chore: update upload-artifact from v6 to v7 for compatibility with download-artifact v8

Co-authored-by: nitnelave <796633+nitnelave@users.noreply.github.com>

.github/workflows/docker-build-static.yml

@@ -106,7 +106,7 @@ jobs:
           restore-keys: |
             lldap-ui-
       - name: Install wasm-pack with cargo
-        run: cargo install --locked wasm-pack || true
+        run: cargo install wasm-pack || true
         env:
           RUSTFLAGS: ""
       - name: Build frontend
@@ -520,7 +520,7 @@ jobs:
           path: web
 
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v4
+        uses: docker/setup-qemu-action@v3
       - name: Setup buildx
         uses: docker/setup-buildx-action@v3
         with:

CHANGELOG.md

@@ -5,55 +5,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.6.3] 2026-05-01
-
-Small release, focused on LDAP compatibility, TLS maintenance, dependency upgrades and documentation/examples.
-
-### Added
-
- - LDAP schema definitions for `memberOf`, `modifyTimestamp` and `pwdChangedTime`
- - Support for configuring the healthcheck listen addresses
- - Usernames are now included in password recovery emails
-
-### Changed
-
- - JWT `exp` and `iat` claims are now serialized as NumericDate values to comply with RFC7519
- - Migrated to `rustls` 0.23 and centralized TLS handling
- - The login form no longer enforces a password length limit
-
-### Fixed
-
- - `pwdChangedTime` is now emitted as LDAP GeneralizedTime instead of RFC3339
- - LDAP base-scope searches for non-existent entries now return `NoSuchObject`
- - `cn` equality filters are now case insensitive
- - The server now shuts down the database connection pool gracefully
- - The bootstrap script now handles empty globs correctly
-
-### Security
-
- - Updated the LDAP dependency stack, including `ldap3_proto`, in response to
-   security advisory
-   [`GHSA-qcxq-75wr-5cm8`](https://github.com/kanidm/ldap3/security/advisories/GHSA-qcxq-75wr-5cm8),
-   where a specially crafted LDAP query could make the server use unbounded RAM
-
-### Cleanups
-
- - Split GraphQL queries and mutations into smaller modules
- - Refactored configuration and user update logic
- - Upgraded the Rust toolchain and shared dependencies
-
-### New services
-
- - Apache WebDAV
- - Continuwuity
- - Gerrit
- - Gogs
- - Open WebUI
- - OpenCloud
- - Pocket ID
- - Semaphore
- - TrueNAS
-
 ## [0.6.2] 2025-07-21
 
 Small release, focused on LDAP improvements and ongoing maintenance.

Cargo.toml

@@ -24,122 +24,9 @@ lto = true
 [profile.release.package.lldap_app]
 opt-level = 's'
 
-[workspace.dependencies.anyhow]
-version = "1"
-
-[workspace.dependencies.async-trait]
-version = "0.1"
-
-[workspace.dependencies.base64]
-version = "0.22"
-
-[workspace.dependencies.bincode]
-version = "1"
-
-[workspace.dependencies.chrono]
-version = "0.4"
-features = ["serde", "wasmbind"]
-
-[workspace.dependencies.clap]
-version = "4"
-features = ["std", "color", "suggestions", "derive", "env"]
-
-[workspace.dependencies.derive_more]
-version = "2"
-default-features = false
-features = ["debug", "display", "from", "from_str"]
-
-[workspace.dependencies.graphql_client]
-version = "0.11"
-default-features = false
-features = ["graphql_query_derive"]
-
-[workspace.dependencies.image]
-version = "0.25"
-default-features = false
-features = ["jpeg"]
-
-[workspace.dependencies.itertools]
-version = "0.14"
-
-[workspace.dependencies.juniper]
-version = "0.17"
-default-features = false
-features = ["chrono", "schema-language", "url", "uuid"]
-
-[workspace.dependencies.ldap3]
-version = "0"
-default-features = false
-features = ["sync", "tls-rustls-ring"]
-
-[workspace.dependencies.ldap3_proto]
-version = "0.7"
-
-[workspace.dependencies.jwt]
-version = "0.16"
-
-[workspace.dependencies.log]
-version = "0"
-
-[workspace.dependencies.mockall]
-version = "0.14"
-
-[workspace.dependencies.opaque-ke]
-version = "0.7"
-
-[workspace.dependencies.orion]
-version = "0.17"
-
-[workspace.dependencies.pretty_assertions]
-version = "1"
-
-[workspace.dependencies.rand]
-version = "0.8"
-features = ["small_rng", "getrandom"]
-
-[workspace.dependencies.reqwest]
-version = "0.11"
-default-features = false
-
 [workspace.dependencies.sea-orm]
 version = "1.1.8"
 default-features = false
-features = ["macros", "with-chrono", "with-uuid", "sqlx-all", "runtime-actix-rustls"]
-
-[workspace.dependencies.secstr]
-version = "0"
-features = ["serde"]
 
 [workspace.dependencies.serde]
 version = "1"
-
-[workspace.dependencies.serde_bytes]
-version = "0.11"
-
-[workspace.dependencies.serde_json]
-version = "1"
-
-[workspace.dependencies.strum]
-version = "0.28"
-features = ["derive"]
-
-[workspace.dependencies.thiserror]
-version = "2"
-
-[workspace.dependencies.tokio]
-version = "1"
-features = ["full"]
-
-[workspace.dependencies.tracing]
-version = "0"
-
-[workspace.dependencies.tracing-subscriber]
-version = "0.3"
-features = ["env-filter", "tracing-log"]
-
-[workspace.dependencies.urlencoding]
-version = "2"
-
-[workspace.dependencies.uuid]
-version = "1.18.1"
-features = ["js", "serde", "v1", "v3", "v4"]

app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_app"
-version = "0.6.3"
+version = "0.6.2"
 description = "Frontend for LLDAP"
 edition.workspace = true
 include = ["src/**/*", "queries/**/*", "Cargo.toml", "../schema.graphql"]
@@ -11,33 +11,27 @@ repository.workspace = true
 rust-version.workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-chrono = { workspace = true }
-derive_more = { workspace = true }
-gloo-console = "0.4"
-gloo-file = "0.4"
-gloo-net = "0.7"
-graphql_client = { workspace = true }
-image = { workspace = true }
-jwt = { workspace = true }
-rand = { workspace = true }
-serde = { workspace = true }
-serde_json = { workspace = true }
-strum = { workspace = true }
+anyhow = "1"
+base64 = "0.13"
+gloo-console = "0.2.3"
+gloo-file = "0.2.3"
+gloo-net = "*"
+graphql_client = "0.10"
+http = "0.2"
+jwt = "0.13"
+rand = "0.8"
+serde_json = "1"
 url-escape = "0.1.1"
 validator = "0.14"
 validator_derive = "0.14"
 wasm-bindgen = "0.2.100"
-wasm-bindgen-futures = "0"
+wasm-bindgen-futures = "*"
 yew = "0.19.3"
 yew-router = "0.16"
 
 # Needed because of https://github.com/tkaitchuck/aHash/issues/95
 indexmap = "=1.6.2"
 
-base64 = { workspace = true }
-
-
 [dependencies.web-sys]
 version = "0.3"
 features = [
@@ -56,6 +50,17 @@ features = [
   "console",
 ]
 
+[dependencies.chrono]
+version = "*"
+features = [
+  "wasmbind"
+]
+
+[dependencies.derive_more]
+features = ["debug", "display", "from", "from_str"]
+default-features = false
+version = "1"
+
 [dependencies.lldap_auth]
 path = "../crates/auth"
 features = [ "opaque_client" ]
@@ -66,6 +71,18 @@ path = "../crates/frontend-options"
 [dependencies.lldap_validation]
 path = "../crates/validation"
 
+[dependencies.image]
+features = ["jpeg"]
+default-features = false
+version = "0.24"
+
+[dependencies.serde]
+workspace = true
+
+[dependencies.strum]
+features = ["derive"]
+version = "0.25"
+
 [dependencies.yew_form]
 git = "https://github.com/jfbilodeau/yew_form"
 rev = "4b9fabffb63393ec7626a4477fd36de12a07fac9"

app/src/components/create_group.rs

@@ -112,7 +112,7 @@ impl CommonComponent<CreateGroupForm> for CreateGroupForm {
                 let model = self.form.model();
                 let req = create_group::Variables {
                     group: create_group::CreateGroupInput {
-                        display_name: model.groupname,
+                        displayName: model.groupname,
                         attributes,
                     },
                 };

app/src/components/create_user.rs

@@ -143,9 +143,9 @@ impl CommonComponent<CreateUserForm> for CreateUserForm {
                     user: create_user::CreateUserInput {
                         id: model.username,
                         email: None,
-                        display_name: None,
-                        first_name: None,
-                        last_name: None,
+                        displayName: None,
+                        firstName: None,
+                        lastName: None,
                         avatar: None,
                         attributes,
                     },

app/src/components/form/file_input.rs

@@ -1,7 +1,6 @@
 use std::{fmt::Display, str::FromStr};
 
 use anyhow::{Error, Ok, Result, bail};
-use base64::Engine;
 use gloo_file::{
     File,
     callbacks::{FileReader, read_as_bytes},
@@ -55,12 +54,12 @@ fn to_base64(file: &JsFile) -> Result<String> {
             if !is_valid_jpeg(data.as_slice()) {
                 bail!("Chosen image is not a valid JPEG");
             }
-            Ok(base64::engine::general_purpose::STANDARD.encode(data))
+            Ok(base64::encode(data))
         }
         JsFile {
             file: None,
             contents: Some(data),
-        } => Ok(base64::engine::general_purpose::STANDARD.encode(data)),
+        } => Ok(base64::encode(data)),
     }
 }
 
@@ -99,7 +98,7 @@ impl Component for JpegFileInput {
                     .props()
                     .value
                     .as_ref()
-                    .and_then(|x| base64::engine::general_purpose::STANDARD.decode(x).ok()),
+                    .and_then(|x| base64::decode(x).ok()),
             }),
             reader: None,
         }
@@ -112,7 +111,7 @@ impl Component for JpegFileInput {
                 .props()
                 .value
                 .as_ref()
-                .and_then(|x| base64::engine::general_purpose::STANDARD.decode(x).ok()),
+                .and_then(|x| base64::decode(x).ok()),
         });
         self.reader = None;
         true
@@ -231,7 +230,7 @@ impl JpegFileInput {
 }
 
 fn is_valid_jpeg(bytes: &[u8]) -> bool {
-    image::ImageReader::with_format(std::io::Cursor::new(bytes), image::ImageFormat::Jpeg)
+    image::io::Reader::with_format(std::io::Cursor::new(bytes), image::ImageFormat::Jpeg)
         .decode()
         .is_ok()
 }

app/src/components/group_details_form.rs

@@ -248,13 +248,13 @@ impl GroupDetailsForm {
             };
         let mut group_input = update_group::UpdateGroupInput {
             id: self.group.id,
-            display_name: None,
-            remove_attributes: None,
-            insert_attributes: None,
+            displayName: None,
+            removeAttributes: None,
+            insertAttributes: None,
         };
         let default_group_input = group_input.clone();
-        group_input.remove_attributes = remove_attributes;
-        group_input.insert_attributes = insert_attributes;
+        group_input.removeAttributes = remove_attributes;
+        group_input.insertAttributes = insert_attributes;
         // Nothing changed.
         if group_input == default_group_input {
             return Ok(false);

app/src/components/user_details_form.rs

@@ -260,16 +260,16 @@ impl UserDetailsForm {
         let mut user_input = update_user::UpdateUserInput {
             id: self.user.id.clone(),
             email: None,
-            display_name: None,
-            first_name: None,
-            last_name: None,
+            displayName: None,
+            firstName: None,
+            lastName: None,
             avatar: None,
-            remove_attributes: None,
-            insert_attributes: None,
+            removeAttributes: None,
+            insertAttributes: None,
         };
         let default_user_input = user_input.clone();
-        user_input.remove_attributes = remove_attributes;
-        user_input.insert_attributes = insert_attributes;
+        user_input.removeAttributes = remove_attributes;
+        user_input.insertAttributes = insert_attributes;
         // Nothing changed.
         if user_input == default_user_input {
             return Ok(false);

app/src/infra/api.rs

@@ -94,7 +94,7 @@ impl HostService {
     where
         QueryType: GraphQLQuery + 'static,
     {
-        let unwrap_graphql_response = |graphql_client::Response { data, errors, .. }| {
+        let unwrap_graphql_response = |graphql_client::Response { data, errors }| {
             data.ok_or_else(|| {
                 anyhow!(
                     "Errors: [{}]",

app/src/infra/graphql.rs

@@ -1,2 +1 @@
-pub type DateTime = chrono::DateTime<chrono::Utc>;
-pub type DateTimeUtc = DateTime;
+pub type DateTimeUtc = chrono::DateTime<chrono::Utc>;

crates/access-control/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_access_control"
-version = "0.1.1"
+version = "0.1.0"
 description = "Access control wrappers for LLDAP"
 authors.workspace = true
 edition.workspace = true
@@ -10,8 +10,8 @@ repository.workspace = true
 rust-version.workspace = true
 
 [dependencies]
-tracing = { workspace = true }
-async-trait = { workspace = true }
+tracing = "*"
+async-trait = "0.1"
 
 [dependencies.lldap_auth]
 path = "../auth"

crates/auth/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_auth"
-version = "0.6.3"
+version = "0.6.0"
 description = "Authentication protocol for LLDAP"
 edition.workspace = true
 authors.workspace = true
@@ -18,23 +18,35 @@ sea_orm = ["dep:sea-orm"]
 test = []
 
 [dependencies]
-chrono = { workspace = true }
-derive_more = { workspace = true }
-opaque-ke = { workspace = true }
-serde = { workspace = true }
 rust-argon2 = "2"
 curve25519-dalek = "3"
 digest = "0.9"
 generic-array = "0.14"
-rand = { workspace = true }
+rand = "0.8"
 sha2 = "0.9"
-thiserror = { workspace = true }
-uuid = { workspace = true, features = ["serde"] }
+thiserror = "2"
+uuid = { version = "1.18.1", features = ["serde"] }
+
+[dependencies.derive_more]
+features = ["debug", "display"]
+default-features = false
+version = "1"
+
+[dependencies.opaque-ke]
+version = "0.7"
+
+[dependencies.chrono]
+version = "*"
+features = ["serde"]
 
 [dependencies.sea-orm]
 workspace = true
+features = ["macros"]
 optional = true
 
+[dependencies.serde]
+workspace = true
+
 # For WASM targets, use the JS getrandom.
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies.getrandom]
 version = "0.2"

crates/domain-handlers/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_domain_handlers"
-version = "0.1.1"
+version = "0.1.0"
 edition.workspace = true
 authors.workspace = true
 homepage.workspace = true
@@ -12,17 +12,22 @@ rust-version.workspace = true
 test = []
 
 [dependencies]
-async-trait = { workspace = true }
-base64 = { workspace = true }
-chrono = { workspace = true }
-derive_more = { workspace = true }
-ldap3_proto = { workspace = true }
-serde = { workspace = true }
-serde_bytes = { workspace = true }
-uuid = { workspace = true }
+async-trait = "0.1"
+base64 = "0.21"
+ldap3_proto = "0.6.0"
+serde_bytes = "0.11"
 
 [dev-dependencies]
-pretty_assertions = { workspace = true }
+pretty_assertions = "1"
+
+[dependencies.chrono]
+features = ["serde"]
+version = "0.4"
+
+[dependencies.derive_more]
+features = ["debug", "display", "from", "from_str"]
+default-features = false
+version = "1"
 
 [dependencies.lldap_auth]
 path = "../auth"
@@ -33,3 +38,10 @@ path = "../domain"
 
 [dependencies.lldap_domain_model]
 path = "../domain-model"
+
+[dependencies.serde]
+workspace = true
+
+[dependencies.uuid]
+features = ["v1", "v3"]
+version = "1"

crates/domain-model/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_domain_model"
-version = "0.1.1"
+version = "0.1.0"
 edition.workspace = true
 authors.workspace = true
 homepage.workspace = true
@@ -12,19 +12,23 @@ rust-version.workspace = true
 test = []
 
 [dependencies]
-base64 = { workspace = true }
-bincode = { workspace = true }
-chrono = { workspace = true }
-derive_more = { workspace = true }
-orion = { workspace = true }
-sea-orm = { workspace = true }
-serde = { workspace = true }
-serde_bytes = { workspace = true }
-thiserror = { workspace = true }
-uuid = { workspace = true }
+base64 = "0.21"
+bincode = "1.3"
+orion = "0.17"
+serde_bytes = "0.11"
+thiserror = "2"
 
 [dev-dependencies]
-pretty_assertions = { workspace = true }
+pretty_assertions = "1"
+
+[dependencies.chrono]
+features = ["serde"]
+version = "0.4"
+
+[dependencies.derive_more]
+features = ["debug", "display", "from", "from_str"]
+default-features = false
+version = "1"
 
 [dependencies.lldap_auth]
 path = "../auth"
@@ -32,3 +36,14 @@ features = ["opaque_server", "opaque_client", "sea_orm"]
 
 [dependencies.lldap_domain]
 path = "../domain"
+
+[dependencies.sea-orm]
+workspace = true
+features = ["macros"]
+
+[dependencies.serde]
+workspace = true
+
+[dependencies.uuid]
+features = ["v1", "v3"]
+version = "1"

crates/domain/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_domain"
-version = "0.1.1"
+version = "0.1.0"
 authors = [
     "Valentin Tolmer <valentin@tolmer.fr>",
     "Simon Broeng Jensen <sbj@cwconsult.dk>",
@@ -15,23 +15,51 @@ rust-version.workspace = true
 test = []
 
 [dependencies]
-anyhow = { workspace = true }
-base64 = { workspace = true }
-bincode = { workspace = true }
-chrono = { workspace = true }
-derive_more = { workspace = true }
-image = { workspace = true }
-itertools = { workspace = true }
-juniper = { workspace = true }
-sea-orm = { workspace = true }
-serde = { workspace = true }
-serde_bytes = { workspace = true }
-strum = { workspace = true }
-uuid = { workspace = true }
+anyhow = "*"
+base64 = "0.21"
+bincode = "1.3"
+itertools = "0.10"
+juniper = "0.15"
+serde_bytes = "0.11"
+
+[dev-dependencies]
+pretty_assertions = "1"
+
+[dependencies.chrono]
+features = ["serde"]
+version = "*"
+
+[dependencies.derive_more]
+features = ["debug", "display", "from", "from_str"]
+default-features = false
+version = "1"
+
+[dependencies.image]
+features = ["jpeg"]
+default-features = false
+version = "0.24"
 
 [dependencies.lldap_auth]
 path = "../auth"
 features = ["opaque_server", "opaque_client", "sea_orm"]
 
-[dev-dependencies]
-pretty_assertions = { workspace = true }
+[dependencies.sea-orm]
+workspace = true
+features = [
+    "macros",
+    "with-chrono",
+    "with-uuid",
+    "sqlx-all",
+    "runtime-actix-rustls",
+]
+
+[dependencies.serde]
+workspace = true
+
+[dependencies.strum]
+features = ["derive"]
+version = "0.25"
+
+[dependencies.uuid]
+features = ["v1", "v3"]
+version = "1"

crates/domain/src/types.rs

@@ -333,7 +333,7 @@ impl TryFrom<&[u8]> for JpegPhoto {
             return Ok(JpegPhoto::null());
         }
         // Confirm that it's a valid Jpeg, then store only the bytes.
-        image::ImageReader::with_format(std::io::Cursor::new(bytes), image::ImageFormat::Jpeg)
+        image::io::Reader::with_format(std::io::Cursor::new(bytes), image::ImageFormat::Jpeg)
             .decode()?;
         Ok(JpegPhoto(bytes.to_vec()))
     }
@@ -346,7 +346,7 @@ impl TryFrom<Vec<u8>> for JpegPhoto {
             return Ok(JpegPhoto::null());
         }
         // Confirm that it's a valid Jpeg, then store only the bytes.
-        image::ImageReader::with_format(
+        image::io::Reader::with_format(
             std::io::Cursor::new(bytes.as_slice()),
             image::ImageFormat::Jpeg,
         )
@@ -397,7 +397,7 @@ impl JpegPhoto {
 
     #[cfg(any(feature = "test", test))]
     pub fn for_tests() -> Self {
-        use image::{ImageFormat, Rgb, RgbImage};
+        use image::{ImageOutputFormat, Rgb, RgbImage};
         let img = RgbImage::from_fn(32, 32, |x, y| {
             if (x + y) % 2 == 0 {
                 Rgb([0, 0, 0])
@@ -406,8 +406,11 @@ impl JpegPhoto {
             }
         });
         let mut bytes: Vec<u8> = Vec::new();
-        img.write_to(&mut std::io::Cursor::new(&mut bytes), ImageFormat::Jpeg)
-            .unwrap();
+        img.write_to(
+            &mut std::io::Cursor::new(&mut bytes),
+            ImageOutputFormat::Jpeg(0),
+        )
+        .unwrap();
         Self(bytes)
     }
 }
@@ -685,7 +688,7 @@ mod tests {
         );
         assert_eq!(
             &format!("{:?}", Serialized::from(&JpegPhoto::for_tests())),
-            "Serialized(\"hash: 0xBB3017828B2F3DEF\")"
+            "Serialized(\"hash: 0xB947C77A16F3C3BD\")"
         );
     }
 

crates/frontend-options/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_frontend_options"
-version = "0.1.1"
+version = "0.1.0"
 description = "Frontend options for LLDAP"
 authors.workspace = true
 edition.workspace = true
@@ -9,5 +9,5 @@ license.workspace = true
 repository.workspace = true
 rust-version.workspace = true
 
-[dependencies]
-serde = { workspace = true }
+[dependencies.serde]
+workspace = true

crates/graphql-server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_graphql_server"
-version = "0.1.1"
+version = "0.1.0"
 description = "GraphQL server for LLDAP"
 edition.workspace = true
 authors.workspace = true
@@ -10,14 +10,15 @@ repository.workspace = true
 rust-version.workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-chrono = { workspace = true }
-juniper = { workspace = true }
-serde = { workspace = true }
-serde_json = { workspace = true }
-tracing = { workspace = true }
-urlencoding = { workspace = true }
-uuid = { workspace = true }
+anyhow = "*"
+juniper = "0.15"
+serde_json = "1"
+tracing = "*"
+urlencoding = "2"
+
+[dependencies.chrono]
+features = ["serde"]
+version = "*"
 
 [dependencies.lldap_access_control]
 path = "../access-control"
@@ -44,10 +45,16 @@ path = "../sql-backend-handler"
 [dependencies.lldap_validation]
 path = "../validation"
 
+[dependencies.serde]
+workspace = true
+
+[dependencies.uuid]
+features = ["v1", "v3"]
+version = "1"
+
 [dev-dependencies]
-mockall = { workspace = true }
-pretty_assertions = { workspace = true }
-tokio = { workspace = true }
+mockall = "0.11.4"
+pretty_assertions = "1"
 
 #[dev-dependencies.lldap_auth]
 #path = "../auth"
@@ -63,3 +70,7 @@ path = "../test-utils"
 #[dev-dependencies.lldap_sql_backend_handler]
 #path = "../sql-backend-handler"
 #features = ["test"]
+
+[dev-dependencies.tokio]
+features = ["full"]
+version = "1.25"

crates/graphql-server/src/api.rs

@@ -60,7 +60,7 @@ impl<Handler: BackendHandler> Context<Handler> {
 impl<Handler: BackendHandler> juniper::Context for Context<Handler> {}
 
 type Schema<Handler> =
-    RootNode<Query<Handler>, Mutation<Handler>, EmptySubscription<Context<Handler>>>;
+    RootNode<'static, Query<Handler>, Mutation<Handler>, EmptySubscription<Context<Handler>>>;
 
 pub fn schema<Handler: BackendHandler>() -> Schema<Handler> {
     Schema::new(
@@ -73,7 +73,7 @@ pub fn schema<Handler: BackendHandler>() -> Schema<Handler> {
 pub fn export_schema(output_file: Option<String>) -> anyhow::Result<()> {
     use anyhow::Context;
     use lldap_sql_backend_handler::SqlBackendHandler;
-    let output = schema::<SqlBackendHandler>().as_sdl();
+    let output = schema::<SqlBackendHandler>().as_schema_language();
     match output_file {
         None => println!("{output}"),
         Some(path) => {

crates/graphql-server/src/mutation/mod.rs

@@ -561,13 +561,13 @@ mod tests {
     use mockall::predicate::eq;
     use pretty_assertions::assert_eq;
 
-    fn mutation_schema<C, Q, M>(
+    fn mutation_schema<'q, C, Q, M>(
         query_root: Q,
         mutation_root: M,
-    ) -> RootNode<Q, M, EmptySubscription<C>>
+    ) -> RootNode<'q, Q, M, EmptySubscription<C>>
     where
-        Q: GraphQLType<DefaultScalarValue, Context = C, TypeInfo = ()>,
-        M: GraphQLType<DefaultScalarValue, Context = C, TypeInfo = ()>,
+        Q: GraphQLType<DefaultScalarValue, Context = C, TypeInfo = ()> + 'q,
+        M: GraphQLType<DefaultScalarValue, Context = C, TypeInfo = ()> + 'q,
     {
         RootNode::new(query_root, mutation_root, EmptySubscription::<C>::new())
     }

crates/graphql-server/src/query/attribute.rs

@@ -93,7 +93,7 @@ impl<Handler: BackendHandler> AttributeValue<Handler> {
         }
     }
 
-    pub(super) fn attribute_name(&self) -> &str {
+    pub(super) fn name(&self) -> &str {
         self.attribute.name.as_str()
     }
 }

crates/graphql-server/src/query/mod.rs

@@ -47,11 +47,7 @@ impl<Handler: BackendHandler> Query<Handler> {
         "1.0"
     }
 
-    pub async fn user(
-        &self,
-        context: &Context<Handler>,
-        user_id: String,
-    ) -> FieldResult<User<Handler>> {
+    pub async fn user(context: &Context<Handler>, user_id: String) -> FieldResult<User<Handler>> {
         use anyhow::Context;
         let span = debug_span!("[GraphQL query] user");
         span.in_scope(|| {
@@ -65,15 +61,14 @@ impl<Handler: BackendHandler> Query<Handler> {
                 &span,
                 "Unauthorized access to user data",
             ))?;
-        let schema: Arc<PublicSchema> = Arc::new(self.get_schema(context, span.clone()).await?);
+        let schema = Arc::new(self.get_schema(context, span.clone()).await?);
         let user = handler.get_user_details(&user_id).instrument(span).await?;
         User::<Handler>::from_user(user, schema)
     }
 
     async fn users(
-        &self,
         context: &Context<Handler>,
-        filters: Option<RequestFilter>,
+        #[graphql(name = "where")] filters: Option<RequestFilter>,
     ) -> FieldResult<Vec<User<Handler>>> {
         let span = debug_span!("[GraphQL query] users");
         span.in_scope(|| {
@@ -85,7 +80,7 @@ impl<Handler: BackendHandler> Query<Handler> {
                 &span,
                 "Unauthorized access to user list",
             ))?;
-        let schema: Arc<PublicSchema> = Arc::new(self.get_schema(context, span.clone()).await?);
+        let schema = Arc::new(self.get_schema(context, span.clone()).await?);
         let users = handler
             .list_users(
                 filters
@@ -101,7 +96,7 @@ impl<Handler: BackendHandler> Query<Handler> {
             .collect()
     }
 
-    async fn groups(&self, context: &Context<Handler>) -> FieldResult<Vec<Group<Handler>>> {
+    async fn groups(context: &Context<Handler>) -> FieldResult<Vec<Group<Handler>>> {
         let span = debug_span!("[GraphQL query] groups");
         let handler = context
             .get_readonly_handler()
@@ -109,7 +104,7 @@ impl<Handler: BackendHandler> Query<Handler> {
                 &span,
                 "Unauthorized access to group list",
             ))?;
-        let schema: Arc<PublicSchema> = Arc::new(self.get_schema(context, span.clone()).await?);
+        let schema = Arc::new(self.get_schema(context, span.clone()).await?);
         let domain_groups = handler.list_groups(None).instrument(span).await?;
         domain_groups
             .into_iter()
@@ -117,11 +112,7 @@ impl<Handler: BackendHandler> Query<Handler> {
             .collect()
     }
 
-    async fn group(
-        &self,
-        context: &Context<Handler>,
-        group_id: i32,
-    ) -> FieldResult<Group<Handler>> {
+    async fn group(context: &Context<Handler>, group_id: i32) -> FieldResult<Group<Handler>> {
         let span = debug_span!("[GraphQL query] group");
         span.in_scope(|| {
             debug!(?group_id);
@@ -132,7 +123,7 @@ impl<Handler: BackendHandler> Query<Handler> {
                 &span,
                 "Unauthorized access to group data",
             ))?;
-        let schema: Arc<PublicSchema> = Arc::new(self.get_schema(context, span.clone()).await?);
+        let schema = Arc::new(self.get_schema(context, span.clone()).await?);
         let group_details = handler
             .get_group_details(GroupId(group_id))
             .instrument(span)
@@ -140,7 +131,7 @@ impl<Handler: BackendHandler> Query<Handler> {
         Group::<Handler>::from_group_details(group_details, schema.clone())
     }
 
-    async fn schema(&self, context: &Context<Handler>) -> FieldResult<Schema<Handler>> {
+    async fn schema(context: &Context<Handler>) -> FieldResult<Schema<Handler>> {
         let span = debug_span!("[GraphQL query] get_schema");
         self.get_schema(context, span).await.map(Into::into)
     }
@@ -184,9 +175,9 @@ mod tests {
     use pretty_assertions::assert_eq;
     use std::collections::HashSet;
 
-    fn schema<C, Q>(query_root: Q) -> RootNode<Q, EmptyMutation<C>, EmptySubscription<C>>
+    fn schema<'q, C, Q>(query_root: Q) -> RootNode<'q, Q, EmptyMutation<C>, EmptySubscription<C>>
     where
-        Q: GraphQLType<DefaultScalarValue, Context = C, TypeInfo = ()>,
+        Q: GraphQLType<DefaultScalarValue, Context = C, TypeInfo = ()> + 'q,
     {
         RootNode::new(
             query_root,

crates/graphql-server/src/query/user.rs

@@ -70,7 +70,7 @@ impl<Handler: BackendHandler> User<Handler> {
     fn first_name(&self) -> &str {
         self.attributes
             .iter()
-            .find(|a| a.attribute_name() == "first_name")
+            .find(|a| a.name() == "first_name")
             .map(|a| a.attribute.value.as_str().unwrap_or_default())
             .unwrap_or_default()
     }
@@ -78,7 +78,7 @@ impl<Handler: BackendHandler> User<Handler> {
     fn last_name(&self) -> &str {
         self.attributes
             .iter()
-            .find(|a| a.attribute_name() == "last_name")
+            .find(|a| a.name() == "last_name")
             .map(|a| a.attribute.value.as_str().unwrap_or_default())
             .unwrap_or_default()
     }
@@ -86,7 +86,7 @@ impl<Handler: BackendHandler> User<Handler> {
     fn avatar(&self) -> Option<String> {
         self.attributes
             .iter()
-            .find(|a| a.attribute_name() == "avatar")
+            .find(|a| a.name() == "avatar")
             .map(|a| {
                 String::from(
                     a.attribute

crates/ldap/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_ldap"
-version = "0.1.1"
+version = "0.1.0"
 description = "LDAP operations support"
 authors.workspace = true
 edition.workspace = true
@@ -10,19 +10,27 @@ repository.workspace = true
 rust-version.workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-tracing = { workspace = true }
-itertools = { workspace = true }
+anyhow = "*"
+ldap3_proto = "0.6.0"
+tracing = "*"
+itertools = "0.10"
 
-derive_more = { workspace = true }
+[dependencies.derive_more]
+features = ["from"]
+default-features = false
+version = "1"
 
-chrono = { workspace = true }
+[dependencies.chrono]
+features = ["serde"]
+version = "*"
 
-rand = { workspace = true }
+[dependencies.rand]
+features = ["small_rng", "getrandom"]
+version = "0.8"
 
-uuid = { workspace = true }
-
-ldap3_proto = { workspace = true }
+[dependencies.uuid]
+version = "1"
+features = ["v1", "v3"]
 
 [dependencies.lldap_access_control]
 path = "../access-control"
@@ -47,10 +55,12 @@ path = "../opaque-handler"
 path = "../test-utils"
 
 [dev-dependencies]
-mockall = { workspace = true }
-pretty_assertions = { workspace = true }
+mockall = "0.11.4"
+pretty_assertions = "1"
 
-tokio = { workspace = true }
+[dev-dependencies.tokio]
+features = ["full"]
+version = "1.25"
 
 [dev-dependencies.lldap_domain]
 path = "../domain"

crates/opaque-handler/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_opaque_handler"
-version = "0.1.1"
+version = "0.1.0"
 description = "Opaque handler trait for LLDAP"
 authors.workspace = true
 edition.workspace = true
@@ -13,7 +13,7 @@ rust-version.workspace = true
 test = []
 
 [dependencies]
-async-trait = { workspace = true }
+async-trait = "0.1"
 
 [dependencies.lldap_auth]
 path = "../auth"
@@ -26,4 +26,4 @@ path = "../domain"
 path = "../domain-model"
 
 [dev-dependencies]
-mockall = { workspace = true }
+mockall = "0.11.4"

crates/sql-backend-handler/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_sql_backend_handler"
-version = "0.1.1"
+version = "0.1.0"
 description = "SQL backend for LLDAP"
 authors.workspace = true
 edition.workspace = true
@@ -13,30 +13,44 @@ rust-version.workspace = true
 test = []
 
 [dependencies]
-anyhow = { workspace = true }
-async-trait = { workspace = true }
-itertools = { workspace = true }
-orion = { workspace = true }
-serde_json = { workspace = true }
-tracing = { workspace = true }
+anyhow = "*"
+async-trait = "0.1"
+base64 = "0.21"
+bincode = "1.3"
+itertools = "0.10"
+ldap3_proto = "0.6.0"
+orion = "0.17"
+serde_json = "1"
+tracing = "*"
 
-bincode = { workspace = true }
+[dependencies.chrono]
+features = ["serde"]
+version = "*"
 
-base64 = { workspace = true }
+[dependencies.rand]
+features = ["small_rng", "getrandom"]
+version = "0.8"
 
-chrono = { workspace = true }
+[dependencies.sea-orm]
+workspace = true
+features = [
+    "macros",
+    "with-chrono",
+    "with-uuid",
+    "sqlx-all",
+    "runtime-actix-rustls",
+]
 
-rand = { workspace = true }
+[dependencies.secstr]
+features = ["serde"]
+version = "*"
 
-sea-orm = { workspace = true }
+[dependencies.serde]
+workspace = true
 
-secstr = { workspace = true }
-
-serde = { workspace = true }
-
-uuid = { workspace = true }
-
-ldap3_proto = { workspace = true }
+[dependencies.uuid]
+version = "1"
+features = ["v1", "v3"]
 
 [dependencies.lldap_access_control]
 path = "../access-control"
@@ -57,18 +71,18 @@ path = "../domain-model"
 [dependencies.lldap_opaque_handler]
 path = "../opaque-handler"
 
-[dev-dependencies.lldap_domain]
-path = "../domain"
-features = ["test"]
-
 [dev-dependencies.lldap_test_utils]
 path = "../test-utils"
 
 [dev-dependencies]
-log = { workspace = true }
-mockall = { workspace = true }
-pretty_assertions = { workspace = true }
+log = "*"
+mockall = "0.11.4"
+pretty_assertions = "1"
 
-tokio = { workspace = true }
+[dev-dependencies.tokio]
+features = ["full"]
+version = "1.25"
 
-tracing-subscriber = { workspace = true }
+[dev-dependencies.tracing-subscriber]
+version = "0.3"
+features = ["env-filter", "tracing-log"]

crates/sql-backend-handler/src/sql_migrations.rs

@@ -536,7 +536,7 @@ See https://github.com/lldap/lldap/blob/main/docs/migration_guides/v0.5.md for d
 Conflicting emails:
 "#,
         );
-        let duplicate_users = transaction
+        for (email, users) in &transaction
             .query_all(
                 builder.build(
                     Query::select()
@@ -568,8 +568,9 @@ Conflicting emails:
                     row.try_get::<String>("", &Users::Email.to_string())
                         .unwrap(),
                 )
-            });
-        for (email, users) in &duplicate_users.chunk_by(|(_user, email)| email.to_owned()) {
+            })
+            .group_by(|(_user, email)| email.to_owned())
+        {
             warn!("Email: {email}");
             for (user, _email) in users {
                 warn!("    User: {}", user.as_str());

crates/test-utils/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_test_utils"
-version = "0.1.1"
+version = "0.1.0"
 authors.workspace = true
 edition.workspace = true
 homepage.workspace = true
@@ -9,13 +9,14 @@ repository.workspace = true
 rust-version.workspace = true
 
 [dependencies]
-async-trait = { workspace = true }
-mockall = { workspace = true }
-tracing = { workspace = true }
+async-trait = "0.1"
+ldap3_proto = "0.6.0"
+mockall = "0.11.4"
+tracing = "*"
 
-uuid = { workspace = true }
-
-ldap3_proto = { workspace = true }
+[dependencies.uuid]
+version = "1"
+features = ["v1", "v3"]
 
 [dependencies.lldap_access_control]
 path = "../access-control"

crates/validation/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_validation"
-version = "0.6.3"
+version = "0.6.0"
 authors = ["Simon Broeng Jensen <sbj@cwconsult.dk>"]
 description = "Validation logic for LLDAP"
 edition.workspace = true

example_configs/README.md

@@ -50,7 +50,6 @@ configuration files:
 - [Nexus](nexus.md)
 - [OCIS (OwnCloud Infinite Scale)](ocis.md)
 - [OneDev](onedev.md)
-- [OpenCloud](opencloud.md)
 - [Organizr](Organizr.md)
 - [Peertube](peertube.md)
 - [Penpot](penpot.md)

example_configs/opencloud.md

@@ -1,55 +0,0 @@
-# OpenCloud example config
-
-
-## About OpenCloud
-
-A light-weight file-hosting / webDAV service written in Go and forked from ownCloud Infinite Scale (oCIS).
-
-More information:
-  * https://opencloud.eu
-  * https://github.com/opencloud-eu
-
-
-## LLDAP Configuration
-
-OpenCloud ships an OIDC provider and a built-in LDAP server. It officially supports using a third-party OIDC provider.
-
-This is **not** what this config does. This config leaves the general auth/OIDC infrastructure in place, but replaces the LDAP server from underneath it with LLDAP.
-
-Configuration happens via environment variables. On FreeBSD, these are provided via `/usr/local/etc/opencloud/config.env`; on Linux you can provide them via the Docker configuration.
-
-
-```dotenv
-# Replace with actual IP and Port
-OC_LDAP_URI=ldap://<lldap_ip>:3890
-# Remove the following if you use LDAPS and your cert is not self-signed
-OC_LDAP_INSECURE="true"
-
-# Replace with your bind-user; can be in
-OC_LDAP_BIND_DN="cn=<bind_user>,ou=people,dc=example,dc=com"
-OC_LDAP_BIND_PASSWORD="<secret>"
-
-OC_LDAP_GROUP_BASE_DN="ou=groups,dc=example,dc=com"
-OC_LDAP_GROUP_SCHEMA_ID=entryuuid
-
-OC_LDAP_USER_BASE_DN="ou=people,dc=example,dc=com"
-OC_LDAP_USER_SCHEMA_ID=entryuuid
-
-# Only allow users from specific group to login; remove this if everyone's allowed
-OC_LDAP_USER_FILTER='(&(objectClass=person)(memberOf=cn=<opencloud_users>,ou=groups,dc=example,dc=com))'
-
-# Other options have not been tested
-OC_LDAP_DISABLE_USER_MECHANISM="none"
-
-# If you bind-user is in lldap_strict_readonly set to false (this hides "forgot password"-buttons)
-OC_LDAP_SERVER_WRITE_ENABLED="false"
-# If your bind-user can change passwords:
-OC_LDAP_SERVER_WRITE_ENABLED="true"       # Not tested, yet!
-
-# Don't start built-in LDAP, because it's replaced by LLDAP
-OC_EXCLUDE_RUN_SERVICES="idm"
-```
-
-There is currently no (documented) way to give an LDAP user (or group) admin rights in OpenCloud.
-
-See also [the official LDAP documentation](https://github.com/opencloud-eu/opencloud/blob/main/devtools/deployments/opencloud_full/ldap.yml).

example_configs/stalwart.md

@@ -48,13 +48,3 @@ To integrate with LLDAP,
       allow-invalid-certs = true
       enable = false
 ```
-
-## Email alias
-If you want to enable [email aliases](https://stalw.art/docs/mta/inbound/rcpt/#catch-all-addresses), you have to create a new *User-defined attribute* under *User schema* of type string. Currently, LLDAP doesn't support multi-value filters. If you want multiple aliases, you will have to create multiple attributes (`mailAlias1`, `mailAlias2`, ..., `mailAliasN`), where `N` is the maximum number of aliases an account will have.
-
-You also need to change your ldap filter for emails.
-```toml
-[directory.ldap.filter]
-# Add one clause per alias attribute you created (example: mailAlias1..mailAlias3)
-email = "(&(objectclass=person)(|(mail=?)(mailAlias1=?)(mailAlias2=?)(mailAlias3=?)))"
-```

migration-tool/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_migration_tool"
-version = "0.4.3"
+version = "0.4.2"
 description = "CLI migration tool to go from OpenLDAP to LLDAP"
 edition.workspace = true
 authors.workspace = true
@@ -10,24 +10,31 @@ repository.workspace = true
 rust-version.workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-base64 = { workspace = true }
-ldap3 = { workspace = true }
-rand = { workspace = true }
-requestty = "0.6"
-serde = { workspace = true }
-serde_json = { workspace = true }
-smallvec = "1"
+anyhow = "*"
+base64 = "0.13"
+rand = "0.8"
+requestty = "0.4.1"
+serde_json = "1"
+smallvec = "*"
 
 [dependencies.lldap_auth]
 path = "../crates/auth"
 features = ["opaque_client"]
 
 [dependencies.graphql_client]
-workspace = true
 features = ["graphql_query_derive", "reqwest-rustls"]
+default-features = false
+version = "0.11"
 
 [dependencies.reqwest]
-workspace = true
+version = "*"
 default-features = false
 features = ["json", "blocking", "rustls-tls"]
+
+[dependencies.ldap3]
+version = "*"
+default-features = false
+features = ["sync", "tls-rustls-ring"]
+
+[dependencies.serde]
+workspace = true

migration-tool/src/ldap.rs

@@ -193,9 +193,7 @@ impl TryFrom<ResultEntry> for User {
                 display_name,
                 first_name,
                 last_name,
-                avatar: avatar.map(|avatar| {
-                    base64::Engine::encode(&base64::engine::general_purpose::STANDARD, avatar)
-                }),
+                avatar: avatar.map(base64::encode),
                 attributes: None,
             },
             password,

schema.graphql

@@ -1,33 +1,63 @@
-schema {
-  query: Query
-  mutation: Mutation
+type AttributeValue {
+  name: String!
+  value: [String!]!
+  schema: AttributeSchema!
 }
 
-enum AttributeType {
-  STRING
-  INTEGER
-  JPEG_PHOTO
-  DATE_TIME
+type Mutation {
+  createUser(user: CreateUserInput!): User!
+  createGroup(name: String!): Group!
+  createGroupWithDetails(request: CreateGroupInput!): Group!
+  updateUser(user: UpdateUserInput!): Success!
+  updateGroup(group: UpdateGroupInput!): Success!
+  addUserToGroup(userId: String!, groupId: Int!): Success!
+  removeUserFromGroup(userId: String!, groupId: Int!): Success!
+  deleteUser(userId: String!): Success!
+  deleteGroup(groupId: Int!): Success!
+  addUserAttribute(name: String!, attributeType: AttributeType!, isList: Boolean!, isVisible: Boolean!, isEditable: Boolean!): Success!
+  addGroupAttribute(name: String!, attributeType: AttributeType!, isList: Boolean!, isVisible: Boolean!, isEditable: Boolean!): Success!
+  deleteUserAttribute(name: String!): Success!
+  deleteGroupAttribute(name: String!): Success!
+  addUserObjectClass(name: String!): Success!
+  addGroupObjectClass(name: String!): Success!
+  deleteUserObjectClass(name: String!): Success!
+  deleteGroupObjectClass(name: String!): Success!
 }
 
-input AttributeValueInput {
-  """
-    The name of the attribute. It must be present in the schema, and the type informs how
-    to interpret the values.
-  """ name: String!
-  """
-    The values of the attribute.
-    If the attribute is not a list, the vector must contain exactly one element.
-    Integers (signed 64 bits) are represented as strings.
-    Dates are represented as strings in RFC3339 format, e.g. "2019-10-12T07:20:50.52Z".
-    JpegPhotos are represented as base64 encoded strings. They must be valid JPEGs.
-  """ value: [String!]!
-}
-
-"The details required to create a group."
-input CreateGroupInput {
+type Group {
+  id: Int!
   displayName: String!
-  "User-defined attributes." attributes: [AttributeValueInput!]
+  creationDate: DateTimeUtc!
+  uuid: String!
+  "User-defined attributes."
+  attributes: [AttributeValue!]!
+  "The groups to which this user belongs."
+  users: [User!]!
+}
+
+"""
+  A filter for requests, specifying a boolean expression based on field constraints. Only one of
+  the fields can be set at a time.
+"""
+input RequestFilter {
+  any: [RequestFilter!]
+  all: [RequestFilter!]
+  not: RequestFilter
+  eq: EqualityConstraint
+  memberOf: String
+  memberOfId: Int
+}
+
+"DateTime"
+scalar DateTimeUtc
+
+type Query {
+  apiVersion: String!
+  user(userId: String!): User!
+  users(filters: RequestFilter): [User!]!
+  groups: [Group!]!
+  group(groupId: Int!): Group!
+  schema: Schema!
 }
 
 "The details required to create a user."
@@ -50,36 +80,19 @@ input CreateUserInput {
   "Attributes." attributes: [AttributeValueInput!]
 }
 
-input EqualityConstraint {
-  field: String!
-  value: String!
+type ObjectClassInfo {
+  objectClass: String!
+  isHardcoded: Boolean!
 }
 
-"""
-  A filter for requests, specifying a boolean expression based on field constraints. Only one of
-  the fields can be set at a time.
-"""
-input RequestFilter {
-  any: [RequestFilter!]
-  all: [RequestFilter!]
-  not: RequestFilter
-  eq: EqualityConstraint
-  memberOf: String
-  memberOfId: Int
-}
-
-"The fields that can be updated for a group."
-input UpdateGroupInput {
-  "The group ID." id: Int!
-  "The new display name." displayName: String
-  """
-    Attribute names to remove.
-    They are processed before insertions.
-  """ removeAttributes: [String!]
-  """
-    Inserts or updates the given attributes.
-    For lists, the entire list must be provided.
-  """ insertAttributes: [AttributeValueInput!]
+type AttributeSchema {
+  name: String!
+  attributeType: AttributeType!
+  isList: Boolean!
+  isVisible: Boolean!
+  isEditable: Boolean!
+  isHardcoded: Boolean!
+  isReadonly: Boolean!
 }
 
 "The fields that can be updated for a user."
@@ -109,87 +122,9 @@ input UpdateUserInput {
   """ insertAttributes: [AttributeValueInput!]
 }
 
-"""
-  Combined date and time (with time zone) in [RFC 3339][0] format.
-
-  Represents a description of an exact instant on the time-line (such as the
-  instant that a user account was created).
-
-  [`DateTime` scalar][1] compliant.
-
-  See also [`chrono::DateTime`][2] for details.
-
-  [0]: https://datatracker.ietf.org/doc/html/rfc3339#section-5
-  [1]: https://graphql-scalars.dev/docs/scalars/date-time
-  [2]: https://docs.rs/chrono/latest/chrono/struct.DateTime.html
-"""
-scalar DateTime
-
-type AttributeList {
-  attributes: [AttributeSchema!]!
-  extraLdapObjectClasses: [String!]!
-  ldapObjectClasses: [ObjectClassInfo!]!
-}
-
-type AttributeSchema {
-  name: String!
-  attributeType: AttributeType!
-  isList: Boolean!
-  isVisible: Boolean!
-  isEditable: Boolean!
-  isHardcoded: Boolean!
-  isReadonly: Boolean!
-}
-
-type AttributeValue {
-  name: String!
-  value: [String!]!
-  schema: AttributeSchema!
-}
-
-type Group {
-  id: Int!
-  displayName: String!
-  creationDate: DateTime!
-  uuid: String!
-  "User-defined attributes."
-  attributes: [AttributeValue!]!
-  "The groups to which this user belongs."
-  users: [User!]!
-}
-
-type Mutation {
-  createUser(user: CreateUserInput!): User!
-  createGroup(name: String!): Group!
-  createGroupWithDetails(request: CreateGroupInput!): Group!
-  updateUser(user: UpdateUserInput!): Success!
-  updateGroup(group: UpdateGroupInput!): Success!
-  addUserToGroup(userId: String!, groupId: Int!): Success!
-  removeUserFromGroup(userId: String!, groupId: Int!): Success!
-  deleteUser(userId: String!): Success!
-  deleteGroup(groupId: Int!): Success!
-  addUserAttribute(name: String!, attributeType: AttributeType!, isList: Boolean!, isVisible: Boolean!, isEditable: Boolean!): Success!
-  addGroupAttribute(name: String!, attributeType: AttributeType!, isList: Boolean!, isVisible: Boolean!, isEditable: Boolean!): Success!
-  deleteUserAttribute(name: String!): Success!
-  deleteGroupAttribute(name: String!): Success!
-  addUserObjectClass(name: String!): Success!
-  addGroupObjectClass(name: String!): Success!
-  deleteUserObjectClass(name: String!): Success!
-  deleteGroupObjectClass(name: String!): Success!
-}
-
-type ObjectClassInfo {
-  objectClass: String!
-  isHardcoded: Boolean!
-}
-
-type Query {
-  apiVersion: String!
-  user(userId: String!): User!
-  users(filters: RequestFilter): [User!]!
-  groups: [Group!]!
-  group(groupId: Int!): Group!
-  schema: Schema!
+input EqualityConstraint {
+  field: String!
+  value: String!
 }
 
 type Schema {
@@ -197,8 +132,38 @@ type Schema {
   groupSchema: AttributeList!
 }
 
-type Success {
-  ok: Boolean!
+"The fields that can be updated for a group."
+input UpdateGroupInput {
+  "The group ID." id: Int!
+  "The new display name." displayName: String
+  """
+    Attribute names to remove.
+    They are processed before insertions.
+  """ removeAttributes: [String!]
+  """
+    Inserts or updates the given attributes.
+    For lists, the entire list must be provided.
+  """ insertAttributes: [AttributeValueInput!]
+}
+
+input AttributeValueInput {
+  """
+    The name of the attribute. It must be present in the schema, and the type informs how
+    to interpret the values.
+  """ name: String!
+  """
+    The values of the attribute.
+    If the attribute is not a list, the vector must contain exactly one element.
+    Integers (signed 64 bits) are represented as strings.
+    Dates are represented as strings in RFC3339 format, e.g. "2019-10-12T07:20:50.52Z".
+    JpegPhotos are represented as base64 encoded strings. They must be valid JPEGs.
+  """ value: [String!]!
+}
+
+"The details required to create a group."
+input CreateGroupInput {
+  displayName: String!
+  "User-defined attributes." attributes: [AttributeValueInput!]
 }
 
 type User {
@@ -208,10 +173,32 @@ type User {
   firstName: String!
   lastName: String!
   avatar: String
-  creationDate: DateTime!
+  creationDate: DateTimeUtc!
   uuid: String!
   "User-defined attributes."
   attributes: [AttributeValue!]!
   "The groups to which this user belongs."
   groups: [Group!]!
 }
+
+enum AttributeType {
+  STRING
+  INTEGER
+  JPEG_PHOTO
+  DATE_TIME
+}
+
+type AttributeList {
+  attributes: [AttributeSchema!]!
+  extraLdapObjectClasses: [String!]!
+  ldapObjectClasses: [ObjectClassInfo!]!
+}
+
+type Success {
+  ok: Boolean!
+}
+
+schema {
+  query: Query
+  mutation: Mutation
+}

server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap"
-version = "0.6.3"
+version = "0.6.2"
 description = "Super-simple and lightweight LDAP server"
 categories = ["authentication", "command-line-utilities"]
 edition.workspace = true
@@ -19,46 +19,35 @@ actix-rt = "2"
 actix-server = "2"
 actix-service = "2"
 actix-web-httpauth = "0.8"
-anyhow = { workspace = true }
-async-trait = { workspace = true }
-bincode = { workspace = true }
-chrono = { workspace = true }
-clap = { workspace = true }
-cron = "0"
-derive_more = { workspace = true }
-derive_builder = "0.20"
+anyhow = "*"
+async-trait = "0.1"
+bincode = "1.3"
+cron = "*"
+derive_builder = "0.12"
 figment_file_provider_adapter = "0.1"
-futures = "0"
-futures-util = "0"
+futures = "*"
+futures-util = "*"
 hmac = "0.12"
-juniper = { workspace = true }
-jwt = { workspace = true }
-ldap3_proto = { workspace = true }
-log = { workspace = true }
-opaque-ke = { workspace = true }
-rand = { workspace = true }
+http = "*"
+juniper = "0.15"
+jwt = "0.16"
+ldap3_proto = "0.6.0"
+log = "*"
 rand_chacha = "0.3"
 rustls-pemfile = "2"
-sea-orm = { workspace = true }
-secstr = { workspace = true }
-serde = { workspace = true }
-serde_json = { workspace = true }
+serde_json = "1"
 sha2 = "0.10"
-strum = { workspace = true }
-thiserror = { workspace = true }
+thiserror = "2"
 time = "0.3"
-tokio = { workspace = true }
 tokio-rustls = "0.26"
-tokio-stream = "0"
+tokio-stream = "*"
 tokio-util = "0.7"
-tracing = { workspace = true }
+tracing = "*"
 tracing-actix-web = "0.7"
 tracing-attributes = "^0.1.21"
-tracing-log = "0"
-tracing-subscriber = { workspace = true }
-urlencoding = { workspace = true }
-uuid = { workspace = true }
-webpki-roots = "1"
+tracing-log = "*"
+urlencoding = "2"
+webpki-roots = "0.26"
 
 [dependencies.actix-web]
 features = ["rustls-0_23"]
@@ -73,9 +62,26 @@ version = "0.23"
 features = ["std"]
 version = "1"
 
+[dependencies.chrono]
+features = ["serde"]
+version = "*"
+
+[dependencies.clap]
+features = ["std", "color", "suggestions", "derive", "env"]
+version = "4"
+
+[dependencies.derive_more]
+features = ["debug", "display", "from", "from_str"]
+default-features = false
+version = "1"
+
 [dependencies.figment]
 features = ["env", "toml"]
-version = "0"
+version = "*"
+
+[dependencies.tracing-subscriber]
+version = "0.3"
+features = ["env-filter", "tracing-log"]
 
 [dependencies.lettre]
 features = ["builder", "serde", "smtp-transport", "tokio1-rustls-tls"]
@@ -120,16 +126,52 @@ path = "../crates/opaque-handler"
 [dependencies.lldap_validation]
 path = "../crates/validation"
 
+[dependencies.opaque-ke]
+version = "0.7"
+
+[dependencies.rand]
+features = ["small_rng", "getrandom"]
+version = "0.8"
+
+[dependencies.secstr]
+features = ["serde"]
+version = "*"
+
+[dependencies.serde]
+workspace = true
+
+[dependencies.strum]
+features = ["derive"]
+version = "0.25"
+
+[dependencies.tokio]
+features = ["full"]
+version = "1.25"
+
+[dependencies.uuid]
+features = ["v1", "v3", "v4"]
+version = "1"
+
 [dependencies.tracing-forest]
 features = ["smallvec", "chrono", "tokio"]
-version = "0.3"
+version = "^0.1.6"
 
 [dependencies.actix-tls]
 features = ["default", "rustls-0_23"]
 version = "3"
 
-[dependencies.reqwest]
+[dependencies.sea-orm]
 workspace = true
+features = [
+    "macros",
+    "with-chrono",
+    "with-uuid",
+    "sqlx-all",
+    "runtime-actix-rustls",
+]
+
+[dependencies.reqwest]
+version = "0.11"
 default-features = false
 features = ["rustls-tls-webpki-roots"]
 
@@ -138,13 +180,20 @@ version = "2"
 features = ["serde"]
 
 [dev-dependencies]
-assert_cmd = "2"
-graphql_client = { workspace = true, features = ["graphql_query_derive", "reqwest-rustls"] }
-ldap3 = { workspace = true }
-mockall = { workspace = true }
-nix = { version = "0.31", features = ["process", "signal"] }
-pretty_assertions = { workspace = true }
-uuid = { workspace = true }
+assert_cmd = "2.0"
+mockall = "0.11.4"
+nix = "0.26.2"
+pretty_assertions = "1"
+
+[dev-dependencies.graphql_client]
+features = ["graphql_query_derive", "reqwest-rustls"]
+default-features = false
+version = "0.11"
+
+[dev-dependencies.ldap3]
+version = "*"
+default-features = false
+features = ["sync", "tls-rustls-ring"]
 
 [dev-dependencies.lldap_auth]
 path = "../crates/auth"
@@ -162,7 +211,7 @@ path = "../crates/sql-backend-handler"
 features = ["test"]
 
 [dev-dependencies.reqwest]
-workspace = true
+version = "*"
 default-features = false
 features = ["json", "blocking", "rustls-tls"]
 
@@ -171,6 +220,10 @@ version = "2.0.0"
 default-features = false
 features = ["file_locks"]
 
+[dev-dependencies.uuid]
+version = "1"
+features = ["v4"]
+
 [dev-dependencies.figment]
 features = ["test"]
-version = "0"
+version = "*"

server/src/graphql_server.rs

@@ -52,7 +52,7 @@ where
 
 /// Actix GraphQL Handler for GET requests
 pub async fn get_graphql_handler<Query, Mutation, Subscription, CtxT, S>(
-    schema: &juniper::RootNode<Query, Mutation, Subscription, S>,
+    schema: &juniper::RootNode<'static, Query, Mutation, Subscription, S>,
     context: &CtxT,
     req: HttpRequest,
 ) -> Result<HttpResponse, Error>
@@ -81,7 +81,7 @@ where
 
 /// Actix GraphQL Handler for POST requests
 pub async fn post_graphql_handler<Query, Mutation, Subscription, CtxT, S>(
-    schema: &juniper::RootNode<Query, Mutation, Subscription, S>,
+    schema: &juniper::RootNode<'static, Query, Mutation, Subscription, S>,
     context: &CtxT,
     req: HttpRequest,
     mut payload: actix_http::Payload,

server/tests/common/graphql.rs

@@ -4,8 +4,7 @@ use anyhow::{Context, Result, anyhow};
 use graphql_client::GraphQLQuery;
 use reqwest::blocking::Client;
 
-pub type DateTime = chrono::DateTime<chrono::Utc>;
-pub type DateTimeUtc = DateTime;
+pub type DateTimeUtc = chrono::DateTime<chrono::Utc>;
 
 #[derive(GraphQLQuery)]
 #[graphql(

set-password/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lldap_set_password"
-version = "0.1.1"
+version = "0.1.0"
 description = "CLI tool to set a user password in LLDAP"
 edition.workspace = true
 authors.workspace = true
@@ -12,17 +12,22 @@ rust-version.workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-anyhow = { workspace = true }
-rand = { workspace = true }
-serde = { workspace = true }
-serde_json = { workspace = true }
+anyhow = "*"
+rand = "0.8"
+serde_json = "1"
 
-clap = { workspace = true }
+[dependencies.clap]
+features = ["std", "color", "suggestions", "derive", "env"]
+version = "4"
 
 [dependencies.lldap_auth]
 path = "../crates/auth"
 features = ["opaque_client"]
 
 [dependencies.reqwest]
-workspace = true
+version = "*"
+default-features = false
 features = ["json", "blocking", "rustls-tls", "rustls-tls-native-roots"]
+
+[dependencies.serde]
+workspace = true