier to only CID's that are within the valid changelog window. This itself presented challenges with "how to determine if a server should be removed from the RUV". To achieve this we now check for "overlap" of the RUVS. If overlap isn't occurring it indicates split brain or node isolation, and replication is stopped in these cases.	2024-02-02 15:38:45 +10:00
Firstyear	d42268269a	20240125 2217 client credentials grant (#2456 ) * Huge fix of a replication problem. * Update test * Increase min replication level * Client Credentials Grant implementation	2024-02-01 02:00:29 +00:00
Firstyear	86916a3d87	Return sshkey label to cli fields (#2440 ) * Return ssh label to cli fields	2024-01-20 17:17:57 +10:00
Firstyear	b1e7cb13a5	Add rfc8414 metadata (#2434 )	2024-01-19 04:14:52 +00:00
Firstyear	8e4980b2c1	Add test for delete referer invalid (#2435 ) When a delete of an entry occurs which is reference by another entry, if the entry has a MUST schema condition on the deleted entry then the delete should be blocked to prevent the entries structure becoming invalid.	2024-01-19 02:18:11 +00:00
Firstyear	8dc884f38e	2390 1980 allow native applications (#2428 )	2024-01-16 10:44:12 +10:00
Firstyear	a1fa59b83c	Clean RUV (#2424 )	2024-01-12 09:43:20 +10:00
Firstyear	666448f787	Upgrade replication to use anchors (#2423 ) * Upgrade replication to use anchors	2024-01-10 04:46:08 +00:00
Firstyear	e9340c682e	Use case insensitive match on substrings in line with ldap (#2419 )	2024-01-06 15:52:21 +10:00
Firstyear	cc79b2a205	20231222 piv authentication (#2398 ) Foundations of PIV authentication	2023-12-29 23:15:26 +00:00
Firstyear	7f27a6fcd9	Force apply idm migrations to apply access controls (#2401 )	2023-12-28 12:24:29 +10:00
Firstyear	fd71a748ca	Add improved domain migration framework and default MFA (#2382 )	2023-12-21 14:44:20 +10:00
Firstyear	3408816932	Add DN as a virtual ldap attr (#2379 )	2023-12-19 15:07:19 +10:00
James Hodgkinson	a4c44bc5f9	fixing default for oauth2 request_parameter_supported metadata (#2378 )	2023-12-19 11:56:47 +10:00
Firstyear	5c445a4704	20231218 ipa sync unix password (#2374 ) * Add support for importing the users password as unix password	2023-12-18 11:20:37 +10:00
Firstyear	d09c2448ff	1481 2024 access control rework (#2366 ) Rework default access controls to better separate roles and access profiles.	2023-12-17 23:10:13 +00:00
Firstyear	854b696532	249 2024 managed by syntax (#2359 ) Allows hierarchial entry management rules.	2023-12-07 10:00:09 +00:00
Firstyear	4bd5d584cb	20231204 ipa sync minor improvements (#2357 )	2023-12-04 16:58:15 +10:00
Firstyear	76269f9de2	20231129 webauthn attestation (#2351 ) This adds full support for attestation of webauthn/passkeys.	2023-12-03 06:13:52 +00:00
James Hodgkinson	9a464c653c	Using proper axum http headers lib for compatibility (#2348 )	2023-12-01 08:55:51 +10:00
Firstyear	cbdbaa8fe0	Bearer should send with same caps we accept (#2345 )	2023-11-30 09:25:34 +10:00
Firstyear	31b939fca3	20231128 freeipa migration (#2338 ) * Add more weak password formats for freeipa * Verification of freeipa migration from older ipa versions	2023-11-29 10:43:15 +10:00
Firstyear	ac299b5286	Update to the latest compact-jwt version (#2331 )	2023-11-24 02:53:22 +00:00
James Hodgkinson	916bb4ec04	Adding env var configs for the server (#2329 ) * env var config for server * I am my own clippy now * Man, that got complicated quick	2023-11-24 01:27:49 +00:00
Firstyear	bb8914c70d	20231120 2320 sssd compat (#2328 )	2023-11-22 10:18:03 +10:00
Firstyear	b71b0460f3	Add test (#2323 )	2023-11-19 21:56:19 +10:00
James Hodgkinson	2be287c1ff	OAuth2 scopes validation logging missing details (#2317 ) * OAuth2 scopes validation logging missing details - Fixes #2316 * clippy was mad	2023-11-17 16:08:08 +10:00
Firstyear	47bcea7708	20231109 1122 credential class (#2300 ) * Add CredentialType for acc pol * Reword ui hints * Finish account policy * Clean up artefacts	2023-11-11 09:26:44 +10:00
James Hodgkinson	60e5935faa	Moving daemon tracing to OpenTelemetry (#2292 ) * sally forth into the great otel unknown * make the build env identification slightly more durable * docs updates * wasm recompile	2023-11-09 05:15:12 +00:00
Firstyear	b7852d1d71	pw min length in account policy (#2289 )	2023-11-05 10:33:25 +10:00
James Hodgkinson	b9d47fe8f7	oauth2 typo (#2290 )	2023-11-04 06:45:40 +00:00
Firstyear	9e5449a644	Minor improvements to incoming replication (#2279 )	2023-11-02 01:21:21 +00:00
Allan	dbf476fe5e	Remove unused imports and clippy lint (#2276 ) * Fix unused import errors * Apply clippy get_first lint * Add contributor --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-11-01 05:54:29 +00:00
Samuel Cabrero	c3c0b5f459	Rework ldap bind routine (#2268 ) Signed-off-by: Samuel Cabrero <scabrero@suse.de>	2023-11-01 15:09:22 +10:00
James Hodgkinson	ef96ca6aa1	started writing docs and ended up in another rabbit hole (#2267 ) * started writing docs and ended up in another rabbit hole * updoots * dangit fedora	2023-10-31 19:15:35 +10:00
William Brown	ecc46bb015	Add book chapter + cli	2023-10-28 13:07:06 +10:00
NavinShrinivas	b80a3b271c	Cargo fmt and clippy checks Signed-off-by: NavinShrinivas <karupal2002@gmail.com>	2023-10-28 13:07:06 +10:00
NavinShrinivas	12ea1c8702	Restrict posix passwords on ldap bind with config Signed-off-by: NavinShrinivas <karupal2002@gmail.com>	2023-10-28 13:07:06 +10:00
Samuel Cabrero	99ba97088d	cargo fmt + clippy (#2241 ) Signed-off-by: Samuel Cabrero <scabrero@suse.de>	2023-10-27 04:40:24 +00:00
Firstyear	afe9d28754	20231019 1122 account policy basics (#2245 ) --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-10-22 11:16:42 +00:00
Firstyear	6ff9082fd2	20231014 account policy (#2218 ) * Start to prep for unix+ssh keys in credupdate session	2023-10-19 01:40:06 +00:00
James Hodgkinson	6850a17e8c	Windows build fixes and test coverage (#2220 ) * adding testing for users functions * turning KanidmClient build error into a ClientError * removing a redundant closure	2023-10-17 07:18:07 +00:00
James Hodgkinson	f28d5cef22	OpenAPI/swagger docs autogen (#2175 ) * always be clippyin' * pulling oauth2 api things out into their own module * starting openapi generation	2023-10-14 12:39:14 +10:00
Firstyear	8bcf1935a5	20231012 346 name deny list (#2214 ) * Migrate to improved system config reload, cleanup acc pol * Denied names feature	2023-10-13 08:50:36 +10:00
Firstyear	fbc62ea51e	fix RUV on startup, improve filter output (#2211 )	2023-10-11 21:14:27 +10:00

1 2 3 4

160 commits