Skip to content

lldap

Secrets & Credentials

Lightweight LDAP‑style authentication server designed for easy self‑hosting with a simple web UI

Track releases GitHub
Rust Latest v0.6.3 · 1mo ago Security brief →

Features

  • Provides an opinionated, simplified LDAP interface for user authentication
  • Web frontend for effortless user and group management (create, edit, reset passwords)
  • Low‑resource usage and supports SQLite/MySQL/PostgreSQL backends

Recent releases

View all 2 releases →
v0.6.3 Security relevant
Security fixes
  • dep: GHSA-qcxq-75wr-5cm8 — Updated LDAP dependency stack (including ldap3_proto) to prevent crash from specially crafted LDAP queries
Notable features
  • Added LDAP schema definitions for memberOf, modifyTimestamp, and pwdChangedTime
  • Configurable healthcheck listen addresses
  • Usernames included in password recovery emails
Full changelog

[0.6.3] 2026-05-01

Small release, focused on LDAP compatibility, TLS maintenance, dependency upgrades and documentation/examples.

Added

  • LDAP schema definitions for memberOf, modifyTimestamp and pwdChangedTime
  • Support for configuring the healthcheck listen addresses
  • Usernames are now included in password recovery emails

Changed

  • JWT exp and iat claims are now serialized as NumericDate values to comply with RFC7519
  • Migrated to rustls 0.23 and centralized TLS handling
  • The login form no longer enforces a password length limit

Fixed

  • pwdChangedTime is now emitted as LDAP GeneralizedTime instead of RFC3339
  • LDAP base-scope searches for non-existent entries now return NoSuchObject
  • cn equality filters are now case insensitive
  • The server now shuts down the database connection pool gracefully
  • The bootstrap script now handles empty globs correctly

Security

  • Updated the LDAP dependency stack, including ldap3_proto, in response to
    security advisory
    GHSA-qcxq-75wr-5cm8,
    where a specially crafted LDAP query could make the server crash

Cleanups

  • Split GraphQL queries and mutations into smaller modules
  • Refactored configuration and user update logic
  • Upgraded the Rust toolchain and shared dependencies

New services

  • Apache WebDAV
  • Continuwuity
  • Gerrit
  • Gogs
  • Open WebUI
  • OpenCloud
  • Pocket ID
  • Semaphore
  • TrueNAS
View release on GitHub
v0.6.2 Mixed
Breaking changes
  • missing JWT secret now prevents startup
  • attributes with invalid characters cannot be created
Security fixes
  • lldap_set_password now uses system SSL certificates
Notable features
  • search groups by groupid
  • group creation support
  • custom assets path
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
6,267
Forks
336
Languages
Rust Shell Nix
View on GitHub

Install & Platforms

Install via
docker apt dnf pacman zypper brew cargo
Platforms
linux macos windows arm64

Community & Support

Discord

Similar tools

LDAP Account Manager (LAM)
389 Directory Server

Alternative to

OpenLDAP

Open source alternatives

kanidm

Beta — feedback welcome: [email protected]