- Contents of the cache file can now be printed in JSON format (#54)
- New functionality for blacklisting users (#223)
- Space for the cache file is now pre-allocated before SCIM operations start (#197)
- Fixed an access violation which could occur when generating activities if no groups had been loaded (#208)
- When using the --rebuild-cache feature, a failure to GET objects will now terminate the client (#205)
- Configurable thresholds to prevent accidental large changes (#196)
- Audit logging (#124)
- Unit tests build on Debian Bookworm
- In the Windows version a heap corruption problem was fixed in the LDAP code (#211)
- Built-in support for converting national test activity names to UUIDs (#206)
- A new transform function for URL decoding attributes (#200)
- Transforms can now also be applied for generated (virtual) groups (#202)
- Improvement in Activity objects for users with multiple employments (#195)
- The CSV separator character can now be a tab character (#193)
- Temporary CA store file for FedTLS now works on Windows (#191)
- Functionality for adding/overriding information to Employment objects (#187)
- Adds a missing use of readable-id (#184)
- Configurable attribute to use to refer to an object in log or error messages (#162)
- Load limiting can be done by endpoint instead of EGIL type (#179)
- Configurable warning for missing generate key attribute for Employment (#182)
- Function for unprovisioning all data (#169)
- Improved handling of bad UUIDs (#163)
- fetch_metadata.py has more robust handling of a bad cached file (#168)
- Improved error message when a DELETE fails with 404 (#167)
- Don't introduce double '/' when building SCIM URLs (#174)
- Functionality for transforming attributes from the data source (#165)
- Orphan filtering applies to all types (#158)
- Groups can now be generated from user attributes (#145)
- Relations can now be marked as required (#146)
- Optional referential integrity warnings in relations (#147)
- Better handling of when LDAP says an attribute both exists and has no values (#20)
- LDAP attribute names can now include the character '-' (#151)
- It's now possible to configure whether or not to follow LDAP referrals (#141)
- Objects are automatically indexed internally for faster lookup (#139)
- Better warning messages when a teacher's employment points to a non-existant school unit (#127)
- There is no longer a warning if a relation is defined by a "remote" attribute that is potentially multi-valued (#131)
- Rebuild cache will now work even if the send-order includes unconfigured types (#115)
- JSON template rendering errors are now presented better (#129)
- Improved error message when generating an Activity for a StudentGroup which is missing its SchoolUnit relation (#130)
- Entity IDs are no longer normalized before comparison (#137)
- It is now possible to send a static auth key as an HTTP header (#119)
- Make sure we terminate early if LDAP connection fails (#125)
- The cache file now stores objects in JSON format (#114)
- If a JSON template can't be applied (e.g. syntax error), for an object that has previously been sent successfully, we will no longer forget that it was previously sent (#116).
- Minimum TLS version and cipher suites are now configurable (#97)
- The warning about missing school units when generating employments can now be disabled (#100)
- As a security best practice, allowed algorithms for JWS verification is now limited to only ES256 (which is what Kontosynk uses). (#103)
- Support for filtering out orphans after the load phase (#108)
- Load limiting can now be done with regular expressions (#110)
- Load limiters can now be combined (#112)
- Load limiting now also applies to auxilliary attributes (#99)
- Support for relational databases as data source (through SQL) (#76)
- Plugin system for post processing JSON (#86)
- Optional support for paged LDAP queries (#88)
- Support for metadata which uses alg/digest instead of name/value for pins. Metadata which uses name/value is still supported.
- Umask is used (when available) to limit access to the cache file (#79)
- Support for regular expressions in the switch construct (#78)
- Log file names can now contain date and time format specifiers (#80)
- Removed broken support for multiple config files (#65)
- Functionality for rebuilding the cache file (e.g. if lost) (#10)
- Support for limiting which objects to load with a list of values (#46)
- Import from CSV files (#49)
- It's now possible to build on Windows (with Visual C++) (#57)
- Support for interpreting UUIDs from Active Directory properly (#59)
- New command line arguments for forcing an object to be updated/created (#38)
- Reduced need to specify hidden attributes (#64)
- Support for new metadata format with tags (#74)
- Failed updates (PUT) are handled better (#42)
- Relations with method = "object" now handles multi-valued attributes (#50)
- LDAP-parameters are no longer necessary when using method = "object" (#51)
- Fixed a bug that could lead to segmentation fault when a delete failed (#62)
- Activity and Employment objects are now included in load log file (#47)
- The rebuild-cache function now looks at "id" instead of "externalId" (#45)
- Better handling of when a CREATE fails because the object already existed (#44)
- Expansion of ${value} in LDAP relations (#23)
- Better handling of UUIDs (#26)
- Corrections in how attributes are found in JSON templates (#24) (LDAP attributes used e.g. inside of for-loops in JSON templates were not found before this fix, and had to be declared hidden)
- Better error handling and error messages (#3, #22)
- Deletes are done in reverse scim-type-send-order order (#4)
- Tooling for fetching/formatting/verifying metadata (#18)
- Relative paths in config files (#13)
- Proper handling of command line arguments (#32)
- Framework for automated system testing (#12)
- Option for logging all HTTP traffic to/from the client (#7)
- Option for logging all LDAP queries (#22)