[Samba] LDAP Account Manager 8.0 with important security fixes, PHP 8.1 compatibility and new captcha providers

Roland Gruber post at rolandgruber.de
Mon Jun 27 19:53:35 UTC 2022


LAM adds support for PHP 8.1. LAM Pro includes two new captcha 
providers: hCaptcha and Friendly Captcha.

This release fixes the following security issues:

* Unauthenticated Arbitrary Object Instantiation / Unauthenticated 
Remote Code Execution (GHSA-r387-grjx-qgvw, CVE-2022-31084)
* Incorrect Default Permissions (GHSA-q8g5-45m4-q95p, CVE-2022-31087)
* Incorrect Regular Expressions (GHSA-q9pc-x84w-982x, CVE-2022-31086)
* Unauthenticated LDAP Injection (GHSA-wxf8-9x99-6gp4, CVE-2022-31088)
* Reflected XSS (Internet Explorer only) (GHSA-6m3q-5c84-6h6j, 

Full changelog:





* management of various account types
  * Unix
  * Samba 4/Active Directory
  * Asterisk
  * Kopano
  * DHCP
  * SSH keys
  * ...
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units
* schema browser
* tree view
* 2FA support

Demo installation:

You can try our demo installation online.


Authors & Copyright:

Copyright (C) 2003 - 2022:
Roland Gruber <post at rolandgruber.de>
LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.

More information about the samba mailing list