The SSSD team is proud to announce the version 1.6.1 bugfix release
of the System Security Services Daemon. This release fixes several
regressions introduced in 1.6.0 during the HBAC rule rewrite and is a
highly recommended update for any FreeIPA deployment. Several other bugs
have also been fixed and are described below.

As always, it can be downloaded from

== Highlights ==
 * Fixes a serious issue with LDAP connections when the communication is
dropped (e.g. VPN disconnection, waking from sleep)
 * SSSD is now less strict when dealing with users/groups with multiple
names when a definitive primary name cannot be determined
 * The LDAP provider will no longer attempt to canonicalize by default
when using SASL. An option to re-enable this has been provided.
 * Fixes for non-standard LDAP attribute names (e.g. those used by
Active Directory)
 * Three HBAC regressions have been fixed.
 * Fix for an infinite loop in the deref code

== Detailed Changelog ==
Jakub Hrozek (9):
 * pyhbac: Do not convert int to bool
 * Fix returning groups when gidNumber attribute is not ordered
 * Prevent segfault if vetoed_shells are specified without
 * Handle timeout during sss_ldap_init_send
 * IPA dyndns: do not segfault if the server cannot be resolved
 * Return the first value of name if the multivalued name attribute does
not match RDN
 * Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
 * Use the default Kerberos realm for LDAP with GSSAPI auth
 * Fix moving to next entry in deref code

Ralf Haferkamp (1):
 * Allow the O_NONBLOCK flag to be reset correctly

Stephen Gallagher (7):
 * Bumping version to 1.6.1
 * Revert "Allow LDAP to decide when an expiration warning is warranted"
 * Use sysdb attribute name for GID, not LDAP attribute
 * HBAC: Handle saving groups that have no members
 * HBAC: Use of hostgroups for targethost or sourcehost was broken
 * HBAC: Properly skip all non-group memberOf entries
 * Updating translation files for 1.6.1 release

Sumit Bose (1):
 * Improve password policy error code and message

Yuri Chornoivan (1):
 * Fix two man page typos

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-interest mailing list

Reply via email to