The SSSD team is proud to announce the LTM version 1.5.13 bugfix release of the System Security Services Daemon. This release fixes several regressions introduced in 1.5.12 during the HBAC rule rewrite and is a highly recommended update for any FreeIPA deployment. Several other bugs have also been fixed and are described below.
As always, it can be downloaded from https://fedorahosted.org/sssd/ == Highlights == * Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) * SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined * The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. * Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) * Three HBAC regressions have been fixed. == Detailed Changelog == Jakub Hrozek (5): * Prevent segfault if vetoed_shells are specified without allowed_shells * Handle timeout during sss_ldap_init_send * Return the first value of name if the multivalued name attribute does not match RDN * Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON * Use the default Kerberos realm for LDAP with GSSAPI auth Ralf Haferkamp (1): * Allow the O_NONBLOCK flag to be reset correctly Stephen Gallagher (6): * Bumping version to 1.5.13 * Use sysdb attribute name for GID, not LDAP attribute * HBAC: Handle saving groups that have no members * HBAC: Use of hostgroups for targethost or sourcehost was broken * HBAC: Properly skip all non-group memberOf entries * Updating translation files for SSSD 1.5.13 Sumit Bose (1): * Improve password policy error code and message
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-interest mailing list Freeipa-interest@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-interest