The SSSD team is proud to announce the version 1.6.1 bugfix release of the System Security Services Daemon. This release fixes several regressions introduced in 1.6.0 during the HBAC rule rewrite and is a highly recommended update for any FreeIPA deployment. Several other bugs have also been fixed and are described below.
As always, it can be downloaded from https://fedorahosted.org/sssd/ == Highlights == * Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) * SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined * The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. * Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) * Three HBAC regressions have been fixed. * Fix for an infinite loop in the deref code == Detailed Changelog == Jakub Hrozek (9): * pyhbac: Do not convert int to bool * Fix returning groups when gidNumber attribute is not ordered * Prevent segfault if vetoed_shells are specified without allowed_shells * Handle timeout during sss_ldap_init_send * IPA dyndns: do not segfault if the server cannot be resolved * Return the first value of name if the multivalued name attribute does not match RDN * Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON * Use the default Kerberos realm for LDAP with GSSAPI auth * Fix moving to next entry in deref code Ralf Haferkamp (1): * Allow the O_NONBLOCK flag to be reset correctly Stephen Gallagher (7): * Bumping version to 1.6.1 * Revert "Allow LDAP to decide when an expiration warning is warranted" * Use sysdb attribute name for GID, not LDAP attribute * HBAC: Handle saving groups that have no members * HBAC: Use of hostgroups for targethost or sourcehost was broken * HBAC: Properly skip all non-group memberOf entries * Updating translation files for 1.6.1 release Sumit Bose (1): * Improve password policy error code and message Yuri Chornoivan (1): * Fix two man page typos
Description: This is a digitally signed message part
_______________________________________________ Freeipa-interest mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-interest