Skip to content

v6.0

Compare
Choose a tag to compare
@bersace bersace released this 01 Sep 05:41
· 192 commits to master since this release
023e693

6.0 is a major release including a complete rewrite of ldap2pg in Go.

Please carefully test before upgrading on production system.

Breaking changes

  • Command line options have changed.
  • New format version: 6. ldap2pg refuses version 5 files.
  • LDAPUSER env var is now LDAPSASL_AUTHCID.
  • Dropped support for PostgreSQL 9.4.
  • Dropped case renaming of role. e.g. from alice to ALICE. ldap2pg is still case sensitive.
  • Dropped owners_query for a new dynamic owner inspection.
  • Non implemented features:
    • role_match condition.
    • allowed_missing_attributes and LDAP attribute typo detection.
    • on_unexpected_dn. ldap2pg always warn and skip.
    • configuring PostgreSQL connexion through postgres:dsn. Use PG* env var.
    • configuring LDAP connexion through ldap dict. Use LDAP* env vars and ldaprc.
  • A single sub-search is supported per main LDAP search.
  • No custom privileges inspection.
  • Docker image is now based on Alpine Linux 3.18.
  • Docker image tag latest points to last stable image.
  • Docker image tag nightly points to last commit on master.
  • Refuse to grant privilege on unmanaged role.

Unimplemented feature may be reimplemented depending on feedback!

New features and behaviour

  • logfmt output.
  • New role:config section allowing to set per role PostgreSQL parameter. For all databases only.
  • Managed roles can now inherit local role.
  • New --skip-privilege option. Ignore privileges and grant from configuration.
  • New owner field of grant rule, default to __auto__.
  • New __auto__ owner value.
  • Inspect object owners after CREATE privilege is synchronized.
    It's the set of all managed roles having CREATE privilege on the target schema of the grant.
  • Default database inspection restricted to those running user can reassign objects to owner.
  • Default schema inspection restricted to usable ones by running user.
  • New privilege managed: LANGUAGE.
  • New expressive declaration of privilege in configuration.
  • Use a single database connexion at a time. ldap2pg scales better with the number of databases.
  • Synchronize privileges one at a time, saving a lot of memory.
  • 40 times less memory consumed for usual scenario.
  • up to 3 times less CPU consumed for usual scenario.
  • Debian and Alpine packages alongside RPM.
  • Docker image sizes now 17MB instead of 126MB.