On May 11th we released LinOTP 2.7.2 to the repositories.

LSE LinOTP 2.7.2

LSE Leading Security Experts GmbH is announcing the availability of the new release of LSE LinOTP (2.7.2)

You will find the complete Changelogs and the most important changes in LinOTP 2.7.1 at the end of this newsletter. We hereby want to mention some highlights in 2.7.2.

LinOTP 2.7.2

LinOTP 2.7.2 includes some interesting new features as well as improvements in usability and bug fixes. This is only a selection, please refer to the full Changelog below.

  • New feature: Autoenrollment

    Users without a token assigned, can trigger the creation and assignment of a new SMS or email token by providing correct credentials during login using username and password. This feature can be configured in a new policy (e.g. for certain users only) and relieves the administrator from enrolling and assigning these tokens manually.

    For more information please refer to the Autoenrollment Howto

  • New feature: New Self Service API

    The new Userservice API allows for the implementation of independently hosted self service portals and easier integration of self service tasks in existing customer portals.

  • New feature: mass enrollment of SMS token from the CLI
  • New packages: Ubuntu 14.04 "Trusty Tahr".
  • Improved input validation for SQL and LDAP resolver, and E-mail and SMS provider definitions.


LinOTP 2.7.2 is available in our repositories on and for customers running LinOTP on the LSE LinOTP Smart Virtual Appliance using the integrated upgrade mechanisms.

We are happy to answer your questions about this release:


LinOTP 2.7.2
  • Server: Autoenrollment - enroll an email or SMS token if user has no token and authentication with password was correct.
  • Server: Support 'now()' in LDAP search expressions
  • Selfservice: Split Selfservice into userservice controller and selfservice renderer to support remote selfservice interface
  • WebUI: SQL and LDAP resolver mapping validation (needs to be valid JSON)
  • WebUI: email and SMS provider definition validation (needs to be valid JSON)
  • Packaging: Support for Ubuntu 14.04 (with Apache 2.4)
  • Packaging/Server: Support for Pylons 1.0.1
  • Packaging: Internal package refactorization to unify structure and version number handling
  • Packaging: Apache linotp2 VirtualHost will no longer be overwritten during Debian package upgrade. VirtualHost example files are copied to the same location where the LinOTP package is installed and only afterwards it is moved to /etc/apache2 (if it does not exist already)
  • Packaging: Cleaned up and hardened Apache linotp2 VirtualHost files
  • Tools: Improved linotp-create-pwidresolver-user and linotp-create-sqliddresolver-user to to generates more secure passwords
  • Tools: Added tool to mass enroll SMS token
Bug fixes:
  • Server: Fixed support of old licenses, where the expiry is in the date entry
  • Server: Fixed error during token unassign (because of setPin call)
  • Server: Fixed searching for a user in multiple realms
  • Server: Fixed exact search for user in tokenlist
  • Server: Fixed sorting of userlist with unicode
  • Selfservice: Fixed selfservice history browsing