LDAP Account Manager (LAM)

Secrets & Credentials

A web‑based frontend for managing LDAP directory entries such as users, groups, and DHCP settings

PHP Latest 9.5.2 · 2mo ago Security brief →

Features

View all 6 releases →

9.5.2 Bugfix 2mo

Notable features

Full changelog

LAM Pro:
- Support wildcard DNS records for PowerDNS, BindDynDb and Bind DLZ (647)
Fixed bugs:
- Windows/Windows LDS users: unable to create account if default profile has no groups selected
- Custom fields: fixed loading of server profile
- Dynamic user filtering fails after first character (646)

9.5.1 Bugfix 2mo

Fixed 500 errors loading server and self-service profiles with null values.

Full changelog

Fixed bugs:
- Docker Environment variable LAM_DISABLE_TLS_CHECK breaks container start (635)
- Self-service: password change reports error message
- Loading server profile and self-service profile with null values results in 500 error page

9.5 Breaking risk 2mo

Breaking changes

Security fixes

Notable features

Full changelog

PHP 8.2 or higher required (421)
Show failed password policy rules (526)
Docker: use Debian 13 as base image (460)
Docker: run as non-root (544)
Fixed bugs:
- Fix CVE-2026-27894: Authenticated Local File Inclusion (LFI) in PDF export (high, GHSA-w7xq-vjr3-p9cf)
- Fix CVE-2026-27895: Incorrect regular expression in PDF export component allows to upload files of any type (moderate, GHSA-88hf-2cjm-m9g8)
LAM Pro:
- Old license key format is no longer supported. You are only affected if your license key section on our website contains a "Old format" entry. (295)
- Removed deprecated cron.sh and cronGlobal.sh (please use runCronJobs.sh) (519)
- White pages: removed login button for profiles that allow anonymous access (556)
- White pages: use first text column or title for default sorting, allow to specify custom sort field (557)
- email2SMS: allow to specify subject text (465)

9.4 Breaking risk 5mo

Breaking changes

Main configuration and server profiles require latest file format (introduced in 9.0)

Notable features

Full changelog

Main configuration and server profiles require latest file format (introduced in 9.0) (389)
LAM Pro:
- White pages: new simplified LAM interface for non-technical users to access e.g. contact and group information
- SMS sending can be done with email2SMS providers (465)
- PowerDNS: save auto-PTR entries under reverse domain (478)
Fixed bugs:
- Unix: $group wildcard is evaluated too early (480)
- Custom scripts: error on postModify for CSV file upload (517)
- Windows: Force password change not applied on password change (511)

9.3 Security relevant 8mo

Security fixes

Notable features

Full changelog

New translation: Greek
Tree view: added comparison feature (440)
Windows: added logon hours (457)
Lamdaemon: run /usr/sbin/userdel.local before (and no longer after) home directory is deleted (443)
LAM Pro:
- SMS support for password sending and password self-reset (441)
- Self-Service: clear PPolicy "pwdReset" on password change if needed (448)
Fixed bugs:
- WebAuthn: 2-factor verification failed: Unable to load the data (453)
- Random password generator does not respect server profile rules (458)
- XSS in profile editor (low, CVE-2025-58174)