Authentication v1.3.0

What’s new

LDAP authentication

Authentication now supports LDAP sign-in alongside local email/password login and OIDC. Admins can configure LDAP from Settings → Single Sign-On by providing the server URL, bind DN, bind password, and base DN, plus optional user/admin group mapping and custom attribute fields.

Provider-aware users

User records now track which authentication provider created them. This lets the HomeBranch admin UI show whether an account is local, OIDC-backed, or LDAP-backed, and keeps future account-management flows provider-aware.

Improvements

• Fixed the production/Debian migration startup path so packaged deployments run pending migrations correctly before booting
• Expanded auth configuration storage with the extra LDAP group and field-mapping columns needed by the new admin settings UI

Upgrade notes

1. No new required environment variables were added for this release. LDAP is configured at runtime through the admin settings UI.
2. This upgrade adds two auth configuration migrations, and both run automatically on startup.
3. Upgrade the service fully before enabling LDAP so the base LDAP columns and the follow-up field/group mapping columns are both present.
4. Deploy HomeBranch Web v1.6.0 alongside this release if you want the LDAP settings UI and provider badges in the frontend.