# # spec file for package lldap # # Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: lldap Version: 0.6.2 Release: 1.3 Summary: Light LDAP implementation License: MIT URL: https://github.com/lldap/lldap Source0: %{name}-%{version}.tar.gz Source1: vendor.tar.zst Source11: %{name}.service Source21: system-user-%{name}.conf BuildRequires: cargo >= 1.87 BuildRequires: cargo-packaging BuildRequires: gzip BuildRequires: sysuser-tools # https://github.com/lldap/lldap/blob/v0.6.2/app/Cargo.toml#L26 BuildRequires: wasm-bindgen >= 0.2.100 BuildRequires: wasm-pack BuildRequires: zstd ExclusiveArch: %{rust_tier1_arches} # nothing provides libldap-data = 2.4.46-150600.23.21 needed by libldap-2_4-2, (got version 2.6.8-lp156.3.3) #!BuildIgnore: libldap-data %description This project is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more! It comes with a frontend that makes user management easy, and allows users to edit their own details or reset their password by email. The goal is not to provide a full LDAP server; if you're interested in that, check out OpenLDAP. This server is a user management system that is: - simple to setup (no messing around with slapd), - simple to manage (friendly web UI), - low resources, - opinionated with basic defaults so you don't have to understand the subtleties of LDAP. It mostly targets self-hosting servers, with open-source components like Nextcloud, Airsonic and so on that only support LDAP as a source of external authentication. For more features (OAuth/OpenID support, reverse proxy, ...) you can install other components (KeyCloak, Authelia, ...) using this server as the source of truth for users, via LDAP. By default, the data is stored in SQLite, but you can swap the backend with MySQL/MariaDB or PostgreSQL. %package -n %{name}-migration-tool Summary: This package contains the %{name}_migration_tool binary Provides: %{name}_migration_tool = %{version} %description -n %{name}-migration-tool This package contains the %{name}_migration_tool binary. %package -n %{name}-set-password Summary: This package contains the %{name}_set_password binary Provides: %{name}_set_password = %{version} %description -n %{name}-set-password This package contains the %{name}_set_password binary. %prep %autosetup -a 1 -p 1 %build %{cargo_build} -p lldap -p lldap_migration_tool -p lldap_set_password echo "Start building frontend files" cd ./app wasm-pack build --target web --release --mode no-install -- --offline --locked gzip -9 -k -f pkg/lldap_app_bg.wasm cd .. # system-user %sysusers_generate_pre %{SOURCE21} user %install install -D -d -m 0755 %{buildroot}%{_bindir} install -m 0755 %{_builddir}/%{name}-%{version}/target/release/%{name} %{buildroot}%{_bindir}/%{name} install -m 0755 %{_builddir}/%{name}-%{version}/target/release/lldap_migration_tool %{buildroot}%{_bindir}/lldap_migration_tool install -m 0755 %{_builddir}/%{name}-%{version}/target/release/lldap_set_password %{buildroot}%{_bindir}/lldap_set_password install -d -m 0750 %{buildroot}%{_sysconfdir}/%{name}/ install -d -m 0750 %{buildroot}%{_sharedstatedir}/%{name}/ install -d -m 0755 %{buildroot}%{_unitdir}/ install -D -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service # system user install -Dm644 %{SOURCE21} %{buildroot}%{_sysusersdir}/system-user-%{name}.conf # fix paths in lldap_config.toml.example cp -v lldap_config.docker_template.toml lldap_config.toml.example sed -i '/^database_url/ s#/data/#/var/lib/lldap/#' lldap_config.toml.example sed -i '/^key_file/ s#data#var/lib/lldap#' lldap_config.toml.example %pre -f user.pre %service_add_pre %{name}.service %post %service_add_post %{name}.service %preun %service_del_preun %{name}.service %postun %service_del_postun %{name}.service %files %doc README.md lldap_config.toml.example %license LICENSE %{_bindir}/%{name} %{_unitdir}/%{name}.service %dir %attr(750,root,%{name}) %{_sysconfdir}/%{name}/ %config(noreplace) %attr(640,root,%{name}) %ghost %{_sysconfdir}/%{name}/lldap_config.toml %dir %attr(770,root,%{name}) %{_sharedstatedir}/%{name}/ %{_sysusersdir}/system-user-%{name}.conf %files -n %{name}-migration-tool %{_bindir}/lldap_migration_tool %files -n %{name}-set-password %{_bindir}/lldap_set_password %changelog * Wed Aug 20 2025 Johannes Kastl - Update to version 0.6.2: Small release, focused on LDAP improvements and ongoing maintenance. * Added - LDAP - Support for searching groups by their groupid - Support for whoamiOID - Support for creating groups - Support for subschema entry - Custom assets path. - New endpoint for requesting client settings * Changed - A missing JWT secret now prevents startup. - Attributes with invalid characters (such as underscores) cannot be created anymore. - Searching custom (string) attributes is now case insensitive. - Using the top-level firstName, lastName and avatar GraphQL fields for users is now deprecated. Use the attributes field instead. * Fixed - lldap_set_password now uses the system's SSL certificates. * Cleanups - Split the main lldap crate into many sub-crates - Various dependency version bumps - Upgraded to 2024 Rust edition - Docs/FAQ improvements * Bootstrap script - Custom attributes support - Read the paswsord from a file - Resilient to no user or group files * New services - Discord integration (Discord role to LLDAP user) - HashiCorp - Jellyfin 2FA with Duo - Kimai - Mailcow - Peertube - Penpot - PgAdmin - Project Quay - Quadlet - Snipe-IT - SSSD - Stalwart - UnifiOS * Sat Jun 14 2025 Johannes Kastl - remove version constraint for cargo * Fri Jun 13 2025 Johannes Kastl - add BuildRequires for cargo1.87 to fix build failures with cargo > 1.82 * Mon Dec 9 2024 Guillaume GARDET - Update _constraints to avoid OOM seen on aarch64 * Tue Dec 3 2024 opensuse_buildservice@ojkastl.de - Update to version 0.6.1: * release: 0.6.1 * server: Fix schema migration from v8 for sqlite and postgres * example_configs: expand url for OneDev config * docs: update architecture.md * example_configs: Add onedev * cargo,auth,server: update opaque-ke => 0.7 * server: Fix the instructions to silence the key_seed warning * readme: add reference to terraform provider (#1035) * example_configs: Update pam example for release 0.6..0 * chore: bump version to 0.6.1-alpha * github: Remove release PR comment bot * Tue Dec 3 2024 opensuse_buildservice@ojkastl.de - Update to version 0.6.0: * release: 0.6.0 * server: Remove session-wide logging, add session_uuid to message logs * server: Only use a single connection with SQlite * server: Correctly handle removal of the display_name attribute * server: Correctly handle attempts to probe for password resets * example_configs: add ldap_ssl to vaultwarden_ldap_sync:2.0.2 (#1011) * server: Fix env warning for nested keys * server: Fix missing lowercasing when changing passwords through LDAP * app: Allow custom attributes in group creation * server: return custom attributes when asked for all attributes * build(deps): bump actions/checkout from 4.2.1 to 4.2.2 * server: improve key_seed warning * server: Fix env variable warning * app: fix password reset probing * app: Add support for group attributes * example_configs: keycloak typo for first name attribute (#1004) * Tue Oct 8 2024 Johannes Kastl - new package lldap: Light LDAP implementation