Before creating a user attribute, check if a group attribute with
the same name exists with a different type (and vice versa). Return
an error if the types conflict, as LDAP requires each attribute
name to have a single associated type (RFC 4512).
Partial fix for #1202
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Move duplicated Cargo dependencies to the root workspace manifest, switch member crates to workspace dependencies, and align non-conflicting shared feature sets at the workspace level.
Upgrade a number of shared dependencies while consolidating versions across the workspace. This also consolidates the ldap3 dependency in response to GHSA-qcxq-75wr-5cm8: https://github.com/kanidm/ldap3/security/advisories/GHSA-qcxq-75wr-5cm8
Update frontend and migration code for dependency upgrades and clean up manifest structure.
lldap_domain::JpegPhoto::for_tests() and uuid helpers are gated behind
the "test" feature on the lldap_domain crate. The sql-backend-handler
dev-deps did not enable that feature, causing ~12 compilation errors in
sql_user_backend_handler.rs and sql_tables.rs when building the test
binary. This unblocks cargo test -p lldap_sql_backend_handler --lib.
Add a modifyTimestamp attribute to LDAP entries for users and groups, and expose pwdChangedTime for users.
These attributes let clients track when an entry (or its password) was last changed.
- modifyTimestamp is a server-maintained attribute that updates on any write to user or group entries, including membership changes (on the group side).
- pwdChangedTime is set when a user’s password is created or changed.
