kanidm

mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 13:07:00 +01:00

Author	SHA1	Message	Date
Firstyear	f39dd7d7a2	Add development taint flag to prevent mismatch of server versions (#2821 ) * Add development taint flag to prevent mismatch of server versions * Update server/lib/src/constants/schema.rs --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2024-06-07 09:53:30 +10:00
Firstyear	a8b9dc8ee8	2756 - resolve invalid loading of dyngroups at startup (#2779 ) * 2756 - resolve invalid loading of dyngroups at startup * Add a "patch level" migration for domain one shot fixes	2024-05-28 02:12:44 +00:00
Firstyear	3723abb25d	Allow name write privileges to be withheld (#2773 )	2024-05-23 15:58:49 +10:00
Firstyear	d7834b52e6	Begin the basis of the key provider model (#2640 ) This completely reworks how we approach and handle cryptographic keys in Kanidm. This is needed as a foundation for replication coordination which will require handling and rotation of cryptographic keys in automated ways. This change influences many other parts of the code base in it's implementation. The primary influences are: * Modification of how domain user signing keys are revoked or rotated. * Merging of all existing service-account token keys are retired (retained) keys into the domain to simplify token signing and validation * Allowing multiple configurations of local command line tools to swap between instances using disparate signing keys. * Modification of key retrieval to be key id based (KID), removing the need to embed the JWK into tokens A side effect of this change is that most user authentication sessions and oauth2 sessions will have to be re-established after upgrade. However we feel that session renewal after upgrade is an expected side effect of an upgrade. In the future this lays the ground work to remove a large number of legacy key handling processes that have evolved, which will allow large parts of code to be removed.	2024-04-15 23:44:37 +00:00
James Hodgkinson	4c1fa0d644	Adding a builtin class for all built-in things (#2603 ) * adding builtin class to builtin objects * Resolve issues with builtin PR --------- Co-authored-by: William Brown <william@blackhats.net.au>	2024-03-06 01:33:14 +00:00
Firstyear	68d788a9f7	20240216 308 resource limits (#2559 ) This adds account policy based resource limits to control the maximum number of entries that an account may query	2024-02-21 00:15:43 +00:00
Firstyear	d42268269a	20240125 2217 client credentials grant (#2456 ) * Huge fix of a replication problem. * Update test * Increase min replication level * Client Credentials Grant implementation	2024-02-01 02:00:29 +00:00
Firstyear	8dc884f38e	2390 1980 allow native applications (#2428 )	2024-01-16 10:44:12 +10:00
Firstyear	5c445a4704	20231218 ipa sync unix password (#2374 ) * Add support for importing the users password as unix password	2023-12-18 11:20:37 +10:00
Firstyear	d09c2448ff	1481 2024 access control rework (#2366 ) Rework default access controls to better separate roles and access profiles.	2023-12-17 23:10:13 +00:00
Firstyear	854b696532	249 2024 managed by syntax (#2359 ) Allows hierarchial entry management rules.	2023-12-07 10:00:09 +00:00
Firstyear	76269f9de2	20231129 webauthn attestation (#2351 ) This adds full support for attestation of webauthn/passkeys.	2023-12-03 06:13:52 +00:00
Firstyear	bb8914c70d	20231120 2320 sssd compat (#2328 )	2023-11-22 10:18:03 +10:00
Firstyear	47bcea7708	20231109 1122 credential class (#2300 ) * Add CredentialType for acc pol * Reword ui hints * Finish account policy * Clean up artefacts	2023-11-11 09:26:44 +10:00
Firstyear	b7852d1d71	pw min length in account policy (#2289 )	2023-11-05 10:33:25 +10:00
William Brown	ecc46bb015	Add book chapter + cli	2023-10-28 13:07:06 +10:00
NavinShrinivas	12ea1c8702	Restrict posix passwords on ldap bind with config Signed-off-by: NavinShrinivas <karupal2002@gmail.com>	2023-10-28 13:07:06 +10:00
Firstyear	afe9d28754	20231019 1122 account policy basics (#2245 ) --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-10-22 11:16:42 +00:00
Firstyear	8bcf1935a5	20231012 346 name deny list (#2214 ) * Migrate to improved system config reload, cleanup acc pol * Denied names feature	2023-10-13 08:50:36 +10:00
James Hodgkinson	e7f594a1c1	In-system image storage (#2112 ) * In-system image storage refers to #2057 * adding multipart feature to axum * thanks to @Firstyear for fixing my bufs * fixing coverage test things * clippy-calming * more tests, jpg acropalypse tests, benches * spelling * lockfile updates * linting	2023-10-04 17:24:12 +10:00
Sebastiano Tocci	eb7527379b	Configurable session timeouts (#1965 ) * added `auth_session_expiry` and `auth_privilege_expiry` * Added `AcountPolicy` struct * spelling and stuff * added cli tools	2023-08-22 11:00:43 +10:00
Sebastiano Tocci	003234c2d0	Identity verification feature (#1819 )	2023-08-16 21:02:48 +10:00
James Hodgkinson	aba9f6a724	Struct-ifying schema things (#1971 ) * structifying things	2023-08-14 19:39:49 +10:00
Firstyear	8f282e3a30	68 20230720 replication improvements (#1905 )	2023-07-27 12:30:22 +10:00
Firstyear	79ff5e9775	1785 allow sync attr yielding via partial write admin (#1879 )	2023-07-19 11:42:53 +10:00
Firstyear	8e1e533f40	1792 public oauth clients (#1821 )	2023-07-07 18:53:31 +10:00
Firstyear	17fa61ceeb	Add client UX for redirecting to an external portal for synced accounts (#1791 )	2023-07-05 09:13:06 +10:00
Sebastiano Tocci	9a3c12a79d	Name change history (#1727 )	2023-06-28 18:34:44 +10:00
Firstyear	c5c483be98	Add acp allowing service accounts to clear their own sessions (#1731 )	2023-06-13 14:10:28 +10:00
Firstyear	6afb15ca92	20230505 replication groundwork - ruv consistency improvements (#1606 )	2023-05-08 18:25:27 +10:00
Firstyear	c1f62674f5	1496 ldap basedn config (#1500 )	2023-03-29 09:34:43 +10:00
Firstyear	00cca81012	1399 cleanup reorg (#1412 )	2023-03-01 13:10:52 +10:00

32 commits