build(deps): bump codecov/codecov-action from 4 to 6

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 6. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4...v6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
chore: Better example config
2026-06-18 21:38:43 +00:00 · 2026-03-26 20:23:15 +00:00 · 2026-03-24 07:55:28 +01:00 · 2026-03-24 07:55:28 +01:00 · 2026-03-24 07:55:28 +01:00 · 2026-03-04 22:13:24 +01:00
275 changed files with 22456 additions and 10176 deletions
--- a/.coderabbit.yml
+++ b/.coderabbit.yml
@@ -0,0 +1,46 @@
 # docs: https://docs.coderabbit.ai/reference/yaml-template for full configuration options
 tone_instructions: "Be concise"
 reviews:
  profile: "chill"
  high_level_summary: false
  review_status: false
  commit_status: false 
  collapse_walkthrough: true
  changed_files_summary: false
  sequence_diagrams: false
  estimate_code_review_effort: false
  assess_linked_issues: false
  related_issues: false
  related_prs: false
  suggested_labels: false
  suggested_reviewers: false
  poem: false
  auto_review:
    enabled: true
    auto_incremental_review: true
  finishing_touches:
    docstrings:
      enabled: false
    unit_tests:
      enabled: false
  pre_merge_checks:
    docstrings:
      mode: "off"
    title:
      mode: "off"
    description:
      mode: "off"
    issue_assessment:
      mode: "off"
 chat:
  art: false
  auto_reply: false
 knowledge_base:
  web_search:
    enabled: true
  code_guidelines:
    enabled: false
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM rust:1.72
+FROM rust:1.89
 ARG USERNAME=lldapdev
 # We need to keep the user as 1001 to match the GitHub runner's UID.
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,8 +1,26 @@
 {
 	"name": "LLDAP dev",
-	"build": { "dockerfile": "Dockerfile" },
+	"build": {
 		"dockerfile": "Dockerfile"
 	},
 	"customizations": {
 		"vscode": {
 			"extensions": [
 				"rust-lang.rust-analyzer"
 			],
 			"settings": {
 				"rust-analyzer.linkedProjects": [
 					"./Cargo.toml"
 				]
 			}
 		}
 	},
 	"features": {
 		"ghcr.io/devcontainers/features/rust:1": {}
 	},
 	"forwardPorts": [
 		3890,
 		17170
-	]
+	],
 	"remoteUser": "lldapdev"
 }
--- a/.envrc
+++ b/.envrc
@@ -0,0 +1 @@
 use flake
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +0,0 @@
 * @nitnelave
--- a/.github/codecov.yml
+++ b/.github/codecov.yml
@@ -1,10 +1,16 @@
 codecov:
  require_ci_to_pass: yes
 comment:
-  layout: "diff,flags"
+  layout: "condensed_header, diff, condensed_files"
-  require_changes: true
+  hide_project_coverage: true
-  require_base: true
+  require_changes: "coverage_drop"
-  require_head: true
+coverage:
  range: "70...100"
  status:
    project:
      default:
        target: "75%"
        threshold: 5
 ignore:
  - "app"
  - "docs"
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,159 @@
 # LLDAP - Light LDAP implementation for authentication
 LLDAP is a lightweight LDAP authentication server written in Rust with a WebAssembly frontend. It provides an opinionated, simplified LDAP interface for authentication and integrates with many popular services.
 **ALWAYS reference these instructions first and fallback to search or bash commands only when you encounter unexpected information that does not match the info here.**
 ## Working Effectively
 ### Bootstrap and Build the Repository
 - Install dependencies: `sudo apt-get update && sudo apt-get install -y curl gzip binaryen`
 - Install Rust if not available: `curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh` then `source ~/.cargo/env`
 - Install wasm-pack for frontend: `cargo install wasm-pack` -- takes 90 seconds. NEVER CANCEL. Set timeout to 180+ seconds.
 - Build entire workspace: `cargo build --workspace` -- takes 3-4 minutes. NEVER CANCEL. Set timeout to 300+ seconds.
 - Build release server binary: `cargo build --release -p lldap` -- takes 5-6 minutes. NEVER CANCEL. Set timeout to 420+ seconds.
 - Build frontend WASM: `./app/build.sh` -- takes 3-4 minutes including wasm-pack installation. NEVER CANCEL. Set timeout to 300+ seconds.
 ### Testing and Validation
 - Run all tests: `cargo test --workspace` -- takes 2-3 minutes. NEVER CANCEL. Set timeout to 240+ seconds.
 - Check formatting: `cargo fmt --all --check` -- takes <5 seconds.
 - Run linting: `cargo clippy --tests --all -- -D warnings` -- takes 60-90 seconds. NEVER CANCEL. Set timeout to 120+ seconds.
 - Export GraphQL schema: `./export_schema.sh` -- takes 70-80 seconds. NEVER CANCEL. Set timeout to 120+ seconds.
 ### Running the Application
 - **ALWAYS run the build steps first before starting the server.**
 - Start development server: `cargo run -- run --config-file <config_file>`
 - **CRITICAL**: Server requires a valid configuration file. Use `lldap_config.docker_template.toml` as reference.
 - **CRITICAL**: Avoid key conflicts by removing existing `server_key*` files when testing with `key_seed` in config.
 - Server binds to:
  - LDAP: port 3890 (configurable)
  - Web interface: port 17170 (configurable)
  - LDAPS: port 6360 (optional, disabled by default)
 ### Manual Validation Requirements
 - **ALWAYS test both LDAP and web interfaces after making changes.**
 - Test web interface: `curl -s http://localhost:17170/` should return HTML with "LLDAP Administration" title.
 - Test GraphQL API: `curl -s -X POST -H "Content-Type: application/json" -d '{"query": "query { __schema { queryType { name } } }"}' http://localhost:17170/api/graphql`
 - Run healthcheck: `cargo run -- healthcheck --config-file <config_file>` (requires running server)
 - **ALWAYS ensure server starts without errors and serves the web interface before considering changes complete.**
 ## Validation Scenarios
 After making code changes, ALWAYS:
 1. **Build validation**: Run `cargo build --workspace` to ensure compilation succeeds.
 2. **Test validation**: Run `cargo test --workspace` to ensure existing functionality works.
 3. **Lint validation**: Run `cargo clippy --tests --all -- -D warnings` to catch potential issues.
 4. **Format validation**: Run `cargo fmt --all --check` to ensure code style compliance.
 5. **Frontend validation**: Run `./app/build.sh` to ensure WASM compilation succeeds.
 6. **Runtime validation**: Start the server and verify web interface accessibility.
 7. **Schema validation**: If GraphQL changes made, run `./export_schema.sh` to update schema.
 ### Test User Scenarios
 - **Login flow**: Access web interface at `http://localhost:17170`, attempt login with admin/password (default).
 - **LDAP binding**: Test LDAP connection on port 3890 with appropriate LDAP tools if available.
 - **Configuration changes**: Test with different configuration files to validate config parsing.
 ## Project Structure and Key Components
 ### Backend (Rust)
 - **Server**: `/server` - Main application binary
 - **Crates**: `/crates/*` - Modularized components:
  - `auth` - Authentication and OPAQUE protocol
  - `domain*` - Domain models and handlers  
  - `ldap` - LDAP protocol implementation
  - `graphql-server` - GraphQL API server
  - `sql-backend-handler` - Database operations
  - `validation` - Input validation utilities
 ### Frontend (Rust + WASM)
 - **App**: `/app` - Yew-based WebAssembly frontend
 - **Build**: `./app/build.sh` - Compiles Rust to WASM using wasm-pack
 - **Assets**: `/app/static` - Static web assets
 ### Configuration and Deployment
 - **Config template**: `lldap_config.docker_template.toml` - Reference configuration
 - **Docker**: `Dockerfile` - Container build definition
 - **Scripts**: 
  - `prepare-release.sh` - Cross-platform release builds
  - `export_schema.sh` - GraphQL schema export
  - `generate_secrets.sh` - Random secret generation
  - `scripts/bootstrap.sh` - User/group management script
 ## Common Development Workflows
 ### Making Backend Changes
 1. Edit Rust code in `/server` or `/crates`
 2. Run `cargo build --workspace` to test compilation
 3. Run `cargo test --workspace` to ensure tests pass
 4. Run `cargo clippy --tests --all -- -D warnings` to check for warnings
 5. If GraphQL schema affected, run `./export_schema.sh`
 6. Test by running server and validating functionality
 ### Making Frontend Changes  
 1. Edit code in `/app/src`
 2. Run `./app/build.sh` to rebuild WASM package
 3. Start server and test web interface functionality
 4. Verify no JavaScript errors in browser console
 ### Adding New Dependencies
 - Backend: Add to appropriate `Cargo.toml` in `/server` or `/crates/*`
 - Frontend: Add to `/app/Cargo.toml`
 - **Always rebuild after dependency changes**
 ## CI/CD Integration
 The repository uses GitHub Actions (`.github/workflows/rust.yml`):
 - **Build job**: Validates workspace compilation
 - **Test job**: Runs full test suite  
 - **Clippy job**: Linting with warnings as errors
 - **Format job**: Code formatting validation
 - **Coverage job**: Code coverage analysis
 **ALWAYS ensure your changes pass all CI checks by running equivalent commands locally.**
 ## Timing Expectations and Timeouts
 | Command | Expected Time | Timeout Setting |
 |---------|---------------|-----------------|
 | `cargo build --workspace` | 3-4 minutes | 300+ seconds |
 | `cargo build --release -p lldap` | 5-6 minutes | 420+ seconds |
 | `cargo test --workspace` | 2-3 minutes | 240+ seconds |
 | `./app/build.sh` | 3-4 minutes | 300+ seconds |
 | `cargo clippy --tests --all -- -D warnings` | 60-90 seconds | 120+ seconds |
 | `./export_schema.sh` | 70-80 seconds | 120+ seconds |
 | `cargo install wasm-pack` | 90 seconds | 180+ seconds |
 **NEVER CANCEL** any of these commands. Builds may take longer on slower systems.
 ## Troubleshooting Common Issues
 ### Build Issues
 - **Missing wasm-pack**: Run `cargo install wasm-pack`
 - **Missing binaryen**: Run `sudo apt-get install -y binaryen` or disable wasm-opt
 - **Clippy warnings**: Fix all warnings as they are treated as errors in CI
 - **GraphQL schema mismatch**: Run `./export_schema.sh` to update schema
 ### Runtime Issues
 - **Key conflicts**: Remove `server_key*` files when using `key_seed` in config
 - **Port conflicts**: Check if ports 3890/17170 are available
 - **Database issues**: Ensure database URL in config is valid and accessible
 - **Asset missing**: Ensure frontend is built with `./app/build.sh`
 ### Development Environment
 - **Rust version**: Use stable Rust toolchain (2024 edition)
 - **System dependencies**: curl, gzip, build tools
 - **Database**: SQLite (default), MySQL, or PostgreSQL supported
 ## Configuration Reference
 Essential configuration parameters:
 - `ldap_base_dn`: LDAP base DN (e.g., "dc=example,dc=com")
 - `ldap_user_dn`: Admin user DN 
 - `ldap_user_pass`: Admin password
 - `jwt_secret`: Secret for JWT tokens (generate with `./generate_secrets.sh`)
 - `key_seed`: Encryption key seed
 - `database_url`: Database connection string
 - `http_port`: Web interface port (default: 17170)
 - `ldap_port`: LDAP server port (default: 3890)
 **Always use the provided config template as starting point for new configurations.**
--- a/.github/copilot-setup-steps.yml
+++ b/.github/copilot-setup-steps.yml
@@ -0,0 +1,26 @@
 name: Copilot Setup Steps for LLDAP Development
 steps:
  - name: Update package list
    run: sudo apt-get update
  - name: Install system dependencies
    run: sudo apt-get install -y curl gzip binaryen build-essential
  - name: Install Rust toolchain
    run: |
      curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
      source ~/.cargo/env
      echo 'source ~/.cargo/env' >> ~/.bashrc
  - name: Install wasm-pack for frontend builds
    run: |
      source ~/.cargo/env
      cargo install wasm-pack
  - name: Verify installations
    run: |
      source ~/.cargo/env
      rustc --version
      cargo --version
      wasm-pack --version
--- a/.github/workflows/Dockerfile.ci.alpine
+++ b/.github/workflows/Dockerfile.ci.alpine
@@ -1,6 +1,6 @@
 FROM localhost:5000/lldap/lldap:alpine-base
 # Taken directly from https://github.com/tianon/gosu/blob/master/INSTALL.md
-ENV GOSU_VERSION 1.17
+ENV GOSU_VERSION=1.17
 RUN set -eux; \
 	\
 	apk add --no-cache --virtual .gosu-deps \
@@ -15,7 +15,18 @@ RUN set -eux; \
 	\
 # verify the signature
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	for server in \
 		hkps://keys.openpgp.org \
 		ha.pool.sks-keyservers.net \
 		hkp://p80.pool.sks-keyservers.net:80 \
 		keyserver.ubuntu.com \
 		hkp://keyserver.ubuntu.com:80 \
 		pgp.mit.edu \
 	; do \
 		if gpg --batch --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; then \
 			break; \
 		fi; \
 	done; \
 	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
 	gpgconf --kill all; \
 	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
--- a/.github/workflows/Dockerfile.ci.alpine-base
+++ b/.github/workflows/Dockerfile.ci.alpine-base
@@ -59,12 +59,12 @@ RUN set -x \
    && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \
    && chmod a+r -R .
-FROM alpine:3.16
+FROM alpine:3.19
 WORKDIR /app
 ENV UID=1000
 ENV GID=1000
 ENV USER=lldap
-RUN apk add --no-cache tini ca-certificates bash tzdata && \
+RUN apk add --no-cache tini ca-certificates bash tzdata jq curl jo && \
    addgroup -g $GID $USER && \
    adduser \
    --disabled-password \
@@ -80,5 +80,6 @@ COPY --from=lldap --chown=$USER:$USER /lldap /app
 VOLUME ["/data"]
 HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"]
 WORKDIR /app
 COPY scripts/bootstrap.sh ./
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 CMD ["run", "--config-file", "/data/lldap_config.toml"]
--- a/.github/workflows/Dockerfile.ci.debian
+++ b/.github/workflows/Dockerfile.ci.debian
@@ -1,12 +1,15 @@
 FROM localhost:5000/lldap/lldap:debian-base
 # Taken directly from https://github.com/tianon/gosu/blob/master/INSTALL.md
-ENV GOSU_VERSION 1.17
+ENV GOSU_VERSION=1.17
 RUN set -eux; \
 # save list of currently installed packages for later so we can clean up
 	savedAptMark="$(apt-mark showmanual)"; \
-	apt-get update; \
+	for i in 1 2 3; do \
-	apt-get install -y --no-install-recommends ca-certificates gnupg wget; \
+		apt-get update && \
-	rm -rf /var/lib/apt/lists/*; \
+		apt-get install -y --no-install-recommends wget ca-certificates gnupg && \
 		apt-get clean && \
 		rm -rf /var/lib/apt/lists/* && break || sleep 5; \
 	done; \
 	\
 	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
 	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
@@ -14,7 +17,18 @@ RUN set -eux; \
 	\
 # verify the signature
 	export GNUPGHOME="$(mktemp -d)"; \
-	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	for server in \
 		hkps://keys.openpgp.org \
 		ha.pool.sks-keyservers.net \
 		hkp://p80.pool.sks-keyservers.net:80 \
 		keyserver.ubuntu.com \
 		hkp://keyserver.ubuntu.com:80 \
 		pgp.mit.edu \
 	; do \
 		if gpg --batch --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; then \
 			break; \
 		fi; \
 	done; \
 	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
 	gpgconf --kill all; \
 	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
--- a/.github/workflows/Dockerfile.ci.debian-base
+++ b/.github/workflows/Dockerfile.ci.debian-base
@@ -65,7 +65,7 @@ ENV UID=1000
 ENV GID=1000
 ENV USER=lldap
 RUN apt update && \
-    apt install -y --no-install-recommends tini openssl ca-certificates tzdata && \
+    apt install -y --no-install-recommends tini openssl ca-certificates tzdata jq curl jo && \
    apt clean && \
    rm -rf /var/lib/apt/lists/* && \
    groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER && \
@@ -74,6 +74,7 @@ COPY --from=lldap --chown=$USER:$USER /lldap /app
 COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh
 VOLUME ["/data"]
 WORKDIR /app
 COPY scripts/bootstrap.sh ./
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 CMD ["run", "--config-file", "/data/lldap_config.toml"]
 HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"]
--- a/.github/workflows/Dockerfile.dev
+++ b/.github/workflows/Dockerfile.dev
@@ -1,5 +1,5 @@
 # Keep tracking base image
-FROM rust:1.74-slim-bookworm
+FROM rust:1.89-slim-bookworm
 # Set needed env path
 ENV PATH="/opt/armv7l-linux-musleabihf-cross/:/opt/armv7l-linux-musleabihf-cross/bin/:/opt/aarch64-linux-musl-cross/:/opt/aarch64-linux-musl-cross/bin/:/opt/x86_64-linux-musl-cross/:/opt/x86_64-linux-musl-cross/bin/:$PATH"
@@ -34,7 +34,8 @@ RUN wget -c https://musl.cc/x86_64-linux-musl-cross.tgz && \
 ### Add musl target
 RUN rustup target add x86_64-unknown-linux-musl && \
    rustup target add aarch64-unknown-linux-musl && \
-    rustup target add armv7-unknown-linux-musleabihf
+    rustup target add armv7-unknown-linux-musleabihf && \
    rustup target add x86_64-unknown-freebsd
 CMD ["bash"]
--- a/.github/workflows/docker-build-static.yml
+++ b/.github/workflows/docker-build-static.yml
@@ -24,7 +24,7 @@ on:
 env:
  CARGO_TERM_COLOR: always
-
+  MSRV: "1.89.0"
 ### CI Docs
@@ -39,7 +39,7 @@ env:
 # GitHub actions randomly timeout when downloading musl-gcc, using custom dev image   #
 # Look into .github/workflows/Dockerfile.dev for development image details            #
 # Using lldap dev image based on https://hub.docker.com/_/rust and musl-gcc bundled   #
-# lldap/rust-dev:latest                                                               #
+# lldap/rust-dev                                                                      #
 #######################################################################################
 # Cargo build
 ### armv7, aarch64 and amd64 is musl based
@@ -87,8 +87,14 @@ jobs:
      image: lldap/rust-dev:latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
-      - uses: actions/cache@v4
+      - name: Install Rust
        id: toolchain
        uses: dtolnay/rust-toolchain@master
        with:
            toolchain: "${{ env.MSRV }}"
            targets: "wasm32-unknown-unknown"
      - uses: actions/cache@v5
        with:
          path: |
            /usr/local/cargo/bin
@@ -99,8 +105,6 @@ jobs:
          key: lldap-ui-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: |
            lldap-ui-
      - name: Add wasm target (rust)
        run: rustup target add wasm32-unknown-unknown
      - name: Install wasm-pack with cargo
        run: cargo install wasm-pack || true
        env:
@@ -110,7 +114,7 @@ jobs:
      - name: Check build path
        run: ls -al app/
      - name: Upload ui artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: ui
          path: app/
@@ -132,8 +136,14 @@ jobs:
        CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
-      - uses: actions/cache@v4
+      - name: Install Rust
        id: toolchain
        uses: dtolnay/rust-toolchain@master
        with:
            toolchain: "${{ env.MSRV }}"
            targets: "${{ matrix.target }}"
      - uses: actions/cache@v5
        with:
          path: |
            .cargo/bin
@@ -149,17 +159,17 @@ jobs:
      - name: Check path
        run: ls -al target/release
      - name: Upload ${{ matrix.target}} lldap artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.target}}-lldap-bin
          path: target/${{ matrix.target }}/release/lldap
      - name: Upload ${{ matrix.target }} migration tool artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.target }}-lldap_migration_tool-bin
          path: target/${{ matrix.target }}/release/lldap_migration_tool
      - name: Upload ${{ matrix.target }} password tool artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.target }}-lldap_set_password-bin
          path: target/${{ matrix.target }}/release/lldap_set_password
@@ -199,7 +209,7 @@ jobs:
    steps:
       - name: Download artifacts
-         uses: actions/download-artifact@v4
+         uses: actions/download-artifact@v8
         with:
           name: x86_64-unknown-linux-musl-lldap-bin
           path: bin/
@@ -216,6 +226,8 @@ jobs:
           LLDAP_database_url: postgres://lldapuser:lldappass@localhost/lldap
           LLDAP_ldap_port: 3890
           LLDAP_http_port: 17170
           LLDAP_JWT_SECRET: verysecret
           LLDAP_LDAP_USER_PASS: password
       - name: Run lldap with mariadb DB (MySQL Compatible) and healthcheck
@@ -227,6 +239,8 @@ jobs:
           LLDAP_database_url: mysql://lldapuser:lldappass@localhost/lldap
           LLDAP_ldap_port: 3891
           LLDAP_http_port: 17171
           LLDAP_JWT_SECRET: verysecret
           LLDAP_LDAP_USER_PASS: password
       - name: Run lldap with sqlite DB and healthcheck
@@ -238,6 +252,8 @@ jobs:
           LLDAP_database_url: sqlite://users.db?mode=rwc
           LLDAP_ldap_port: 3892
           LLDAP_http_port: 17172
           LLDAP_JWT_SECRET: verysecret
           LLDAP_LDAP_USER_PASS: password
       - name: Check DB container logs
         run: |
@@ -294,18 +310,18 @@ jobs:
    steps:
       - name: Checkout scripts
-         uses: actions/checkout@v4.1.1
+         uses: actions/checkout@v6.0.2
         with:
           sparse-checkout: 'scripts'
       - name: Download LLDAP artifacts
-         uses: actions/download-artifact@v4
+         uses: actions/download-artifact@v8
         with:
           name: x86_64-unknown-linux-musl-lldap-bin
           path: bin/
       - name: Download LLDAP set password
-         uses: actions/download-artifact@v4
+         uses: actions/download-artifact@v8
         with:
           name: x86_64-unknown-linux-musl-lldap_set_password-bin
           path: bin/
@@ -324,9 +340,9 @@ jobs:
              sleep 10s
              bin/lldap healthcheck
         env:
-           LLDAP_database_url: sqlite://users.db?mode=rwc
+           LLDAP_DATABASE_URL: sqlite://users.db?mode=rwc
-           LLDAP_ldap_port: 3890
+           LLDAP_LDAP_PORT: 3890
-           LLDAP_http_port: 17170
+           LLDAP_HTTP_PORT: 17170
           LLDAP_LDAP_USER_PASS: ldappass
           LLDAP_JWT_SECRET: somejwtsecret
@@ -350,8 +366,11 @@ jobs:
              sed -i -r -e "s/X'([[:xdigit:]]+'[^'])/'\\\x\\1/g" -e ":a; s/(INSERT INTO (user_attribute_schema|jwt_storage)\(.*\) VALUES\(.*),1([^']*\);)$/\1,true\3/; s/(INSERT INTO (user_attribute_schema|jwt_storage)\(.*\) VALUES\(.*),0([^']*\);)$/\1,false\3/; ta" -e '1s/^/BEGIN;\n/' -e '$aCOMMIT;' ./dump.sql
       - name: Create schema on postgres
         env:
           LLDAP_DATABASE_URL: postgres://lldapuser:lldappass@localhost:5432/lldap
           LLDAP_JWT_SECRET: somejwtsecret
         run: |
-              bin/lldap create_schema -d postgres://lldapuser:lldappass@localhost:5432/lldap
+              bin/lldap create_schema
       - name: Copy converted db to postgress and import
         run: |
@@ -368,7 +387,10 @@ jobs:
              sed  -i '1 i\SET FOREIGN_KEY_CHECKS = 0;' ./dump.sql
       - name: Create schema on mariadb
-         run: bin/lldap create_schema -d mysql://lldapuser:lldappass@localhost:3306/lldap
+         env:
           LLDAP_DATABASE_URL: mysql://lldapuser:lldappass@localhost:3306/lldap
           LLDAP_JWT_SECRET: somejwtsecret
         run: bin/lldap create_schema
       - name: Copy converted db to mariadb and import
         run: |
@@ -384,7 +406,10 @@ jobs:
              sed  -i '1 i\SET FOREIGN_KEY_CHECKS = 0;' ./dump.sql
       - name: Create schema on mysql
-         run: bin/lldap create_schema -d mysql://lldapuser:lldappass@localhost:3307/lldap
+         env:
           LLDAP_DATABASE_URL: mysql://lldapuser:lldappass@localhost:3307/lldap
           LLDAP_JWT_SECRET: somejwtsecret
         run: bin/lldap create_schema
       - name: Copy converted db to mysql and import
         run: |
@@ -399,10 +424,9 @@ jobs:
              sleep 10s
              bin/lldap healthcheck
         env:
-           LLDAP_database_url: postgres://lldapuser:lldappass@localhost:5432/lldap
+           LLDAP_DATABASE_URL: postgres://lldapuser:lldappass@localhost:5432/lldap
-           LLDAP_ldap_port: 3891
+           LLDAP_LDAP_PORT: 3891
-           LLDAP_http_port: 17171
+           LLDAP_HTTP_PORT: 17171
           LLDAP_LDAP_USER_PASS: ldappass
           LLDAP_JWT_SECRET: somejwtsecret
       - name: Run lldap with mariaDB and healthcheck again
@@ -411,9 +435,9 @@ jobs:
              sleep 10s
              bin/lldap healthcheck
         env:
-           LLDAP_database_url: mysql://lldapuser:lldappass@localhost:3306/lldap
+           LLDAP_DATABASE_URL: mysql://lldapuser:lldappass@localhost:3306/lldap
-           LLDAP_ldap_port: 3892
+           LLDAP_LDAP_PORT: 3892
-           LLDAP_http_port: 17172
+           LLDAP_HTTP_PORT: 17172
           LLDAP_JWT_SECRET: somejwtsecret
       - name: Run lldap with mysql and healthcheck again
@@ -422,9 +446,9 @@ jobs:
              sleep 10s
              bin/lldap healthcheck
         env:
-           LLDAP_database_url: mysql://lldapuser:lldappass@localhost:3307/lldap
+           LLDAP_DATABASE_URL: mysql://lldapuser:lldappass@localhost:3307/lldap
-           LLDAP_ldap_port: 3893
+           LLDAP_LDAP_PORT: 3893
-           LLDAP_http_port: 17173
+           LLDAP_HTTP_PORT: 17173
           LLDAP_JWT_SECRET: somejwtsecret
       - name: Test Dummy User Postgres
@@ -482,21 +506,21 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
      - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
        with:
          path: bin
      - name: Download llap ui artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
        with:
          name: ui
          path: web
      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
      - name: Setup buildx
        uses: docker/setup-buildx-action@v3
        with:
@@ -512,7 +536,7 @@ jobs:
          tags: ${{ matrix.container }}-base
      - name: Build ${{ matrix.container }} Base Docker Image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          # On PR will fail, force fully uncomment push: true, or docker image will fail for next steps
@@ -613,7 +637,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build ${{ matrix.container }}-rootless Docker Image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
@@ -627,7 +651,7 @@ jobs:
 ### This docker build always the last, due :latest tag pushed multiple times, for whatever variants may added in future add docker build above this
      - name: Build ${{ matrix.container }} Docker Image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
@@ -641,7 +665,7 @@ jobs:
      - name: Update repo description
        if: github.event_name != 'pull_request'
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
@@ -649,7 +673,7 @@ jobs:
      - name: Update lldap repo description
        if: github.event_name != 'pull_request'
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
@@ -667,7 +691,7 @@ jobs:
       contents: write
     steps:
      - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
        with:
          path: bin/
      - name: Check file
@@ -688,7 +712,7 @@ jobs:
             chmod +x bin/*-lldap_set_password
      - name: Download llap ui artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
        with:
          name: ui
          path: web
@@ -738,5 +762,9 @@ jobs:
          artifacts:  aarch64-lldap.tar.gz,
                      amd64-lldap.tar.gz,
                      armhf-lldap.tar.gz
          draft: true
          omitBodyDuringUpdate: true
          omitDraftDuringUpdate: true
          omitNameDuringUpdate: true
        env:
         GITHUB_TOKEN: ${{ github.token }}
--- a/.github/workflows/release-bot.yml
+++ b/.github/workflows/release-bot.yml
@@ -1,20 +0,0 @@
 name: Release Bot
 on:
  release:
    types: [published]
 jobs:
  comment:
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write
    steps:
      - uses: nflaig/release-comment-on-pr@master
        with:
          token: ${{ secrets.RELEASE_BOT_TOKEN }}
          message: |
            Thank you everyone for the contribution!
            This feature is now available in the latest release, [${releaseTag}](${releaseUrl}).
            You can support LLDAP by starring our repo, contributing some configuration examples and becoming a sponsor.
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -8,6 +8,7 @@ on:
 env:
  CARGO_TERM_COLOR: always
  MSRV: "1.89.0"
 jobs:
  pre_job:
@@ -33,14 +34,19 @@ jobs:
    steps:
      - name: Checkout sources
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
      - name: Install Rust
        id: toolchain
        uses: dtolnay/rust-toolchain@master
        with:
            toolchain: "${{ env.MSRV }}"
      - uses: Swatinem/rust-cache@v2
      - name: Build
-        run: cargo build --verbose --workspace
+        run: cargo +${{steps.toolchain.outputs.name}} build --verbose --workspace
      - name: Run tests
-        run: cargo test --verbose --workspace
+        run: cargo +${{steps.toolchain.outputs.name}} test --verbose --workspace
      - name: Generate GraphQL schema
-        run: cargo run -- export_graphql_schema -o generated_schema.graphql
+        run: cargo +${{steps.toolchain.outputs.name}} run -- export_graphql_schema -o generated_schema.graphql
      - name: Check schema
        run: diff schema.graphql generated_schema.graphql || (echo "The schema file is out of date. Please run `./export_schema.sh`" && false)
@@ -52,15 +58,15 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
-
+      - name: Install Rust
-      - uses: Swatinem/rust-cache@v2
+        id: toolchain
-
+        uses: dtolnay/rust-toolchain@master
      - name: Run cargo clippy
        uses: actions-rs/cargo@v1
        with:
-          command: clippy
+            toolchain: "${{ env.MSRV }}"
-          args: --tests --all -- -D warnings
+            components: clippy
      - uses: Swatinem/rust-cache@v2
      - run: cargo +${{steps.toolchain.outputs.name}} clippy --tests --workspace -- -D warnings
  format:
    name: cargo fmt
@@ -69,15 +75,15 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
-
+      - name: Install Rust
-      - uses: Swatinem/rust-cache@v2
+        id: toolchain
-
+        uses: dtolnay/rust-toolchain@master
      - name: Run cargo fmt
        uses: actions-rs/cargo@v1
        with:
-          command: fmt
+            toolchain: "${{ env.MSRV }}"
-          args: --all -- --check
+            components: rustfmt
      - uses: Swatinem/rust-cache@v2
      - run: cargo +${{steps.toolchain.outputs.name}} fmt --check --all
  coverage:
    name: Code coverage
@@ -88,7 +94,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v6.0.2
      - name: Install Rust
        run: rustup toolchain install nightly --component llvm-tools-preview && rustup component add llvm-tools-preview --toolchain stable-x86_64-unknown-linux-gnu
@@ -101,16 +107,10 @@ jobs:
        run: cargo llvm-cov  --workspace --no-report
      - name: Aggregate reports
        run: cargo llvm-cov --no-run --lcov --output-path lcov.info
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v3
        if: github.ref != 'refs/heads/main' || github.event_name != 'push'
        with:
          files: lcov.info
          fail_ci_if_error: true
      - name: Upload coverage to Codecov (main)
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v6
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        with:
          files: lcov.info
          fail_ci_if_error: true
          codecov_yml_path: .github/codecov.yml
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,8 @@ recipe.json
 lldap_config.toml
 cert.pem
 key.pem
 # Nix
 result
 result-*
 .direnv
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,162 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [0.6.2] 2025-07-21
 Small release, focused on LDAP improvements and ongoing maintenance.
 ### Added
 - LDAP
    - Support for searching groups by their `groupid`
    - Support for `whoamiOID`
    - Support for creating groups
    - Support for subschema entry
 - Custom assets path.
 - New endpoint for requesting client settings
 ### Changed
 - A missing JWT secret now prevents startup.
 - Attributes with invalid characters (such as underscores) cannot be created anymore.
 - Searching custom (string) attributes is now case insensitive.
 - Using the top-level `firstName`, `lastName` and `avatar` GraphQL fields for users is now deprecated. Use the `attributes` field instead.
 ### Fixed
 - `lldap_set_password` now uses the system's SSL certificates.
 ### Cleanups
 - Split the main `lldap` crate into many sub-crates
 - Various dependency version bumps
 - Upgraded to 2024 Rust edition
 - Docs/FAQ improvements
 ### Bootstrap script
 - Custom attributes support
 - Read the paswsord from a file
 - Resilient to no user or group files
 ### New services
 - Discord integration (Discord role to LLDAP user)
 - HashiCorp
 - Jellyfin 2FA with Duo
 - Kimai
 - Mailcow
 - Peertube
 - Penpot
 - PgAdmin
 - Project Quay
 - Quadlet
 - Snipe-IT
 - SSSD
 - Stalwart
 - UnifiOS
 ## [0.6.1] 2024-11-22
 Small release, mainly to fix a migration issue with Sqlite and Postgresql.
 ### Added
 - Added a link to a community terraform provider (#1035)
 ### Changed
 - The opaque dependency now points to the official crate rather than a fork (#1040)
 ### Fixed
 - Migration of the DB schema from 7 to 8 is now automatic for sqlite, and fixed for postgres (#1045)
 - The startup warning about `key_seed` applying instead of `key_file` now has instructions on how to silence it (#1032)
 ### New services
 - OneDev
 ## [0.6.0] 2024-11-09
 ### Breaking
 - The endpoint `/auth/reset/step1` is now `POST` instead of `GET` (#704)
 ### Added
 - Custom attributes are now supported (#67) ! You can add new fields (string, integers, JPEG or dates) to users and query them. That unlocks many integrations with other services, and allows for a deeper/more customized integration. Special thanks to @pixelrazor and @bojidar-bg for their help with the UI.
 - Custom object classes (for all users/groups) can now be added (#833)
 - Barebones support for Paged Results Control (no paging, no respect for windows, but a correct response with all the results) (#698)
 - A daily docker image is tagged and released. (#613)
 - A bootstrap script allows reading the list of users/groups from a file and making sure the server contains exactly the same thing. (#654)
 - Make it possible to serve lldap behind a sub-path in (#752)
 - LLDAP can now be found on a custom package repository for opensuse, fedora, ubuntu, debian and centos ([Repository link](https://software.opensuse.org//download.html?project=home%3AMasgalor%3ALLDAP&package=lldap)). Thanks @Masgalor for setting it up and maintaining it.
 - There's now an option to force reset the admin password (#748) optionally on every restart (#959)
 - There's a rootless docker container (#755)
 - entryDN is now supported (#780)
 - Unknown LDAP controls are now detected and ignored (#787, #799)
 - A community-developed CLI for scripting (#793)
 - Added a way to print raw logs to debug long-running sessions (#992)
 ### Changed
 - The official docker repository is now `lldap/lldap`
 - Removed password length limitation in lldap_set_password tool
 - Group names and emails are now case insensitive, but keep their casing (#666)
 - Better error messages (and exit code (#745)) when changing the private key (#778, #1008), using the wrong SMTP port (#970), using the wrong env variables (#972)
 - Allow `member=` filters with plain user names (not full DNs) (#949)
 - Correctly detect and refuse anonymous binds (#974)
 - Clearer logging (#971, #981, #982)
 ### Fixed
 - Logging out applies globally, not just in the local browser. (#721)
 - It's no longer possible to create the same user twice (#745)
 - Fix wide substring filters (#738)
 - Don't log the database password if provided in the connection URL (#735)
 - Fix a panic when postgres uses a different collation (#821)
 - The UI now defaults to the user ID for users with no display names (#843)
 - Fix searching for users with more than one `memberOf` filter (#872)
 - Fix compilation on Windows (#932) and Illumos (#964)
 - The UI now correctly detects whether password resets are enabled. (#753)
 - Fix a missing lowercasing of username when changing passwords through LDAP (#1012)
 - Fix SQLite writers erroring when racing (#1021)
 - LDAP sessions no longer buffer their logs until unbind, causing memory leaks (#1025)
 ### Performance
 - Only expand attributes once per query, not per result (#687)
 ### Security
 - When asked to send a password reset to an unknown email, sleep for 3 seconds and don't print the email in the error (#887)
 ### New services
 Linux user accounts can now be managed by LLDAP, using PAM and nslcd.
 - Apereo CAS server
 - Carpal
 - Gitlab
 - Grocy
 - Harbor
 - Home Assistant
 - Jenkins
 - Kasm
 - Maddy
 - Mastodon
 - Metabase
 - MegaRAC-BMC
 - Netbox
 - OCIS
 - Prosody
 - Radicale
 - SonarQube
 - Traccar
 - Zitadel
 ## [0.5.0] 2023-09-14
 ### Breaking
@@ -71,7 +227,7 @@ systems, including PAM authentication.
 ## [0.4.3] 2023-04-11
 The repository has changed from `nitnelave/lldap` to `lldap/lldap`, both on GitHub
-and on DockerHub (although we will keep publishing the images to 
+and on DockerHub (although we will keep publishing the images to
 `nitnelave/lldap` for the foreseeable future). All data on GitHub has been
 migrated, and the new docker images are available both on DockerHub and on the
 GHCR under `lldap/lldap`.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -46,7 +46,9 @@ advanced guides (scripting, migrations, ...) you can contribute to.
 ### Code
 If you don't know what to start with, check out the 
-[good first issues](https://github.com/lldap/lldap/labels/good%20first%20issue). 
+[good first issues](https://github.com/lldap/lldap/labels/good%20first%20issue).
 For an alternative development environment setup, see [docs/nix-development.md](docs/nix-development.md). 
 Otherwise, if you want to fix a specific bug or implement a feature, make sure
 to start by creating an issue for it (if it doesn't already exist). There, we
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,25 +1,32 @@
 [workspace]
 members = [
-  "server",
+    "server",
-  "auth",
+    "app",
-  "app",
+    "migration-tool",
-  "migration-tool",
+    "set-password",
-  "set-password",
+    "crates/*",
 ]
 default-members = ["server"]
 resolver = "2"
 [workspace.package]
 authors = ["Valentin Tolmer <valentin@tolmer.fr>"]
 documentation = "https://github.com/lldap/lldap"
 edition = "2024"
 homepage = "https://github.com/lldap/lldap"
 license = "GPL-3.0-only"
 repository = "https://github.com/lldap/lldap"
 rust-version = "1.89.0"
 [profile.release]
 lto = true
 [profile.release.package.lldap_app]
 opt-level = 's'
-[patch.crates-io.opaque-ke]
+[workspace.dependencies.sea-orm]
-git = 'https://github.com/nitnelave/opaque-ke/'
+version = "1.1.8"
-branch = 'zeroize_1.5'
+default-features = false
-[patch.crates-io.lber]
+[workspace.dependencies.serde]
-git = 'https://github.com/inejge/ldap3/'
+version = "1"
--- a/7
+++ b/7
@@ -1,5 +1,5 @@
 # Build image
-FROM rust:alpine3.16 AS chef
+FROM rust:alpine3.21 AS chef
 RUN set -x \
    # Add user
@@ -41,9 +41,9 @@ RUN cargo build --release -p lldap -p lldap_migration_tool -p lldap_set_password
    && ./app/build.sh
 # Final image
-FROM alpine:3.16
+FROM alpine:3.21
-ENV GOSU_VERSION 1.14
+ENV GOSU_VERSION=1.14
 # Fetch gosu from git
 RUN set -eux; \
        \
@@ -80,6 +80,7 @@ COPY --from=builder /app/app/static app/static
 COPY --from=builder /app/app/pkg app/pkg
 COPY --from=builder /app/target/release/lldap /app/target/release/lldap_migration_tool /app/target/release/lldap_set_password ./
 COPY docker-entrypoint.sh lldap_config.docker_template.toml ./
 COPY scripts/bootstrap.sh ./
 RUN set -x \
    && apk add --no-cache bash tzdata \
--- a/5
+++ b/5
@@ -0,0 +1,5 @@
 build-dev-container:
 	docker buildx build --tag lldap/rust-dev --file .github/workflows/Dockerfile.dev --push .github/workflows
 prepare-release:
 	./prepare-release.sh
--- a/README.md
+++ b/README.md
@@ -34,27 +34,14 @@
 </p>
 - [About](#about)
- [Installation](#installation)
+- [Installation](docs/install.md)
  - [With Docker](#with-docker)
  - [With Kubernetes](#with-kubernetes)
  - [From a package repository](#from-a-package-repository)
  - [From source](#from-source)
    - [Backend](#backend)
    - [Frontend](#frontend)
  - [Cross-compilation](#cross-compilation)
 - [Usage](#usage)
  - [Recommended architecture](#recommended-architecture)
 - [Client configuration](#client-configuration)
-  - [Compatible services](#compatible-services)
+  - [Known compatible services](#known-compatible-services)
  - [General configuration guide](#general-configuration-guide)
  - [Sample client configurations](#sample-client-configurations)
  - [Incompatible services](#incompatible-services)
- [Migrating from SQLite](#migrating-from-sqlite)
+- [Frequently Asked Questions](#frequently-asked-questions)
 - [Comparisons with other services](#comparisons-with-other-services)
  - [vs OpenLDAP](#vs-openldap)
  - [vs FreeIPA](#vs-freeipa)
  - [vs Kanidm](#vs-kanidm)
 - [I can't log in!](#i-cant-log-in)
 - [Contributions](#contributions)
 ## About
@@ -96,179 +83,9 @@ MySQL/MariaDB or PostgreSQL.
 ## Installation
-### With Docker
+It's possible to install lldap from OCI images ([docker](docs/install.md#with-docker)/[podman](docs/install.md#with-podman)), from [Kubernetes](docs/install.md#with-kubernetes), [TrueNAS](docs/install.md#truenas-scale), or from [a regular distribution package manager](docs/install.md/#from-a-package-repository) (Archlinux, Debian, CentOS, Fedora, OpenSuse, Ubuntu, FreeBSD).
-The image is available at `lldap/lldap`. You should persist the `/data`
+Building [from source](docs/install.md#from-source) and [cross-compiling](docs/install.md#cross-compilation) to a different hardware architecture is also supported.
 folder, which contains your configuration and the SQLite database (you can
 remove this step if you use a different DB and configure with environment
 variables only).
 Configure the server by copying the `lldap_config.docker_template.toml` to
 `/data/lldap_config.toml` and updating the configuration values (especially the
 `jwt_secret` and `ldap_user_pass`, unless you override them with env variables).
 Environment variables should be prefixed with `LLDAP_` to override the
 configuration.
 If the `lldap_config.toml` doesn't exist when starting up, LLDAP will use
 default one. The default admin password is `password`, you can change the
 password later using the web interface.
 Secrets can also be set through a file. The filename should be specified by the
 variables `LLDAP_JWT_SECRET_FILE` or `LLDAP_KEY_SEED_FILE`, and the file
 contents are loaded into the respective configuration parameters. Note that
 `_FILE` variables take precedence.
 Example for docker compose:
 - You can use either the `:latest` tag image or `:stable` as used in this example.
 - `:latest` tag image contains recently pushed code or feature tests, in which some instability can be expected.
 - If `UID` and `GID` no defined LLDAP will use default `UID` and `GID` number `1000`.
 - If no `TZ` is set, default `UTC` timezone will be used.
 - You can generate the secrets by running `./generate_secrets.sh`
 ```yaml
 version: "3"
 volumes:
  lldap_data:
    driver: local
 services:
  lldap:
    image: lldap/lldap:stable
    ports:
      # For LDAP, not recommended to expose, see Usage section.
      #- "3890:3890"
      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
      #- "6360:6360"
      # For the web front-end
      - "17170:17170"
    volumes:
      - "lldap_data:/data"
      # Alternatively, you can mount a local folder
      # - "./lldap_data:/data"
    environment:
      - UID=####
      - GID=####
      - TZ=####/####
      - LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM
      - LLDAP_KEY_SEED=REPLACE_WITH_RANDOM
      - LLDAP_LDAP_BASE_DN=dc=example,dc=com
      # If using LDAPS, set enabled true and configure cert and key path
      # - LLDAP_LDAPS_OPTIONS__ENABLED=true
      # - LLDAP_LDAPS_OPTIONS__CERT_FILE=/path/to/certfile.crt
      # - LLDAP_LDAPS_OPTIONS__KEY_FILE=/path/to/keyfile.key
      # You can also set a different database:
      # - LLDAP_DATABASE_URL=mysql://mysql-user:password@mysql-server/my-database
      # - LLDAP_DATABASE_URL=postgres://postgres-user:password@postgres-server/my-database
 ```
 Then the service will listen on two ports, one for LDAP and one for the web
 front-end.
 ### With Kubernetes
 See https://github.com/Evantage-WS/lldap-kubernetes for a LLDAP deployment for Kubernetes
 You can bootstrap your lldap instance (users, groups)
 using [bootstrap.sh](example_configs/bootstrap/bootstrap.md#kubernetes-job).
 It can be run by Argo CD for managing users in git-opt way, or as a one-shot job.
 ### From a package repository
 **Do not open issues in this repository for problems with third-party
 pre-built packages. Report issues downstream.**
 Depending on the distribution you use, it might be possible to install lldap
 from a package repository, officially supported by the distribution or
 community contributed.
 #### Debian, CentOS Fedora, OpenSUSE, Ubuntu
 The package for these distributions can be found at [LLDAP OBS](https://software.opensuse.org//download.html?project=home%3AMasgalor%3ALLDAP&package=lldap).
 - When using the distributed package, the default login is `admin/password`. You can change that from the web UI after starting the service.
 #### Arch Linux
 Arch Linux offers unofficial support through the [Arch User Repository
 (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository).
 Available package descriptions in AUR are:
 - [lldap](https://aur.archlinux.org/packages/lldap) -  Builds the latest stable version.
 - [lldap-bin](https://aur.archlinux.org/packages/lldap-bin) - Uses the latest
  pre-compiled binaries from the [releases in this repository](https://github.com/lldap/lldap/releases).
  This package is recommended if you want to run lldap on a system with
  limited resources.
 - [lldap-git](https://aur.archlinux.org/packages/lldap-git) - Builds the
  latest main branch code.
 The package descriptions can be used
 [to create and install packages](https://wiki.archlinux.org/title/Arch_User_Repository#Getting_started).
 Each package places lldap's configuration file at `/etc/lldap.toml` and offers
 [systemd service](https://wiki.archlinux.org/title/systemd#Using_units)
 `lldap.service` to (auto-)start and stop lldap.
 ### From source
 #### Backend
 To compile the project, you'll need:
 - curl and gzip: `sudo apt install curl gzip`
 - Rust/Cargo: [rustup.rs](https://rustup.rs/)
 Then you can compile the server (and the migration tool if you want):
 ```shell
 cargo build --release -p lldap -p lldap_migration_tool
 ```
 The resulting binaries will be in `./target/release/`. Alternatively, you can
 just run `cargo run -- run` to run the server.
 #### Frontend
 To bring up the server, you'll need to compile the frontend. In addition to
 `cargo`, you'll need WASM-pack, which can be installed by running `cargo install wasm-pack`.
 Then you can build the frontend files with
 ```shell
 ./app/build.sh
 ```
 (you'll need to run this after every front-end change to update the WASM
 package served).
 The default config is in `src/infra/configuration.rs`, but you can override it
 by creating an `lldap_config.toml`, setting environment variables or passing
 arguments to `cargo run`. Have a look at the docker template:
 `lldap_config.docker_template.toml`.
 You can also install it as a systemd service, see
 [lldap.service](example_configs/lldap.service).
 ### Cross-compilation
 Docker images are provided for AMD64, ARM64 and ARM/V7.
 If you want to cross-compile yourself, you can do so by installing
 [`cross`](https://github.com/rust-embedded/cross):
 ```sh
 cargo install cross
 cross build --target=armv7-unknown-linux-musleabihf -p lldap --release
 ./app/build.sh
 ```
 (Replace `armv7-unknown-linux-musleabihf` with the correct Rust target for your
 device.)
 You can then get the compiled server binary in
 `target/armv7-unknown-linux-musleabihf/release/lldap` and the various needed files
 (`index.html`, `main.js`, `pkg` folder) in the `app` folder. Copy them to the
 Raspberry Pi (or other target), with the folder structure maintained (`app`
 files in an `app` folder next to the binary).
 ## Usage
@@ -277,10 +94,16 @@ create users, set passwords, add them to groups and so on. Users can also
 connect to the web UI and change their information, or request a password reset
 link (if you configured the SMTP client).
-Creating and managing custom attributes is currently in Beta. It's not
+You can create and manage custom attributes through the Web UI, or through the
-supported in the Web UI. The recommended way is to use
+community-contributed CLI frontend (
-[Zepmann/lldap-cli](https://github.com/Zepmann/lldap-cli), a
+[Zepmann/lldap-cli](https://github.com/Zepmann/lldap-cli)). This is necessary
-community-contributed CLI frontend.
+for some service integrations.
 The [bootstrap.sh](scripts/bootstrap.sh) script can enforce a list of
 users/groups/attributes from a given file, reflecting it on the server.
 To manage the user, group and membership lifecycle in an infrastructure-as-code
 scenario you can use the unofficial [LLDAP terraform provider in the terraform registry](https://registry.terraform.io/providers/tasansga/lldap/latest).
 LLDAP is also very scriptable, through its GraphQL API. See the
 [Scripting](docs/scripting.md) docs for more info.
@@ -313,7 +136,7 @@ If you are using containers, a sample architecture could look like this:
 ## Client configuration
-### Compatible services
+### Known compatible services
 Most services that can use LDAP as an authentication provider should work out
 of the box. For new services, it's possible that they require a bit of tweaking
@@ -321,6 +144,13 @@ on LLDAP's side to make things work. In that case, just create an issue with
 the relevant details (logs of the service, LLDAP logs with `verbose=true` in
 the config).
 Some specific clients have been tested to work and come with sample
 configuration files, or guides. See the [`example_configs`](example_configs/README.md)
 folder for example configs for integration with specific services.
 Integration with Linux accounts is possible, through PAM and nslcd. See [PAM
 configuration guide](example_configs/pam/README.md). Integration with Windows (e.g. Samba) is WIP.
 ### General configuration guide
 To configure the services that will talk to LLDAP, here are the values:
@@ -340,66 +170,9 @@ filter like: `(memberOf=cn=admins,ou=groups,dc=example,dc=com)`.
 The administrator group for LLDAP is `lldap_admin`: anyone in this group has
 admin rights in the Web UI. Most LDAP integrations should instead use a user in
 the `lldap_strict_readonly` or `lldap_password_manager` group, to avoid granting full
-administration access to many services.
+administration access to many services. To prevent privilege escalation users in the
-
+`lldap_password_manager` group are not allowed to change passwords of admins in the
-### Sample client configurations
+`lldap_admin` group.
 Some specific clients have been tested to work and come with sample
 configuration files, or guides. See the [`example_configs`](example_configs)
 folder for help with:
 - [Airsonic Advanced](example_configs/airsonic-advanced.md)
 - [Apache Guacamole](example_configs/apacheguacamole.md)
 - [Apereo CAS Server](example_configs/apereo_cas_server.md)
 - [Authelia](example_configs/authelia_config.yml)
 - [Authentik](example_configs/authentik.md)
 - [Bookstack](example_configs/bookstack.env.example)
 - [Calibre-Web](example_configs/calibre_web.md)
 - [Dell iDRAC](example_configs/dell_idrac.md)
 - [Dex](example_configs/dex_config.yml)
 - [Dokuwiki](example_configs/dokuwiki.md)
 - [Dolibarr](example_configs/dolibarr.md)
 - [Ejabberd](example_configs/ejabberd.md)
 - [Emby](example_configs/emby.md)
 - [Ergo IRCd](example_configs/ergo.md)
 - [Gitea](example_configs/gitea.md)
 - [GitLab](example_configs/gitlab.md)
 - [Grafana](example_configs/grafana_ldap_config.toml)
 - [Grocy](example_configs/grocy.md)
 - [Hedgedoc](example_configs/hedgedoc.md)
 - [Home Assistant](example_configs/home-assistant.md)
 - [Jellyfin](example_configs/jellyfin.md)
 - [Jenkins](example_configs/jenkins.md)
 - [Jitsi Meet](example_configs/jitsi_meet.conf)
 - [Kasm](example_configs/kasm.md)
 - [KeyCloak](example_configs/keycloak.md)
 - [LibreNMS](example_configs/librenms.md)
 - [Maddy](example_configs/maddy.md)
 - [Mastodon](example_configs/mastodon.env.example)
 - [Matrix](example_configs/matrix_synapse.yml)
 - [Mealie](example_configs/mealie.md)
 - [MinIO](example_configs/minio.md)
 - [Nextcloud](example_configs/nextcloud.md)
 - [Nexus](example_configs/nexus.md)
 - [Organizr](example_configs/Organizr.md)
 - [Portainer](example_configs/portainer.md)
 - [PowerDNS Admin](example_configs/powerdns_admin.md)
 - [Proxmox VE](example_configs/proxmox.md)
 - [Rancher](example_configs/rancher.md)
 - [Seafile](example_configs/seafile.md)
 - [Shaarli](example_configs/shaarli.md)
 - [Squid](example_configs/squid.md)
 - [Syncthing](example_configs/syncthing.md)
 - [TheLounge](example_configs/thelounge.md)
 - [Traccar](example_configs/traccar.xml)
 - [Vaultwarden](example_configs/vaultwarden.md)
 - [WeKan](example_configs/wekan.md)
 - [WG Portal](example_configs/wg_portal.env.example)
 - [WikiJS](example_configs/wikijs.md)
 - [XBackBone](example_configs/xbackbone_config.php)
 - [Zendto](example_configs/zendto.md)
 - [Zitadel](example_configs/zitadel.md)
 - [Zulip](example_configs/zulip.md)
 ### Incompatible services
@@ -422,76 +195,16 @@ it duplicates the places from which a password hash could leak.
 In that category, the most prominent is Synology. It is, to date, the only
 service that seems definitely incompatible with LLDAP.
-## Migrating from SQLite
+## Frequently Asked Questions
-If you started with an SQLite database and would like to migrate to
+- [I can't login](docs/faq.md#i-cant-log-in)
-MySQL/MariaDB or PostgreSQL, check out the [DB
+- [Discord Integration](docs/faq.md#discord-integration)
-migration docs](/docs/database_migration.md).
+- [Migrating from SQLite](docs/faq.md#migrating-from-sqlite)
-
+- How does lldap compare [with OpenLDAP](docs/faq.md#how-does-lldap-compare-with-openldap)? [With FreeIPA](docs/faq.md#how-does-lldap-compare-with-freeipa)? [With Kanidm](docs/faq.md#how-does-lldap-compare-with-kanidm)?
-## Comparisons with other services
+- [Does lldap support vhosts?](docs/faq.md#does-lldap-support-vhosts)
-
+- [Does lldap provide commercial support contracts?](docs/faq.md#does-lldap-provide-commercial-support-contracts)
-### vs OpenLDAP
+- [Can I make a donation to fund development?](docs/faq.md#can-i-make-a-donation-to-fund-development)
-
+- [Is lldap sustainable? Can we depend on it for our infrastructure?](docs/faq.md#is-lldap-sustainable-can-we-depend-on-it-for-our-infrastructure)
 [OpenLDAP](https://www.openldap.org) is a monster of a service that implements
 all of LDAP and all of its extensions, plus some of its own. That said, if you
 need all that flexibility, it might be what you need! Note that installation
 can be a bit painful (figuring out how to use `slapd`) and people have mixed
 experiences following tutorials online. If you don't configure it properly, you
 might end up storing passwords in clear, so a breach of your server would
 reveal all the stored passwords!
 OpenLDAP doesn't come with a UI: if you want a web interface, you'll have to
 install one (not that many look nice) and configure it.
 LLDAP is much simpler to setup, has a much smaller image (10x smaller, 20x if
 you add PhpLdapAdmin), and comes packed with its own purpose-built web UI.
 However, it's not as flexible as OpenLDAP.
 ### vs FreeIPA
 [FreeIPA](http://www.freeipa.org) is the one-stop shop for identity management:
 LDAP, Kerberos, NTP, DNS, Samba, you name it, it has it. In addition to user
 management, it also does security policies, single sign-on, certificate
 management, linux account management and so on.
 If you need all of that, go for it! Keep in mind that a more complex system is
 more complex to maintain, though.
 LLDAP is much lighter to run (<10 MB RAM including the DB), easier to
 configure (no messing around with DNS or security policies) and simpler to
 use. It also comes conveniently packed in a docker container.
 ### vs Kanidm
 [Kanidm](https://kanidm.com) is an up-and-coming Rust identity management
 platform, covering all your bases: OAuth, Linux accounts, SSH keys, Radius,
 WebAuthn. It comes with a (read-only) LDAPS server.
 It's fairly easy to install and does much more; but their LDAP server is
 read-only, and by having more moving parts it is inherently more complex. If
 you don't need to modify the users through LDAP and you're planning on
 installing something like [KeyCloak](https://www.keycloak.org) to provide
 modern identity protocols, check out Kanidm.
 ## I can't log in!
 If you just set up the server, can get to the login page but the password you
 set isn't working, try the following:
 - (For docker): Make sure that the `/data` folder is persistent, either to a
  docker volume or mounted from the host filesystem.
 - Check if there is a `lldap_config.toml` file (either in `/data` for docker
  or in the current directory). If there isn't, copy
  `lldap_config.docker_template.toml` there, and fill in the various values
  (passwords, secrets, ...).
 - Check if there is a `users.db` file (either in `/data` for docker or where
  you specified the DB URL, which defaults to the current directory). If
  there isn't, check that the user running the command (user with ID 10001
  for docker) has the rights to write to the `/data` folder. If in doubt, you
  can `chmod 777 /data` (or whatever the folder) to make it world-writeable.
 - Make sure you restart the server.
 - If it's still not working, join the
  [Discord server](https://discord.gg/h5PEdRMNyP) to ask for help.
 ## Contributions
--- a/app/Cargo.toml
+++ b/app/Cargo.toml
@@ -1,13 +1,14 @@
 [package]
 authors = ["Valentin Tolmer <valentin@tolmer.fr>"]
 description = "Frontend for LLDAP"
 edition = "2021"
 homepage = "https://github.com/lldap/lldap"
 license = "GPL-3.0-only"
 name = "lldap_app"
-repository = "https://github.com/lldap/lldap"
+version = "0.6.2"
-version = "0.5.1-alpha"
+description = "Frontend for LLDAP"
 edition.workspace = true
 include = ["src/**/*", "queries/**/*", "Cargo.toml", "../schema.graphql"]
 authors.workspace = true
 homepage.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
 [dependencies]
 anyhow = "1"
@@ -19,12 +20,11 @@ graphql_client = "0.10"
 http = "0.2"
 jwt = "0.13"
 rand = "0.8"
 serde = "1"
 serde_json = "1"
 url-escape = "0.1.1"
-validator = "=0.14"
+validator = "0.14"
-validator_derive = "*"
+validator_derive = "0.14"
-wasm-bindgen = "0.2"
+wasm-bindgen = "0.2.100"
 wasm-bindgen-futures = "*"
 yew = "0.19.3"
 yew-router = "0.16"
@@ -37,12 +37,16 @@ version = "0.3"
 features = [
  "Document",
  "Element",
  "Event",
  "FileReader",
  "FormData",
  "HtmlDocument",
  "HtmlFormElement",
  "HtmlInputElement",
  "HtmlOptionElement",
  "HtmlOptionsCollection",
  "HtmlSelectElement",
  "SubmitEvent",
  "console",
 ]
@@ -52,15 +56,33 @@ features = [
  "wasmbind"
 ]
 [dependencies.derive_more]
 features = ["debug", "display", "from", "from_str"]
 default-features = false
 version = "1"
 [dependencies.lldap_auth]
-path = "../auth"
+path = "../crates/auth"
 features = [ "opaque_client" ]
 [dependencies.lldap_frontend_options]
 path = "../crates/frontend-options"
 [dependencies.lldap_validation]
 path = "../crates/validation"
 [dependencies.image]
 features = ["jpeg"]
 default-features = false
 version = "0.24"
 [dependencies.serde]
 workspace = true
 [dependencies.strum]
 features = ["derive"]
 version = "0.25"
 [dependencies.yew_form]
 git = "https://github.com/jfbilodeau/yew_form"
 rev = "4b9fabffb63393ec7626a4477fd36de12a07fac9"
@@ -71,3 +93,15 @@ rev = "4b9fabffb63393ec7626a4477fd36de12a07fac9"
 [lib]
 crate-type = ["cdylib"]
 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = [
    'cfg(wasm_bindgen_unstable_test_coverage)',
 ] }
 [package.metadata.wasm-pack.profile.dev]
 wasm-opt = ['--enable-bulk-memory']
 [package.metadata.wasm-pack.profile.profiling]
 wasm-opt = ['--enable-bulk-memory']
 [package.metadata.wasm-pack.profile.release]
 wasm-opt = ['--enable-bulk-memory']
--- a/app/queries/create_group.graphql
+++ b/app/queries/create_group.graphql
@@ -1,5 +1,5 @@
-mutation CreateGroup($name: String!) {
+mutation CreateGroup($group: CreateGroupInput!) {
-  createGroup(name: $name) {
+  createGroupWithDetails(request: $group) {
    id
    displayName
  }
--- a/app/queries/create_group_attribute.graphql
+++ b/app/queries/create_group_attribute.graphql
@@ -0,0 +1,5 @@
 mutation CreateGroupAttribute($name: String!, $attributeType: AttributeType!, $isList: Boolean!, $isVisible: Boolean!) {
    addGroupAttribute(name: $name, attributeType: $attributeType, isList: $isList, isVisible: $isVisible, isEditable: false) {
        ok
    }
 }
--- a/app/queries/create_user_attribute.graphql
+++ b/app/queries/create_user_attribute.graphql
@@ -0,0 +1,5 @@
 mutation CreateUserAttribute($name: String!, $attributeType: AttributeType!, $isList: Boolean!, $isVisible: Boolean!, $isEditable: Boolean!) {
    addUserAttribute(name: $name, attributeType: $attributeType, isList: $isList, isVisible: $isVisible, isEditable: $isEditable) {
        ok
    }
 }
--- a/app/queries/delete_group_attribute.graphql
+++ b/app/queries/delete_group_attribute.graphql
@@ -0,0 +1,5 @@
 mutation DeleteGroupAttributeQuery($name: String!) {
    deleteGroupAttribute(name: $name) {
        ok
    }
 }
--- a/app/queries/delete_user_attribute.graphql
+++ b/app/queries/delete_user_attribute.graphql
@@ -0,0 +1,5 @@
 mutation DeleteUserAttributeQuery($name: String!) {
    deleteUserAttribute(name: $name) {
        ok
    }
 }
--- a/app/queries/get_group_attributes_schema.graphql
+++ b/app/queries/get_group_attributes_schema.graphql
@@ -0,0 +1,14 @@
 query GetGroupAttributesSchema {
  schema {
    groupSchema {
      attributes {
        name
        attributeType
        isList
        isVisible
        isHardcoded
        isReadonly
      }
    }
  }
 }
--- a/app/queries/get_group_details.graphql
+++ b/app/queries/get_group_details.graphql
@@ -8,5 +8,22 @@ query GetGroupDetails($id: Int!) {
      id
      displayName
    }
    attributes {
      name
      value
    }
  }
  schema {
    groupSchema {
      attributes {
        name
        attributeType
        isList
        isVisible
        isEditable
        isHardcoded
        isReadonly
      }
    }
  }
 }
--- a/app/queries/get_user_attributes_schema.graphql
+++ b/app/queries/get_user_attributes_schema.graphql
@@ -0,0 +1,15 @@
 query GetUserAttributesSchema {
  schema {
    userSchema {
      attributes {
        name
        attributeType
        isList
        isVisible
        isEditable
        isHardcoded
        isReadonly
      }
    }
  }
 }
--- a/app/queries/get_user_details.graphql
+++ b/app/queries/get_user_details.graphql
@@ -2,15 +2,30 @@ query GetUserDetails($id: String!) {
  user(userId: $id) {
    id
    email
    displayName
    firstName
    lastName
    avatar
    displayName
    creationDate
    uuid
    groups {
      id
      displayName
    }
    attributes {
      name
      value
    }
  }
  schema {
    userSchema {
      attributes {
        name
        attributeType
        isList
        isVisible
        isEditable
        isHardcoded
        isReadonly
      }
    }
  }
 }
--- a/app/queries/update_group.graphql
+++ b/app/queries/update_group.graphql
@@ -0,0 +1,6 @@
 mutation UpdateGroup($group: UpdateGroupInput!) {
  updateGroup(group: $group) {
    ok
  }
 }
--- a/app/src/components/add_group_member.rs
+++ b/app/src/components/add_group_member.rs
@@ -155,8 +155,13 @@ impl Component for AddGroupMemberComponent {
            let to_add_user_list = self.get_selectable_user_list(ctx, user_list);
            #[allow(unused_braces)]
            let make_select_option = |user: User| {
                let name = if user.display_name.is_empty() {
                    user.id.clone()
                } else {
                    user.display_name.clone()
                };
                html_nested! {
-                    <SelectOption value={user.id.clone()} text={user.display_name.clone()} key={user.id} />
+                    <SelectOption value={user.id.clone()} text={name} key={user.id} />
                }
            };
            html! {
--- a/app/src/components/app.rs
+++ b/app/src/components/app.rs
@@ -1,54 +1,38 @@
 use crate::{
    components::{
        banner::Banner,
        change_password::ChangePasswordForm,
        create_group::CreateGroupForm,
        create_group_attribute::CreateGroupAttributeForm,
        create_user::CreateUserForm,
        create_user_attribute::CreateUserAttributeForm,
        group_details::GroupDetails,
        group_schema_table::ListGroupSchema,
        group_table::GroupTable,
        login::LoginForm,
        logout::LogoutButton,
        reset_password_step1::ResetPasswordStep1Form,
        reset_password_step2::ResetPasswordStep2Form,
        router::{AppRoute, Link, Redirect},
        user_details::UserDetails,
        user_schema_table::ListUserSchema,
        user_table::UserTable,
    },
    infra::{api::HostService, cookies::get_cookie},
 };
 use gloo_console::error;
-use wasm_bindgen::prelude::*;
+use lldap_frontend_options::Options;
 use yew::{
-    function_component,
+    Context, function_component,
    html::Scope,
-    prelude::{html, Component, Html},
+    prelude::{Component, Html, html},
    Context,
 };
 use yew_router::{
    BrowserRouter, Switch,
    prelude::{History, Location},
    scope_ext::RouterScopeExt,
    BrowserRouter, Switch,
 };
 #[wasm_bindgen]
 extern "C" {
    #[wasm_bindgen(js_namespace = darkmode)]
    fn toggleDarkMode(doSave: bool);
    #[wasm_bindgen]
    fn inDarkMode() -> bool;
 }
 #[function_component(DarkModeToggle)]
 pub fn dark_mode_toggle() -> Html {
    html! {
      <div class="form-check form-switch">
        <input class="form-check-input" onclick={|_| toggleDarkMode(true)} type="checkbox" id="darkModeToggle" checked={inDarkMode()}/>
        <label class="form-check-label" for="darkModeToggle">{"Dark mode"}</label>
      </div>
    }
 }
 #[function_component(AppContainer)]
 pub fn app_container() -> Html {
    html! {
@@ -67,7 +51,7 @@ pub struct App {
 pub enum Msg {
    Login((String, bool)),
    Logout,
-    PasswordResetProbeFinished(anyhow::Result<bool>),
+    SettingsReceived(anyhow::Result<Options>),
 }
 impl Component for App {
@@ -92,9 +76,8 @@ impl Component for App {
            redirect_to: Self::get_redirect_route(ctx),
            password_reset_enabled: None,
        };
-        ctx.link().send_future(async move {
+        ctx.link()
-            Msg::PasswordResetProbeFinished(HostService::probe_password_reset().await)
+            .send_future(async move { Msg::SettingsReceived(HostService::get_settings().await) });
        });
        app.apply_initial_redirections(ctx);
        app
    }
@@ -119,14 +102,11 @@ impl Component for App {
                self.redirect_to = None;
                history.push(AppRoute::Login);
            }
-            Msg::PasswordResetProbeFinished(Ok(enabled)) => {
+            Msg::SettingsReceived(Ok(settings)) => {
-                self.password_reset_enabled = Some(enabled);
+                self.password_reset_enabled = Some(settings.password_reset_enabled);
            }
-            Msg::PasswordResetProbeFinished(Err(err)) => {
+            Msg::SettingsReceived(Err(err)) => {
-                self.password_reset_enabled = Some(false);
+                error!(err.to_string());
                error!(&format!(
                    "Could not probe for password reset support: {err:#}"
                ));
            }
        }
        true
@@ -135,13 +115,14 @@ impl Component for App {
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = ctx.link().clone();
        let is_admin = self.is_admin();
        let username = self.user_info.clone().map(|(username, _)| username);
        let password_reset_enabled = self.password_reset_enabled;
        html! {
          <div>
-            {self.view_banner(ctx)}
+            <Banner is_admin={is_admin} username={username} on_logged_out={link.callback(|_| Msg::Logout)} />
            <div class="container py-3 bg-kug">
              <div class="row justify-content-center" style="padding-bottom: 80px;">
-                <main class="py-3" style="max-width: 1000px">
+                <main class="py-3">
                  <Switch<AppRoute>
                    render={Switch::render(move |routes| Self::dispatch_route(routes, &link, is_admin, password_reset_enabled))}
                  />
@@ -215,29 +196,57 @@ impl App {
            AppRoute::CreateUser => html! {
                <CreateUserForm/>
            },
-            AppRoute::Index | AppRoute::ListUsers => html! {
+            AppRoute::Index | AppRoute::ListUsers => {
-                <div>
+                let user_button = |key| {
-                  <UserTable />
+                    html! {
-                  <Link classes="btn btn-primary" to={AppRoute::CreateUser}>
+                      <Link classes="btn btn-primary" key={key} to={AppRoute::CreateUser}>
-                    <i class="bi-person-plus me-2"></i>
+                        <i class="bi-person-plus me-2"></i>
-                    {"Create a user"}
+                        {"Create a user"}
-                  </Link>
+                      </Link>
-                </div>
+                    }
-            },
+                };
                html! {
                  <div>
                    { user_button("top-create-user") }
                    <UserTable />
                    { user_button("bottom-create-user") }
                  </div>
                }
            }
            AppRoute::CreateGroup => html! {
                <CreateGroupForm/>
            },
-            AppRoute::ListGroups => html! {
+            AppRoute::CreateUserAttribute => html! {
-                <div>
+                <CreateUserAttributeForm/>
-                  <GroupTable />
+            },
-                  <Link classes="btn btn-primary" to={AppRoute::CreateGroup}>
+            AppRoute::CreateGroupAttribute => html! {
-                    <i class="bi-plus-circle me-2"></i>
+                <CreateGroupAttributeForm/>
-                    {"Create a group"}
+            },
-                  </Link>
+            AppRoute::ListGroups => {
-                </div>
+                let group_button = |key| {
                    html! {
                      <Link classes="btn btn-primary" key={key} to={AppRoute::CreateGroup}>
                        <i class="bi-plus-circle me-2"></i>
                        {"Create a group"}
                      </Link>
                    }
                };
                html! {
                  <div>
                    { group_button("top-create-group") }
                    <GroupTable />
                    { group_button("bottom-create-group") }
                  </div>
                }
            }
            AppRoute::ListUserSchema => html! {
                <ListUserSchema />
            },
            AppRoute::ListGroupSchema => html! {
                <ListGroupSchema />
            },
            AppRoute::GroupDetails { group_id } => html! {
-                <GroupDetails group_id={*group_id} />
+                <GroupDetails group_id={*group_id} is_admin={is_admin} />
            },
            AppRoute::UserDetails { user_id } => html! {
                <UserDetails username={user_id.clone()} is_admin={is_admin} />
@@ -263,91 +272,6 @@ impl App {
        }
    }
    fn view_banner(&self, ctx: &Context<Self>) -> Html {
        html! {
          <header class="p-2 mb-3 border-bottom">
            <div class="container">
              <div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
                <a href={yew_router::utils::base_url().unwrap_or("/".to_string())} class="d-flex align-items-center mt-2 mb-lg-0 me-md-5 text-decoration-none">
                  <h2>{"LLDAP"}</h2>
                </a>
                <ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
                  {if self.is_admin() { html! {
                    <>
                      <li>
                        <Link
                          classes="nav-link px-2 h6"
                          to={AppRoute::ListUsers}>
                          <i class="bi-people me-2"></i>
                          {"Users"}
                        </Link>
                      </li>
                      <li>
                        <Link
                          classes="nav-link px-2 h6"
                          to={AppRoute::ListGroups}>
                          <i class="bi-collection me-2"></i>
                          {"Groups"}
                        </Link>
                      </li>
                    </>
                  } } else { html!{} } }
                </ul>
                { self.view_user_menu(ctx) }
                <DarkModeToggle />
              </div>
            </div>
          </header>
        }
    }
    fn view_user_menu(&self, ctx: &Context<Self>) -> Html {
        if let Some((user_id, _)) = &self.user_info {
            let link = ctx.link();
            html! {
              <div class="dropdown text-end">
                <a href="#"
                  class="d-block nav-link text-decoration-none dropdown-toggle"
                  id="dropdownUser"
                  data-bs-toggle="dropdown"
                  aria-expanded="false">
                  <svg xmlns="http://www.w3.org/2000/svg"
                    width="32"
                    height="32"
                    fill="currentColor"
                    class="bi bi-person-circle"
                    viewBox="0 0 16 16">
                    <path d="M11 6a3 3 0 1 1-6 0 3 3 0 0 1 6 0z"/>
                    <path fill-rule="evenodd" d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8zm8-7a7 7 0 0 0-5.468 11.37C3.242 11.226 4.805 10 8 10s4.757 1.225 5.468 2.37A7 7 0 0 0 8 1z"/>
                  </svg>
                  <span class="ms-2">
                    {user_id}
                  </span>
                </a>
                <ul
                  class="dropdown-menu text-small dropdown-menu-lg-end"
                  aria-labelledby="dropdownUser1"
                  style="">
                  <li>
                    <Link
                      classes="dropdown-item"
                      to={AppRoute::UserDetails{ user_id: user_id.clone() }}>
                      {"View details"}
                    </Link>
                  </li>
                  <li><hr class="dropdown-divider" /></li>
                  <li>
                    <LogoutButton on_logged_out={link.callback(|_| Msg::Logout)} />
                  </li>
                </ul>
              </div>
            }
        } else {
            html! {}
        }
    }
    fn view_footer(&self) -> Html {
        html! {
          <footer class="text-center fixed-bottom text-muted bg-light py-2">
--- a/app/src/components/avatar.rs
+++ b/app/src/components/avatar.rs
@@ -0,0 +1,88 @@
 use crate::infra::functional::{LoadableResult, use_graphql_call};
 use graphql_client::GraphQLQuery;
 use yew::{Properties, function_component, html, virtual_dom::AttrValue};
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/get_user_details.graphql",
    variables_derives = "Clone,PartialEq,Eq",
    response_derives = "Debug, Hash, PartialEq, Eq, Clone",
    custom_scalars_module = "crate::infra::graphql"
 )]
 pub struct GetUserDetails;
 #[derive(Properties, PartialEq)]
 pub struct Props {
    pub user: AttrValue,
    #[prop_or(32)]
    pub width: i32,
    #[prop_or(32)]
    pub height: i32,
 }
 #[function_component(Avatar)]
 pub fn avatar(props: &Props) -> Html {
    let user_details = use_graphql_call::<GetUserDetails>(get_user_details::Variables {
        id: props.user.to_string(),
    });
    match &(*user_details) {
        LoadableResult::Loaded(Ok(response)) => {
            let avatar = response.user.avatar.clone();
            match &avatar {
                Some(data) => html! {
                  <img
                    id="avatarDisplay"
                    src={format!("data:image/jpeg;base64, {}", data)}
                    style={format!("max-height:{}px;max-width:{}px;height:auto;width:auto;", props.height, props.width)}
                    alt="Avatar" />
                },
                None => html! {
                  <BlankAvatarDisplay
                    width={props.width}
                    height={props.height} />
                },
            }
        }
        LoadableResult::Loaded(Err(error)) => html! {
          <BlankAvatarDisplay
            error={error.to_string()}
            width={props.width}
            height={props.height} />
        },
        LoadableResult::Loading => html! {
          <BlankAvatarDisplay
            width={props.width}
            height={props.height} />
        },
    }
 }
 #[derive(Properties, PartialEq)]
 struct BlankAvatarDisplayProps {
    #[prop_or(None)]
    pub error: Option<AttrValue>,
    pub width: i32,
    pub height: i32,
 }
 #[function_component(BlankAvatarDisplay)]
 fn blank_avatar_display(props: &BlankAvatarDisplayProps) -> Html {
    let fill = match &props.error {
        Some(_) => "red",
        None => "currentColor",
    };
    html! {
      <svg xmlns="http://www.w3.org/2000/svg"
        width={props.width.to_string()}
        height={props.height.to_string()}
        fill={fill}
        class="bi bi-person-circle"
        viewBox="0 0 16 16">
        <title>{props.error.clone().unwrap_or(AttrValue::Static("Avatar"))}</title>
        <path d="M11 6a3 3 0 1 1-6 0 3 3 0 0 1 6 0z"/>
        <path fill-rule="evenodd" d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8zm8-7a7 7 0 0 0-5.468 11.37C3.242 11.226 4.805 10 8 10s4.757 1.225 5.468 2.37A7 7 0 0 0 8 1z"/>
      </svg>
    }
 }
--- a/app/src/components/banner.rs
+++ b/app/src/components/banner.rs
@@ -0,0 +1,132 @@
 use crate::components::{
    avatar::Avatar,
    logout::LogoutButton,
    router::{AppRoute, Link},
 };
 use wasm_bindgen::prelude::wasm_bindgen;
 use yew::{Callback, Properties, function_component, html};
 #[derive(Properties, PartialEq)]
 pub struct Props {
    pub is_admin: bool,
    pub username: Option<String>,
    pub on_logged_out: Callback<()>,
 }
 #[function_component(Banner)]
 pub fn banner(props: &Props) -> Html {
    html! {
      <header class="p-2 mb-3 border-bottom">
        <div class="container">
          <div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
            <a href={yew_router::utils::base_url().unwrap_or("/".to_string())} class="d-flex align-items-center mt-2 mb-lg-0 me-md-5 text-decoration-none">
              <h2>{"LLDAP"}</h2>
            </a>
            <ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
              {if props.is_admin { html! {
                <>
                  <li>
                    <Link
                      classes="nav-link px-2 h6"
                      to={AppRoute::ListUsers}>
                      <i class="bi-people me-2"></i>
                      {"Users"}
                    </Link>
                  </li>
                  <li>
                    <Link
                      classes="nav-link px-2 h6"
                      to={AppRoute::ListGroups}>
                      <i class="bi-collection me-2"></i>
                      {"Groups"}
                    </Link>
                  </li>
                  <li>
                    <Link
                      classes="nav-link px-2 h6"
                      to={AppRoute::ListUserSchema}>
                      <i class="bi-list-ul me-2"></i>
                      {"User schema"}
                    </Link>
                  </li>
                  <li>
                    <Link
                      classes="nav-link px-2 h6"
                      to={AppRoute::ListGroupSchema}>
                      <i class="bi-list-ul me-2"></i>
                      {"Group schema"}
                    </Link>
                  </li>
                </>
              } } else { html!{} } }
            </ul>
            <UserMenu username={props.username.clone()} on_logged_out={props.on_logged_out.clone()}/>
            <DarkModeToggle />
          </div>
        </div>
      </header>
    }
 }
 #[derive(Properties, PartialEq)]
 struct UserMenuProps {
    pub username: Option<String>,
    pub on_logged_out: Callback<()>,
 }
 #[function_component(UserMenu)]
 fn user_menu(props: &UserMenuProps) -> Html {
    match &props.username {
        Some(username) => html! {
          <div class="dropdown text-end">
            <a href="#"
              class="d-block nav-link text-decoration-none dropdown-toggle"
              id="dropdownUser"
              data-bs-toggle="dropdown"
              aria-expanded="false">
              <Avatar user={username.clone()} />
              <span class="ms-2">
                {username}
              </span>
            </a>
            <ul
              class="dropdown-menu text-small dropdown-menu-lg-end"
              aria-labelledby="dropdownUser1"
              style="">
              <li>
                <Link
                  classes="dropdown-item"
                  to={AppRoute::UserDetails{ user_id: username.to_string() }}>
                  {"View details"}
                </Link>
              </li>
              <li><hr class="dropdown-divider" /></li>
              <li>
                <LogoutButton on_logged_out={props.on_logged_out.clone()} />
              </li>
            </ul>
          </div>
        },
        _ => html! {},
    }
 }
 #[wasm_bindgen]
 extern "C" {
    #[wasm_bindgen(js_namespace = darkmode)]
    fn toggleDarkMode(doSave: bool);
    #[wasm_bindgen]
    fn inDarkMode() -> bool;
 }
 #[function_component(DarkModeToggle)]
 fn dark_mode_toggle() -> Html {
    html! {
      <div class="form-check form-switch">
        <input class="form-check-input" onclick={|_| toggleDarkMode(true)} type="checkbox" id="darkModeToggle" checked={inDarkMode()}/>
        <label class="form-check-label" for="darkModeToggle">{"Dark mode"}</label>
      </div>
    }
 }
--- a/app/src/components/change_password.rs
+++ b/app/src/components/change_password.rs
@@ -1,11 +1,14 @@
 use crate::{
-    components::router::{AppRoute, Link},
+    components::{
        form::{field::Field, submit::Submit},
        router::{AppRoute, Link},
    },
    infra::{
        api::HostService,
        common_component::{CommonComponent, CommonComponentParts},
    },
 };
-use anyhow::{anyhow, bail, Result};
+use anyhow::{Result, anyhow, bail};
 use gloo_console::error;
 use lldap_auth::*;
 use validator_derive::Validate;
@@ -207,7 +210,6 @@ impl Component for ChangePasswordForm {
    fn view(&self, ctx: &Context<Self>) -> Html {
        let is_admin = ctx.props().is_admin;
        let link = ctx.link();
        type Field = yew_form::Field<FormModel>;
        html! {
          <>
            <div class="mb-2 mt-2">
@@ -224,90 +226,44 @@ impl Component for ChangePasswordForm {
                }
              } else { html! {} }
            }
-            <form
+            <form class="form">
              class="form">
              {if !is_admin { html! {
-                <div class="form-group row">
+                <Field<FormModel>
-                  <label for="old_password"
+                  form={&self.form}
-                    class="form-label col-sm-2 col-form-label">
+                  required=true
-                    {"Current password*:"}
+                  label="Current password"
-                  </label>
+                  field_name="old_password"
-                  <div class="col-sm-10">
+                  input_type="password"
-                    <Field
+                  autocomplete="current-password"
-                      form={&self.form}
+                  oninput={link.callback(|_| Msg::FormUpdate)} />
                      field_name="old_password"
                      input_type="password"
                      class="form-control"
                      class_invalid="is-invalid has-error"
                      class_valid="has-success"
                      autocomplete="current-password"
                      oninput={link.callback(|_| Msg::FormUpdate)} />
                    <div class="invalid-feedback">
                      {&self.form.field_message("old_password")}
                    </div>
                  </div>
                </div>
              }} else { html! {} }}
-              <div class="form-group row mb-3">
+              <Field<FormModel>
-                <label for="new_password"
+                form={&self.form}
-                  class="form-label col-sm-2 col-form-label">
+                required=true
-                   {"New Password"}
+                label="New password"
-                   <span class="text-danger">{"*"}</span>
+                field_name="password"
-                   {":"}
+                input_type="password"
-                </label>
+                autocomplete="new-password"
-                <div class="col-sm-10">
+                oninput={link.callback(|_| Msg::FormUpdate)} />
-                  <Field
+              <Field<FormModel>
-                    form={&self.form}
+                form={&self.form}
-                    field_name="password"
+                required=true
-                    input_type="password"
+                label="Confirm password"
-                    class="form-control"
+                field_name="confirm_password"
-                    class_invalid="is-invalid has-error"
+                input_type="password"
-                    class_valid="has-success"
+                autocomplete="new-password"
-                    autocomplete="new-password"
+                oninput={link.callback(|_| Msg::FormUpdate)} />
-                    oninput={link.callback(|_| Msg::FormUpdate)} />
+              <Submit
-                  <div class="invalid-feedback">
+                disabled={self.common.is_task_running()}
-                    {&self.form.field_message("password")}
+                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}
-                  </div>
+                text="Save changes" >
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="confirm_password"
                  class="form-label col-sm-2 col-form-label">
                  {"Confirm Password"}
                  <span class="text-danger">{"*"}</span>
                  {":"}
                </label>
                <div class="col-sm-10">
                  <Field
                    form={&self.form}
                    field_name="confirm_password"
                    input_type="password"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    autocomplete="new-password"
                    oninput={link.callback(|_| Msg::FormUpdate)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("confirm_password")}
                  </div>
                </div>
              </div>
              <div class="form-group row justify-content-center">
                <button
                  class="btn btn-primary col-auto col-form-label"
                  type="submit"
                  disabled={self.common.is_task_running()}
                  onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}>
                  <i class="bi-save me-2"></i>
                  {"Save changes"}
                </button>
                <Link
                  classes="btn btn-secondary ms-2 col-auto col-form-label"
                  to={AppRoute::UserDetails{user_id: ctx.props().username.clone()}}>
                  <i class="bi-arrow-return-left me-2"></i>
                  {"Back"}
                </Link>
-              </div>
+              </Submit>
            </form>
          </>
        }
--- a/app/src/components/create_group.rs
+++ b/app/src/components/create_group.rs
@@ -1,8 +1,22 @@
 use crate::{
-    components::router::AppRoute,
+    components::{
-    infra::common_component::{CommonComponent, CommonComponentParts},
+        form::{
            attribute_input::{ListAttributeInput, SingleAttributeInput},
            field::Field,
            submit::Submit,
        },
        router::AppRoute,
    },
    infra::{
        common_component::{CommonComponent, CommonComponentParts},
        form_utils::{
            AttributeValue, EmailIsRequired, GraphQlAttributeSchema, IsAdmin,
            read_all_form_attributes,
        },
        schema::AttributeType,
    },
 };
-use anyhow::{bail, Result};
+use anyhow::{Result, ensure};
 use gloo_console::log;
 use graphql_client::GraphQLQuery;
 use validator_derive::Validate;
@@ -10,6 +24,32 @@ use yew::prelude::*;
 use yew_form_derive::Model;
 use yew_router::{prelude::History, scope_ext::RouterScopeExt};
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/get_group_attributes_schema.graphql",
    response_derives = "Debug,Clone,PartialEq,Eq",
    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct GetGroupAttributesSchema;
 use get_group_attributes_schema::ResponseData;
 pub type Attribute =
    get_group_attributes_schema::GetGroupAttributesSchemaSchemaGroupSchemaAttributes;
 impl From<&Attribute> for GraphQlAttributeSchema {
    fn from(attr: &Attribute) -> Self {
        Self {
            name: attr.name.clone(),
            is_list: attr.is_list,
            is_readonly: attr.is_readonly,
            is_editable: false, // Need to be admin to edit it.
        }
    }
 }
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
@@ -22,6 +62,8 @@ pub struct CreateGroup;
 pub struct CreateGroupForm {
    common: CommonComponentParts<Self>,
    form: yew_form::Form<CreateGroupModel>,
    attributes_schema: Option<Vec<Attribute>>,
    form_ref: NodeRef,
 }
 #[derive(Model, Validate, PartialEq, Eq, Clone, Default)]
@@ -32,6 +74,7 @@ pub struct CreateGroupModel {
 pub enum Msg {
    Update,
    ListAttributesResponse(Result<ResponseData>),
    SubmitForm,
    CreateGroupResponse(Result<create_group::ResponseData>),
 }
@@ -45,12 +88,33 @@ impl CommonComponent<CreateGroupForm> for CreateGroupForm {
        match msg {
            Msg::Update => Ok(true),
            Msg::SubmitForm => {
-                if !self.form.validate() {
+                ensure!(self.form.validate(), "Check the form for errors");
-                    bail!("Check the form for errors");
+
-                }
+                let all_values = read_all_form_attributes(
                    self.attributes_schema.iter().flatten(),
                    &self.form_ref,
                    IsAdmin(true),
                    EmailIsRequired(false),
                )?;
                let attributes = Some(
                    all_values
                        .into_iter()
                        .filter(|a| !a.values.is_empty())
                        .map(
                            |AttributeValue { name, values }| create_group::AttributeValueInput {
                                name,
                                value: values,
                            },
                        )
                        .collect(),
                );
                let model = self.form.model();
                let req = create_group::Variables {
-                    name: model.groupname,
+                    group: create_group::CreateGroupInput {
                        displayName: model.groupname,
                        attributes,
                    },
                };
                self.common.call_graphql::<CreateGroup, _>(
                    ctx,
@@ -63,11 +127,16 @@ impl CommonComponent<CreateGroupForm> for CreateGroupForm {
            Msg::CreateGroupResponse(response) => {
                log!(&format!(
                    "Created group '{}'",
-                    &response?.create_group.display_name
+                    &response?.create_group_with_details.display_name
                ));
                ctx.link().history().unwrap().push(AppRoute::ListGroups);
                Ok(true)
            }
            Msg::ListAttributesResponse(schema) => {
                self.attributes_schema =
                    Some(schema?.schema.group_schema.attributes.into_iter().collect());
                Ok(true)
            }
        }
    }
@@ -80,11 +149,22 @@ impl Component for CreateGroupForm {
    type Message = Msg;
    type Properties = ();
-    fn create(_: &Context<Self>) -> Self {
+    fn create(ctx: &Context<Self>) -> Self {
-        Self {
+        let mut component = Self {
            common: CommonComponentParts::<Self>::create(),
            form: yew_form::Form::<CreateGroupModel>::new(CreateGroupModel::default()),
-        }
+            attributes_schema: None,
            form_ref: NodeRef::default(),
        };
        component
            .common
            .call_graphql::<GetGroupAttributesSchema, _>(
                ctx,
                get_group_attributes_schema::Variables {},
                Msg::ListAttributesResponse,
                "Error trying to fetch group schema",
            );
        component
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
@@ -93,44 +173,30 @@ impl Component for CreateGroupForm {
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = ctx.link();
        type Field = yew_form::Field<CreateGroupModel>;
        html! {
          <div class="row justify-content-center">
-            <form class="form py-3" style="max-width: 636px">
+            <form class="form py-3" style="max-width: 636px"
              ref={self.form_ref.clone()}>
              <div class="row mb-3">
                <h5 class="fw-bold">{"Create a group"}</h5>
              </div>
-              <div class="form-group row mb-3">
+              <Field<CreateGroupModel>
-                <label for="groupname"
+                form={&self.form}
-                  class="form-label col-4 col-form-label">
+                required=true
-                  {"Group name"}
+                label="Group name"
-                  <span class="text-danger">{"*"}</span>
+                field_name="groupname"
-                  {":"}
+                oninput={link.callback(|_| Msg::Update)} />
-                </label>
+              {
-                <div class="col-8">
+                  self.attributes_schema
-                  <Field
+                      .iter()
-                    form={&self.form}
+                      .flatten()
-                    field_name="groupname"
+                      .filter(|a| !a.is_readonly && a.name != "display_name")
-                    class="form-control"
+                      .map(get_custom_attribute_input)
-                    class_invalid="is-invalid has-error"
+                      .collect::<Vec<_>>()
-                    class_valid="has-success"
+              }
-                    autocomplete="groupname"
+              <Submit
-                    oninput={link.callback(|_| Msg::Update)} />
+                disabled={self.common.is_task_running()}
-                  <div class="invalid-feedback">
+                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})} />
                    {&self.form.field_message("groupname")}
                  </div>
                </div>
              </div>
              <div class="form-group row justify-content-center">
                <button
                  class="btn btn-primary col-auto col-form-label"
                  type="submit"
                  disabled={self.common.is_task_running()}
                  onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})}>
                  <i class="bi-save me-2"></i>
                  {"Submit"}
                </button>
              </div>
            </form>
            { if let Some(e) = &self.common.error {
                html! {
@@ -144,3 +210,21 @@ impl Component for CreateGroupForm {
        }
    }
 }
 fn get_custom_attribute_input(attribute_schema: &Attribute) -> Html {
    if attribute_schema.is_list {
        html! {
            <ListAttributeInput
                name={attribute_schema.name.clone()}
                attribute_type={attribute_schema.attribute_type}
            />
        }
    } else {
        html! {
            <SingleAttributeInput
                name={attribute_schema.name.clone()}
                attribute_type={attribute_schema.attribute_type}
            />
        }
    }
 }
--- a/app/src/components/create_group_attribute.rs
+++ b/app/src/components/create_group_attribute.rs
@@ -0,0 +1,175 @@
 use crate::{
    components::{
        form::{checkbox::CheckBox, field::Field, select::Select, submit::Submit},
        router::AppRoute,
    },
    infra::{
        common_component::{CommonComponent, CommonComponentParts},
        schema::{AttributeType, validate_attribute_type},
    },
 };
 use anyhow::{Result, bail};
 use gloo_console::log;
 use graphql_client::GraphQLQuery;
 use lldap_validation::attributes::validate_attribute_name;
 use validator_derive::Validate;
 use yew::prelude::*;
 use yew_form_derive::Model;
 use yew_router::{prelude::History, scope_ext::RouterScopeExt};
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/create_group_attribute.graphql",
    response_derives = "Debug",
    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct CreateGroupAttribute;
 pub struct CreateGroupAttributeForm {
    common: CommonComponentParts<Self>,
    form: yew_form::Form<CreateGroupAttributeModel>,
 }
 #[derive(Model, Validate, PartialEq, Eq, Clone, Default, Debug)]
 pub struct CreateGroupAttributeModel {
    #[validate(length(min = 1, message = "attribute_name is required"))]
    attribute_name: String,
    #[validate(custom = "validate_attribute_type")]
    attribute_type: String,
    is_list: bool,
    is_visible: bool, // remove when backend doesn't return group attributes for normal users
 }
 pub enum Msg {
    Update,
    SubmitForm,
    CreateGroupAttributeResponse(Result<create_group_attribute::ResponseData>),
 }
 impl CommonComponent<CreateGroupAttributeForm> for CreateGroupAttributeForm {
    fn handle_msg(
        &mut self,
        ctx: &Context<Self>,
        msg: <Self as Component>::Message,
    ) -> Result<bool> {
        match msg {
            Msg::Update => Ok(true),
            Msg::SubmitForm => {
                if !self.form.validate() {
                    bail!("Check the form for errors");
                }
                let model = self.form.model();
                validate_attribute_name(&model.attribute_name).or_else(|invalid_chars| {
                    let invalid = String::from_iter(invalid_chars);
                    bail!(
                        "Attribute name contains one or more invalid characters: {}",
                        invalid
                    );
                })?;
                let attribute_type =
                    AttributeType::try_from(model.attribute_type.as_str()).unwrap();
                let req = create_group_attribute::Variables {
                    name: model.attribute_name,
                    attribute_type,
                    is_list: model.is_list,
                    is_visible: model.is_visible,
                };
                self.common.call_graphql::<CreateGroupAttribute, _>(
                    ctx,
                    req,
                    Msg::CreateGroupAttributeResponse,
                    "Error trying to create group attribute",
                );
                Ok(true)
            }
            Msg::CreateGroupAttributeResponse(response) => {
                response?;
                let model = self.form.model();
                log!(&format!(
                    "Created group attribute '{}'",
                    model.attribute_name
                ));
                ctx.link()
                    .history()
                    .unwrap()
                    .push(AppRoute::ListGroupSchema);
                Ok(true)
            }
        }
    }
    fn mut_common(&mut self) -> &mut CommonComponentParts<Self> {
        &mut self.common
    }
 }
 impl Component for CreateGroupAttributeForm {
    type Message = Msg;
    type Properties = ();
    fn create(_: &Context<Self>) -> Self {
        let model = CreateGroupAttributeModel {
            attribute_type: AttributeType::String.to_string(),
            ..Default::default()
        };
        Self {
            common: CommonComponentParts::<Self>::create(),
            form: yew_form::Form::<CreateGroupAttributeModel>::new(model),
        }
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        CommonComponentParts::<Self>::update(self, ctx, msg)
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = ctx.link();
        html! {
          <div class="row justify-content-center">
            <form class="form py-3" style="max-width: 636px">
              <h5 class="fw-bold">{"Create a group attribute"}</h5>
              <Field<CreateGroupAttributeModel>
                label="Name"
                required={true}
                form={&self.form}
                field_name="attribute_name"
                oninput={link.callback(|_| Msg::Update)} />
              <Select<CreateGroupAttributeModel>
                label="Type"
                required={true}
                form={&self.form}
                field_name="attribute_type"
                oninput={link.callback(|_| Msg::Update)}>
                <option selected=true value="String">{"String"}</option>
                <option value="Integer">{"Integer"}</option>
                <option value="JpegPhoto">{"Jpeg"}</option>
                <option value="DateTime">{"DateTime"}</option>
              </Select<CreateGroupAttributeModel>>
              <CheckBox<CreateGroupAttributeModel>
                label="Multiple values"
                form={&self.form}
                field_name="is_list"
                ontoggle={link.callback(|_| Msg::Update)} />
              <CheckBox<CreateGroupAttributeModel>
                label="Visible to users"
                form={&self.form}
                field_name="is_visible"
                ontoggle={link.callback(|_| Msg::Update)} />
              <Submit
                disabled={self.common.is_task_running()}
                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})}/>
            </form>
            { if let Some(e) = &self.common.error {
                html! {
                  <div class="alert alert-danger">
                    {e.to_string() }
                  </div>
                }
              } else { html! {} }
            }
          </div>
        }
    }
 }
--- a/app/src/components/create_user.rs
+++ b/app/src/components/create_user.rs
@@ -1,11 +1,23 @@
 use crate::{
-    components::router::AppRoute,
+    components::{
        form::{
            attribute_input::{ListAttributeInput, SingleAttributeInput},
            field::Field,
            submit::Submit,
        },
        router::AppRoute,
    },
    infra::{
        api::HostService,
        common_component::{CommonComponent, CommonComponentParts},
        form_utils::{
            AttributeValue, EmailIsRequired, GraphQlAttributeSchema, IsAdmin,
            read_all_form_attributes,
        },
        schema::AttributeType,
    },
 };
-use anyhow::{bail, Result};
+use anyhow::{Result, ensure};
 use gloo_console::log;
 use graphql_client::GraphQLQuery;
 use lldap_auth::{opaque, registration};
@@ -14,6 +26,31 @@ use yew::prelude::*;
 use yew_form_derive::Model;
 use yew_router::{prelude::History, scope_ext::RouterScopeExt};
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/get_user_attributes_schema.graphql",
    response_derives = "Debug,Clone,PartialEq,Eq",
    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct GetUserAttributesSchema;
 use get_user_attributes_schema::ResponseData;
 pub type Attribute = get_user_attributes_schema::GetUserAttributesSchemaSchemaUserSchemaAttributes;
 impl From<&Attribute> for GraphQlAttributeSchema {
    fn from(attr: &Attribute) -> Self {
        Self {
            name: attr.name.clone(),
            is_list: attr.is_list,
            is_readonly: attr.is_readonly,
            is_editable: attr.is_editable,
        }
    }
 }
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
@@ -26,17 +63,14 @@ pub struct CreateUser;
 pub struct CreateUserForm {
    common: CommonComponentParts<Self>,
    form: yew_form::Form<CreateUserModel>,
    attributes_schema: Option<Vec<Attribute>>,
    form_ref: NodeRef,
 }
 #[derive(Model, Validate, PartialEq, Eq, Clone, Default)]
 pub struct CreateUserModel {
    #[validate(length(min = 1, message = "Username is required"))]
    username: String,
    #[validate(email(message = "A valid email is required"))]
    email: String,
    display_name: String,
    first_name: String,
    last_name: String,
    #[validate(custom(
        function = "empty_or_long",
        message = "Password should be longer than 8 characters (or left empty)"
@@ -56,6 +90,7 @@ fn empty_or_long(value: &str) -> Result<(), validator::ValidationError> {
 pub enum Msg {
    Update,
    ListAttributesResponse(Result<ResponseData>),
    SubmitForm,
    CreateUserResponse(Result<create_user::ResponseData>),
    SuccessfulCreation,
@@ -76,21 +111,43 @@ impl CommonComponent<CreateUserForm> for CreateUserForm {
    ) -> Result<bool> {
        match msg {
            Msg::Update => Ok(true),
            Msg::ListAttributesResponse(schema) => {
                self.attributes_schema =
                    Some(schema?.schema.user_schema.attributes.into_iter().collect());
                Ok(true)
            }
            Msg::SubmitForm => {
-                if !self.form.validate() {
+                ensure!(self.form.validate(), "Check the form for errors");
-                    bail!("Check the form for errors");
+
-                }
+                let all_values = read_all_form_attributes(
                    self.attributes_schema.iter().flatten(),
                    &self.form_ref,
                    IsAdmin(true),
                    EmailIsRequired(true),
                )?;
                let attributes = Some(
                    all_values
                        .into_iter()
                        .filter(|a| !a.values.is_empty())
                        .map(
                            |AttributeValue { name, values }| create_user::AttributeValueInput {
                                name,
                                value: values,
                            },
                        )
                        .collect(),
                );
                let model = self.form.model();
                let to_option = |s: String| if s.is_empty() { None } else { Some(s) };
                let req = create_user::Variables {
                    user: create_user::CreateUserInput {
                        id: model.username,
-                        email: model.email,
+                        email: None,
-                        displayName: to_option(model.display_name),
+                        displayName: None,
-                        firstName: to_option(model.first_name),
+                        firstName: None,
-                        lastName: to_option(model.last_name),
+                        lastName: None,
                        avatar: None,
-                        attributes: None,
+                        attributes,
                    },
                };
                self.common.call_graphql::<CreateUser, _>(
@@ -174,11 +231,20 @@ impl Component for CreateUserForm {
    type Message = Msg;
    type Properties = ();
-    fn create(_: &Context<Self>) -> Self {
+    fn create(ctx: &Context<Self>) -> Self {
-        Self {
+        let mut component = Self {
            common: CommonComponentParts::<Self>::create(),
            form: yew_form::Form::<CreateUserModel>::new(CreateUserModel::default()),
-        }
+            attributes_schema: None,
            form_ref: NodeRef::default(),
        };
        component.common.call_graphql::<GetUserAttributesSchema, _>(
            ctx,
            get_user_attributes_schema::Variables {},
            Msg::ListAttributesResponse,
            "Error trying to fetch user schema",
        );
        component
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
@@ -187,163 +253,41 @@ impl Component for CreateUserForm {
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = &ctx.link();
        type Field = yew_form::Field<CreateUserModel>;
        html! {
          <div class="row justify-content-center">
-            <form class="form py-3" style="max-width: 636px">
+            <form class="form py-3"
-              <div class="row mb-3">
+              ref={self.form_ref.clone()}>
-                <h5 class="fw-bold">{"Create a user"}</h5>
+              <Field<CreateUserModel>
-              </div>
+                form={&self.form}
-              <div class="form-group row mb-3">
+                required=true
-                <label for="username"
+                label="User name"
-                  class="form-label col-4 col-form-label">
+                field_name="username"
-                  {"User name"}
+                oninput={link.callback(|_| Msg::Update)} />
-                  <span class="text-danger">{"*"}</span>
+              {
-                  {":"}
+                  self.attributes_schema
-                </label>
+                      .iter()
-                <div class="col-8">
+                      .flatten()
-                  <Field
+                      .filter(|a| !a.is_readonly)
-                    form={&self.form}
+                      .map(get_custom_attribute_input)
-                    field_name="username"
+                      .collect::<Vec<_>>()
-                    class="form-control"
+              }
-                    class_invalid="is-invalid has-error"
+              <Field<CreateUserModel>
-                    class_valid="has-success"
+                form={&self.form}
-                    autocomplete="username"
+                label="Password"
-                    oninput={link.callback(|_| Msg::Update)} />
+                field_name="password"
-                  <div class="invalid-feedback">
+                input_type="password"
-                    {&self.form.field_message("username")}
+                autocomplete="new-password"
-                  </div>
+                oninput={link.callback(|_| Msg::Update)} />
-                </div>
+              <Field<CreateUserModel>
-              </div>
+                form={&self.form}
-              <div class="form-group row mb-3">
+                label="Confirm password"
-                <label for="email"
+                field_name="confirm_password"
-                  class="form-label col-4 col-form-label">
+                input_type="password"
-                  {"Email"}
+                autocomplete="new-password"
-                  <span class="text-danger">{"*"}</span>
+                oninput={link.callback(|_| Msg::Update)} />
-                  {":"}
+              <Submit
-                </label>
+                disabled={self.common.is_task_running()}
-                <div class="col-8">
+                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})} />
                  <Field
                    form={&self.form}
                    input_type="email"
                    field_name="email"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    autocomplete="email"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("email")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="display_name"
                  class="form-label col-4 col-form-label">
                  {"Display name:"}
                </label>
                <div class="col-8">
                  <Field
                    form={&self.form}
                    autocomplete="name"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    field_name="display_name"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("display_name")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="first_name"
                  class="form-label col-4 col-form-label">
                  {"First name:"}
                </label>
                <div class="col-8">
                  <Field
                    form={&self.form}
                    autocomplete="given-name"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    field_name="first_name"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("first_name")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="last_name"
                  class="form-label col-4 col-form-label">
                  {"Last name:"}
                </label>
                <div class="col-8">
                  <Field
                    form={&self.form}
                    autocomplete="family-name"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    field_name="last_name"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("last_name")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="password"
                  class="form-label col-4 col-form-label">
                  {"Password:"}
                </label>
                <div class="col-8">
                  <Field
                    form={&self.form}
                    input_type="password"
                    field_name="password"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    autocomplete="new-password"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("password")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="confirm_password"
                  class="form-label col-4 col-form-label">
                  {"Confirm password:"}
                </label>
                <div class="col-8">
                  <Field
                    form={&self.form}
                    input_type="password"
                    field_name="confirm_password"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    autocomplete="new-password"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("confirm_password")}
                  </div>
                </div>
              </div>
              <div class="form-group row justify-content-center">
                <button
                  class="btn btn-primary col-auto col-form-label mt-4"
                  disabled={self.common.is_task_running()}
                  type="submit"
                  onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})}>
                  <i class="bi-save me-2"></i>
                  {"Submit"}
                </button>
              </div>
            </form>
            {
              if let Some(e) = &self.common.error {
@@ -358,3 +302,25 @@ impl Component for CreateUserForm {
        }
    }
 }
 fn get_custom_attribute_input(attribute_schema: &Attribute) -> Html {
    let mail_is_required = attribute_schema.name.as_str() == "mail";
    if attribute_schema.is_list {
        html! {
            <ListAttributeInput
                name={attribute_schema.name.clone()}
                attribute_type={attribute_schema.attribute_type}
                required={mail_is_required}
            />
        }
    } else {
        html! {
            <SingleAttributeInput
                name={attribute_schema.name.clone()}
                attribute_type={attribute_schema.attribute_type}
                required={mail_is_required}
            />
        }
    }
 }
--- a/app/src/components/create_user_attribute.rs
+++ b/app/src/components/create_user_attribute.rs
@@ -0,0 +1,182 @@
 use crate::{
    components::{
        form::{checkbox::CheckBox, field::Field, select::Select, submit::Submit},
        router::AppRoute,
    },
    infra::{
        common_component::{CommonComponent, CommonComponentParts},
        schema::{AttributeType, validate_attribute_type},
    },
 };
 use anyhow::{Result, bail};
 use gloo_console::log;
 use graphql_client::GraphQLQuery;
 use lldap_validation::attributes::validate_attribute_name;
 use validator_derive::Validate;
 use yew::prelude::*;
 use yew_form_derive::Model;
 use yew_router::{prelude::History, scope_ext::RouterScopeExt};
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/create_user_attribute.graphql",
    response_derives = "Debug",
    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct CreateUserAttribute;
 pub struct CreateUserAttributeForm {
    common: CommonComponentParts<Self>,
    form: yew_form::Form<CreateUserAttributeModel>,
 }
 #[derive(Model, Validate, PartialEq, Eq, Clone, Default, Debug)]
 pub struct CreateUserAttributeModel {
    #[validate(length(min = 1, message = "attribute_name is required"))]
    attribute_name: String,
    #[validate(custom = "validate_attribute_type")]
    attribute_type: String,
    is_editable: bool,
    is_list: bool,
    is_visible: bool,
 }
 pub enum Msg {
    Update,
    SubmitForm,
    CreateUserAttributeResponse(Result<create_user_attribute::ResponseData>),
 }
 impl CommonComponent<CreateUserAttributeForm> for CreateUserAttributeForm {
    fn handle_msg(
        &mut self,
        ctx: &Context<Self>,
        msg: <Self as Component>::Message,
    ) -> Result<bool> {
        match msg {
            Msg::Update => Ok(true),
            Msg::SubmitForm => {
                if !self.form.validate() {
                    bail!("Check the form for errors");
                }
                let model = self.form.model();
                if model.is_editable && !model.is_visible {
                    bail!("Editable attributes must also be visible");
                }
                validate_attribute_name(&model.attribute_name).or_else(|invalid_chars| {
                    let invalid = String::from_iter(invalid_chars);
                    bail!(
                        "Attribute name contains one or more invalid characters: {}",
                        invalid
                    );
                })?;
                let attribute_type =
                    AttributeType::try_from(model.attribute_type.as_str()).unwrap();
                let req = create_user_attribute::Variables {
                    name: model.attribute_name,
                    attribute_type,
                    is_editable: model.is_editable,
                    is_list: model.is_list,
                    is_visible: model.is_visible,
                };
                self.common.call_graphql::<CreateUserAttribute, _>(
                    ctx,
                    req,
                    Msg::CreateUserAttributeResponse,
                    "Error trying to create user attribute",
                );
                Ok(true)
            }
            Msg::CreateUserAttributeResponse(response) => {
                response?;
                let model = self.form.model();
                log!(&format!(
                    "Created user attribute '{}'",
                    model.attribute_name
                ));
                ctx.link().history().unwrap().push(AppRoute::ListUserSchema);
                Ok(true)
            }
        }
    }
    fn mut_common(&mut self) -> &mut CommonComponentParts<Self> {
        &mut self.common
    }
 }
 impl Component for CreateUserAttributeForm {
    type Message = Msg;
    type Properties = ();
    fn create(_: &Context<Self>) -> Self {
        let model = CreateUserAttributeModel {
            attribute_type: AttributeType::String.to_string(),
            ..Default::default()
        };
        Self {
            common: CommonComponentParts::<Self>::create(),
            form: yew_form::Form::<CreateUserAttributeModel>::new(model),
        }
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        CommonComponentParts::<Self>::update(self, ctx, msg)
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = ctx.link();
        html! {
          <div class="row justify-content-center">
            <form class="form py-3" style="max-width: 636px">
              <h5 class="fw-bold">{"Create a user attribute"}</h5>
              <Field<CreateUserAttributeModel>
                label="Name"
                required={true}
                form={&self.form}
                field_name="attribute_name"
                oninput={link.callback(|_| Msg::Update)} />
              <Select<CreateUserAttributeModel>
                label="Type"
                required={true}
                form={&self.form}
                field_name="attribute_type"
                oninput={link.callback(|_| Msg::Update)}>
                <option selected=true value="String">{"String"}</option>
                <option value="Integer">{"Integer"}</option>
                <option value="JpegPhoto">{"Jpeg"}</option>
                <option value="DateTime">{"DateTime"}</option>
              </Select<CreateUserAttributeModel>>
              <CheckBox<CreateUserAttributeModel>
                label="Multiple values"
                form={&self.form}
                field_name="is_list"
                ontoggle={link.callback(|_| Msg::Update)} />
              <CheckBox<CreateUserAttributeModel>
                label="Visible to users"
                form={&self.form}
                field_name="is_visible"
                ontoggle={link.callback(|_| Msg::Update)} />
              <CheckBox<CreateUserAttributeModel>
                label="Editable by users"
                form={&self.form}
                field_name="is_editable"
                ontoggle={link.callback(|_| Msg::Update)} />
              <Submit
                disabled={self.common.is_task_running()}
                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitForm})}/>
            </form>
            { if let Some(e) = &self.common.error {
                html! {
                  <div class="alert alert-danger">
                    {e.to_string() }
                  </div>
                }
              } else { html! {} }
            }
          </div>
        }
    }
 }
--- a/app/src/components/delete_group_attribute.rs
+++ b/app/src/components/delete_group_attribute.rs
@@ -0,0 +1,172 @@
 use crate::infra::{
    common_component::{CommonComponent, CommonComponentParts},
    modal::Modal,
 };
 use anyhow::{Error, Result};
 use graphql_client::GraphQLQuery;
 use yew::prelude::*;
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/delete_group_attribute.graphql",
    response_derives = "Debug",
    custom_scalars_module = "crate::infra::graphql"
 )]
 pub struct DeleteGroupAttributeQuery;
 pub struct DeleteGroupAttribute {
    common: CommonComponentParts<Self>,
    node_ref: NodeRef,
    modal: Option<Modal>,
 }
 #[derive(yew::Properties, Clone, PartialEq, Debug)]
 pub struct DeleteGroupAttributeProps {
    pub attribute_name: String,
    pub on_attribute_deleted: Callback<String>,
    pub on_error: Callback<Error>,
 }
 pub enum Msg {
    ClickedDeleteGroupAttribute,
    ConfirmDeleteGroupAttribute,
    DismissModal,
    DeleteGroupAttributeResponse(Result<delete_group_attribute_query::ResponseData>),
 }
 impl CommonComponent<DeleteGroupAttribute> for DeleteGroupAttribute {
    fn handle_msg(
        &mut self,
        ctx: &Context<Self>,
        msg: <Self as Component>::Message,
    ) -> Result<bool> {
        match msg {
            Msg::ClickedDeleteGroupAttribute => {
                self.modal.as_ref().expect("modal not initialized").show();
            }
            Msg::ConfirmDeleteGroupAttribute => {
                self.update(ctx, Msg::DismissModal);
                self.common.call_graphql::<DeleteGroupAttributeQuery, _>(
                    ctx,
                    delete_group_attribute_query::Variables {
                        name: ctx.props().attribute_name.clone(),
                    },
                    Msg::DeleteGroupAttributeResponse,
                    "Error trying to delete group attribute",
                );
            }
            Msg::DismissModal => {
                self.modal.as_ref().expect("modal not initialized").hide();
            }
            Msg::DeleteGroupAttributeResponse(response) => {
                response?;
                ctx.props()
                    .on_attribute_deleted
                    .emit(ctx.props().attribute_name.clone());
            }
        }
        Ok(true)
    }
    fn mut_common(&mut self) -> &mut CommonComponentParts<Self> {
        &mut self.common
    }
 }
 impl Component for DeleteGroupAttribute {
    type Message = Msg;
    type Properties = DeleteGroupAttributeProps;
    fn create(_: &Context<Self>) -> Self {
        Self {
            common: CommonComponentParts::<Self>::create(),
            node_ref: NodeRef::default(),
            modal: None,
        }
    }
    fn rendered(&mut self, _: &Context<Self>, first_render: bool) {
        if first_render {
            self.modal = Some(Modal::new(
                self.node_ref
                    .cast::<web_sys::Element>()
                    .expect("Modal node is not an element"),
            ));
        }
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        CommonComponentParts::<Self>::update_and_report_error(
            self,
            ctx,
            msg,
            ctx.props().on_error.clone(),
        )
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = &ctx.link();
        html! {
          <>
          <button
            class="btn btn-danger"
            disabled={self.common.is_task_running()}
            onclick={link.callback(|_| Msg::ClickedDeleteGroupAttribute)}>
            <i class="bi-x-circle-fill" aria-label="Delete attribute" />
          </button>
          {self.show_modal(ctx)}
          </>
        }
    }
 }
 impl DeleteGroupAttribute {
    fn show_modal(&self, ctx: &Context<Self>) -> Html {
        let link = &ctx.link();
        html! {
          <div
            class="modal fade"
            id={"deleteGroupAttributeModal".to_string() + &ctx.props().attribute_name}
            tabindex="-1"
            aria-labelledby="deleteGroupAttributeModalLabel"
            aria-hidden="true"
            ref={self.node_ref.clone()}>
            <div class="modal-dialog">
              <div class="modal-content">
                <div class="modal-header">
                  <h5 class="modal-title" id="deleteGroupAttributeModalLabel">{"Delete group attribute?"}</h5>
                  <button
                    type="button"
                    class="btn-close"
                    aria-label="Close"
                    onclick={link.callback(|_| Msg::DismissModal)} />
                </div>
                <div class="modal-body">
                <span>
                  {"Are you sure you want to delete group attribute "}
                  <b>{&ctx.props().attribute_name}</b>{"?"}
                </span>
                </div>
                <div class="modal-footer">
                  <button
                    type="button"
                    class="btn btn-secondary"
                    onclick={link.callback(|_| Msg::DismissModal)}>
                      <i class="bi-x-circle me-2"></i>
                      {"Cancel"}
                  </button>
                  <button
                    type="button"
                    onclick={link.callback(|_| Msg::ConfirmDeleteGroupAttribute)}
                    class="btn btn-danger">
                    <i class="bi-check-circle me-2"></i>
                    {"Yes, I'm sure"}
                 </button>
                </div>
              </div>
            </div>
          </div>
        }
    }
 }
--- a/app/src/components/delete_user_attribute.rs
+++ b/app/src/components/delete_user_attribute.rs
@@ -0,0 +1,172 @@
 use crate::infra::{
    common_component::{CommonComponent, CommonComponentParts},
    modal::Modal,
 };
 use anyhow::{Error, Result};
 use graphql_client::GraphQLQuery;
 use yew::prelude::*;
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/delete_user_attribute.graphql",
    response_derives = "Debug",
    custom_scalars_module = "crate::infra::graphql"
 )]
 pub struct DeleteUserAttributeQuery;
 pub struct DeleteUserAttribute {
    common: CommonComponentParts<Self>,
    node_ref: NodeRef,
    modal: Option<Modal>,
 }
 #[derive(yew::Properties, Clone, PartialEq, Debug)]
 pub struct DeleteUserAttributeProps {
    pub attribute_name: String,
    pub on_attribute_deleted: Callback<String>,
    pub on_error: Callback<Error>,
 }
 pub enum Msg {
    ClickedDeleteUserAttribute,
    ConfirmDeleteUserAttribute,
    DismissModal,
    DeleteUserAttributeResponse(Result<delete_user_attribute_query::ResponseData>),
 }
 impl CommonComponent<DeleteUserAttribute> for DeleteUserAttribute {
    fn handle_msg(
        &mut self,
        ctx: &Context<Self>,
        msg: <Self as Component>::Message,
    ) -> Result<bool> {
        match msg {
            Msg::ClickedDeleteUserAttribute => {
                self.modal.as_ref().expect("modal not initialized").show();
            }
            Msg::ConfirmDeleteUserAttribute => {
                self.update(ctx, Msg::DismissModal);
                self.common.call_graphql::<DeleteUserAttributeQuery, _>(
                    ctx,
                    delete_user_attribute_query::Variables {
                        name: ctx.props().attribute_name.clone(),
                    },
                    Msg::DeleteUserAttributeResponse,
                    "Error trying to delete user attribute",
                );
            }
            Msg::DismissModal => {
                self.modal.as_ref().expect("modal not initialized").hide();
            }
            Msg::DeleteUserAttributeResponse(response) => {
                response?;
                ctx.props()
                    .on_attribute_deleted
                    .emit(ctx.props().attribute_name.clone());
            }
        }
        Ok(true)
    }
    fn mut_common(&mut self) -> &mut CommonComponentParts<Self> {
        &mut self.common
    }
 }
 impl Component for DeleteUserAttribute {
    type Message = Msg;
    type Properties = DeleteUserAttributeProps;
    fn create(_: &Context<Self>) -> Self {
        Self {
            common: CommonComponentParts::<Self>::create(),
            node_ref: NodeRef::default(),
            modal: None,
        }
    }
    fn rendered(&mut self, _: &Context<Self>, first_render: bool) {
        if first_render {
            self.modal = Some(Modal::new(
                self.node_ref
                    .cast::<web_sys::Element>()
                    .expect("Modal node is not an element"),
            ));
        }
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        CommonComponentParts::<Self>::update_and_report_error(
            self,
            ctx,
            msg,
            ctx.props().on_error.clone(),
        )
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = &ctx.link();
        html! {
          <>
          <button
            class="btn btn-danger"
            disabled={self.common.is_task_running()}
            onclick={link.callback(|_| Msg::ClickedDeleteUserAttribute)}>
            <i class="bi-x-circle-fill" aria-label="Delete attribute" />
          </button>
          {self.show_modal(ctx)}
          </>
        }
    }
 }
 impl DeleteUserAttribute {
    fn show_modal(&self, ctx: &Context<Self>) -> Html {
        let link = &ctx.link();
        html! {
          <div
            class="modal fade"
            id={"deleteUserAttributeModal".to_string() + &ctx.props().attribute_name}
            tabindex="-1"
            aria-labelledby="deleteUserAttributeModalLabel"
            aria-hidden="true"
            ref={self.node_ref.clone()}>
            <div class="modal-dialog">
              <div class="modal-content">
                <div class="modal-header">
                  <h5 class="modal-title" id="deleteUserAttributeModalLabel">{"Delete user attribute?"}</h5>
                  <button
                    type="button"
                    class="btn-close"
                    aria-label="Close"
                    onclick={link.callback(|_| Msg::DismissModal)} />
                </div>
                <div class="modal-body">
                <span>
                  {"Are you sure you want to delete user attribute "}
                  <b>{&ctx.props().attribute_name}</b>{"?"}
                </span>
                </div>
                <div class="modal-footer">
                  <button
                    type="button"
                    class="btn btn-secondary"
                    onclick={link.callback(|_| Msg::DismissModal)}>
                      <i class="bi-x-circle me-2"></i>
                      {"Cancel"}
                  </button>
                  <button
                    type="button"
                    onclick={link.callback(|_| Msg::ConfirmDeleteUserAttribute)}
                    class="btn btn-danger">
                    <i class="bi-check-circle me-2"></i>
                    {"Yes, I'm sure"}
                 </button>
                </div>
              </div>
            </div>
          </div>
        }
    }
 }
--- a/app/src/components/form/attribute_input.rs
+++ b/app/src/components/form/attribute_input.rs
@@ -0,0 +1,198 @@
 use crate::{
    components::form::{date_input::DateTimeInput, file_input::JpegFileInput},
    infra::{schema::AttributeType, tooltip::Tooltip},
 };
 use web_sys::Element;
 use yew::{
    Component, Context, Html, Properties, function_component, html, use_effect_with_deps,
    use_node_ref, virtual_dom::AttrValue,
 };
 #[derive(Properties, PartialEq)]
 struct AttributeInputProps {
    name: AttrValue,
    attribute_type: AttributeType,
    #[prop_or(None)]
    value: Option<String>,
 }
 #[function_component(AttributeInput)]
 fn attribute_input(props: &AttributeInputProps) -> Html {
    let input_type = match props.attribute_type {
        AttributeType::String => "text",
        AttributeType::Integer => "number",
        AttributeType::DateTime => {
            return html! {
                <DateTimeInput name={props.name.clone()} value={props.value.clone()} />
            };
        }
        AttributeType::JpegPhoto => {
            return html! {
                <JpegFileInput name={props.name.clone()} value={props.value.clone()} />
            };
        }
    };
    html! {
        <input
            type={input_type}
            name={props.name.clone()}
            class="form-control"
            value={props.value.clone()} />
    }
 }
 #[derive(Properties, PartialEq)]
 struct AttributeLabelProps {
    pub name: String,
    #[prop_or(false)]
    pub required: bool,
 }
 #[function_component(AttributeLabel)]
 fn attribute_label(props: &AttributeLabelProps) -> Html {
    let tooltip_ref = use_node_ref();
    use_effect_with_deps(
        move |tooltip_ref| {
            Tooltip::new(
                tooltip_ref
                    .cast::<Element>()
                    .expect("Tooltip element should exist"),
            );
            || {}
        },
        tooltip_ref.clone(),
    );
    html! {
        <label for={props.name.clone()}
            class="form-label col-4 col-form-label"
            >
            {props.name[0..1].to_uppercase() + &props.name[1..].replace('_', " ")}
            {if props.required { html!{<span class="text-danger">{"*"}</span>} } else { html!{} }}
            {":"}
            <button
                class="btn btn-sm btn-link"
                type="button"
                data-bs-placement="right"
                title={props.name.clone()}
                ref={tooltip_ref}>
                <i class="bi bi-info-circle" aria-label="Info" />
            </button>
        </label>
    }
 }
 #[derive(Properties, PartialEq)]
 pub struct SingleAttributeInputProps {
    pub name: String,
    pub(crate) attribute_type: AttributeType,
    #[prop_or(None)]
    pub value: Option<String>,
    #[prop_or(false)]
    pub required: bool,
 }
 #[function_component(SingleAttributeInput)]
 pub fn single_attribute_input(props: &SingleAttributeInputProps) -> Html {
    html! {
        <div class="row mb-3">
            <AttributeLabel name={props.name.clone()} required={props.required} />
            <div class="col-8">
            <AttributeInput
                attribute_type={props.attribute_type}
                name={props.name.clone()}
                value={props.value.clone()} />
            </div>
        </div>
    }
 }
 #[derive(Properties, PartialEq)]
 pub struct ListAttributeInputProps {
    pub name: String,
    pub(crate) attribute_type: AttributeType,
    #[prop_or(vec!())]
    pub values: Vec<String>,
    #[prop_or(false)]
    pub required: bool,
 }
 pub enum ListAttributeInputMsg {
    Remove(usize),
    Append,
 }
 pub struct ListAttributeInput {
    indices: Vec<usize>,
    next_index: usize,
    values: Vec<String>,
 }
 impl Component for ListAttributeInput {
    type Message = ListAttributeInputMsg;
    type Properties = ListAttributeInputProps;
    fn create(ctx: &Context<Self>) -> Self {
        let values = ctx.props().values.clone();
        Self {
            indices: (0..values.len()).collect(),
            next_index: values.len(),
            values,
        }
    }
    fn update(&mut self, _ctx: &Context<Self>, msg: Self::Message) -> bool {
        match msg {
            ListAttributeInputMsg::Remove(removed) => {
                self.indices.retain_mut(|x| *x != removed);
            }
            ListAttributeInputMsg::Append => {
                self.indices.push(self.next_index);
                self.next_index += 1;
            }
        };
        true
    }
    fn changed(&mut self, ctx: &Context<Self>) -> bool {
        if ctx.props().values != self.values {
            self.values.clone_from(&ctx.props().values);
            self.indices = (0..self.values.len()).collect();
            self.next_index = self.values.len();
        }
        true
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        let props = &ctx.props();
        let link = &ctx.link();
        html! {
            <div class="row mb-3">
                <AttributeLabel name={props.name.clone()} required={props.required} />
                <div class="col-8">
                {self.indices.iter().map(|&i| html! {
                    <div class="input-group mb-2" key={i}>
                    <AttributeInput
                        attribute_type={props.attribute_type}
                        name={props.name.clone()}
                        value={props.values.get(i).cloned().unwrap_or_default()} />
                    <button
                        class="btn btn-danger"
                        type="button"
                        onclick={link.callback(move |_| ListAttributeInputMsg::Remove(i))}>
                        <i class="bi-x-circle-fill" aria-label="Remove value" />
                    </button>
                    </div>
                }).collect::<Html>()}
                <button
                    class="btn btn-secondary"
                    type="button"
                    onclick={link.callback(|_| ListAttributeInputMsg::Append)}>
                    <i class="bi-plus-circle me-2"></i>
                    {"Add value"}
                </button>
                </div>
            </div>
        }
    }
 }
--- a/app/src/components/form/checkbox.rs
+++ b/app/src/components/form/checkbox.rs
@@ -0,0 +1,35 @@
 use yew::{Callback, Properties, function_component, html, virtual_dom::AttrValue};
 use yew_form::{Form, Model};
 #[derive(Properties, PartialEq)]
 pub struct Props<T: Model> {
    pub label: AttrValue,
    pub field_name: String,
    pub form: Form<T>,
    #[prop_or(false)]
    pub required: bool,
    #[prop_or_else(Callback::noop)]
    pub ontoggle: Callback<bool>,
 }
 #[function_component(CheckBox)]
 pub fn checkbox<T: Model>(props: &Props<T>) -> Html {
    html! {
        <div class="form-group row mb-3">
            <label for={props.field_name.clone()}
                class="form-label col-4 col-form-label">
                {&props.label}
                {if props.required {
                    html!{<span class="text-danger">{"*"}</span>}
                } else {html!{}}}
                {":"}
            </label>
            <div class="col-8">
                <yew_form::CheckBox<T>
                form={&props.form}
                field_name={props.field_name.clone()}
                ontoggle={props.ontoggle.clone()} />
            </div>
        </div>
    }
 }
--- a/app/src/components/form/date_input.rs
+++ b/app/src/components/form/date_input.rs
@@ -0,0 +1,49 @@
 use std::str::FromStr;
 use chrono::{DateTime, NaiveDateTime, Utc};
 use wasm_bindgen::JsCast;
 use web_sys::HtmlInputElement;
 use yew::{Event, Properties, function_component, html, use_state, virtual_dom::AttrValue};
 #[derive(Properties, PartialEq)]
 pub struct DateTimeInputProps {
    pub name: AttrValue,
    pub value: Option<String>,
 }
 #[function_component(DateTimeInput)]
 pub fn date_time_input(props: &DateTimeInputProps) -> Html {
    let value = use_state(|| {
        props
            .value
            .as_ref()
            .and_then(|x| DateTime::<Utc>::from_str(x).ok())
    });
    html! {
        <div class="input-group">
            <input
                type="hidden"
                name={props.name.clone()}
                value={value.as_ref().map(|v: &DateTime<Utc>| v.to_rfc3339())} />
            <input
                type="datetime-local"
                step="1"
                class="form-control"
                value={value.as_ref().map(|v: &DateTime<Utc>| v.naive_utc().to_string())}
                onchange={move |e: Event| {
                    let string_val =
                        e.target()
                         .expect("Event should have target")
                         .unchecked_into::<HtmlInputElement>()
                         .value();
                    value.set(
                        NaiveDateTime::from_str(&string_val)
                            .ok()
                            .map(|x| DateTime::from_naive_utc_and_offset(x, Utc))
                    )
                }} />
            <span class="input-group-text">{"UTC"}</span>
        </div>
    }
 }
--- a/app/src/components/form/field.rs
+++ b/app/src/components/form/field.rs
@@ -0,0 +1,48 @@
 use yew::{Callback, InputEvent, Properties, function_component, html, virtual_dom::AttrValue};
 use yew_form::{Form, Model};
 #[derive(Properties, PartialEq)]
 pub struct Props<T: Model> {
    pub label: AttrValue,
    pub field_name: String,
    pub form: Form<T>,
    #[prop_or(false)]
    pub required: bool,
    #[prop_or(String::from("text"))]
    pub input_type: String,
    // If not present, will default to field_name
    #[prop_or(None)]
    pub autocomplete: Option<String>,
    #[prop_or_else(Callback::noop)]
    pub oninput: Callback<InputEvent>,
 }
 #[function_component(Field)]
 pub fn field<T: Model>(props: &Props<T>) -> Html {
    html! {
      <div class="row mb-3">
        <label for={props.field_name.clone()}
          class="form-label col-4 col-form-label">
          {&props.label}
          {if props.required {
            html!{<span class="text-danger">{"*"}</span>}
          } else {html!{}}}
          {":"}
        </label>
        <div class="col-8">
          <yew_form::Field<T>
            form={&props.form}
            field_name={props.field_name.clone()}
            input_type={props.input_type.clone()}
            class="form-control"
            class_invalid="is-invalid has-error"
            class_valid="has-success"
            autocomplete={props.autocomplete.clone().unwrap_or(props.field_name.clone())}
            oninput={&props.oninput} />
            <div class="invalid-feedback">
              {&props.form.field_message(&props.field_name)}
            </div>
        </div>
      </div>
    }
 }
--- a/app/src/components/form/file_input.rs
+++ b/app/src/components/form/file_input.rs
@@ -0,0 +1,236 @@
 use std::{fmt::Display, str::FromStr};
 use anyhow::{Error, Ok, Result, bail};
 use gloo_file::{
    File,
    callbacks::{FileReader, read_as_bytes},
 };
 use web_sys::{FileList, HtmlInputElement, InputEvent};
 use yew::Properties;
 use yew::{prelude::*, virtual_dom::AttrValue};
 #[derive(Default)]
 struct JsFile {
    file: Option<File>,
    contents: Option<Vec<u8>>,
 }
 impl Display for JsFile {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(
            f,
            "{}",
            self.file.as_ref().map(File::name).unwrap_or_default()
        )
    }
 }
 impl FromStr for JsFile {
    type Err = Error;
    fn from_str(s: &str) -> Result<Self> {
        if s.is_empty() {
            Ok(JsFile::default())
        } else {
            bail!("Building file from non-empty string")
        }
    }
 }
 fn to_base64(file: &JsFile) -> Result<String> {
    match file {
        JsFile {
            file: None,
            contents: None,
        } => Ok(String::new()),
        JsFile {
            file: Some(_),
            contents: None,
        } => bail!("Image file hasn't finished loading, try again"),
        JsFile {
            file: Some(_),
            contents: Some(data),
        } => {
            if !is_valid_jpeg(data.as_slice()) {
                bail!("Chosen image is not a valid JPEG");
            }
            Ok(base64::encode(data))
        }
        JsFile {
            file: None,
            contents: Some(data),
        } => Ok(base64::encode(data)),
    }
 }
 /// A [yew::Component] to display the user details, with a form allowing to edit them.
 pub struct JpegFileInput {
    // None means that the avatar hasn't changed.
    avatar: Option<JsFile>,
    reader: Option<FileReader>,
 }
 pub enum Msg {
    Update,
    /// A new file was selected.
    FileSelected(File),
    /// The "Clear" button for the avatar was clicked.
    ClearClicked,
    /// A picked file finished loading.
    FileLoaded(String, Result<Vec<u8>>),
 }
 #[derive(Properties, Clone, PartialEq, Eq)]
 pub struct Props {
    pub name: AttrValue,
    pub value: Option<String>,
 }
 impl Component for JpegFileInput {
    type Message = Msg;
    type Properties = Props;
    fn create(ctx: &Context<Self>) -> Self {
        Self {
            avatar: Some(JsFile {
                file: None,
                contents: ctx
                    .props()
                    .value
                    .as_ref()
                    .and_then(|x| base64::decode(x).ok()),
            }),
            reader: None,
        }
    }
    fn changed(&mut self, ctx: &Context<Self>) -> bool {
        self.avatar = Some(JsFile {
            file: None,
            contents: ctx
                .props()
                .value
                .as_ref()
                .and_then(|x| base64::decode(x).ok()),
        });
        self.reader = None;
        true
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        match msg {
            Msg::Update => true,
            Msg::FileSelected(new_avatar) => {
                if self
                    .avatar
                    .as_ref()
                    .and_then(|f| f.file.as_ref().map(|f| f.name()))
                    != Some(new_avatar.name())
                {
                    let file_name = new_avatar.name();
                    let link = ctx.link().clone();
                    self.reader = Some(read_as_bytes(&new_avatar, move |res| {
                        link.send_message(Msg::FileLoaded(
                            file_name,
                            res.map_err(|e| anyhow::anyhow!("{:#}", e)),
                        ))
                    }));
                    self.avatar = Some(JsFile {
                        file: Some(new_avatar),
                        contents: None,
                    });
                }
                true
            }
            Msg::ClearClicked => {
                self.avatar = Some(JsFile::default());
                true
            }
            Msg::FileLoaded(file_name, data) => {
                if let Some(avatar) = &mut self.avatar
                    && let Some(file) = &avatar.file
                    && file.name() == file_name
                    && let Result::Ok(data) = data
                {
                    if !is_valid_jpeg(data.as_slice()) {
                        // Clear the selection.
                        self.avatar = Some(JsFile::default());
                        // TODO: bail!("Chosen image is not a valid JPEG");
                    } else {
                        avatar.contents = Some(data);
                        return true;
                    }
                }
                self.reader = None;
                true
            }
        }
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = &ctx.link();
        let avatar_string = match &self.avatar {
            Some(avatar) => {
                let avatar_base64 = to_base64(avatar);
                avatar_base64.as_deref().unwrap_or("").to_owned()
            }
            None => String::new(),
        };
        html! {
            <div class="row align-items-center">
                <div class="col-5">
                    <input type="hidden" name={ctx.props().name.clone()} value={avatar_string.clone()} />
                    <input
                        class="form-control"
                        id="avatarInput"
                        type="file"
                        accept="image/jpeg"
                        oninput={link.callback(|e: InputEvent| {
                            let input: HtmlInputElement = e.target_unchecked_into();
                            Self::upload_files(input.files())
                        })} />
                </div>
                <div class="col-3">
                    <button
                        class="btn btn-secondary col-auto"
                        id="avatarClear"
                        type="button"
                        onclick={link.callback(|_| {Msg::ClearClicked})}>
                        {"Clear"}
                        </button>
                </div>
                <div class="col-4">
                {
                    if !avatar_string.is_empty() {
                        html!{
                            <img
                            id="avatarDisplay"
                            src={format!("data:image/jpeg;base64, {}", avatar_string)}
                            style="max-height:128px;max-width:128px;height:auto;width:auto;"
                            alt="Avatar" />
                        }
                    } else { html! {} }
                }
                </div>
            </div>
        }
    }
 }
 impl JpegFileInput {
    fn upload_files(files: Option<FileList>) -> Msg {
        match files {
            Some(files) if files.length() > 0 => {
                Msg::FileSelected(File::from(files.item(0).unwrap()))
            }
            Some(_) | None => Msg::Update,
        }
    }
 }
 fn is_valid_jpeg(bytes: &[u8]) -> bool {
    image::io::Reader::with_format(std::io::Cursor::new(bytes), image::ImageFormat::Jpeg)
        .decode()
        .is_ok()
 }
--- a/app/src/components/form/mod.rs
+++ b/app/src/components/form/mod.rs
@@ -0,0 +1,8 @@
 pub mod attribute_input;
 pub mod checkbox;
 pub mod date_input;
 pub mod field;
 pub mod file_input;
 pub mod select;
 pub mod static_value;
 pub mod submit;
--- a/app/src/components/form/select.rs
+++ b/app/src/components/form/select.rs
@@ -0,0 +1,46 @@
 use yew::{
    Callback, Children, InputEvent, Properties, function_component, html, virtual_dom::AttrValue,
 };
 use yew_form::{Form, Model};
 #[derive(Properties, PartialEq)]
 pub struct Props<T: Model> {
    pub label: AttrValue,
    pub field_name: String,
    pub form: Form<T>,
    #[prop_or(false)]
    pub required: bool,
    #[prop_or_else(Callback::noop)]
    pub oninput: Callback<InputEvent>,
    pub children: Children,
 }
 #[function_component(Select)]
 pub fn select<T: Model>(props: &Props<T>) -> Html {
    html! {
        <div class="row mb-3">
            <label for={props.field_name.clone()}
                class="form-label col-4 col-form-label">
                {&props.label}
                {if props.required {
                    html!{<span class="text-danger">{"*"}</span>}
                } else {html!{}}}
                {":"}
            </label>
            <div class="col-8">
                <yew_form::Select<T>
                    form={&props.form}
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    field_name={props.field_name.clone()}
                    oninput={&props.oninput} >
                    {for props.children.iter()}
                </yew_form::Select<T>>
                <div class="invalid-feedback">
                    {&props.form.field_message(&props.field_name)}
                </div>
            </div>
        </div>
    }
 }
--- a/app/src/components/form/static_value.rs
+++ b/app/src/components/form/static_value.rs
@@ -0,0 +1,26 @@
 use yew::{Children, Properties, function_component, html, virtual_dom::AttrValue};
 #[derive(Properties, PartialEq)]
 pub struct Props {
    pub label: AttrValue,
    pub id: AttrValue,
    pub children: Children,
 }
 #[function_component(StaticValue)]
 pub fn static_value(props: &Props) -> Html {
    html! {
      <div class="row mb-3">
        <label for={props.id.clone()}
          class="form-label col-4 col-form-label">
          {&props.label}
          {":"}
        </label>
        <div class="col-8">
          <span id={props.id.clone()} class="form-control-static">
            {for props.children.iter()}
          </span>
        </div>
      </div>
    }
 }
--- a/app/src/components/form/submit.rs
+++ b/app/src/components/form/submit.rs
@@ -0,0 +1,30 @@
 use web_sys::MouseEvent;
 use yew::{Callback, Children, Properties, function_component, html, virtual_dom::AttrValue};
 #[derive(Properties, PartialEq)]
 pub struct Props {
    pub disabled: bool,
    pub onclick: Callback<MouseEvent>,
    // Additional elements to insert after the button, in the same div
    #[prop_or_default]
    pub children: Children,
    #[prop_or(AttrValue::from("Submit"))]
    pub text: AttrValue,
 }
 #[function_component(Submit)]
 pub fn submit(props: &Props) -> Html {
    html! {
      <div class="form-group row justify-content-center">
        <button
          class="btn btn-primary col-auto col-form-label"
          type="submit"
          disabled={props.disabled}
          onclick={&props.onclick}>
          <i class="bi-save me-2"></i>
          {props.text.clone()}
        </button>
        {for props.children.iter()}
      </div>
    }
 }
--- a/app/src/components/fragments/attribute_schema.rs
+++ b/app/src/components/fragments/attribute_schema.rs
@@ -0,0 +1,52 @@
 use crate::infra::attributes::AttributeDescription;
 use lldap_validation::attributes::{ALLOWED_CHARACTERS_DESCRIPTION, validate_attribute_name};
 use yew::{Html, html};
 fn render_attribute_aliases(attribute_description: &AttributeDescription) -> Html {
    if attribute_description.aliases.is_empty() {
        html! {}
    } else {
        html! {
          <>
            <br/>
            <small class="text-muted">
              {"Aliases: "}
              {attribute_description.aliases.join(", ")}
            </small>
          </>
        }
    }
 }
 fn render_attribute_validation_warnings(attribute_name: &str) -> Html {
    match validate_attribute_name(attribute_name) {
        Ok(()) => {
            html! {}
        }
        Err(_invalid_chars) => {
            html! {
              <>
                <br/>
                <small class="text-warning">
                  {"Warning: This attribute uses one or more invalid characters "}
                  {"("}{ALLOWED_CHARACTERS_DESCRIPTION}{"). "}
                  {"Some clients may not support it."}
                </small>
              </>
            }
        }
    }
 }
 pub fn render_attribute_name(
    hardcoded: bool,
    attribute_description: &AttributeDescription,
 ) -> Html {
    html! {
      <>
        {&attribute_description.attribute_name}
        {if hardcoded {render_attribute_aliases(attribute_description)} else {html!{}}}
        {render_attribute_validation_warnings(attribute_description.attribute_name)}
      </>
    }
 }
--- a/app/src/components/fragments/mod.rs
+++ b/app/src/components/fragments/mod.rs
@@ -0,0 +1 @@
 pub mod attribute_schema;
--- a/app/src/components/group_details.rs
+++ b/app/src/components/group_details.rs
@@ -1,12 +1,17 @@
 use crate::{
    components::{
        add_group_member::{self, AddGroupMemberComponent},
        group_details_form::GroupDetailsForm,
        remove_user_from_group::RemoveUserFromGroupComponent,
        router::{AppRoute, Link},
    },
-    infra::common_component::{CommonComponent, CommonComponentParts},
+    infra::{
        common_component::{CommonComponent, CommonComponentParts},
        form_utils::GraphQlAttributeSchema,
        schema::AttributeType,
    },
 };
-use anyhow::{bail, Error, Result};
+use anyhow::{Error, Result, bail};
 use graphql_client::GraphQLQuery;
 use yew::prelude::*;
@@ -15,19 +20,33 @@ use yew::prelude::*;
    schema_path = "../schema.graphql",
    query_path = "queries/get_group_details.graphql",
    response_derives = "Debug, Hash, PartialEq, Eq, Clone",
-    custom_scalars_module = "crate::infra::graphql"
+    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct GetGroupDetails;
 pub type Group = get_group_details::GetGroupDetailsGroup;
 pub type User = get_group_details::GetGroupDetailsGroupUsers;
 pub type AddGroupMemberUser = add_group_member::User;
 pub type Attribute = get_group_details::GetGroupDetailsGroupAttributes;
 pub type AttributeSchema = get_group_details::GetGroupDetailsSchemaGroupSchemaAttributes;
 impl From<&AttributeSchema> for GraphQlAttributeSchema {
    fn from(attr: &AttributeSchema) -> Self {
        Self {
            name: attr.name.clone(),
            is_list: attr.is_list,
            is_readonly: attr.is_readonly,
            is_editable: attr.is_editable,
        }
    }
 }
 pub struct GroupDetails {
    common: CommonComponentParts<Self>,
    /// The group info. If none, the error is in `error`. If `error` is None, then we haven't
    /// received the server response yet.
-    group: Option<Group>,
+    group_and_schema: Option<(Group, Vec<AttributeSchema>)>,
 }
 /// State machine describing the possible transitions of the component state.
@@ -38,11 +57,13 @@ pub enum Msg {
    OnError(Error),
    OnUserAddedToGroup(AddGroupMemberUser),
    OnUserRemovedFromGroup((String, i64)),
    DisplayNameUpdated,
 }
 #[derive(yew::Properties, Clone, PartialEq, Eq)]
 pub struct Props {
    pub group_id: i64,
    pub is_admin: bool,
 }
 impl GroupDetails {
@@ -69,41 +90,16 @@ impl GroupDetails {
        }
    }
-    fn view_details(&self, g: &Group) -> Html {
+    fn view_details(&self, ctx: &Context<Self>, g: &Group, schema: Vec<AttributeSchema>) -> Html {
        html! {
          <>
            <h3>{g.display_name.to_string()}</h3>
-            <div class="py-3">
+            <GroupDetailsForm
-              <form class="form">
+              group={g.clone()}
-                <div class="form-group row mb-3">
+              group_attributes_schema={schema}
-                  <label for="displayName"
+              is_admin={ctx.props().is_admin}
-                    class="form-label col-4 col-form-label">
+              on_display_name_updated={ctx.link().callback(|_| Msg::DisplayNameUpdated)}
-                    {"Group: "}
+            />
                  </label>
                  <div class="col-8">
                    <span id="groupId" class="form-constrol-static">{g.display_name.to_string()}</span>
                  </div>
                </div>
                <div class="form-group row mb-3">
                  <label for="creationDate"
                    class="form-label col-4 col-form-label">
                    {"Creation date: "}
                  </label>
                  <div class="col-8">
                    <span id="creationDate" class="form-constrol-static">{g.creation_date.naive_local().date()}</span>
                  </div>
                </div>
                <div class="form-group row mb-3">
                  <label for="uuid"
                    class="form-label col-4 col-form-label">
                    {"UUID: "}
                  </label>
                  <div class="col-8">
                    <span id="uuid" class="form-constrol-static">{g.uuid.to_string()}</span>
                  </div>
                </div>
              </form>
            </div>
          </>
        }
    }
@@ -182,29 +178,38 @@ impl GroupDetails {
 }
 impl CommonComponent<GroupDetails> for GroupDetails {
-    fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> {
+    fn handle_msg(
        &mut self,
        ctx: &Context<Self>,
        msg: <Self as Component>::Message,
    ) -> Result<bool> {
        match msg {
            Msg::GroupDetailsResponse(response) => match response {
-                Ok(group) => self.group = Some(group.group),
+                Ok(group) => {
                    self.group_and_schema =
                        Some((group.group, group.schema.group_schema.attributes))
                }
                Err(e) => {
-                    self.group = None;
+                    self.group_and_schema = None;
                    bail!("Error getting user details: {}", e);
                }
            },
            Msg::OnError(e) => return Err(e),
            Msg::OnUserAddedToGroup(user) => {
-                self.group.as_mut().unwrap().users.push(User {
+                self.group_and_schema.as_mut().unwrap().0.users.push(User {
                    id: user.id,
                    display_name: user.display_name,
                });
            }
            Msg::OnUserRemovedFromGroup((user_id, _)) => {
-                self.group
+                self.group_and_schema
                    .as_mut()
                    .unwrap()
                    .0
                    .users
                    .retain(|u| u.id != user_id);
            }
            Msg::DisplayNameUpdated => self.get_group_details(ctx),
        }
        Ok(true)
    }
@@ -221,7 +226,7 @@ impl Component for GroupDetails {
    fn create(ctx: &Context<Self>) -> Self {
        let mut table = Self {
            common: CommonComponentParts::<Self>::create(),
-            group: None,
+            group_and_schema: None,
        };
        table.get_group_details(ctx);
        table
@@ -232,15 +237,15 @@ impl Component for GroupDetails {
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
-        match (&self.group, &self.common.error) {
+        match (&self.group_and_schema, &self.common.error) {
            (None, None) => html! {{"Loading..."}},
            (None, Some(e)) => html! {<div>{"Error: "}{e.to_string()}</div>},
-            (Some(u), error) => {
+            (Some((group, schema)), error) => {
                html! {
                    <div>
-                      {self.view_details(u)}
+                      {self.view_details(ctx, group, schema.clone())}
-                      {self.view_user_list(ctx, u)}
+                      {self.view_user_list(ctx, group)}
-                      {self.view_add_user_button(ctx, u)}
+                      {self.view_add_user_button(ctx, group)}
                      {self.view_messages(error)}
                    </div>
                }
--- a/app/src/components/group_details_form.rs
+++ b/app/src/components/group_details_form.rs
@@ -0,0 +1,271 @@
 use crate::{
    components::{
        form::{
            attribute_input::{ListAttributeInput, SingleAttributeInput},
            static_value::StaticValue,
            submit::Submit,
        },
        group_details::{Attribute, AttributeSchema, Group},
    },
    infra::{
        common_component::{CommonComponent, CommonComponentParts},
        form_utils::{AttributeValue, EmailIsRequired, IsAdmin, read_all_form_attributes},
    },
 };
 use anyhow::{Ok, Result};
 use graphql_client::GraphQLQuery;
 use yew::prelude::*;
 /// The GraphQL query sent to the server to update the group details.
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/update_group.graphql",
    response_derives = "Debug",
    variables_derives = "Clone,PartialEq,Eq",
    custom_scalars_module = "crate::infra::graphql"
 )]
 pub struct UpdateGroup;
 /// A [yew::Component] to display the group details, with a form allowing to edit them.
 pub struct GroupDetailsForm {
    common: CommonComponentParts<Self>,
    /// True if we just successfully updated the group, to display a success message.
    just_updated: bool,
    updated_group_name: bool,
    group: Group,
    form_ref: NodeRef,
 }
 pub enum Msg {
    /// A form field changed.
    Update,
    /// The "Submit" button was clicked.
    SubmitClicked,
    /// We got the response from the server about our update message.
    GroupUpdated(Result<update_group::ResponseData>),
 }
 #[derive(yew::Properties, Clone, PartialEq)]
 pub struct Props {
    /// The current group details.
    pub group: Group,
    pub group_attributes_schema: Vec<AttributeSchema>,
    pub is_admin: bool,
    pub on_display_name_updated: Callback<()>,
 }
 impl CommonComponent<GroupDetailsForm> for GroupDetailsForm {
    fn handle_msg(
        &mut self,
        ctx: &Context<Self>,
        msg: <Self as Component>::Message,
    ) -> Result<bool> {
        match msg {
            Msg::Update => Ok(true),
            Msg::SubmitClicked => self.submit_group_update_form(ctx),
            Msg::GroupUpdated(Err(e)) => Err(e),
            Msg::GroupUpdated(Result::Ok(_)) => {
                self.just_updated = true;
                if self.updated_group_name {
                    self.updated_group_name = false;
                    ctx.props().on_display_name_updated.emit(());
                }
                Ok(true)
            }
        }
    }
    fn mut_common(&mut self) -> &mut CommonComponentParts<Self> {
        &mut self.common
    }
 }
 impl Component for GroupDetailsForm {
    type Message = Msg;
    type Properties = Props;
    fn create(ctx: &Context<Self>) -> Self {
        Self {
            common: CommonComponentParts::<Self>::create(),
            just_updated: false,
            updated_group_name: false,
            group: ctx.props().group.clone(),
            form_ref: NodeRef::default(),
        }
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        self.just_updated = false;
        CommonComponentParts::<Self>::update(self, ctx, msg)
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        let link = &ctx.link();
        let can_edit =
            |a: &AttributeSchema| (ctx.props().is_admin || a.is_editable) && !a.is_readonly;
        let display_field = |a: &AttributeSchema| {
            if can_edit(a) {
                get_custom_attribute_input(a, &self.group.attributes)
            } else {
                get_custom_attribute_static(a, &self.group.attributes)
            }
        };
        html! {
          <div class="py-3">
            <form
              class="form"
              ref={self.form_ref.clone()}>
              <StaticValue label="Group ID" id="groupId">
                <i>{&self.group.id}</i>
              </StaticValue>
              {
                  ctx
                      .props()
                      .group_attributes_schema
                      .iter()
                      .filter(|a| a.is_hardcoded && a.name != "group_id")
                      .map(display_field)
                      .collect::<Vec<_>>()
              }
              {
                  ctx
                      .props()
                      .group_attributes_schema
                      .iter()
                      .filter(|a| !a.is_hardcoded)
                      .map(display_field)
                      .collect::<Vec<_>>()
              }
              <Submit
                text="Save changes"
                disabled={self.common.is_task_running()}
                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitClicked})} />
            </form>
            {
              if let Some(e) = &self.common.error {
                html! {
                  <div class="alert alert-danger">
                    {e.to_string() }
                  </div>
                }
              } else { html! {} }
            }
            <div hidden={!self.just_updated}>
              <div class="alert alert-success mt-4">{"Group successfully updated!"}</div>
            </div>
          </div>
        }
    }
 }
 fn get_custom_attribute_input(
    attribute_schema: &AttributeSchema,
    group_attributes: &[Attribute],
 ) -> Html {
    let values = group_attributes
        .iter()
        .find(|a| a.name == attribute_schema.name)
        .map(|attribute| attribute.value.clone())
        .unwrap_or_default();
    if attribute_schema.is_list {
        html! {
            <ListAttributeInput
               name={attribute_schema.name.clone()}
               attribute_type={attribute_schema.attribute_type}
               values={values}
            />
        }
    } else {
        html! {
            <SingleAttributeInput
                name={attribute_schema.name.clone()}
                attribute_type={attribute_schema.attribute_type}
                value={values.first().cloned().unwrap_or_default()}
            />
        }
    }
 }
 fn get_custom_attribute_static(
    attribute_schema: &AttributeSchema,
    group_attributes: &[Attribute],
 ) -> Html {
    let values = group_attributes
        .iter()
        .find(|a| a.name == attribute_schema.name)
        .map(|attribute| attribute.value.clone())
        .unwrap_or_default();
    html! {
        <StaticValue label={attribute_schema.name.clone()} id={attribute_schema.name.clone()}>
            {values.into_iter().map(|x| html!{<div>{x}</div>}).collect::<Vec<_>>()}
        </StaticValue>
    }
 }
 impl GroupDetailsForm {
    fn submit_group_update_form(&mut self, ctx: &Context<Self>) -> Result<bool> {
        let mut all_values = read_all_form_attributes(
            ctx.props().group_attributes_schema.iter(),
            &self.form_ref,
            IsAdmin(ctx.props().is_admin),
            EmailIsRequired(false),
        )?;
        let base_attributes = &self.group.attributes;
        all_values.retain(|a| {
            let base_val = base_attributes
                .iter()
                .find(|base_val| base_val.name == a.name);
            base_val
                .map(|v| v.value != a.values)
                .unwrap_or(!a.values.is_empty())
        });
        if all_values.iter().any(|a| a.name == "display_name") {
            self.updated_group_name = true;
        }
        let remove_attributes: Option<Vec<String>> = if all_values.is_empty() {
            None
        } else {
            Some(all_values.iter().map(|a| a.name.clone()).collect())
        };
        let insert_attributes: Option<Vec<update_group::AttributeValueInput>> =
            if remove_attributes.is_none() {
                None
            } else {
                Some(
                    all_values
                        .into_iter()
                        .filter(|a| !a.values.is_empty())
                        .map(
                            |AttributeValue { name, values }| update_group::AttributeValueInput {
                                name,
                                value: values,
                            },
                        )
                        .collect(),
                )
            };
        let mut group_input = update_group::UpdateGroupInput {
            id: self.group.id,
            displayName: None,
            removeAttributes: None,
            insertAttributes: None,
        };
        let default_group_input = group_input.clone();
        group_input.removeAttributes = remove_attributes;
        group_input.insertAttributes = insert_attributes;
        // Nothing changed.
        if group_input == default_group_input {
            return Ok(false);
        }
        let req = update_group::Variables { group: group_input };
        self.common.call_graphql::<UpdateGroup, _>(
            ctx,
            req,
            Msg::GroupUpdated,
            "Error trying to update group",
        );
        Ok(false)
    }
 }
--- a/app/src/components/group_schema_table.rs
+++ b/app/src/components/group_schema_table.rs
@@ -0,0 +1,199 @@
 use crate::{
    components::{
        delete_group_attribute::DeleteGroupAttribute,
        fragments::attribute_schema::render_attribute_name,
        router::{AppRoute, Link},
    },
    infra::{
        attributes::group,
        common_component::{CommonComponent, CommonComponentParts},
        schema::AttributeType,
    },
 };
 use anyhow::{Error, Result, anyhow};
 use gloo_console::log;
 use graphql_client::GraphQLQuery;
 use yew::prelude::*;
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/get_group_attributes_schema.graphql",
    response_derives = "Debug,Clone,PartialEq,Eq",
    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct GetGroupAttributesSchema;
 use get_group_attributes_schema::ResponseData;
 pub type Attribute =
    get_group_attributes_schema::GetGroupAttributesSchemaSchemaGroupSchemaAttributes;
 #[derive(yew::Properties, Clone, PartialEq, Eq)]
 pub struct Props {
    pub hardcoded: bool,
 }
 pub struct GroupSchemaTable {
    common: CommonComponentParts<Self>,
    attributes: Option<Vec<Attribute>>,
 }
 pub enum Msg {
    ListAttributesResponse(Result<ResponseData>),
    OnAttributeDeleted(String),
    OnError(Error),
 }
 impl CommonComponent<GroupSchemaTable> for GroupSchemaTable {
    fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> {
        match msg {
            Msg::ListAttributesResponse(schema) => {
                self.attributes =
                    Some(schema?.schema.group_schema.attributes.into_iter().collect());
                Ok(true)
            }
            Msg::OnError(e) => Err(e),
            Msg::OnAttributeDeleted(attribute_name) => match self.attributes {
                None => {
                    log!(format!(
                        "Attribute {attribute_name} was  deleted but component has no attributes"
                    ));
                    Err(anyhow!("invalid state"))
                }
                Some(_) => {
                    self.attributes
                        .as_mut()
                        .unwrap()
                        .retain(|a| a.name != attribute_name);
                    Ok(true)
                }
            },
        }
    }
    fn mut_common(&mut self) -> &mut CommonComponentParts<Self> {
        &mut self.common
    }
 }
 impl Component for GroupSchemaTable {
    type Message = Msg;
    type Properties = Props;
    fn create(ctx: &Context<Self>) -> Self {
        let mut table = GroupSchemaTable {
            common: CommonComponentParts::<Self>::create(),
            attributes: None,
        };
        table.common.call_graphql::<GetGroupAttributesSchema, _>(
            ctx,
            get_group_attributes_schema::Variables {},
            Msg::ListAttributesResponse,
            "Error trying to fetch group schema",
        );
        table
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        CommonComponentParts::<Self>::update(self, ctx, msg)
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        html! {
            <div>
              {self.view_attributes(ctx)}
              {self.view_errors()}
            </div>
        }
    }
 }
 impl GroupSchemaTable {
    fn view_attributes(&self, ctx: &Context<Self>) -> Html {
        let hardcoded = ctx.props().hardcoded;
        let make_table = |attributes: &Vec<Attribute>| {
            html! {
                <div class="table-responsive">
                    <h3>{if hardcoded {"Hardcoded"} else {"User-defined"}}{" attributes"}</h3>
                    <table class="table table-hover">
                        <thead>
                            <tr>
                                <th>{"Attribute name"}</th>
                                <th>{"Type"}</th>
                                <th>{"Visible"}</th>
                                {if hardcoded {html!{}} else {html!{<th>{"Delete"}</th>}}}
                            </tr>
                        </thead>
                        <tbody>
                            {attributes.iter().map(|u| self.view_attribute(ctx, u)).collect::<Vec<_>>()}
                        </tbody>
                    </table>
                </div>
            }
        };
        match &self.attributes {
            None => html! {{"Loading..."}},
            Some(attributes) => {
                let mut attributes = attributes.clone();
                attributes.retain(|attribute| attribute.is_hardcoded == ctx.props().hardcoded);
                make_table(&attributes)
            }
        }
    }
    fn view_attribute(&self, ctx: &Context<Self>, attribute: &Attribute) -> Html {
        let link = ctx.link();
        let attribute_type = attribute.attribute_type;
        let checkmark = html! {
                    <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-check" viewBox="0 0 16 16">
          <path d="M10.97 4.97a.75.75 0 0 1 1.07 1.05l-3.99 4.99a.75.75 0 0 1-1.08.02L4.324 8.384a.75.75 0 1 1 1.06-1.06l2.094 2.093 3.473-4.425z"></path>
        </svg>
                };
        let hardcoded = ctx.props().hardcoded;
        let desc = group::resolve_group_attribute_description_or_default(&attribute.name);
        html! {
            <tr key={attribute.name.clone()}>
                <td>{render_attribute_name(hardcoded, &desc)}</td>
                <td>{if attribute.is_list { format!("List<{attribute_type}>")} else {attribute_type.to_string()}}</td>
                <td>{if attribute.is_visible {checkmark.clone()} else {html!{}}}</td>
                {
                    if hardcoded {
                        html!{}
                    } else {
                        html!{
                            <td>
                                <DeleteGroupAttribute
                                    attribute_name={attribute.name.clone()}
                                    on_attribute_deleted={link.callback(Msg::OnAttributeDeleted)}
                                    on_error={link.callback(Msg::OnError)}/>
                            </td>
                        }
                    }
                }
            </tr>
        }
    }
    fn view_errors(&self) -> Html {
        match &self.common.error {
            None => html! {},
            Some(e) => html! {<div>{"Error: "}{e.to_string()}</div>},
        }
    }
 }
 #[function_component(ListGroupSchema)]
 pub fn list_group_schema() -> Html {
    html! {
        <div>
            <GroupSchemaTable hardcoded={true} />
            <GroupSchemaTable hardcoded={false} />
            <Link classes="btn btn-primary" to={AppRoute::CreateGroupAttribute}>
                <i class="bi-plus-circle me-2"></i>
                {"Create an attribute"}
            </Link>
        </div>
    }
 }
--- a/app/src/components/login.rs
+++ b/app/src/components/login.rs
@@ -1,11 +1,14 @@
 use crate::{
-    components::router::{AppRoute, Link},
+    components::{
        form::submit::Submit,
        router::{AppRoute, Link},
    },
    infra::{
        api::HostService,
        common_component::{CommonComponent, CommonComponentParts},
    },
 };
-use anyhow::{anyhow, bail, Result};
+use anyhow::{Result, anyhow, bail};
 use gloo_console::error;
 use lldap_auth::*;
 use validator_derive::Validate;
@@ -24,7 +27,7 @@ pub struct LoginForm {
 pub struct FormModel {
    #[validate(length(min = 1, message = "Missing username"))]
    username: String,
-    #[validate(length(min = 8, message = "Invalid password. Min length: 8"))]
+    #[validate(length(min = 1, message = "Missing password"))]
    password: String,
 }
@@ -155,68 +158,62 @@ impl Component for LoginForm {
            }
        } else {
            html! {
-              <form
+              <form class="form center-block col-sm-4 col-offset-4">
-                class="form center-block col-sm-4 col-offset-4">
+                <div class="input-group">
-                  <div class="input-group">
+                  <div class="input-group-prepend">
-                    <div class="input-group-prepend">
+                    <span class="input-group-text">
-                      <span class="input-group-text">
+                      <i class="bi-person-fill"/>
-                        <i class="bi-person-fill"/>
+                    </span>
                      </span>
                    </div>
                    <Field
                      class="form-control"
                      class_invalid="is-invalid has-error"
                      class_valid="has-success"
                      form={&self.form}
                      field_name="username"
                      placeholder="Username"
                      autocomplete="username"
                      oninput={link.callback(|_| Msg::Update)} />
                  </div>
-                  <div class="input-group">
+                  <Field
-                    <div class="input-group-prepend">
+                    class="form-control"
-                      <span class="input-group-text">
+                    class_invalid="is-invalid has-error"
-                        <i class="bi-lock-fill"/>
+                    class_valid="has-success"
-                      </span>
+                    form={&self.form}
-                    </div>
+                    field_name="username"
-                    <Field
+                    placeholder="Username"
-                      class="form-control"
+                    autocomplete="username"
-                      class_invalid="is-invalid has-error"
+                    oninput={link.callback(|_| Msg::Update)} />
-                      class_valid="has-success"
+                </div>
-                      form={&self.form}
+                <div class="input-group">
-                      field_name="password"
+                  <div class="input-group-prepend">
-                      input_type="password"
+                    <span class="input-group-text">
-                      placeholder="Password"
+                      <i class="bi-lock-fill"/>
-                      autocomplete="current-password" />
+                    </span>
                  </div>
                  <div class="form-group mt-3">
                    <button
                      type="submit"
                      class="btn btn-primary"
                      disabled={self.common.is_task_running()}
                      onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}>
                      <i class="bi-box-arrow-in-right me-2"/>
                      {"Login"}
                    </button>
                    { if password_reset_enabled {
                      html! {
                        <Link
                          classes="btn-link btn"
                          disabled={self.common.is_task_running()}
                          to={AppRoute::StartResetPassword}>
                          {"Forgot your password?"}
                        </Link>
                      }
                    } else {
                      html!{}
                    }}
                  </div>
                  <div class="form-group">
                  { if let Some(e) = &self.common.error {
                      html! { e.to_string() }
                    } else { html! {} }
                  }
                  </div>
                  <Field
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    form={&self.form}
                    field_name="password"
                    input_type="password"
                    placeholder="Password"
                    autocomplete="current-password" />
                </div>
                <Submit
                  text="Login"
                  disabled={self.common.is_task_running()}
                  onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}>
                  { if password_reset_enabled {
                    html! {
                      <Link
                        classes="btn-link btn"
                        disabled={self.common.is_task_running()}
                        to={AppRoute::StartResetPassword}>
                        {"Forgot your password?"}
                      </Link>
                    }
                  } else {
                    html!{}
                  }}
                </Submit>
                <div class="form-group">
                { if let Some(e) = &self.common.error {
                    html! { e.to_string() }
                  } else { html! {} }
                }
                </div>
              </form>
            }
        }
--- a/app/src/components/mod.rs
+++ b/app/src/components/mod.rs
@@ -1,12 +1,22 @@
 pub mod add_group_member;
 pub mod add_user_to_group;
 pub mod app;
 pub mod avatar;
 pub mod banner;
 pub mod change_password;
 pub mod create_group;
 pub mod create_group_attribute;
 pub mod create_user;
 pub mod create_user_attribute;
 pub mod delete_group;
 pub mod delete_group_attribute;
 pub mod delete_user;
 pub mod delete_user_attribute;
 pub mod form;
 pub mod fragments;
 pub mod group_details;
 pub mod group_details_form;
 pub mod group_schema_table;
 pub mod group_table;
 pub mod login;
 pub mod logout;
@@ -17,4 +27,5 @@ pub mod router;
 pub mod select;
 pub mod user_details;
 pub mod user_details_form;
 pub mod user_schema_table;
 pub mod user_table;
--- a/app/src/components/reset_password_step1.rs
+++ b/app/src/components/reset_password_step1.rs
@@ -5,7 +5,7 @@ use crate::{
        common_component::{CommonComponent, CommonComponentParts},
    },
 };
-use anyhow::{bail, Result};
+use anyhow::{Result, bail};
 use validator_derive::Validate;
 use yew::prelude::*;
 use yew_form::Form;
@@ -104,7 +104,11 @@ impl Component for ResetPasswordStep1Form {
                </div>
                { if self.just_succeeded {
                    html! {
-                      {"A reset token has been sent to your email."}
+                      {"If a user with this username or email exists, a password reset email will \
                          be sent to the associated email address. Please check your email and \
                          follow the instructions. If you don't receive an email, please check \
                          your spam folder. If you still don't receive an email, please contact \
                          your administrator."}
                    }
                } else {
                    html! {
--- a/app/src/components/reset_password_step2.rs
+++ b/app/src/components/reset_password_step2.rs
@@ -1,11 +1,14 @@
 use crate::{
-    components::router::{AppRoute, Link},
+    components::{
        form::{field::Field, submit::Submit},
        router::{AppRoute, Link},
    },
    infra::{
        api::HostService,
        common_component::{CommonComponent, CommonComponentParts},
    },
 };
-use anyhow::{bail, Result};
+use anyhow::{Result, bail};
 use lldap_auth::{
    opaque::client::registration as opaque_registration,
    password_reset::ServerPasswordResetResponse, registration,
@@ -145,7 +148,7 @@ impl Component for ResetPasswordStep2Form {
            (None, None) => {
                return html! {
                  {"Validating token"}
-                }
+                };
            }
            (None, Some(e)) => {
                return html! {
@@ -160,65 +163,33 @@ impl Component for ResetPasswordStep2Form {
                      {"Back"}
                    </Link>
                  </>
-                }
+                };
            }
            _ => (),
        };
        type Field = yew_form::Field<FormModel>;
        html! {
          <>
            <h2>{"Reset your password"}</h2>
-            <form
+            <form class="form">
-              class="form">
+              <Field<FormModel>
-              <div class="form-group row">
+                label="New password"
-                <label for="new_password"
+                required=true
-                  class="form-label col-sm-2 col-form-label">
+                form={&self.form}
-                  {"New password*:"}
+                field_name="password"
-                </label>
+                autocomplete="new-password"
-                <div class="col-sm-10">
+                input_type="password"
-                  <Field
+                oninput={link.callback(|_| Msg::FormUpdate)} />
-                    form={&self.form}
+              <Field<FormModel>
-                    field_name="password"
+                label="Confirm password"
-                    class="form-control"
+                required=true
-                    class_invalid="is-invalid has-error"
+                form={&self.form}
-                    class_valid="has-success"
+                field_name="confirm_password"
-                    autocomplete="new-password"
+                autocomplete="new-password"
-                    input_type="password"
+                input_type="password"
-                    oninput={link.callback(|_| Msg::FormUpdate)} />
+                oninput={link.callback(|_| Msg::FormUpdate)} />
-                  <div class="invalid-feedback">
+              <Submit
-                    {&self.form.field_message("password")}
+                disabled={self.common.is_task_running()}
-                  </div>
+                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})} />
                </div>
              </div>
              <div class="form-group row">
                <label for="confirm_password"
                  class="form-label col-sm-2 col-form-label">
                  {"Confirm password*:"}
                </label>
                <div class="col-sm-10">
                  <Field
                    form={&self.form}
                    field_name="confirm_password"
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    autocomplete="new-password"
                    input_type="password"
                    oninput={link.callback(|_| Msg::FormUpdate)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("confirm_password")}
                  </div>
                </div>
              </div>
              <div class="form-group row mt-2">
                <button
                  class="btn btn-primary col-sm-1 col-form-label"
                  type="submit"
                  disabled={self.common.is_task_running()}
                  onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::Submit})}>
                  {"Submit"}
                </button>
              </div>
            </form>
            { if let Some(e) = &self.common.error {
                html! {
--- a/app/src/components/router.rs
+++ b/app/src/components/router.rs
@@ -22,6 +22,14 @@ pub enum AppRoute {
    ListGroups,
    #[at("/group/:group_id")]
    GroupDetails { group_id: i64 },
    #[at("/user-attributes")]
    ListUserSchema,
    #[at("/user-attributes/create")]
    CreateUserAttribute,
    #[at("/group-attributes")]
    ListGroupSchema,
    #[at("/group-attributes/create")]
    CreateGroupAttribute,
    #[at("/")]
    Index,
 }
--- a/app/src/components/user_details.rs
+++ b/app/src/components/user_details.rs
@@ -5,9 +5,13 @@ use crate::{
        router::{AppRoute, Link},
        user_details_form::UserDetailsForm,
    },
-    infra::common_component::{CommonComponent, CommonComponentParts},
+    infra::{
        common_component::{CommonComponent, CommonComponentParts},
        form_utils::GraphQlAttributeSchema,
        schema::AttributeType,
    },
 };
-use anyhow::{bail, Error, Result};
+use anyhow::{Error, Result, bail};
 use graphql_client::GraphQLQuery;
 use yew::prelude::*;
@@ -16,18 +20,38 @@ use yew::prelude::*;
    schema_path = "../schema.graphql",
    query_path = "queries/get_user_details.graphql",
    response_derives = "Debug, Hash, PartialEq, Eq, Clone",
-    custom_scalars_module = "crate::infra::graphql"
+    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct GetUserDetails;
 pub type User = get_user_details::GetUserDetailsUser;
 pub type Group = get_user_details::GetUserDetailsUserGroups;
 pub type Attribute = get_user_details::GetUserDetailsUserAttributes;
 pub type AttributeSchema = get_user_details::GetUserDetailsSchemaUserSchemaAttributes;
 impl From<&AttributeSchema> for GraphQlAttributeSchema {
    fn from(attr: &AttributeSchema) -> Self {
        Self {
            name: attr.name.clone(),
            is_list: attr.is_list,
            is_readonly: attr.is_readonly,
            is_editable: attr.is_editable,
        }
    }
 }
 pub struct UserDetails {
    common: CommonComponentParts<Self>,
    /// The user info. If none, the error is in `error`. If `error` is None, then we haven't
    /// received the server response yet.
-    user: Option<User>,
+    user_and_schema: Option<(User, Vec<AttributeSchema>)>,
 }
 impl UserDetails {
    fn mut_groups(&mut self) -> &mut Vec<Group> {
        &mut self.user_and_schema.as_mut().unwrap().0.groups
    }
 }
 /// State machine describing the possible transitions of the component state.
@@ -50,22 +74,20 @@ impl CommonComponent<UserDetails> for UserDetails {
    fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> {
        match msg {
            Msg::UserDetailsResponse(response) => match response {
-                Ok(user) => self.user = Some(user.user),
+                Ok(user) => {
                    self.user_and_schema = Some((user.user, user.schema.user_schema.attributes))
                }
                Err(e) => {
-                    self.user = None;
+                    self.user_and_schema = None;
                    bail!("Error getting user details: {}", e);
                }
            },
            Msg::OnError(e) => return Err(e),
            Msg::OnUserAddedToGroup(group) => {
-                self.user.as_mut().unwrap().groups.push(group);
+                self.mut_groups().push(group);
            }
            Msg::OnUserRemovedFromGroup((_, group_id)) => {
-                self.user
+                self.mut_groups().retain(|g| g.id != group_id);
                    .as_mut()
                    .unwrap()
                    .groups
                    .retain(|g| g.id != group_id);
            }
        }
        Ok(true)
@@ -178,7 +200,7 @@ impl Component for UserDetails {
    fn create(ctx: &Context<Self>) -> Self {
        let mut table = Self {
            common: CommonComponentParts::<Self>::create(),
-            user: None,
+            user_and_schema: None,
        };
        table.get_user_details(ctx);
        table
@@ -189,10 +211,8 @@ impl Component for UserDetails {
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
-        match (&self.user, &self.common.error) {
+        match (&self.user_and_schema, &self.common.error) {
-            (None, None) => html! {{"Loading..."}},
+            (Some((u, schema)), error) => {
            (None, Some(e)) => html! {<div>{"Error: "}{e.to_string()}</div>},
            (Some(u), error) => {
                html! {
                  <>
                    <h3>{u.id.to_string()}</h3>
@@ -207,13 +227,20 @@ impl Component for UserDetails {
                    <div>
                      <h5 class="row m-3 fw-bold">{"User details"}</h5>
                    </div>
-                    <UserDetailsForm user={u.clone()} />
+                    <UserDetailsForm
                      user={u.clone()}
                      user_attributes_schema={schema.clone()}
                      is_admin={ctx.props().is_admin}
                      is_edited_user_admin={u.groups.iter().any(|g| g.display_name == "lldap_admin")}
                    />
                    {self.view_group_memberships(ctx, u)}
                    {self.view_add_group_button(ctx, u)}
                    {self.view_messages(error)}
                  </>
                }
            }
            (None, None) => html! {{"Loading..."}},
            (None, Some(e)) => html! {<div>{"Error: "}{e.to_string()}</div>},
        }
    }
 }
--- a/app/src/components/user_details_form.rs
+++ b/app/src/components/user_details_form.rs
@@ -1,53 +1,22 @@
 use std::str::FromStr;
 use crate::{
-    components::user_details::User,
+    components::{
-    infra::common_component::{CommonComponent, CommonComponentParts},
+        form::{
-};
+            attribute_input::{ListAttributeInput, SingleAttributeInput},
-use anyhow::{bail, Error, Result};
+            static_value::StaticValue,
-use gloo_file::{
+            submit::Submit,
-    callbacks::{read_as_bytes, FileReader},
+        },
-    File,
+        user_details::{Attribute, AttributeSchema, User},
    },
    infra::{
        common_component::{CommonComponent, CommonComponentParts},
        form_utils::{AttributeValue, EmailIsRequired, IsAdmin, read_all_form_attributes},
        schema::AttributeType,
    },
 };
 use anyhow::{Ok, Result};
 use gloo_console::console;
 use graphql_client::GraphQLQuery;
 use validator_derive::Validate;
 use web_sys::{FileList, HtmlInputElement, InputEvent};
 use yew::prelude::*;
 use yew_form_derive::Model;
 #[derive(Default)]
 struct JsFile {
    file: Option<File>,
    contents: Option<Vec<u8>>,
 }
 impl ToString for JsFile {
    fn to_string(&self) -> String {
        self.file.as_ref().map(File::name).unwrap_or_default()
    }
 }
 impl FromStr for JsFile {
    type Err = Error;
    fn from_str(s: &str) -> Result<Self> {
        if s.is_empty() {
            Ok(JsFile::default())
        } else {
            bail!("Building file from non-empty string")
        }
    }
 }
 /// The fields of the form, with the editable details and the constraints.
 #[derive(Model, Validate, PartialEq, Eq, Clone)]
 pub struct UserModel {
    #[validate(email)]
    email: String,
    display_name: String,
    first_name: String,
    last_name: String,
 }
 /// The GraphQL query sent to the server to update the user details.
 #[derive(GraphQLQuery)]
@@ -63,26 +32,17 @@ pub struct UpdateUser;
 /// A [yew::Component] to display the user details, with a form allowing to edit them.
 pub struct UserDetailsForm {
    common: CommonComponentParts<Self>,
    form: yew_form::Form<UserModel>,
    // None means that the avatar hasn't changed.
    avatar: Option<JsFile>,
    reader: Option<FileReader>,
    /// True if we just successfully updated the user, to display a success message.
    just_updated: bool,
    user: User,
    form_ref: NodeRef,
 }
 pub enum Msg {
    /// A form field changed.
    Update,
    /// A new file was selected.
    FileSelected(File),
    /// The "Submit" button was clicked.
    SubmitClicked,
    /// The "Clear" button for the avatar was clicked.
    ClearAvatarClicked,
    /// A picked file finished loading.
    FileLoaded(String, Result<Vec<u8>>),
    /// We got the response from the server about our update message.
    UserUpdated(Result<update_user::ResponseData>),
 }
@@ -91,6 +51,9 @@ pub enum Msg {
 pub struct Props {
    /// The current user details.
    pub user: User,
    pub user_attributes_schema: Vec<AttributeSchema>,
    pub is_admin: bool,
    pub is_edited_user_admin: bool,
 }
 impl CommonComponent<UserDetailsForm> for UserDetailsForm {
@@ -101,53 +64,12 @@ impl CommonComponent<UserDetailsForm> for UserDetailsForm {
    ) -> Result<bool> {
        match msg {
            Msg::Update => Ok(true),
            Msg::FileSelected(new_avatar) => {
                if self
                    .avatar
                    .as_ref()
                    .and_then(|f| f.file.as_ref().map(|f| f.name()))
                    != Some(new_avatar.name())
                {
                    let file_name = new_avatar.name();
                    let link = ctx.link().clone();
                    self.reader = Some(read_as_bytes(&new_avatar, move |res| {
                        link.send_message(Msg::FileLoaded(
                            file_name,
                            res.map_err(|e| anyhow::anyhow!("{:#}", e)),
                        ))
                    }));
                    self.avatar = Some(JsFile {
                        file: Some(new_avatar),
                        contents: None,
                    });
                }
                Ok(true)
            }
            Msg::SubmitClicked => self.submit_user_update_form(ctx),
-            Msg::ClearAvatarClicked => {
+            Msg::UserUpdated(Err(e)) => Err(e),
-                self.avatar = Some(JsFile::default());
+            Msg::UserUpdated(Result::Ok(_)) => {
                self.just_updated = true;
                Ok(true)
            }
            Msg::UserUpdated(response) => self.user_update_finished(response),
            Msg::FileLoaded(file_name, data) => {
                if let Some(avatar) = &mut self.avatar {
                    if let Some(file) = &avatar.file {
                        if file.name() == file_name {
                            let data = data?;
                            if !is_valid_jpeg(data.as_slice()) {
                                // Clear the selection.
                                self.avatar = None;
                                bail!("Chosen image is not a valid JPEG");
                            } else {
                                avatar.contents = Some(data);
                                return Ok(true);
                            }
                        }
                    }
                }
                self.reader = None;
                Ok(false)
            }
        }
    }
@@ -161,19 +83,11 @@ impl Component for UserDetailsForm {
    type Properties = Props;
    fn create(ctx: &Context<Self>) -> Self {
        let model = UserModel {
            email: ctx.props().user.email.clone(),
            display_name: ctx.props().user.display_name.clone(),
            first_name: ctx.props().user.first_name.clone(),
            last_name: ctx.props().user.last_name.clone(),
        };
        Self {
            common: CommonComponentParts::<Self>::create(),
            form: yew_form::Form::new(model),
            avatar: None,
            just_updated: false,
            reader: None,
            user: ctx.props().user.clone(),
            form_ref: NodeRef::default(),
        }
    }
@@ -183,173 +97,47 @@ impl Component for UserDetailsForm {
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        type Field = yew_form::Field<UserModel>;
        let link = &ctx.link();
-        let avatar_string = match &self.avatar {
+        let can_edit =
-            Some(avatar) => {
+            |a: &AttributeSchema| (ctx.props().is_admin || a.is_editable) && !a.is_readonly;
-                let avatar_base64 = to_base64(avatar);
+        let display_field = |a: &AttributeSchema| {
-                avatar_base64.as_deref().unwrap_or("").to_owned()
+            if can_edit(a) {
                get_custom_attribute_input(a, &self.user.attributes)
            } else {
                get_custom_attribute_static(a, &self.user.attributes)
            }
            None => self.user.avatar.as_deref().unwrap_or("").to_owned(),
        };
        html! {
          <div class="py-3">
-            <form class="form">
+            <form
-              <div class="form-group row mb-3">
+              class="form"
-                <label for="userId"
+              ref={self.form_ref.clone()}>
-                  class="form-label col-4 col-form-label">
+              <StaticValue label="User ID" id="userId">
-                  {"User ID: "}
+                <i>{&self.user.id}</i>
-                </label>
+              </StaticValue>
-                <div class="col-8">
+              {
-                  <span id="userId" class="form-control-static"><i>{&self.user.id}</i></span>
+                  ctx
-                </div>
+                      .props()
-              </div>
+                      .user_attributes_schema
-              <div class="form-group row mb-3">
+                      .iter()
-                <label for="creationDate"
+                      .filter(|a| a.is_hardcoded && a.name != "user_id")
-                  class="form-label col-4 col-form-label">
+                      .map(display_field)
-                  {"Creation date: "}
+                      .collect::<Vec<_>>()
-                </label>
+              }
-                <div class="col-8">
+              {
-                  <span id="creationDate" class="form-control-static">{&self.user.creation_date.naive_local().date()}</span>
+                  ctx
-                </div>
+                      .props()
-              </div>
+                      .user_attributes_schema
-              <div class="form-group row mb-3">
+                      .iter()
-                <label for="uuid"
+                      .filter(|a| !a.is_hardcoded)
-                  class="form-label col-4 col-form-label">
+                      .map(display_field)
-                  {"UUID: "}
+                      .collect::<Vec<_>>()
-                </label>
+              }
-                <div class="col-8">
+              <Submit
-                  <span id="creationDate" class="form-control-static">{&self.user.uuid}</span>
+                text="Save changes"
-                </div>
+                disabled={self.common.is_task_running()}
-              </div>
+                onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitClicked})} />
              <div class="form-group row mb-3">
                <label for="email"
                  class="form-label col-4 col-form-label">
                  {"Email"}
                  <span class="text-danger">{"*"}</span>
                  {":"}
                </label>
                <div class="col-8">
                  <Field
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    form={&self.form}
                    field_name="email"
                    autocomplete="email"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("email")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="display_name"
                  class="form-label col-4 col-form-label">
                  {"Display Name: "}
                </label>
                <div class="col-8">
                  <Field
                    class="form-control"
                    class_invalid="is-invalid has-error"
                    class_valid="has-success"
                    form={&self.form}
                    field_name="display_name"
                    autocomplete="name"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("display_name")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="first_name"
                  class="form-label col-4 col-form-label">
                  {"First Name: "}
                </label>
                <div class="col-8">
                  <Field
                    class="form-control"
                    form={&self.form}
                    field_name="first_name"
                    autocomplete="given-name"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("first_name")}
                  </div>
                </div>
              </div>
              <div class="form-group row mb-3">
                <label for="last_name"
                  class="form-label col-4 col-form-label">
                  {"Last Name: "}
                </label>
                <div class="col-8">
                  <Field
                    class="form-control"
                    form={&self.form}
                    field_name="last_name"
                    autocomplete="family-name"
                    oninput={link.callback(|_| Msg::Update)} />
                  <div class="invalid-feedback">
                    {&self.form.field_message("last_name")}
                  </div>
                </div>
              </div>
              <div class="form-group row align-items-center mb-3">
                <label for="avatar"
                  class="form-label col-4 col-form-label">
                  {"Avatar: "}
                </label>
                <div class="col-8">
                  <div class="row align-items-center">
                    <div class="col-5">
                      <input
                        class="form-control"
                        id="avatarInput"
                        type="file"
                        accept="image/jpeg"
                        oninput={link.callback(|e: InputEvent| {
                            let input: HtmlInputElement = e.target_unchecked_into();
                            Self::upload_files(input.files())
                        })} />
                    </div>
                    <div class="col-3">
                      <button
                        class="btn btn-secondary col-auto"
                        id="avatarClear"
                        disabled={self.common.is_task_running()}
                        onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::ClearAvatarClicked})}>
                      {"Clear"}
                      </button>
                    </div>
                    <div class="col-4">
                    {
                      if !avatar_string.is_empty() {
                        html!{
                          <img
                            id="avatarDisplay"
                            src={format!("data:image/jpeg;base64, {}", avatar_string)}
                            style="max-height:128px;max-width:128px;height:auto;width:auto;"
                            alt="Avatar" />
                        }
                      } else { html! {} }
                    }
                    </div>
                  </div>
                </div>
              </div>
              <div class="form-group row justify-content-center mt-3">
                <button
                  type="submit"
                  class="btn btn-primary col-auto col-form-label"
                  disabled={self.common.is_task_running()}
                  onclick={link.callback(|e: MouseEvent| {e.prevent_default(); Msg::SubmitClicked})}>
                  <i class="bi-save me-2"></i>
                  {"Save changes"}
                </button>
              </div>
            </form>
            {
              if let Some(e) = &self.common.error {
@@ -368,19 +156,107 @@ impl Component for UserDetailsForm {
    }
 }
 fn get_custom_attribute_input(
    attribute_schema: &AttributeSchema,
    user_attributes: &[Attribute],
 ) -> Html {
    let values = user_attributes
        .iter()
        .find(|a| a.name == attribute_schema.name)
        .map(|attribute| attribute.value.clone())
        .unwrap_or_default();
    if attribute_schema.is_list {
        html! {
            <ListAttributeInput
               name={attribute_schema.name.clone()}
               attribute_type={attribute_schema.attribute_type}
               values={values}
            />
        }
    } else {
        html! {
            <SingleAttributeInput
                name={attribute_schema.name.clone()}
                attribute_type={attribute_schema.attribute_type}
                value={values.first().cloned().unwrap_or_default()}
            />
        }
    }
 }
 fn get_custom_attribute_static(
    attribute_schema: &AttributeSchema,
    user_attributes: &[Attribute],
 ) -> Html {
    let values = user_attributes
        .iter()
        .find(|a| a.name == attribute_schema.name)
        .map(|attribute| attribute.value.clone())
        .unwrap_or_default();
    let value_to_str = match attribute_schema.attribute_type {
        AttributeType::String | AttributeType::Integer => |v: String| v,
        AttributeType::DateTime => |v: String| {
            console!(format!("Parsing date: {}", &v));
            chrono::DateTime::parse_from_rfc3339(&v)
                .map(|dt| dt.naive_utc().to_string())
                .unwrap_or_else(|_| "Invalid date".to_string())
        },
        AttributeType::JpegPhoto => |_: String| "Unimplemented JPEG display".to_string(),
    };
    html! {
        <StaticValue label={attribute_schema.name.clone()} id={attribute_schema.name.clone()}>
            {values.into_iter().map(|x| html!{<div>{value_to_str(x)}</div>}).collect::<Vec<_>>()}
        </StaticValue>
    }
 }
 impl UserDetailsForm {
    fn submit_user_update_form(&mut self, ctx: &Context<Self>) -> Result<bool> {
-        if !self.form.validate() {
+        // TODO: Handle unloaded files.
-            bail!("Invalid inputs");
+        // if let Some(JsFile {
-        }
+        //     file: Some(_),
-        if let Some(JsFile {
+        //     contents: None,
-            file: Some(_),
+        // }) = &self.avatar
-            contents: None,
+        // {
-        }) = &self.avatar
+        //     bail!("Image file hasn't finished loading, try again");
-        {
+        // }
-            bail!("Image file hasn't finished loading, try again");
+        let mut all_values = read_all_form_attributes(
-        }
+            ctx.props().user_attributes_schema.iter(),
-        let base_user = &self.user;
+            &self.form_ref,
            IsAdmin(ctx.props().is_admin),
            EmailIsRequired(!ctx.props().is_edited_user_admin),
        )?;
        let base_attributes = &self.user.attributes;
        all_values.retain(|a| {
            let base_val = base_attributes
                .iter()
                .find(|base_val| base_val.name == a.name);
            base_val
                .map(|v| v.value != a.values)
                .unwrap_or(!a.values.is_empty())
        });
        let remove_attributes: Option<Vec<String>> = if all_values.is_empty() {
            None
        } else {
            Some(all_values.iter().map(|a| a.name.clone()).collect())
        };
        let insert_attributes: Option<Vec<update_user::AttributeValueInput>> =
            if remove_attributes.is_none() {
                None
            } else {
                Some(
                    all_values
                        .into_iter()
                        .filter(|a| !a.values.is_empty())
                        .map(
                            |AttributeValue { name, values }| update_user::AttributeValueInput {
                                name,
                                value: values,
                            },
                        )
                        .collect(),
                )
            };
        let mut user_input = update_user::UpdateUserInput {
            id: self.user.id.clone(),
            email: None,
@@ -392,23 +268,8 @@ impl UserDetailsForm {
            insertAttributes: None,
        };
        let default_user_input = user_input.clone();
-        let model = self.form.model();
+        user_input.removeAttributes = remove_attributes;
-        let email = model.email;
+        user_input.insertAttributes = insert_attributes;
        if base_user.email != email {
            user_input.email = Some(email);
        }
        if base_user.display_name != model.display_name {
            user_input.displayName = Some(model.display_name);
        }
        if base_user.first_name != model.first_name {
            user_input.firstName = Some(model.first_name);
        }
        if base_user.last_name != model.last_name {
            user_input.lastName = Some(model.last_name);
        }
        if let Some(avatar) = &self.avatar {
            user_input.avatar = Some(to_base64(avatar)?);
        }
        // Nothing changed.
        if user_input == default_user_input {
            return Ok(false);
@@ -422,58 +283,4 @@ impl UserDetailsForm {
        );
        Ok(false)
    }
    fn user_update_finished(&mut self, r: Result<update_user::ResponseData>) -> Result<bool> {
        r?;
        let model = self.form.model();
        self.user.email = model.email;
        self.user.display_name = model.display_name;
        self.user.first_name = model.first_name;
        self.user.last_name = model.last_name;
        if let Some(avatar) = &self.avatar {
            self.user.avatar = Some(to_base64(avatar)?);
        }
        self.just_updated = true;
        Ok(true)
    }
    fn upload_files(files: Option<FileList>) -> Msg {
        if let Some(files) = files {
            if files.length() > 0 {
                Msg::FileSelected(File::from(files.item(0).unwrap()))
            } else {
                Msg::Update
            }
        } else {
            Msg::Update
        }
    }
 }
 fn is_valid_jpeg(bytes: &[u8]) -> bool {
    image::io::Reader::with_format(std::io::Cursor::new(bytes), image::ImageFormat::Jpeg)
        .decode()
        .is_ok()
 }
 fn to_base64(file: &JsFile) -> Result<String> {
    match file {
        JsFile {
            file: None,
            contents: _,
        } => Ok(String::new()),
        JsFile {
            file: Some(_),
            contents: None,
        } => bail!("Image file hasn't finished loading, try again"),
        JsFile {
            file: Some(_),
            contents: Some(data),
        } => {
            if !is_valid_jpeg(data.as_slice()) {
                bail!("Chosen image is not a valid JPEG");
            }
            Ok(base64::encode(data))
        }
    }
 }
--- a/app/src/components/user_schema_table.rs
+++ b/app/src/components/user_schema_table.rs
@@ -0,0 +1,199 @@
 use crate::{
    components::{
        delete_user_attribute::DeleteUserAttribute,
        fragments::attribute_schema::render_attribute_name,
        router::{AppRoute, Link},
    },
    infra::{
        attributes::user,
        common_component::{CommonComponent, CommonComponentParts},
        schema::AttributeType,
    },
 };
 use anyhow::{Error, Result, anyhow};
 use gloo_console::log;
 use graphql_client::GraphQLQuery;
 use yew::prelude::*;
 #[derive(GraphQLQuery)]
 #[graphql(
    schema_path = "../schema.graphql",
    query_path = "queries/get_user_attributes_schema.graphql",
    response_derives = "Debug,Clone,PartialEq,Eq",
    custom_scalars_module = "crate::infra::graphql",
    extern_enums("AttributeType")
 )]
 pub struct GetUserAttributesSchema;
 use get_user_attributes_schema::ResponseData;
 pub type Attribute = get_user_attributes_schema::GetUserAttributesSchemaSchemaUserSchemaAttributes;
 #[derive(yew::Properties, Clone, PartialEq, Eq)]
 pub struct Props {
    pub hardcoded: bool,
 }
 pub struct UserSchemaTable {
    common: CommonComponentParts<Self>,
    attributes: Option<Vec<Attribute>>,
 }
 pub enum Msg {
    ListAttributesResponse(Result<ResponseData>),
    OnAttributeDeleted(String),
    OnError(Error),
 }
 impl CommonComponent<UserSchemaTable> for UserSchemaTable {
    fn handle_msg(&mut self, _: &Context<Self>, msg: <Self as Component>::Message) -> Result<bool> {
        match msg {
            Msg::ListAttributesResponse(schema) => {
                self.attributes = Some(schema?.schema.user_schema.attributes.into_iter().collect());
                Ok(true)
            }
            Msg::OnError(e) => Err(e),
            Msg::OnAttributeDeleted(attribute_name) => match self.attributes {
                None => {
                    log!(format!(
                        "Attribute {attribute_name} was  deleted but component has no attributes"
                    ));
                    Err(anyhow!("invalid state"))
                }
                Some(_) => {
                    self.attributes
                        .as_mut()
                        .unwrap()
                        .retain(|a| a.name != attribute_name);
                    Ok(true)
                }
            },
        }
    }
    fn mut_common(&mut self) -> &mut CommonComponentParts<Self> {
        &mut self.common
    }
 }
 impl Component for UserSchemaTable {
    type Message = Msg;
    type Properties = Props;
    fn create(ctx: &Context<Self>) -> Self {
        let mut table = UserSchemaTable {
            common: CommonComponentParts::<Self>::create(),
            attributes: None,
        };
        table.common.call_graphql::<GetUserAttributesSchema, _>(
            ctx,
            get_user_attributes_schema::Variables {},
            Msg::ListAttributesResponse,
            "Error trying to fetch user schema",
        );
        table
    }
    fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
        CommonComponentParts::<Self>::update(self, ctx, msg)
    }
    fn view(&self, ctx: &Context<Self>) -> Html {
        html! {
            <div>
              {self.view_attributes(ctx)}
              {self.view_errors()}
            </div>
        }
    }
 }
 impl UserSchemaTable {
    fn view_attributes(&self, ctx: &Context<Self>) -> Html {
        let hardcoded = ctx.props().hardcoded;
        let make_table = |attributes: &Vec<Attribute>| {
            html! {
                <div class="table-responsive">
                    <h3>{if hardcoded {"Hardcoded"} else {"User-defined"}}{" attributes"}</h3>
                    <table class="table table-hover">
                        <thead>
                            <tr>
                                <th>{"Attribute name"}</th>
                                <th>{"Type"}</th>
                                <th>{"Editable"}</th>
                                <th>{"Visible"}</th>
                                {if hardcoded {html!{}} else {html!{<th>{"Delete"}</th>}}}
                            </tr>
                        </thead>
                        <tbody>
                            {attributes.iter().map(|u| self.view_attribute(ctx, u)).collect::<Vec<_>>()}
                        </tbody>
                    </table>
                </div>
            }
        };
        match &self.attributes {
            None => html! {{"Loading..."}},
            Some(attributes) => {
                let mut attributes = attributes.clone();
                attributes.retain(|attribute| attribute.is_hardcoded == ctx.props().hardcoded);
                make_table(&attributes)
            }
        }
    }
    fn view_attribute(&self, ctx: &Context<Self>, attribute: &Attribute) -> Html {
        let link = ctx.link();
        let attribute_type = attribute.attribute_type;
        let checkmark = html! {
                    <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-check" viewBox="0 0 16 16">
          <path d="M10.97 4.97a.75.75 0 0 1 1.07 1.05l-3.99 4.99a.75.75 0 0 1-1.08.02L4.324 8.384a.75.75 0 1 1 1.06-1.06l2.094 2.093 3.473-4.425z"></path>
        </svg>
                };
        let hardcoded = ctx.props().hardcoded;
        let desc = user::resolve_user_attribute_description_or_default(&attribute.name);
        html! {
            <tr key={attribute.name.clone()}>
                <td>{render_attribute_name(hardcoded, &desc)}</td>
                <td>{if attribute.is_list { format!("List<{attribute_type}>")} else {attribute_type.to_string()}}</td>
                <td>{if attribute.is_editable {checkmark.clone()} else {html!{}}}</td>
                <td>{if attribute.is_visible {checkmark.clone()} else {html!{}}}</td>
                {
                    if hardcoded {
                        html!{}
                    } else {
                        html!{
                            <td>
                                <DeleteUserAttribute
                                    attribute_name={attribute.name.clone()}
                                    on_attribute_deleted={link.callback(Msg::OnAttributeDeleted)}
                                    on_error={link.callback(Msg::OnError)}/>
                            </td>
                        }
                    }
                }
            </tr>
        }
    }
    fn view_errors(&self) -> Html {
        match &self.common.error {
            None => html! {},
            Some(e) => html! {<div>{"Error: "}{e.to_string()}</div>},
        }
    }
 }
 #[function_component(ListUserSchema)]
 pub fn list_user_schema() -> Html {
    html! {
        <div>
            <UserSchemaTable hardcoded={true} />
            <UserSchemaTable hardcoded={false} />
            <Link classes="btn btn-primary" to={AppRoute::CreateUserAttribute}>
                <i class="bi-plus-circle me-2"></i>
                {"Create an attribute"}
            </Link>
        </div>
    }
 }
--- a/app/src/infra/api.rs
+++ b/app/src/infra/api.rs
@@ -1,10 +1,11 @@
 use super::cookies::set_cookie;
-use anyhow::{anyhow, Context, Result};
+use anyhow::{Context, Result, anyhow};
-use gloo_net::http::{Method, Request};
+use gloo_net::http::{Method, RequestBuilder};
 use graphql_client::GraphQLQuery;
-use lldap_auth::{login, registration, JWTClaims};
+use lldap_auth::{JWTClaims, login, registration};
-use serde::{de::DeserializeOwned, Serialize};
+use lldap_frontend_options::Options;
 use serde::{Serialize, de::DeserializeOwned};
 use web_sys::RequestCredentials;
 #[derive(Default)]
@@ -16,25 +17,32 @@ fn get_claims_from_jwt(jwt: &str) -> Result<JWTClaims> {
    Ok(token.claims().clone())
 }
-const NO_BODY: Option<()> = None;
+enum RequestType<Body: Serialize> {
    Get,
    Post(Body),
 }
 const GET_REQUEST: RequestType<()> = RequestType::Get;
 fn base_url() -> String {
    yew_router::utils::base_url().unwrap_or_default()
 }
-async fn call_server(
+async fn call_server<Body: Serialize>(
    url: &str,
-    body: Option<impl Serialize>,
+    body: RequestType<Body>,
    error_message: &'static str,
 ) -> Result<String> {
-    let mut request = Request::new(url)
+    let request_builder = RequestBuilder::new(url)
        .header("Content-Type", "application/json")
        .credentials(RequestCredentials::SameOrigin);
-    if let Some(b) = body {
+    let request = if let RequestType::Post(b) = body {
-        request = request
+        request_builder
-            .body(serde_json::to_string(&b)?)
+            .method(Method::POST)
-            .method(Method::POST);
+            .body(serde_json::to_string(&b)?)?
-    }
+    } else {
        request_builder.build()?
    };
    let response = request.send().await?;
    if response.ok() {
        Ok(response.text().await?)
@@ -51,7 +59,7 @@ async fn call_server(
 async fn call_server_json_with_error_message<CallbackResult, Body: Serialize>(
    url: &str,
-    request: Option<Body>,
+    request: RequestType<Body>,
    error_message: &'static str,
 ) -> Result<CallbackResult>
 where
@@ -63,7 +71,7 @@ where
 async fn call_server_empty_response_with_error_message<Body: Serialize>(
    url: &str,
-    request: Option<Body>,
+    request: RequestType<Body>,
    error_message: &'static str,
 ) -> Result<()> {
    call_server(url, request, error_message).await.map(|_| ())
@@ -102,7 +110,7 @@ impl HostService {
        let request_body = QueryType::build_query(variables);
        call_server_json_with_error_message::<graphql_client::Response<_>, _>(
            &(base_url() + "/api/graphql"),
-            Some(request_body),
+            RequestType::Post(request_body),
            error_message,
        )
        .await
@@ -114,7 +122,7 @@ impl HostService {
    ) -> Result<Box<login::ServerLoginStartResponse>> {
        call_server_json_with_error_message(
            &(base_url() + "/auth/opaque/login/start"),
-            Some(request),
+            RequestType::Post(request),
            "Could not start authentication: ",
        )
        .await
@@ -123,19 +131,28 @@ impl HostService {
    pub async fn login_finish(request: login::ClientLoginFinishRequest) -> Result<(String, bool)> {
        call_server_json_with_error_message::<login::ServerLoginResponse, _>(
            &(base_url() + "/auth/opaque/login/finish"),
-            Some(request),
+            RequestType::Post(request),
            "Could not finish authentication",
        )
        .await
        .and_then(set_cookies_from_jwt)
    }
    pub async fn get_settings() -> Result<Options> {
        call_server_json_with_error_message::<Options, _>(
            &(base_url() + "/settings"),
            GET_REQUEST,
            "Could not fetch settings: ",
        )
        .await
    }
    pub async fn register_start(
        request: registration::ClientRegistrationStartRequest,
    ) -> Result<Box<registration::ServerRegistrationStartResponse>> {
        call_server_json_with_error_message(
            &(base_url() + "/auth/opaque/register/start"),
-            Some(request),
+            RequestType::Post(request),
            "Could not start registration: ",
        )
        .await
@@ -146,7 +163,7 @@ impl HostService {
    ) -> Result<()> {
        call_server_empty_response_with_error_message(
            &(base_url() + "/auth/opaque/register/finish"),
-            Some(request),
+            RequestType::Post(request),
            "Could not finish registration",
        )
        .await
@@ -155,7 +172,7 @@ impl HostService {
    pub async fn refresh() -> Result<(String, bool)> {
        call_server_json_with_error_message::<login::ServerLoginResponse, _>(
            &(base_url() + "/auth/refresh"),
-            NO_BODY,
+            GET_REQUEST,
            "Could not start authentication: ",
        )
        .await
@@ -166,7 +183,7 @@ impl HostService {
    pub async fn logout() -> Result<()> {
        call_server_empty_response_with_error_message(
            &(base_url() + "/auth/logout"),
-            NO_BODY,
+            GET_REQUEST,
            "Could not logout",
        )
        .await
@@ -179,7 +196,7 @@ impl HostService {
                base_url(),
                url_escape::encode_query(&username)
            ),
-            NO_BODY,
+            RequestType::Post(""),
            "Could not initiate password reset",
        )
        .await
@@ -190,20 +207,9 @@ impl HostService {
    ) -> Result<lldap_auth::password_reset::ServerPasswordResetResponse> {
        call_server_json_with_error_message(
            &format!("{}/auth/reset/step2/{}", base_url(), token),
-            NO_BODY,
+            GET_REQUEST,
            "Could not validate token",
        )
        .await
    }
    pub async fn probe_password_reset() -> Result<bool> {
        Ok(gloo_net::http::Request::get(
            &(base_url() + "/auth/reset/step1/lldap_unlikely_very_long_user_name"),
        )
        .header("Content-Type", "application/json")
        .send()
        .await?
        .status()
            != http::StatusCode::NOT_FOUND)
    }
 }
--- a/app/src/infra/attributes.rs
+++ b/app/src/infra/attributes.rs
@@ -0,0 +1,128 @@
 pub struct AttributeDescription<'a> {
    pub attribute_identifier: &'a str,
    pub attribute_name: &'a str,
    pub aliases: Vec<&'a str>,
 }
 pub mod group {
    use super::AttributeDescription;
    pub fn resolve_group_attribute_description(name: &'_ str) -> Option<AttributeDescription<'_>> {
        match name {
            "creation_date" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "creationdate",
                aliases: vec![name, "createtimestamp"],
            }),
            "modified_date" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "modifydate",
                aliases: vec![name, "modifytimestamp"],
            }),
            "display_name" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "displayname",
                aliases: vec![name, "cn", "uid", "id"],
            }),
            "group_id" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "groupid",
                aliases: vec![name],
            }),
            "uuid" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: name,
                aliases: vec!["entryuuid"],
            }),
            _ => None,
        }
    }
    pub fn resolve_group_attribute_description_or_default(
        name: &'_ str,
    ) -> AttributeDescription<'_> {
        match resolve_group_attribute_description(name) {
            Some(d) => d,
            None => AttributeDescription {
                attribute_identifier: name,
                attribute_name: name,
                aliases: vec![],
            },
        }
    }
 }
 pub mod user {
    use super::AttributeDescription;
    pub fn resolve_user_attribute_description(name: &'_ str) -> Option<AttributeDescription<'_>> {
        match name {
            "avatar" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: name,
                aliases: vec!["jpegphoto"],
            }),
            "creation_date" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "creationdate",
                aliases: vec![name, "createtimestamp"],
            }),
            "modified_date" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "modifydate",
                aliases: vec![name, "modifytimestamp"],
            }),
            "password_modified_date" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "passwordmodifydate",
                aliases: vec![name, "pwdchangedtime"],
            }),
            "display_name" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "displayname",
                aliases: vec![name, "cn"],
            }),
            "first_name" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "firstname",
                aliases: vec![name, "givenname"],
            }),
            "last_name" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "lastname",
                aliases: vec![name, "sn"],
            }),
            "mail" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: name,
                aliases: vec!["email"],
            }),
            "user_id" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: "uid",
                aliases: vec![name, "id"],
            }),
            "uuid" => Some(AttributeDescription {
                attribute_identifier: name,
                attribute_name: name,
                aliases: vec!["entryuuid"],
            }),
            _ => None,
        }
    }
    pub fn resolve_user_attribute_description_or_default(
        name: &'_ str,
    ) -> AttributeDescription<'_> {
        match resolve_user_attribute_description(name) {
            Some(d) => d,
            None => AttributeDescription {
                attribute_identifier: name,
                attribute_name: name,
                aliases: vec![],
            },
        }
    }
 }
--- a/app/src/infra/cookies.rs
+++ b/app/src/infra/cookies.rs
@@ -1,4 +1,4 @@
-use anyhow::{anyhow, Result};
+use anyhow::{Result, anyhow};
 use chrono::prelude::*;
 use wasm_bindgen::JsCast;
 use web_sys::HtmlDocument;
--- a/app/src/infra/form_utils.rs
+++ b/app/src/infra/form_utils.rs
@@ -0,0 +1,68 @@
 use anyhow::{Result, anyhow, ensure};
 use validator::validate_email;
 use web_sys::{FormData, HtmlFormElement};
 use yew::NodeRef;
 #[derive(Debug)]
 pub struct AttributeValue {
    pub name: String,
    pub values: Vec<String>,
 }
 pub struct GraphQlAttributeSchema {
    pub name: String,
    pub is_list: bool,
    pub is_readonly: bool,
    pub is_editable: bool,
 }
 fn validate_email_attributes(all_values: &[AttributeValue]) -> Result<()> {
    let maybe_email_values = all_values.iter().find(|a| a.name == "mail");
    let email_values = &maybe_email_values
        .ok_or_else(|| anyhow!("Email is required"))?
        .values;
    ensure!(!email_values.is_empty(), "Email is required");
    ensure!(email_values.len() == 1, "Multiple emails are not supported");
    ensure!(validate_email(&email_values[0]), "Email is not valid");
    Ok(())
 }
 pub struct IsAdmin(pub bool);
 pub struct EmailIsRequired(pub bool);
 pub fn read_all_form_attributes(
    schema: impl IntoIterator<Item = impl Into<GraphQlAttributeSchema>>,
    form_ref: &NodeRef,
    is_admin: IsAdmin,
    email_is_required: EmailIsRequired,
 ) -> Result<Vec<AttributeValue>> {
    let form = form_ref.cast::<HtmlFormElement>().unwrap();
    let form_data = FormData::new_with_form(&form)
        .map_err(|e| anyhow!("Failed to get FormData: {:#?}", e.as_string()))?;
    let all_values = schema
        .into_iter()
        .map(Into::<GraphQlAttributeSchema>::into)
        .filter(|attr| !attr.is_readonly && (is_admin.0 || attr.is_editable))
        .map(|attr| -> Result<AttributeValue> {
            let val = form_data
                .get_all(attr.name.as_str())
                .iter()
                .map(|js_val| js_val.as_string().unwrap_or_default())
                .filter(|val| !val.is_empty())
                .collect::<Vec<String>>();
            ensure!(
                val.len() <= 1 || attr.is_list,
                "Multiple values supplied for non-list attribute {}",
                attr.name
            );
            Ok(AttributeValue {
                name: attr.name.clone(),
                values: val,
            })
        })
        .collect::<Result<Vec<_>>>()?;
    if email_is_required.0 {
        validate_email_attributes(&all_values)?;
    }
    Ok(all_values)
 }
--- a/app/src/infra/functional.rs
+++ b/app/src/infra/functional.rs
@@ -0,0 +1,59 @@
 use crate::infra::api::HostService;
 use anyhow::Result;
 use graphql_client::GraphQLQuery;
 use wasm_bindgen_futures::spawn_local;
 use yew::{UseStateHandle, use_effect_with_deps, use_state_eq};
 // Enum to represent a result that is fetched asynchronously.
 #[derive(Debug)]
 pub enum LoadableResult<T> {
    // The result is still being fetched
    Loading,
    // The async call is completed
    Loaded(Result<T>),
 }
 impl<T: PartialEq> PartialEq for LoadableResult<T> {
    fn eq(&self, other: &Self) -> bool {
        match (self, other) {
            (LoadableResult::Loading, LoadableResult::Loading) => true,
            (LoadableResult::Loaded(Ok(d1)), LoadableResult::Loaded(Ok(d2))) => d1.eq(d2),
            (LoadableResult::Loaded(Err(e1)), LoadableResult::Loaded(Err(e2))) => {
                e1.to_string().eq(&e2.to_string())
            }
            _ => false,
        }
    }
 }
 pub fn use_graphql_call<QueryType>(
    variables: QueryType::Variables,
 ) -> UseStateHandle<LoadableResult<QueryType::ResponseData>>
 where
    QueryType: GraphQLQuery + 'static,
    <QueryType as graphql_client::GraphQLQuery>::Variables: std::cmp::PartialEq + Clone,
    <QueryType as graphql_client::GraphQLQuery>::ResponseData: std::cmp::PartialEq,
 {
    let loadable_result: UseStateHandle<LoadableResult<QueryType::ResponseData>> =
        use_state_eq(|| LoadableResult::Loading);
    {
        let loadable_result = loadable_result.clone();
        use_effect_with_deps(
            move |variables| {
                let task = HostService::graphql_query::<QueryType>(
                    variables.clone(),
                    "Failed graphql query",
                );
                spawn_local(async move {
                    let response = task.await;
                    loadable_result.set(LoadableResult::Loaded(response));
                });
                || ()
            },
            variables,
        )
    }
    loadable_result.clone()
 }
--- a/app/src/infra/mod.rs
+++ b/app/src/infra/mod.rs
@@ -1,5 +1,10 @@
 pub mod api;
 pub mod attributes;
 pub mod common_component;
 pub mod cookies;
 pub mod form_utils;
 pub mod functional;
 pub mod graphql;
 pub mod modal;
 pub mod schema;
 pub mod tooltip;
--- a/app/src/infra/modal.rs
+++ b/app/src/infra/modal.rs
@@ -1,3 +1,5 @@
 #![allow(clippy::empty_docs)]
 use wasm_bindgen::prelude::*;
 #[wasm_bindgen]
--- a/app/src/infra/schema.rs
+++ b/app/src/infra/schema.rs
@@ -0,0 +1,42 @@
 use derive_more::Display;
 use serde::{Deserialize, Serialize};
 use strum::EnumString;
 use validator::ValidationError;
 #[derive(Serialize, Deserialize, Debug, Copy, Clone, PartialEq, Eq, Hash, EnumString, Display)]
 #[serde(rename_all = "SCREAMING_SNAKE_CASE")]
 #[strum(ascii_case_insensitive)]
 pub(crate) enum AttributeType {
    String,
    Integer,
    #[strum(serialize = "DATE_TIME", serialize = "DATETIME")]
    DateTime,
    #[strum(serialize = "JPEG_PHOTO", serialize = "JPEGPHOTO")]
    JpegPhoto,
 }
 pub fn validate_attribute_type(attribute_type: &str) -> Result<(), ValidationError> {
    AttributeType::try_from(attribute_type)
        .map_err(|_| ValidationError::new("Invalid attribute type"))?;
    Ok(())
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_deserialize_attribute_type() {
        let attr_type: AttributeType = "STRING".try_into().unwrap();
        assert_eq!(attr_type, AttributeType::String);
        let attr_type: AttributeType = "Integer".try_into().unwrap();
        assert_eq!(attr_type, AttributeType::Integer);
        let attr_type: AttributeType = "DATE_TIME".try_into().unwrap();
        assert_eq!(attr_type, AttributeType::DateTime);
        let attr_type: AttributeType = "JpegPhoto".try_into().unwrap();
        assert_eq!(attr_type, AttributeType::JpegPhoto);
    }
 }
--- a/app/src/infra/tooltip.rs
+++ b/app/src/infra/tooltip.rs
@@ -0,0 +1,12 @@
 #![allow(clippy::empty_docs)]
 use wasm_bindgen::prelude::*;
 #[wasm_bindgen]
 extern "C" {
    #[wasm_bindgen(js_namespace = bootstrap)]
    pub type Tooltip;
    #[wasm_bindgen(constructor, js_namespace = bootstrap)]
    pub fn new(e: web_sys::Element) -> Tooltip;
 }
--- a/app/src/lib.rs
+++ b/app/src/lib.rs
@@ -2,11 +2,12 @@
 #![forbid(non_ascii_idents)]
 #![allow(clippy::uninlined_format_args)]
 #![allow(clippy::let_unit_value)]
 #![allow(clippy::unnecessary_operation)] // Doesn't work well with the html macro.
 pub mod components;
 pub mod infra;
-use wasm_bindgen::prelude::{wasm_bindgen, JsValue};
+use wasm_bindgen::prelude::{JsValue, wasm_bindgen};
 #[wasm_bindgen]
 pub fn run_app() -> Result<(), JsValue> {
--- a/crates/access-control/Cargo.toml
+++ b/crates/access-control/Cargo.toml
@@ -0,0 +1,27 @@
 [package]
 name = "lldap_access_control"
 version = "0.1.0"
 description = "Access control wrappers for LLDAP"
 authors.workspace = true
 edition.workspace = true
 homepage.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
 [dependencies]
 tracing = "*"
 async-trait = "0.1"
 [dependencies.lldap_auth]
 path = "../auth"
 features = ["opaque_server", "opaque_client", "sea_orm"]
 [dependencies.lldap_domain]
 path = "../domain"
 [dependencies.lldap_domain_handlers]
 path = "../domain-handlers"
 [dependencies.lldap_domain_model]
 path = "../domain-model"
--- a/server/src/infra/access_control.rs
+++ b/server/src/infra/access_control.rs
@@ -1,75 +1,25 @@
 use std::collections::HashSet;
 use async_trait::async_trait;
-use tracing::info;
+use lldap_auth::access_control::{Permission, ValidationResults};
-
+use lldap_domain::{
-use crate::domain::{
+    public_schema::PublicSchema,
-    error::Result,
+    requests::{
-    handler::{
+        CreateAttributeRequest, CreateGroupRequest, CreateUserRequest, UpdateGroupRequest,
-        AttributeSchema, BackendHandler, CreateAttributeRequest, CreateGroupRequest,
+        UpdateUserRequest,
-        CreateUserRequest, GroupBackendHandler, GroupListerBackendHandler, GroupRequestFilter,
+    },
-        ReadSchemaBackendHandler, Schema, SchemaBackendHandler, UpdateGroupRequest,
+    schema::{AttributeSchema, Schema},
-        UpdateUserRequest, UserBackendHandler, UserListerBackendHandler, UserRequestFilter,
+    types::{
        AttributeName, Group, GroupDetails, GroupId, GroupName, LdapObjectClass, User,
        UserAndGroups, UserId,
    },
    schema::PublicSchema,
    types::{AttributeName, Group, GroupDetails, GroupId, GroupName, User, UserAndGroups, UserId},
 };
-
+use lldap_domain_handlers::handler::{
-#[derive(Clone, Copy, PartialEq, Eq, Debug)]
+    BackendHandler, GroupBackendHandler, GroupListerBackendHandler, GroupRequestFilter,
-pub enum Permission {
+    ReadSchemaBackendHandler, SchemaBackendHandler, UserBackendHandler, UserListerBackendHandler,
-    Admin,
+    UserRequestFilter,
-    PasswordManager,
+};
-    Readonly,
+use lldap_domain_model::error::Result;
-    Regular,
+use std::collections::HashSet;
-}
+use tracing::info;
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct ValidationResults {
    pub user: UserId,
    pub permission: Permission,
 }
 impl ValidationResults {
    #[cfg(test)]
    pub fn admin() -> Self {
        Self {
            user: UserId::new("admin"),
            permission: Permission::Admin,
        }
    }
    #[must_use]
    pub fn is_admin(&self) -> bool {
        self.permission == Permission::Admin
    }
    #[must_use]
    pub fn can_read_all(&self) -> bool {
        self.permission == Permission::Admin
            || self.permission == Permission::Readonly
            || self.permission == Permission::PasswordManager
    }
    #[must_use]
    pub fn can_read(&self, user: &UserId) -> bool {
        self.permission == Permission::Admin
            || self.permission == Permission::PasswordManager
            || self.permission == Permission::Readonly
            || &self.user == user
    }
    #[must_use]
    pub fn can_change_password(&self, user: &UserId, user_is_admin: bool) -> bool {
        self.permission == Permission::Admin
            || (self.permission == Permission::PasswordManager && !user_is_admin)
            || &self.user == user
    }
    #[must_use]
    pub fn can_write(&self, user: &UserId) -> bool {
        self.permission == Permission::Admin || &self.user == user
    }
 }
 #[async_trait]
 pub trait UserReadableBackendHandler: ReadSchemaBackendHandler {
@@ -112,6 +62,10 @@ pub trait AdminBackendHandler:
    async fn add_group_attribute(&self, request: CreateAttributeRequest) -> Result<()>;
    async fn delete_user_attribute(&self, name: &AttributeName) -> Result<()>;
    async fn delete_group_attribute(&self, name: &AttributeName) -> Result<()>;
    async fn add_user_object_class(&self, name: &LdapObjectClass) -> Result<()>;
    async fn add_group_object_class(&self, name: &LdapObjectClass) -> Result<()>;
    async fn delete_user_object_class(&self, name: &LdapObjectClass) -> Result<()>;
    async fn delete_group_object_class(&self, name: &LdapObjectClass) -> Result<()>;
 }
 #[async_trait]
@@ -187,6 +141,18 @@ impl<Handler: BackendHandler> AdminBackendHandler for Handler {
    async fn delete_group_attribute(&self, name: &AttributeName) -> Result<()> {
        <Handler as SchemaBackendHandler>::delete_group_attribute(self, name).await
    }
    async fn add_user_object_class(&self, name: &LdapObjectClass) -> Result<()> {
        <Handler as SchemaBackendHandler>::add_user_object_class(self, name).await
    }
    async fn add_group_object_class(&self, name: &LdapObjectClass) -> Result<()> {
        <Handler as SchemaBackendHandler>::add_group_object_class(self, name).await
    }
    async fn delete_user_object_class(&self, name: &LdapObjectClass) -> Result<()> {
        <Handler as SchemaBackendHandler>::delete_user_object_class(self, name).await
    }
    async fn delete_group_object_class(&self, name: &LdapObjectClass) -> Result<()> {
        <Handler as SchemaBackendHandler>::delete_group_object_class(self, name).await
    }
 }
 pub struct AccessControlledBackendHandler<Handler> {
@@ -212,17 +178,24 @@ impl<Handler: BackendHandler> AccessControlledBackendHandler<Handler> {
        Self { handler }
    }
    pub fn get_schema_only_handler(
        &self,
        _validation_result: &ValidationResults,
    ) -> Option<&impl ReadSchemaBackendHandler> {
        Some(&self.handler)
    }
    pub fn get_admin_handler(
        &self,
        validation_result: &ValidationResults,
-    ) -> Option<&impl AdminBackendHandler> {
+    ) -> Option<&(impl AdminBackendHandler + use<Handler>)> {
        validation_result.is_admin().then_some(&self.handler)
    }
    pub fn get_readonly_handler(
        &self,
        validation_result: &ValidationResults,
-    ) -> Option<&impl ReadonlyBackendHandler> {
+    ) -> Option<&(impl ReadonlyBackendHandler + use<Handler>)> {
        validation_result.can_read_all().then_some(&self.handler)
    }
@@ -230,7 +203,7 @@ impl<Handler: BackendHandler> AccessControlledBackendHandler<Handler> {
        &self,
        validation_result: &ValidationResults,
        user_id: &UserId,
-    ) -> Option<&impl UserWriteableBackendHandler> {
+    ) -> Option<&(impl UserWriteableBackendHandler + use<Handler>)> {
        validation_result
            .can_write(user_id)
            .then_some(&self.handler)
@@ -240,7 +213,7 @@ impl<Handler: BackendHandler> AccessControlledBackendHandler<Handler> {
        &self,
        validation_result: &ValidationResults,
        user_id: &UserId,
-    ) -> Option<&impl UserReadableBackendHandler> {
+    ) -> Option<&(impl UserReadableBackendHandler + use<Handler>)> {
        validation_result.can_read(user_id).then_some(&self.handler)
    }
@@ -291,12 +264,12 @@ impl<Handler: BackendHandler> AccessControlledBackendHandler<Handler> {
 pub struct UserRestrictedListerBackendHandler<'a, Handler> {
    handler: &'a Handler,
-    pub user_filter: Option<UserId>,
+    user_filter: Option<UserId>,
 }
 #[async_trait]
-impl<'a, Handler: ReadSchemaBackendHandler + Sync> ReadSchemaBackendHandler
+impl<Handler: ReadSchemaBackendHandler + Sync> ReadSchemaBackendHandler
-    for UserRestrictedListerBackendHandler<'a, Handler>
+    for UserRestrictedListerBackendHandler<'_, Handler>
 {
    async fn get_schema(&self) -> Result<Schema> {
        let mut schema = self.handler.get_schema().await?;
@@ -312,8 +285,8 @@ impl<'a, Handler: ReadSchemaBackendHandler + Sync> ReadSchemaBackendHandler
 }
 #[async_trait]
-impl<'a, Handler: UserListerBackendHandler + Sync> UserListerBackendHandler
+impl<Handler: UserListerBackendHandler + Sync> UserListerBackendHandler
-    for UserRestrictedListerBackendHandler<'a, Handler>
+    for UserRestrictedListerBackendHandler<'_, Handler>
 {
    async fn list_users(
        &self,
@@ -335,8 +308,8 @@ impl<'a, Handler: UserListerBackendHandler + Sync> UserListerBackendHandler
 }
 #[async_trait]
-impl<'a, Handler: GroupListerBackendHandler + Sync> GroupListerBackendHandler
+impl<Handler: GroupListerBackendHandler + Sync> GroupListerBackendHandler
-    for UserRestrictedListerBackendHandler<'a, Handler>
+    for UserRestrictedListerBackendHandler<'_, Handler>
 {
    async fn list_groups(&self, filters: Option<GroupRequestFilter>) -> Result<Vec<Group>> {
        let group_filter = self
@@ -357,10 +330,14 @@ impl<'a, Handler: GroupListerBackendHandler + Sync> GroupListerBackendHandler
 pub trait UserAndGroupListerBackendHandler:
    UserListerBackendHandler + GroupListerBackendHandler
 {
    fn user_filter(&self) -> &Option<UserId>;
 }
 #[async_trait]
-impl<'a, Handler: GroupListerBackendHandler + UserListerBackendHandler + Sync>
+impl<Handler: GroupListerBackendHandler + UserListerBackendHandler + Sync>
-    UserAndGroupListerBackendHandler for UserRestrictedListerBackendHandler<'a, Handler>
+    UserAndGroupListerBackendHandler for UserRestrictedListerBackendHandler<'_, Handler>
 {
    fn user_filter(&self) -> &Option<UserId> {
        &self.user_filter
    }
 }
--- a/crates/auth/Cargo.toml
+++ b/crates/auth/Cargo.toml
@@ -1,12 +1,13 @@
 [package]
 authors = ["Valentin Tolmer <valentin@tolmer.fr>"]
 description = "Authentication protocol for LLDAP"
 edition = "2021"
 homepage = "https://github.com/lldap/lldap"
 license = "GPL-3.0-only"
 name = "lldap_auth"
-repository = "https://github.com/lldap/lldap"
+version = "0.6.0"
-version = "0.4.0"
+description = "Authentication protocol for LLDAP"
 edition.workspace = true
 authors.workspace = true
 homepage.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
 [features]
 default = ["opaque_server", "opaque_client"]
@@ -14,30 +15,38 @@ opaque_server = []
 opaque_client = []
 js = []
 sea_orm = ["dep:sea-orm"]
 test = []
 [dependencies]
-rust-argon2 = "0.8"
+rust-argon2 = "2"
 curve25519-dalek = "3"
 digest = "0.9"
 generic-array = "0.14"
 rand = "0.8"
 serde = "*"
 sha2 = "0.9"
-thiserror = "*"
+thiserror = "2"
 uuid = { version = "1.18.1", features = ["serde"] }
 [dependencies.derive_more]
 features = ["debug", "display"]
 default-features = false
 version = "1"
 [dependencies.opaque-ke]
-version = "0.6"
+version = "0.7"
 [dependencies.chrono]
 version = "*"
-features = [ "serde" ]
+features = ["serde"]
 [dependencies.sea-orm]
-version= "0.12"
+workspace = true
 default-features = false
 features = ["macros"]
 optional = true
 [dependencies.serde]
 workspace = true
 # For WASM targets, use the JS getrandom.
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies.getrandom]
 version = "0.2"
--- a/crates/auth/src/access_control.rs
+++ b/crates/auth/src/access_control.rs
@@ -0,0 +1,58 @@
 use crate::types::UserId;
 use serde::{Deserialize, Serialize};
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Serialize, Deserialize)]
 pub enum Permission {
    Admin,
    PasswordManager,
    Readonly,
    Regular,
 }
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct ValidationResults {
    pub user: UserId,
    pub permission: Permission,
 }
 impl ValidationResults {
    #[cfg(feature = "test")]
    pub fn admin() -> Self {
        Self {
            user: UserId::new("admin"),
            permission: Permission::Admin,
        }
    }
    #[must_use]
    pub fn is_admin(&self) -> bool {
        self.permission == Permission::Admin
    }
    #[must_use]
    pub fn can_read_all(&self) -> bool {
        self.permission == Permission::Admin
            || self.permission == Permission::Readonly
            || self.permission == Permission::PasswordManager
    }
    #[must_use]
    pub fn can_read(&self, user: &UserId) -> bool {
        self.permission == Permission::Admin
            || self.permission == Permission::PasswordManager
            || self.permission == Permission::Readonly
            || &self.user == user
    }
    #[must_use]
    pub fn can_change_password(&self, user: &UserId, user_is_admin: bool) -> bool {
        self.permission == Permission::Admin
            || (self.permission == Permission::PasswordManager && !user_is_admin)
            || &self.user == user
    }
    #[must_use]
    pub fn can_write(&self, user: &UserId) -> bool {
        self.permission == Permission::Admin || &self.user == user
    }
 }
--- a/crates/auth/src/lib.rs
+++ b/crates/auth/src/lib.rs
@@ -4,7 +4,9 @@ use chrono::prelude::*;
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
 use std::fmt;
 use uuid::Uuid;
 pub mod access_control;
 pub mod opaque;
 /// The messages for the 3-step OPAQUE and simple login process.
@@ -108,7 +110,7 @@ pub mod types {
    use serde::{Deserialize, Serialize};
    #[cfg(feature = "sea_orm")]
-    use sea_orm::{DbErr, DeriveValueType, QueryResult, TryFromU64, Value};
+    use sea_orm::{DbErr, DeriveValueType, TryFromU64, Value};
    #[derive(
        PartialEq, Eq, PartialOrd, Ord, Clone, Debug, Default, Hash, Serialize, Deserialize,
@@ -151,10 +153,22 @@ pub mod types {
    }
    #[derive(
-        PartialEq, Eq, PartialOrd, Ord, Clone, Debug, Default, Hash, Serialize, Deserialize,
+        PartialEq,
        Eq,
        PartialOrd,
        Ord,
        Clone,
        Default,
        Hash,
        Serialize,
        Deserialize,
        derive_more::Debug,
        derive_more::Display,
    )]
    #[cfg_attr(feature = "sea_orm", derive(DeriveValueType))]
    #[serde(from = "CaseInsensitiveString")]
    #[debug(r#""{}""#, _0.as_str())]
    #[display("{}", _0.as_str())]
    pub struct UserId(CaseInsensitiveString);
    impl UserId {
@@ -176,11 +190,6 @@ pub mod types {
            Self(s.into())
        }
    }
    impl std::fmt::Display for UserId {
        fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
            write!(f, "{}", self.0.as_str())
        }
    }
    #[cfg(feature = "sea_orm")]
    impl From<&UserId> for Value {
@@ -200,8 +209,11 @@ pub mod types {
 #[derive(Clone, Serialize, Deserialize)]
 pub struct JWTClaims {
    #[serde(with = "chrono::serde::ts_seconds")]
    pub exp: DateTime<Utc>,
    #[serde(with = "chrono::serde::ts_seconds")]
    pub iat: DateTime<Utc>,
    pub jti: Uuid,
    pub user: String,
    pub groups: HashSet<String>,
 }
--- a/crates/auth/src/opaque.rs
+++ b/crates/auth/src/opaque.rs
@@ -32,7 +32,6 @@ impl ArgonHasher {
        lanes: 1,
        mem_cost: 50 * 1024, // 50 MB, in KB
        secret: &[],
        thread_mode: argon2::ThreadMode::Sequential,
        time_cost: 1,
        variant: argon2::Variant::Argon2id,
        version: argon2::Version::Version13,
@@ -133,6 +132,12 @@ pub mod server {
    pub use super::*;
    pub type ServerRegistration = opaque_ke::ServerRegistration<DefaultSuite>;
    pub type ServerSetup = opaque_ke::ServerSetup<DefaultSuite>;
    pub fn generate_random_private_key() -> ServerSetup {
        let mut rng = rand::rngs::OsRng;
        ServerSetup::new(&mut rng)
    }
    /// Methods to register a new user, from the server side.
    pub mod registration {
        pub use super::*;
--- a/crates/domain-handlers/Cargo.toml
+++ b/crates/domain-handlers/Cargo.toml
@@ -0,0 +1,47 @@
 [package]
 name = "lldap_domain_handlers"
 version = "0.1.0"
 edition.workspace = true
 authors.workspace = true
 homepage.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
 [features]
 test = []
 [dependencies]
 async-trait = "0.1"
 base64 = "0.21"
 ldap3_proto = "0.6.0"
 serde_bytes = "0.11"
 [dev-dependencies]
 pretty_assertions = "1"
 [dependencies.chrono]
 features = ["serde"]
 version = "0.4"
 [dependencies.derive_more]
 features = ["debug", "display", "from", "from_str"]
 default-features = false
 version = "1"
 [dependencies.lldap_auth]
 path = "../auth"
 features = ["opaque_server", "opaque_client", "sea_orm"]
 [dependencies.lldap_domain]
 path = "../domain"
 [dependencies.lldap_domain_model]
 path = "../domain-model"
 [dependencies.serde]
 workspace = true
 [dependencies.uuid]
 features = ["v1", "v3"]
 version = "1"
--- a/crates/domain-handlers/src/handler.rs
+++ b/crates/domain-handlers/src/handler.rs
@@ -1,11 +1,17 @@
-use crate::domain::{
+use async_trait::async_trait;
-    error::Result,
+use ldap3_proto::proto::LdapSubstringFilter;
 use lldap_domain::{
    requests::{
        CreateAttributeRequest, CreateGroupRequest, CreateUserRequest, UpdateGroupRequest,
        UpdateUserRequest,
    },
    schema::Schema,
    types::{
-        AttributeName, AttributeType, AttributeValue, Email, Group, GroupDetails, GroupId,
+        AttributeName, AttributeValue, Group, GroupDetails, GroupId, GroupName, LdapObjectClass,
-        GroupName, JpegPhoto, Serialized, User, UserAndGroups, UserColumn, UserId, Uuid,
+        User, UserAndGroups, UserId, Uuid,
    },
 };
-use async_trait::async_trait;
+use lldap_domain_model::{error::Result, model::UserColumn};
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
@@ -46,34 +52,51 @@ impl SubStringFilter {
    }
 }
 impl From<LdapSubstringFilter> for SubStringFilter {
    fn from(
        LdapSubstringFilter {
            initial,
            any,
            final_,
        }: LdapSubstringFilter,
    ) -> Self {
        Self {
            initial,
            any,
            final_,
        }
    }
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
 pub enum UserRequestFilter {
    True,
    False,
    And(Vec<UserRequestFilter>),
    Or(Vec<UserRequestFilter>),
    Not(Box<UserRequestFilter>),
    UserId(UserId),
    UserIdSubString(SubStringFilter),
    Equality(UserColumn, String),
-    AttributeEquality(AttributeName, Serialized),
+    AttributeEquality(AttributeName, AttributeValue),
    SubString(UserColumn, SubStringFilter),
    // Check if a user belongs to a group identified by name.
    MemberOf(GroupName),
    // Same, by id.
    MemberOfId(GroupId),
    CustomAttributePresent(AttributeName),
 }
 impl From<bool> for UserRequestFilter {
    fn from(val: bool) -> Self {
-        if val {
+        if val { Self::True } else { Self::False }
            Self::And(vec![])
        } else {
            Self::Not(Box::new(Self::And(vec![])))
        }
    }
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
 pub enum GroupRequestFilter {
    True,
    False,
    And(Vec<GroupRequestFilter>),
    Or(Vec<GroupRequestFilter>),
    Not(Box<GroupRequestFilter>),
@@ -83,100 +106,16 @@ pub enum GroupRequestFilter {
    GroupId(GroupId),
    // Check if the group contains a user identified by uid.
    Member(UserId),
-    AttributeEquality(AttributeName, Serialized),
+    AttributeEquality(AttributeName, AttributeValue),
    CustomAttributePresent(AttributeName),
 }
 impl From<bool> for GroupRequestFilter {
    fn from(val: bool) -> Self {
-        if val {
+        if val { Self::True } else { Self::False }
            Self::And(vec![])
        } else {
            Self::Not(Box::new(Self::And(vec![])))
        }
    }
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone, Default)]
 pub struct CreateUserRequest {
    // Same fields as User, but no creation_date, and with password.
    pub user_id: UserId,
    pub email: Email,
    pub display_name: Option<String>,
    pub first_name: Option<String>,
    pub last_name: Option<String>,
    pub avatar: Option<JpegPhoto>,
    pub attributes: Vec<AttributeValue>,
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone, Default)]
 pub struct UpdateUserRequest {
    // Same fields as CreateUserRequest, but no with an extra layer of Option.
    pub user_id: UserId,
    pub email: Option<Email>,
    pub display_name: Option<String>,
    pub first_name: Option<String>,
    pub last_name: Option<String>,
    pub avatar: Option<JpegPhoto>,
    pub delete_attributes: Vec<AttributeName>,
    pub insert_attributes: Vec<AttributeValue>,
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone, Default)]
 pub struct CreateGroupRequest {
    pub display_name: GroupName,
    pub attributes: Vec<AttributeValue>,
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
 pub struct UpdateGroupRequest {
    pub group_id: GroupId,
    pub display_name: Option<GroupName>,
    pub delete_attributes: Vec<AttributeName>,
    pub insert_attributes: Vec<AttributeValue>,
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
 pub struct AttributeSchema {
    pub name: AttributeName,
    //TODO: pub aliases: Vec<String>,
    pub attribute_type: AttributeType,
    pub is_list: bool,
    pub is_visible: bool,
    pub is_editable: bool,
    pub is_hardcoded: bool,
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
 pub struct CreateAttributeRequest {
    pub name: AttributeName,
    pub attribute_type: AttributeType,
    pub is_list: bool,
    pub is_visible: bool,
    pub is_editable: bool,
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
 pub struct AttributeList {
    pub attributes: Vec<AttributeSchema>,
 }
 impl AttributeList {
    pub fn get_attribute_schema(&self, name: &AttributeName) -> Option<&AttributeSchema> {
        self.attributes.iter().find(|a| a.name == *name)
    }
    pub fn get_attribute_type(&self, name: &AttributeName) -> Option<(AttributeType, bool)> {
        self.get_attribute_schema(name)
            .map(|a| (a.attribute_type, a.is_list))
    }
 }
 #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
 pub struct Schema {
    pub user_attributes: AttributeList,
    pub group_attributes: AttributeList,
 }
 #[async_trait]
 pub trait LoginHandler: Send + Sync {
    async fn bind(&self, request: BindRequest) -> Result<()>;
@@ -227,6 +166,11 @@ pub trait SchemaBackendHandler: ReadSchemaBackendHandler {
    // Note: It's up to the caller to make sure that the attribute is not hardcoded.
    async fn delete_user_attribute(&self, name: &AttributeName) -> Result<()>;
    async fn delete_group_attribute(&self, name: &AttributeName) -> Result<()>;
    async fn add_user_object_class(&self, name: &LdapObjectClass) -> Result<()>;
    async fn add_group_object_class(&self, name: &LdapObjectClass) -> Result<()>;
    async fn delete_user_object_class(&self, name: &LdapObjectClass) -> Result<()>;
    async fn delete_group_object_class(&self, name: &LdapObjectClass) -> Result<()>;
 }
 #[async_trait]
@@ -246,6 +190,7 @@ pub trait BackendHandler:
 mod tests {
    use super::*;
    use base64::Engine;
    use lldap_domain::types::JpegPhoto;
    use pretty_assertions::assert_ne;
    #[test]
--- a/crates/domain-handlers/src/lib.rs
+++ b/crates/domain-handlers/src/lib.rs
@@ -0,0 +1 @@
 pub mod handler;
--- a/crates/domain-model/Cargo.toml
+++ b/crates/domain-model/Cargo.toml
@@ -0,0 +1,49 @@
 [package]
 name = "lldap_domain_model"
 version = "0.1.0"
 edition.workspace = true
 authors.workspace = true
 homepage.workspace = true
 license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
 [features]
 test = []
 [dependencies]
 base64 = "0.21"
 bincode = "1.3"
 orion = "0.17"
 serde_bytes = "0.11"
 thiserror = "2"
 [dev-dependencies]
 pretty_assertions = "1"
 [dependencies.chrono]
 features = ["serde"]
 version = "0.4"
 [dependencies.derive_more]
 features = ["debug", "display", "from", "from_str"]
 default-features = false
 version = "1"
 [dependencies.lldap_auth]
 path = "../auth"
 features = ["opaque_server", "opaque_client", "sea_orm"]
 [dependencies.lldap_domain]
 path = "../domain"
 [dependencies.sea-orm]
 workspace = true
 features = ["macros"]
 [dependencies.serde]
 workspace = true
 [dependencies.uuid]
 features = ["v1", "v3"]
 version = "1"
--- a/crates/domain-model/src/error.rs
+++ b/crates/domain-model/src/error.rs
@@ -3,7 +3,7 @@ use thiserror::Error;
 #[allow(clippy::enum_variant_names)]
 #[derive(Error, Debug)]
 pub enum DomainError {
-    #[error("Authentication error: `{0}`")]
+    #[error("Authentication error {0}")]
    AuthenticationError(String),
    #[error("Database error: `{0}`")]
    DatabaseError(#[from] sea_orm::DbErr),
--- a/crates/domain-model/src/lib.rs
+++ b/crates/domain-model/src/lib.rs
@@ -0,0 +1,2 @@
 pub mod error;
 pub mod model;
--- a/crates/domain-model/src/model/deserialize.rs
+++ b/crates/domain-model/src/model/deserialize.rs
@@ -0,0 +1,57 @@
 use crate::error::DomainError;
 use lldap_domain::{
    schema::AttributeList,
    types::{Attribute, AttributeName, AttributeType, AttributeValue, Cardinality, Serialized},
 };
 // Value must be a serialized attribute value of the type denoted by typ,
 // and either a singleton or unbounded list, depending on is_list.
 pub fn deserialize_attribute_value(
    value: &Serialized,
    typ: AttributeType,
    is_list: bool,
 ) -> AttributeValue {
    match (typ, is_list) {
        (AttributeType::String, false) => {
            AttributeValue::String(Cardinality::Singleton(value.unwrap()))
        }
        (AttributeType::String, true) => {
            AttributeValue::String(Cardinality::Unbounded(value.unwrap()))
        }
        (AttributeType::Integer, false) => {
            AttributeValue::Integer(Cardinality::Singleton(value.unwrap::<i64>()))
        }
        (AttributeType::Integer, true) => {
            AttributeValue::Integer(Cardinality::Unbounded(value.unwrap()))
        }
        (AttributeType::DateTime, false) => {
            AttributeValue::DateTime(Cardinality::Singleton(value.unwrap()))
        }
        (AttributeType::DateTime, true) => {
            AttributeValue::DateTime(Cardinality::Unbounded(value.unwrap()))
        }
        (AttributeType::JpegPhoto, false) => {
            AttributeValue::JpegPhoto(Cardinality::Singleton(value.unwrap()))
        }
        (AttributeType::JpegPhoto, true) => {
            AttributeValue::JpegPhoto(Cardinality::Unbounded(value.unwrap()))
        }
    }
 }
 pub fn deserialize_attribute(
    name: AttributeName,
    value: &Serialized,
    schema: &AttributeList,
 ) -> Result<Attribute, DomainError> {
    match schema.get_attribute_type(&name) {
        Some((typ, is_list)) => Ok(Attribute {
            name,
            value: deserialize_attribute_value(value, typ, is_list),
        }),
        None => Err(DomainError::InternalError(format!(
            "Unable to find schema for attribute named '{}'",
            name.into_string()
        ))),
    }
 }
--- a/crates/domain-model/src/model/group_attribute_schema.rs
+++ b/crates/domain-model/src/model/group_attribute_schema.rs
@@ -1,8 +1,8 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
-use crate::domain::{
+use lldap_domain::{
-    handler::AttributeSchema,
+    schema::AttributeSchema,
    types::{AttributeName, AttributeType},
 };
@@ -50,6 +50,7 @@ impl From<Model> for AttributeSchema {
            is_visible: value.is_group_visible,
            is_editable: value.is_group_editable,
            is_hardcoded: value.is_hardcoded,
            is_readonly: false,
        }
    }
 }
--- a/crates/domain-model/src/model/group_attributes.rs
+++ b/crates/domain-model/src/model/group_attributes.rs
@@ -1,7 +1,7 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
-use crate::domain::types::{AttributeName, AttributeValue, GroupId, Serialized};
+use lldap_domain::types::{AttributeName, GroupId, Serialized};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "group_attributes")]
@@ -55,18 +55,3 @@ impl Related<super::GroupAttributeSchema> for Entity {
 }
 impl ActiveModelBehavior for ActiveModel {}
 impl From<Model> for AttributeValue {
    fn from(
        Model {
            group_id: _,
            attribute_name,
            value,
        }: Model,
    ) -> Self {
        Self {
            name: attribute_name,
            value,
        }
    }
 }
--- a/crates/domain-model/src/model/group_object_classes.rs
+++ b/crates/domain-model/src/model/group_object_classes.rs
@@ -0,0 +1,23 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
 use lldap_domain::types::LdapObjectClass;
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "group_object_classes")]
 pub struct Model {
    #[sea_orm(primary_key, auto_increment = false)]
    pub lower_object_class: String,
    pub object_class: LdapObjectClass,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
 pub enum Relation {}
 impl ActiveModelBehavior for ActiveModel {}
 impl From<Model> for LdapObjectClass {
    fn from(value: Model) -> Self {
        value.object_class
    }
 }
--- a/crates/domain-model/src/model/groups.rs
+++ b/crates/domain-model/src/model/groups.rs
@@ -3,7 +3,7 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
-use crate::domain::types::{GroupId, GroupName, Uuid};
+use lldap_domain::types::{GroupId, GroupName, Uuid};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "groups")]
@@ -14,6 +14,7 @@ pub struct Model {
    pub lowercase_display_name: String,
    pub creation_date: chrono::NaiveDateTime,
    pub uuid: Uuid,
    pub modified_date: chrono::NaiveDateTime,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
@@ -30,7 +31,7 @@ impl Related<super::memberships::Entity> for Entity {
 impl ActiveModelBehavior for ActiveModel {}
-impl From<Model> for crate::domain::types::Group {
+impl From<Model> for lldap_domain::types::Group {
    fn from(group: Model) -> Self {
        Self {
            id: group.group_id,
@@ -39,11 +40,12 @@ impl From<Model> for crate::domain::types::Group {
            uuid: group.uuid,
            users: vec![],
            attributes: Vec::new(),
            modified_date: group.modified_date,
        }
    }
 }
-impl From<Model> for crate::domain::types::GroupDetails {
+impl From<Model> for lldap_domain::types::GroupDetails {
    fn from(group: Model) -> Self {
        Self {
            group_id: group.group_id,
@@ -51,6 +53,7 @@ impl From<Model> for crate::domain::types::GroupDetails {
            creation_date: group.creation_date,
            uuid: group.uuid,
            attributes: Vec::new(),
            modified_date: group.modified_date,
        }
    }
 }
--- a/crates/domain-model/src/model/jwt_refresh_storage.rs
+++ b/crates/domain-model/src/model/jwt_refresh_storage.rs
@@ -3,7 +3,7 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
-use crate::domain::types::UserId;
+use lldap_domain::types::UserId;
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "jwt_refresh_storage")]
--- a/crates/domain-model/src/model/jwt_storage.rs
+++ b/crates/domain-model/src/model/jwt_storage.rs
@@ -3,7 +3,7 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
-use crate::domain::types::UserId;
+use lldap_domain::types::UserId;
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "jwt_storage")]
--- a/crates/domain-model/src/model/memberships.rs
+++ b/crates/domain-model/src/model/memberships.rs
@@ -3,7 +3,7 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
-use crate::domain::types::{GroupId, UserId};
+use lldap_domain::types::{GroupId, UserId};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "memberships")]
--- a/crates/domain-model/src/model/mod.rs
+++ b/crates/domain-model/src/model/mod.rs
@@ -1,7 +1,6 @@
 //! `SeaORM` Entity. Generated by sea-orm-codegen 0.10.3
 pub mod prelude;
 pub mod deserialize;
 pub mod groups;
 pub mod jwt_refresh_storage;
 pub mod jwt_storage;
@@ -11,8 +10,10 @@ pub mod users;
 pub mod user_attribute_schema;
 pub mod user_attributes;
 pub mod user_object_classes;
 pub mod group_attribute_schema;
 pub mod group_attributes;
 pub mod group_object_classes;
 pub use prelude::*;
--- a/crates/domain-model/src/model/password_reset_tokens.rs
+++ b/crates/domain-model/src/model/password_reset_tokens.rs
@@ -3,7 +3,7 @@
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
-use crate::domain::types::UserId;
+use lldap_domain::types::UserId;
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "password_reset_tokens")]
--- a/Show More
+++ b/Show More