The SSSD team is proud to announce the latest bugfix and enhancement release to the long-term maintenance 1.5.x branch of the System Security Services Daemon.
As always, it can be downloaded from https://fedorahosted.org/sssd == Highlights == === New Features === * Support for overriding home directory, shell and primary GID locally * Properly honor TTL values from SRV record lookups * Support non-POSIX groups in nested group chains (for RFC2307bis LDAP servers) === Important Bugfixes === * Properly escape IPv6 addresses in the failover code * Do not crash if inotify fails (e.g. resource exhaustion) * Don't add multiple TGT renewal callbacks (too many log messages) == Detailed Changelog == Jakub Hrozek (15): * Add utility function to return IP address as string * Add a utility function to escape IPv6 address for use in URIs * Use escaped IP addresses in LDAP provider * Escape IPv6 IP addresses in the IPA provider * Add a new option to override primary GID number * Add a new option to override home directory value * Add new options to override shell value * Add new resolv_hostent data structure and utility functions * Resolve hosts by name from files into resolv_hostent * Resolve hosts by name from DNS into resolv_hostent * Switch resolver to using resolv_hostent and honor TTL * Provide TTL structure names for c-ares < 1.7 * Test NULL server hostname in fail over tests * Log nsupdate message * Don't pass NULL to printf for TLS errors Jan Zeleny (4): * Added sysdb_attrs_get_bool() function * Non-posix group processing - sysdb changes * Non-posix group processing - ldap provider and nss responder * Fall back to polling when inotify fails Kaushik Banerjee (1): * Changing default to Default for consistency Stephen Gallagher (6): * Update version to 1.5.9 * Fix typo in initgroups negative cache check * Ensure that SSSD always Requires: the primary-arch sssd-client * Fix bad merge * Clear up -Wunused-but-set-variable warnings * Updating translation files for SSSD 1.5.9 Sumit Bose (7): * Add online callback only once for TGT renewal * Delete cached ccache file if password is expired * Do not check pwdAttribute * Add sockaddr_storage to sdap_service * Add sdap_call_conn_cb() to call add connection callback directly * Use name based URI instead of IP address based URIs * Use ldap_init_fd() instead of ldap_initialize() if available
Description: This is a digitally signed message part
_______________________________________________ Freeipa-interest mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-interest