The SSSD is proud to announce the release of the first beta of SSSD
1.8.0, destined to become our next long-term maintenance (LTM) release.

As this is going to be a big release for us, we're looking for as much
help as we can get to regression-test and try out the new features
before our final release on February 28th.

For those looking for the source, it can be found at

I've kicked off build of the Fedora packages and they will be available
in Rawhide tonight and in the Fedora 17 Alpha release coming soon.

As a note to the engineering team, we have now branched off the sssd-1-8
branch. All bugfixes for the 1.8.0 release must go to both master and
sssd-1-8. The master branch is now open to SSSD 1.9.0 development.

To interested translators: SSSD 1.8.0 is now in string freeze, so if you
speak a second (or third, or fourth...) language, please help us out
with translating our manpages and config options at

== Highlights ==
 * Support for the service map in NSS
 * Support for setting default SELinux user context from FreeIPA
 * Support for retrieving SSH user and host keys from LDAP
 * Support for caching autofs LDAP requests (Experimental)
 * Support for caching SUDO rules (Experimental)

== Detailed Changelog ==
Jakub Hrozek (42):
 * sss_get_cased_name utility function
 * Return user and group names lowercased in case insensitive domains
 * Honor case sensitive flag when creating the ccname template
 * HBAC: create empty groups with one NULL element
 * Do not call krb5_child when changing passwords and provider went
 * IPA netgroups: Do not reuse loop iterator variable
 * Add a configure switch to specify 3rd party app libraries location
 * Export libsss_sudo as a separate package
 * Add a new Makefile target to build RPMs with the experimental flag
 * Do not use sudo symbols in LDAP provider unconditionally
 * PAM: Fix reversed logic
 * SUDO: include the sources in the IPA provider, too
 * PAM: Do not overwrite ret
 * DP: Refactor responder_dp_req so it's reusable by other responders
 * SUDO: Provide a sudo DP request based on the internal_req
 * Use the new SUDO request in DP and sudo responder
 * Fix sudo compilation on RHEL5
 * Include sudo manual pages only conditionally
 * docs: Use absolute srcdir path
 * SUDO: Provide documentation for the SUDO API
 * SYSDB: index sudoUser
 * Refactor nss_cmd_send_empty
 * Use profiling Docbook XSLT only if available, fall back to normal
 * RESPONDERS: Provide a common sss_cmd_send_error function
 * NSS: Use sss_hash_create instead of destructor
 * Fixes for sudo_timed
 * ConfigAPI: add sudo to known services
 * SUDO: introduce a new config option --with-sudo
 * Move BUILD_SUDO outside the generic LDAP source files
 * Fix configure with old autoconf versions
 * BUILD: Introduce a --with-autofs config option
 * SYSDB: Remove code duplication between member_add and member_del
 * AUTOFS: sysdb interface
 * AUTOFS: a client library
 * AUTOFS: a command-line test client
 * AUTOFS: Data Provider request
 * RESPONDERS: Refactor setent_req_list
 * Split the logic to check cache expiration into separate function
 * AUTOFS: responder
 * AUTOFS: LDAP provider
 * Do not call sudo functions if built without-sudo
 * Make sudo installation path configurable, install into libdir by

Jan Cholasta (10):
 * UTIL: Provide base64 encoding and decoding functions
 * BUILD: Introduce a --with-ssh config option
 * LDAP: Add support for SSH user public keys
 * DP: Add host info handler
 * IPA: Add host info handler
 * DP: Add support for hosts in sss_dp_get_account
 * SSH: Responder
 * SSH: Common client code
 * SSH: OpenSSH authorized_keys client
 * SSH: OpenSSH known_hosts client

Jan Zeleny (18):
 * Add info about ipa_host_search_base to man page
 * Support multiple search bases in HBAC
 * Fixed wrong position of ldap_service_search_base
 * Implemented support for multiple search bases in HBAC rules and
 * Fixed minor memory-hierarchy-related issue in IPA HBAC
 * Add support for generic IPA config retrieval
 * Make password migration code use the IPA config retrieval code
 * Renamed some sysdb constants for their wider usage
 * Added some SELinux-related utility functions
 * Added some SELinux-related sysdb routines
 * SELinux support in PAM responder
 * SELinux support in PAM module
 * Separate the host-retrieval code from IPA HBAC to common IPA code
 * Delete unused structure in IPA access code
 * Add session target in data provider
 * Session target in IPA provider
 * Man pages for the session target and SELinux user maps fetching
 * Update shadowLastChanged attribute during LDAP password change

Pavel Březina (15):
 * SUDO Integration review issues
 * SUDO Integration - wrap data provider with tevent_req
 * sysdb_get_bool() and sysdb_get_bool() functions
 * SUDO Integration - functions for manipulating with 'refreshed'
 * SUDO Integration - periodical update of rules in data provider
 * SUDO Integration - make sysdb_get_sudo_filter() more configurable
 * SUDO Integration - prepare data provider for new responder commands
 * SUDO Integration - responder command for cn=defaults
 * SUDO Integration - SUDO API can request only cn=defaults record
 * SUDO Integration - test client changed
 * SUDO Integration - manual page
 * SUDO Integration - in-memory cache in responder
 * SUDO Integration - responder 'sudo_timed' option
 * SUDO Integration - fix offline behaviour
 * SUDO Integration - sysdb_sudo_check_time() fix

Simo Sorce (9):
 * make dist fixes
 * tests: fix test group of utf8 tests
 * nsssrv: remove unused macro
 * nsssrv: add string manipulation helper
 * nsssrv: use sized_string in fill_pwent
 * nsssrv: use sized_string in fill_grent
 * util: add murmurhash3 hash function
 * Add a random + identity test for murmurhash3
 * util: Fix murmurhash3 on machines with old glibc

Stephen Gallagher (46):
 * Bump version to 1.8.0
 * Add compatibility layer for Heimdal Kerberos implementation
 * Importing new translations for 1.7.0 release
 * Log fixes for sdap_call_conn_cb
 * LDAP: Copy URI instead of pointing at failover service record
 * NSS: Validate input string lengths
 * NSS: Improve DEBUG messages for netgroup cache
 * Raise the debug level of two very noisy statements
 * IPA: Detect nsupdate support for the realm directive
 * NSS: Add sss_readrep_copy_string
 * LDAP: Add option to disable paging control
 * SYSDB: Redundant check is redundant.
 * Fix invalid index in pidfile()
 * RESPONDER: Extend sss_dp_account_send() to include extra data
 * DP: Fix bugs in sss_dp_get_account_int
 * LDAP: Improve debugging for sdap_parse_deref
 * Move sized_string declaration to utils
 * UTIL: Add strtouint16
 * SYSDB: Move add_string and add_ulong to sysdb_private.h
 * DP: Handle parsing extra results in be_get_account_info
 * SYSDB: Add sysdb routines for manipulating service entries
 * SYSDB: Add indexes for servicePort and serviceProtocol
 * NSS: Add client support for services (non-enumeration)
 * DP: Add support for services in dp requests
 * NSS: Add negative cache routines for services
 * NSS: Add getservbyname and getservbyport support to the NSS Responder
 * PROXY: add support for service lookups (non-enumeration)
 * NSS: Add client support for [set|get|end]servent()
 * SYSDB: add support for enumerating services
 * NSS: Add service enumeration support to NSS provider
 * PROXY: add support for enumerating services
 * Rename sss_dp_type to sss_dp_sudo_type
 * SSSDConfigAPI: Move sssd.api.* to /usr/share/sssd
 * SYSDB: extend sysdb_store_service() to accept additional attributes
 * SYSDB: Add sysdb_attrs_get_uint16_t
 * LDAP: Add support for service lookups (non-enum)
 * LDAP: Add enumeration support for services
 * IPA: Add support for services lookups (non-enum)
 * LDAP: Add new options for service maps
 * KRB5: Add syslog messages for Kerberos failures
 * LDAP: Do not fail if RootDSE check cannot determine search bases
 * LDAP: Fix incorrect search timeouts
 * NSS: Add individual timeouts for entry types
 * Build all experimental features during 'make distcheck'
 * Set version to 1.7.91 for 1.8.0beta1
 * Updating translatable strings for string freeze

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-interest mailing list

Reply via email to