20296f00bd
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/nitnelave/lldap](https://redirect.github.com/lldap/lldap) | patch | `713f8f1` → `2f208d7` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>lldap/lldap (docker.io/nitnelave/lldap)</summary> ### [`v0.6.3`](https://redirect.github.com/lldap/lldap/releases/tag/v0.6.3) [Compare Source](https://redirect.github.com/lldap/lldap/compare/v0.6.2...v0.6.3) #### \[0.6.3] 2026-05-01 Small release, focused on LDAP compatibility, TLS maintenance, dependency upgrades and documentation/examples. ##### Added - LDAP schema definitions for `memberOf`, `modifyTimestamp` and `pwdChangedTime` - Support for configuring the healthcheck listen addresses - Usernames are now included in password recovery emails ##### Changed - JWT `exp` and `iat` claims are now serialized as NumericDate values to comply with RFC7519 - Migrated to `rustls` 0.23 and centralized TLS handling - The login form no longer enforces a password length limit ##### Fixed - `pwdChangedTime` is now emitted as LDAP GeneralizedTime instead of RFC3339 - LDAP base-scope searches for non-existent entries now return `NoSuchObject` - `cn` equality filters are now case insensitive - The server now shuts down the database connection pool gracefully - The bootstrap script now handles empty globs correctly ##### Security - Updated the LDAP dependency stack, including `ldap3_proto`, in response to security advisory [`GHSA-qcxq-75wr-5cm8`](https://redirect.github.com/kanidm/ldap3/security/advisories/GHSA-qcxq-75wr-5cm8), where a specially crafted LDAP query could make the server crash ##### Cleanups - Split GraphQL queries and mutations into smaller modules - Refactored configuration and user update logic - Upgraded the Rust toolchain and shared dependencies ##### New services - Apache WebDAV - Continuwuity - Gerrit - Gogs - Open WebUI - OpenCloud - Pocket ID - Semaphore - TrueNAS </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9sbGRhcCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
67 lines
1.9 KiB
YAML
67 lines
1.9 KiB
YAML
# yaml-language-server: $schema=./values.schema.json
|
|
image:
|
|
repository: docker.io/nitnelave/lldap
|
|
pullPolicy: IfNotPresent
|
|
tag: v0.6.3-debian@sha256:2f208d7dc45d0b01648ab9c869fa6f65b843a8c9647e99dd929739f5a51a945b
|
|
securityContext:
|
|
container:
|
|
readOnlyRootFilesystem: false
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
port: 17170
|
|
ldap:
|
|
enabled: true
|
|
ports:
|
|
ldap:
|
|
enabled: true
|
|
port: 3890
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
command:
|
|
- "/app/lldap"
|
|
args:
|
|
- "run"
|
|
env:
|
|
LLDAP_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
|
|
LLDAP_LDAP_PORT: "{{ .Values.service.ldap.ports.ldap.port }}"
|
|
LLDAP_HTTP_URL: "http://localhost:{{ .Values.service.main.ports.main.port }}"
|
|
LLDAP_LDAP_BASE_DN: "dc=example,dc=com"
|
|
# ADMIN
|
|
LLDAP_LDAP_USER_DN: "admin"
|
|
LLDAP_LDAP_USER_EMAIL: "admin@example.com"
|
|
LLDAP_LDAP_USER_PASS: "password"
|
|
# LOGGING
|
|
LLDAP_VERBOSE: false
|
|
# SMTP
|
|
LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET: false
|
|
LLDAP_SMTP_OPTIONS__SERVER: ""
|
|
LLDAP_SMTP_OPTIONS__PORT: 587
|
|
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: "STARTTLS"
|
|
LLDAP_SMTP_OPTIONS__USER: ""
|
|
LLDAP_SMTP_OPTIONS__PASSWORD: ""
|
|
LLDAP_SMTP_OPTIONS__FROM: "LLDAP Admin <sender@gmail.com>"
|
|
LLDAP_SMTP_OPTIONS__REPLY_TO: "Do not reply <noreply@localhost>"
|
|
LLDAP_JWT_SECRET:
|
|
- secretRef:
|
|
name: secrets
|
|
key: LLDAP_JWT_SECRET
|
|
LLDAP_key_file: "/data/private_key"
|
|
LLDAP_database_url:
|
|
secretKeyRef:
|
|
name: cnpg-main-urls
|
|
key: std
|
|
persistence:
|
|
data:
|
|
enabled: true
|
|
mountPath: "/data"
|
|
cnpg:
|
|
main:
|
|
enabled: true
|
|
user: lldap
|
|
database: lldap
|