The SSSD is proud to announce the release of the first beta of SSSD 1.8.0, destined to become our next long-term maintenance (LTM) release.
As this is going to be a big release for us, we're looking for as much help as we can get to regression-test and try out the new features before our final release on February 28th. For those looking for the source, it can be found at https://fedorahosted.org/sssd I've kicked off build of the Fedora packages and they will be available in Rawhide tonight and in the Fedora 17 Alpha release coming soon. As a note to the engineering team, we have now branched off the sssd-1-8 branch. All bugfixes for the 1.8.0 release must go to both master and sssd-1-8. The master branch is now open to SSSD 1.9.0 development. To interested translators: SSSD 1.8.0 is now in string freeze, so if you speak a second (or third, or fourth...) language, please help us out with translating our manpages and config options at https://www.transifex.net/projects/p/sssd/ == Highlights == * Support for the service map in NSS * Support for setting default SELinux user context from FreeIPA * Support for retrieving SSH user and host keys from LDAP (Experimental) * Support for caching autofs LDAP requests (Experimental) * Support for caching SUDO rules (Experimental) == Detailed Changelog == Jakub Hrozek (42): * sss_get_cased_name utility function * Return user and group names lowercased in case insensitive domains * Honor case sensitive flag when creating the ccname template * HBAC: create empty groups with one NULL element * Do not call krb5_child when changing passwords and provider went offline * IPA netgroups: Do not reuse loop iterator variable * Add a configure switch to specify 3rd party app libraries location * Export libsss_sudo as a separate package * Add a new Makefile target to build RPMs with the experimental flag * Do not use sudo symbols in LDAP provider unconditionally * PAM: Fix reversed logic * SUDO: include the sources in the IPA provider, too * PAM: Do not overwrite ret * DP: Refactor responder_dp_req so it's reusable by other responders * SUDO: Provide a sudo DP request based on the internal_req * Use the new SUDO request in DP and sudo responder * Fix sudo compilation on RHEL5 * Include sudo manual pages only conditionally * docs: Use absolute srcdir path * SUDO: Provide documentation for the SUDO API * SYSDB: index sudoUser * Refactor nss_cmd_send_empty * Use profiling Docbook XSLT only if available, fall back to normal * RESPONDERS: Provide a common sss_cmd_send_error function * NSS: Use sss_hash_create instead of destructor * Fixes for sudo_timed * ConfigAPI: add sudo to known services * SUDO: introduce a new config option --with-sudo * Move BUILD_SUDO outside the generic LDAP source files * Fix configure with old autoconf versions * BUILD: Introduce a --with-autofs config option * SYSDB: Remove code duplication between member_add and member_del * AUTOFS: sysdb interface * AUTOFS: a client library * AUTOFS: a command-line test client * AUTOFS: Data Provider request * RESPONDERS: Refactor setent_req_list * Split the logic to check cache expiration into separate function * AUTOFS: responder * AUTOFS: LDAP provider * Do not call sudo functions if built without-sudo * Make sudo installation path configurable, install into libdir by default Jan Cholasta (10): * UTIL: Provide base64 encoding and decoding functions * BUILD: Introduce a --with-ssh config option * LDAP: Add support for SSH user public keys * DP: Add host info handler * IPA: Add host info handler * DP: Add support for hosts in sss_dp_get_account * SSH: Responder * SSH: Common client code * SSH: OpenSSH authorized_keys client * SSH: OpenSSH known_hosts client Jan Zeleny (18): * Add info about ipa_host_search_base to man page * Support multiple search bases in HBAC * Fixed wrong position of ldap_service_search_base * Implemented support for multiple search bases in HBAC rules and services * Fixed minor memory-hierarchy-related issue in IPA HBAC * Add support for generic IPA config retrieval * Make password migration code use the IPA config retrieval code * Renamed some sysdb constants for their wider usage * Added some SELinux-related utility functions * Added some SELinux-related sysdb routines * SELinux support in PAM responder * SELinux support in PAM module * Separate the host-retrieval code from IPA HBAC to common IPA code * Delete unused structure in IPA access code * Add session target in data provider * Session target in IPA provider * Man pages for the session target and SELinux user maps fetching * Update shadowLastChanged attribute during LDAP password change Pavel Březina (15): * SUDO Integration review issues * SUDO Integration - wrap data provider with tevent_req * sysdb_get_bool() and sysdb_get_bool() functions * SUDO Integration - functions for manipulating with 'refreshed' attribute * SUDO Integration - periodical update of rules in data provider * SUDO Integration - make sysdb_get_sudo_filter() more configurable * SUDO Integration - prepare data provider for new responder commands * SUDO Integration - responder command for cn=defaults * SUDO Integration - SUDO API can request only cn=defaults record * SUDO Integration - test client changed * SUDO Integration - manual page * SUDO Integration - in-memory cache in responder * SUDO Integration - responder 'sudo_timed' option * SUDO Integration - fix offline behaviour * SUDO Integration - sysdb_sudo_check_time() fix Simo Sorce (9): * make dist fixes * tests: fix test group of utf8 tests * nsssrv: remove unused macro * nsssrv: add string manipulation helper * nsssrv: use sized_string in fill_pwent * nsssrv: use sized_string in fill_grent * util: add murmurhash3 hash function * Add a random + identity test for murmurhash3 * util: Fix murmurhash3 on machines with old glibc Stephen Gallagher (46): * Bump version to 1.8.0 * Add compatibility layer for Heimdal Kerberos implementation * Importing new translations for 1.7.0 release * Log fixes for sdap_call_conn_cb * LDAP: Copy URI instead of pointing at failover service record * NSS: Validate input string lengths * NSS: Improve DEBUG messages for netgroup cache * Raise the debug level of two very noisy statements * IPA: Detect nsupdate support for the realm directive * NSS: Add sss_readrep_copy_string * LDAP: Add option to disable paging control * SYSDB: Redundant check is redundant. * Fix invalid index in pidfile() * RESPONDER: Extend sss_dp_account_send() to include extra data * DP: Fix bugs in sss_dp_get_account_int * LDAP: Improve debugging for sdap_parse_deref * Move sized_string declaration to utils * UTIL: Add strtouint16 * SYSDB: Move add_string and add_ulong to sysdb_private.h * DP: Handle parsing extra results in be_get_account_info * SYSDB: Add sysdb routines for manipulating service entries * SYSDB: Add indexes for servicePort and serviceProtocol * NSS: Add client support for services (non-enumeration) * DP: Add support for services in dp requests * NSS: Add negative cache routines for services * NSS: Add getservbyname and getservbyport support to the NSS Responder * PROXY: add support for service lookups (non-enumeration) * NSS: Add client support for [set|get|end]servent() * SYSDB: add support for enumerating services * NSS: Add service enumeration support to NSS provider * PROXY: add support for enumerating services * Rename sss_dp_type to sss_dp_sudo_type * SSSDConfigAPI: Move sssd.api.* to /usr/share/sssd * SYSDB: extend sysdb_store_service() to accept additional attributes * SYSDB: Add sysdb_attrs_get_uint16_t * LDAP: Add support for service lookups (non-enum) * LDAP: Add enumeration support for services * IPA: Add support for services lookups (non-enum) * LDAP: Add new options for service maps * KRB5: Add syslog messages for Kerberos failures * LDAP: Do not fail if RootDSE check cannot determine search bases * LDAP: Fix incorrect search timeouts * NSS: Add individual timeouts for entry types * Build all experimental features during 'make distcheck' * Set version to 1.7.91 for 1.8.0beta1 * Updating translatable strings for string freeze
Description: This is a digitally signed message part
_______________________________________________ Freeipa-interest mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-interest