From now, LemonLDAP::NG uses JSON serialization to store configuration and sessions instead of Storable::nfreeze
Perl function. This permits one to have heterogenous servers connected to the same LL::NG organization (32/64 bits or different Perl versions). Old format still works but:
useStorable
to 1 in sessions backend options if you have some custom hooks.Some attributes may be removed during each upgrade. Since 1.9, saving is rejected if an attribute isn't declared in manager structure. So don't use lmConfigEditor during upgrade unless you know exactly which changes have been done.
Old configuration format is compatible with current version. It will be converted to new format at first save. But you need to check all non-ASCII values that may have been registered with ISO instead of Unicode. You must convert them before saving the new configuration.
Modern browsers do not take into account the autocomplete attribute in password fields anymore. This means even if you don't want users to remember the password, the browser will still propose it.
As it was not used anymore, this option is now removed. See https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/824 for more details.
Due to a too old Perl version and some missing modules, LL::NG is no more available for CentOS/RHEL 5 and 6. You need CentOS/RHEL 7 or a Debian based box to run this version of LL::NG.
You can no more set up a different protection
parameter for sessions explorer and configuration management. The protection
is used for all components, but can use access rules to manage authorizations between configuration, notifications and sessions:
^/(manager\.html|conf/) => $uid eq "dwho" default => $uid eq "dwho" or $uid eq "rtyler"
To request for authentication, handlers sent a 302 HTTP code, then portal sent the HTML form even if request was an Ajax one. From now, after being redirected by the Handler, a 401 code will be sent by the portal with a WWW-Authenticate
header containing "SSO <portal-URL>". This is a little HTTP protocol hook created because browsers follow redirection transparently and we have to respond to JSON queries by JSON.
If you want to keep old behavior, set noAjaxHook
to 1 (in General Parameters -> Advanced -> Portal redirections -> Keep redirections for Ajax).
Persistent sessions have a new attributes:
_session_uid
: real user identifier_utime
: creation timestampThese attributes allow one to browse them in the sessions explorer. Old persistent sessions will automatically get these new attributes at user connexion.
The Multi backend configuration has changed. Now the stacks are defined in separate attributes:
So an old configuration like this:
authentication = Multi LDAP;DBI userDB = Multi LDAP;DBI
Must be replaced by:
authentication = Multi userDB = Multi multiAuthStack = LDAP;DBI multiUserDBStack = LDAP;DBI
Handler API has changed and specific Handlers have been rewritten. They still work but their configuration must be set in lemonldap-ng.ini
file instead of Manager. More details:
Note that some specific Handlers have been removed, you will not be able to use them anymore:
The option to disable conditions checking in SAML response has been split into:
By default, conditions are checked. Set them both to Off if you need to deactivate conditions checking.
In 1.4 version, you could unprotect some paths directly in Apache configuration with:
<Location /test/> PerlHeaderParserHandler Lemonldap::NG::Handler->unprotect </Location>
This is no more possible, the unprotect rule must be set in global configuration. Here is an example on how to do it with CLI :
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli addKey locationRules/test.example.com "(?#unprotect)^/test/" unprotect
Lemonldap::NG::Handler::CGI usage has changed, these methods are no more available:
authenticate
authorize
testUri
You now need to set the protection
parameter, see documentation.