For every authentication or token review request a new ldap connection is used, instead using a single connection for all requests. This resolves problems where the single connection went unresponsive (https://github.com/gyselroth/kube-ldap/issues/27).
v2.0.0
4 years ago
Added
Prometheus exporter on route "/metrics" (basic auth protected)
Changed
BREAKING: Extra-Attributes and groups are now no longer included in the JWT issued after user authentication. Extra-Attributes and group memberships are now resolved during the token review and are included in the token review response
Internal: Use ldapts instead of ldapjs as ldap library
Fixed
Fix membership resolution for ldap objects without any membership
Removed
BREAKING: LDAP StartTLS is no longer supported
BREAKING: LDAP reconnect logic (now there's a new connection for every request)
v1.3.0
5 years ago
Changed
Failed authentication sends a WWW-Authenticate header in the HTTP response
Default loglevel is now info (was debug)
Update node to latest 8.x LTS in docker image
Added
LDAP related logging
Configuration parameter whether to use StartTLS for LDAP or not (enabled by default).
Fixed
Single group memberships are returned as a string (instead of an array) by LDAP in some cases and broke the membership resolution. This is now handled correctly.
Fixed units in README for LDAP reconnect config parameters.