Skip to content

Releases: HopopOps/k8s-ldap-auth

v4.0.0

29 Mar 08:58
@github-actions github-actions
v4.0.0
This tag was signed with the committer’s verified signature.
vbouchaud Vianney Bouchaud
GPG key ID: 157B08346330029C
Verified
Learn about vigilant mode.
ef268b9
This commit was signed with the committer’s verified signature.
vbouchaud Vianney Bouchaud
GPG key ID: 157B08346330029C
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.0.0 Latest
Latest

Common

Modified

  • Made a bunch of dep updates, all through dependabot so full list will be easy to get (git log v3.2.1..HEAD --author=dependabot --pretty=oneline).

Server

Modified

  • Changing --search-attributes to --extra-attributes, fixing extra attributes not being processed and added to the user object. This is the change triggering a major update since the interface changed.
Assets 14

v3.2.1

10 Nov 15:14
@github-actions github-actions
v3.2.1
e7c714c
Compare
Choose a tag to compare
v3.2.1

Client

Modified

  • The entry in the credential manager is now specific to the k8s-ldap-auth server address, allowing for different k8s-ldap-auth to be used against different ldap servers.
Assets 12
Loading

v3.2.0

29 Oct 15:25
@github-actions github-actions
v3.2.0
e0cc624
Compare
Choose a tag to compare
v3.2.0

Client

Added

  • Password is now stored into the OS credential manager upon successful interactive authentication.
Assets 11
Loading

v3.1.0

19 Aug 14:19
@github-actions github-actions
v3.1.0
5b1a7b5
Compare
Choose a tag to compare
v3.1.0

Server

Added

  • /health now serves the application status.
Assets 13
Loading

v3.0.0

17 Aug 08:54
@github-actions github-actions
v3.0.0
9ad2aea
Compare
Choose a tag to compare
v3.0.0

Server

Added

  • User username properties mapping with ldap can now be set with specific parameters or environment variable.

Changed

  • Parameter --member-of-property is now --memberof-property (style consistency change)
  • TokenReview user won't contain a list of group cn only anymore but their full dn to prevent name collision

Client

Changed

  • Cache file and folder containing the ExecCredential are now only readable by the owner.
Assets 12
Loading

v2.0.1

27 Jul 17:54
@vbouchaud vbouchaud
v2.0.1
2eaa2fc
Compare
Choose a tag to compare
v2.0.1

Common

Added

  • Added PIE compilation for binary hardening.
  • Added trimpath option for reproducible builds.
Assets 8
Loading

v2.0.0

26 Jul 14:11
@vbouchaud vbouchaud
v2.0.0
ec68d96
Compare
Choose a tag to compare
v2.0.0

Server

Added

  • Token longevity can now be configured (in seconds). Default to 43200 (12 hours).

Changed

  • Token generated now only contains uid. Groups and DN are added to the TokenReview when kube-apiserver dial k8s-ldap-auth.

Client

Added

  • There is now a reset command to ease the removal of cached token and force reauthentication on next invocation.
Assets 9
Loading

v1.0.0

22 Jul 14:39
@vbouchaud vbouchaud
v1.0.0
56a6756
Compare
Choose a tag to compare
v1.0.0

Server

Added

  • /auth route for ldap authentication, returning an ExecCredential
  • /token route for apiserver TokenReview validation
  • Loading key pair for jwt signing and validation from files
  • Generating an arbitrary key pair for jwt signing and validation if none is given
  • TokenReview contains user id and groups from LDAP

Client

Added

  • Password and username can be given from standard input, environment variables or files.
Assets 9
Loading