providers/ldap: add StartTLS support (#5861)

* providers/ldap: add StartTLS support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add starttls test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update form and docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add tls server name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update release notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 21:40:19 +02:00
parent 69f0460f69
commit 0ce41a1b2d
27 changed files with 147 additions and 54 deletions
--- a/website/docs/providers/ldap/index.md
+++ b/website/docs/providers/ldap/index.md
@ -56,11 +56,13 @@ Starting with 2021.9.1, custom attributes will override the inbuilt attributes.
 Starting with 2023.3, periods and slashes in custom attributes will be sanitized.
 :::

-## SSL
+## SSL / StartTLS

 You can also configure SSL for your LDAP Providers by selecting a certificate and a server name in the provider settings.

-This enables you to bind on port 636 using LDAPS, StartTLS is not supported.
+Starting with authentik 2023.6, StartTLS is supported, and the provider will pick the correct certificate based on the DN a bind attempt is made with.
+
+This enables you to bind on port 636 using LDAPS.

 ## Integrations

--- a/website/docs/releases/2023/v2023.6.md
+++ b/website/docs/releases/2023/v2023.6.md
@ -0,0 +1,45 @@
+---
+title: Release 2023.6
+slug: "/releases/2023.6"
+---
+
+<!-- ## Breaking changes -->
+
+## New features
+
+-   LDAP StartTLS support
+
+    authentik's [LDAP Provider](../../providers/ldap/index.md) now supports StartTLS in addition to supporting SSL. The StartTLS is a more modern method of encrypting LDAP traffic. With this added support, the LDAP [Outpost](../../outposts/index.mdx) can now support multiple certificates.
+
+## Upgrading
+
+This release does not introduce any new requirements.
+
+### docker-compose
+
+To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
+
+```
+wget -O docker-compose.yml https://goauthentik.io/version/2023.6/docker-compose.yml
+docker-compose up -d
+```
+
+The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
+
+### Kubernetes
+
+Update your values to use the new images:
+
+```yaml
+image:
+    repository: ghcr.io/goauthentik/server
+    tag: 2023.6.0
+```
+
+## Minor changes/fixes
+
+<!-- _Insert the output of `make gen-changelog` here_ -->
+
+## API Changes
+
+<!-- _Insert output of `make gen-diff` here_ -->
--- a/website/docs/releases/_template.md
+++ b/website/docs/releases/_template.md
@ -3,7 +3,7 @@ title: Release xxxx.x
 slug: "/releases/xxxx.x"
 ---

-## Breaking changes
+<!-- ## Breaking changes -->

 ## New features

@ -34,8 +34,8 @@ image:

 ## Minor changes/fixes

-_Insert the output of `make gen-changelog` here_
+<!-- _Insert the output of `make gen-changelog` here_ -->

 ## API Changes

-_Insert output of `make gen-diff` here_
+<!-- _Insert output of `make gen-diff` here_ -->