mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1823 commits 17 branches 59 tags 246 MiB
Commit graph

170 commits

Author SHA1 Message Date
Firstyear 3760951b6d
Add domain version test framework (#2576) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-28 21:04:33 +00:00
Firstyear fbc021f487
20240221 2489 cleanup api v1 (#2573) 2024-02-27 09:25:02 +00:00
James Hodgkinson 4096b8f02d
Changing to allow startup without a config file (#2582) 
* Changing to allow startup without a config file, using environment variables
 2024-02-27 15:40:00 +10:00
Firstyear adb575947f
Adjust output of claim maps for better parsing (#2566) 
* Adjust output of claim maps for better parsing
* Update python tests for OAuth2 bits
* fixing workflows for container builds

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-26 13:33:32 +10:00
Sebastiano Tocci d3af1a9e1b
improved error description for commit_credential_update (#2579) 2024-02-24 00:18:38 +00:00
Firstyear 3bf16d4253
Make /status less noisy (#2574) 2024-02-22 17:34:46 +10:00
Firstyear 752bdf7578
Add system range protection (#2565) 2024-02-21 23:27:37 +10:00
James Hodgkinson 4efdb7208f
of course I started looking at clippy things and now I can't stop (#2560) 2024-02-21 00:52:10 +00:00
Firstyear 68d788a9f7
20240216 308 resource limits (#2559) 
This adds account policy based resource limits to control the maximum
number of entries that an account may query
 2024-02-21 00:15:43 +00:00
James Hodgkinson 097db70c3d
prctl compile-time fixes, also chasing lints (#2558) 
* fixing up error handling for prctl calls
* minor clippy lintypoos
* making clippy happier
* clippizing a test
* more clippy-calming
* adding tpm-udev to ubuntu flows for testing
* rebuilt wasm
* moving from rg to grep because someone doesn't like nice things
* such clippy like wow
* clippy config to the rescue
 2024-02-20 18:21:33 +10:00
Firstyear 002ab13698
Add code_challenge_methods_supported to OIDC discovery (#2525) 2024-02-15 09:17:08 +10:00
Firstyear 7567514044
Release 1.1.0-rc.16 (#2483) 2024-02-07 04:39:02 +00:00
Firstyear cdbaefe23d
Fix for incorrect domain migration rollbacks (#2482) 2024-02-07 13:11:55 +10:00
Firstyear 9050188b29
Add tools for remigration and domain level raising (#2481) 2024-02-06 10:01:06 +00:00
Firstyear ddea9c6699
Support SPN in groups claim (#2474) 2024-02-06 03:56:04 +00:00
Firstyear 23cc2e7745
Fix RUV trim (#2466) 
Fixes two major issues with replication.

The first was related to server refreshes. When a server was refreshed it would retain it's server unique id. If the server had lagged and was disconnected from replication and administrator would naturally then refresh it's database. This meant that on next tombstone purge of the server, it's RUV would jump ahead causing it's refresh-supplier to now believe it was lagging (which was not the case).

In the situation where a server is refreshed, we reset the servers unique replication ID which avoids the RUV having "jumps".

The second issue was related to RUV trimming. A server which had older RUV entries (say from servers that have been trimmed) would "taint" and re-supply those server ID's back to nodes that wanted to trim them. This also meant that on a restart of the server, that if the node had correctly trimmed the server ID, it would be re-added in memory.

This improves RUV trimming by limiting what what compare and check as a supplier to only CID's that are within the valid changelog window. This itself presented challenges with "how to determine if a server should be removed from the RUV". To achieve this we now check for "overlap" of the RUVS. If overlap isn't occurring it indicates split brain or node isolation, and replication is stopped in these cases.
 2024-02-02 15:38:45 +10:00
Firstyear d42268269a
20240125 2217 client credentials grant (#2456) 
* Huge fix of a replication problem.
* Update test
* Increase min replication level
* Client Credentials Grant implementation
 2024-02-01 02:00:29 +00:00
Firstyear 86916a3d87
Return sshkey label to cli fields (#2440) 
* Return ssh label to cli fields
 2024-01-20 17:17:57 +10:00
Firstyear b1e7cb13a5
Add rfc8414 metadata (#2434) 2024-01-19 04:14:52 +00:00
Firstyear 8e4980b2c1
Add test for delete referer invalid (#2435) 
When a delete of an entry occurs which is reference by another entry,
if the entry has a MUST schema condition on the deleted entry then the
delete should be blocked to prevent the entries structure becoming
invalid.
 2024-01-19 02:18:11 +00:00
Firstyear 8dc884f38e
2390 1980 allow native applications (#2428) 2024-01-16 10:44:12 +10:00
Firstyear a1fa59b83c
Clean RUV (#2424) 2024-01-12 09:43:20 +10:00
Firstyear 666448f787
Upgrade replication to use anchors (#2423) 
* Upgrade replication to use anchors
 2024-01-10 04:46:08 +00:00
Firstyear e9340c682e
Use case insensitive match on substrings in line with ldap (#2419) 2024-01-06 15:52:21 +10:00
Firstyear cc79b2a205
20231222 piv authentication (#2398) 
Foundations of PIV authentication
 2023-12-29 23:15:26 +00:00
Firstyear 7f27a6fcd9
Force apply idm migrations to apply access controls (#2401) 2023-12-28 12:24:29 +10:00
Firstyear fd71a748ca
Add improved domain migration framework and default MFA (#2382) 2023-12-21 14:44:20 +10:00
Firstyear 3408816932
Add DN as a virtual ldap attr (#2379) 2023-12-19 15:07:19 +10:00
James Hodgkinson a4c44bc5f9
fixing default for oauth2 request_parameter_supported metadata (#2378) 2023-12-19 11:56:47 +10:00
Firstyear 5c445a4704
20231218 ipa sync unix password (#2374) 
* Add support for importing the users password as unix password
 2023-12-18 11:20:37 +10:00
Firstyear d09c2448ff
1481 2024 access control rework (#2366) 
Rework default access controls to better separate roles and access profiles.
 2023-12-17 23:10:13 +00:00
Firstyear 854b696532
249 2024 managed by syntax (#2359) 
Allows hierarchial entry management rules.
 2023-12-07 10:00:09 +00:00
Firstyear 4bd5d584cb
20231204 ipa sync minor improvements (#2357) 2023-12-04 16:58:15 +10:00
Firstyear 76269f9de2
20231129 webauthn attestation (#2351) 
This adds full support for attestation of webauthn/passkeys.
 2023-12-03 06:13:52 +00:00
James Hodgkinson 9a464c653c
Using proper axum http headers lib for compatibility (#2348) 2023-12-01 08:55:51 +10:00
Firstyear cbdbaa8fe0
Bearer should send with same caps we accept (#2345) 2023-11-30 09:25:34 +10:00
Firstyear 31b939fca3
20231128 freeipa migration (#2338) 
* Add more weak password formats for freeipa
* Verification of freeipa migration from older ipa versions
 2023-11-29 10:43:15 +10:00
Firstyear ac299b5286
Update to the latest compact-jwt version (#2331) 2023-11-24 02:53:22 +00:00
James Hodgkinson 916bb4ec04
Adding env var configs for the server (#2329) 
* env var config for server
* I am my own clippy now
* Man, that got complicated quick
 2023-11-24 01:27:49 +00:00
Firstyear bb8914c70d
20231120 2320 sssd compat (#2328) 2023-11-22 10:18:03 +10:00
Firstyear b71b0460f3
Add test (#2323) 2023-11-19 21:56:19 +10:00
James Hodgkinson 2be287c1ff
OAuth2 scopes validation logging missing details (#2317) 
* OAuth2 scopes validation logging missing details - Fixes #2316
* clippy was mad
 2023-11-17 16:08:08 +10:00
Firstyear 47bcea7708
20231109 1122 credential class (#2300) 
* Add CredentialType for acc pol
* Reword ui hints
* Finish account policy
* Clean up artefacts
 2023-11-11 09:26:44 +10:00
James Hodgkinson 60e5935faa
Moving daemon tracing to OpenTelemetry (#2292) 
* sally forth into the great otel unknown
* make the build env identification slightly more durable
* docs updates
* wasm recompile
 2023-11-09 05:15:12 +00:00
Firstyear b7852d1d71
pw min length in account policy (#2289) 2023-11-05 10:33:25 +10:00
James Hodgkinson b9d47fe8f7
oauth2 typo (#2290) 2023-11-04 06:45:40 +00:00
Firstyear 9e5449a644
Minor improvements to incoming replication (#2279) 2023-11-02 01:21:21 +00:00
Allan dbf476fe5e
Remove unused imports and clippy lint (#2276) 
* Fix unused import errors
* Apply clippy get_first lint
* Add contributor

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-11-01 05:54:29 +00:00
Samuel Cabrero c3c0b5f459
Rework ldap bind routine (#2268) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-11-01 15:09:22 +10:00
James Hodgkinson ef96ca6aa1
started writing docs and ended up in another rabbit hole (#2267) 
* started writing docs and ended up in another rabbit hole
* updoots
* dangit fedora
 2023-10-31 19:15:35 +10:00