=== SSSD 1.11 beta 1 ===

The SSSD team is proud to announce the first beta release of version 1.11
of the System Security Services Daemon.

This pre-release does not bring any changes visible to the end-user. It
is intended to be part of the development of FreeIPA 3.3 and its focus of
supporting legacy (non-SSSD) clients in a setup where IPA server established
a trust relationship with an Active Directory clients.

The second beta will be released on July 17th with the final release
coming up before the end of July.

As always, the source is available from https://fedorahosted.org/sssd.

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:
    https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
    https://lists.fedorahosted.org/mailman/listinfo/sssd-users

== Highlights ==

 * The handling of ID ranges in the provides has been changed to use a
   plugin interface where each provider can use a different plugin and have
   a different behaviour
 * The libsss_idmap library has been enhanced in several ways such as
   handling "external mappings" or supporting base RIDs other than 0
 * The assumption that subdomain users always have a primary
   user-private-group (UPG) has been removed
 * If the SSSD is running on the IPA server, it is able to perform lookups
   for trusted users directly against the AD server using the AD provider
   lookups

== Tickets Fixed == 

https://fedorahosted.org/sssd/ticket/1938
    [RFE] Add a new call to libsss_idmap to add a new mapping where the first 
RID is not 0
https://fedorahosted.org/sssd/ticket/1960
    [RFE] Add range type for ID mapping in AD to libsss_idmap
https://fedorahosted.org/sssd/ticket/1961
    [RFE] Add plugin to LDAP provider to find new ranges
https://fedorahosted.org/sssd/ticket/1962
    [RFE] Integrate AD provider lookup code into IPA subdomain user lookup
https://fedorahosted.org/sssd/ticket/1979
    [RFE] Add an optional unique range identifier
https://fedorahosted.org/sssd/ticket/1993
    [RFE] Add a new option to denote server mode

== Detailed Changelog ==

Jakub Hrozek (11):
    * Updating the version for the 1.10.1 release
    * Bump version to track 1.11 development
    * IPA: Add a server mode option
    * LDAP: Add utility function sdap_copy_map
    * AD: decouple ad_id_ctx initialization
    * AD: initialize failover with custom realm, domain and failover service
    * IPA: Initialize server mode ctx if server mode is on
    * AD: Move storing sdap_domain for subdomain to generic LDAP code
    * IPA: Create and remove AD id_ctx for subdomains discovered in server mode
    * IPA: Look up AD users directly if IPA server mode is on
    * Updating translations for the 1.11 beta1 release 

Sumit Bose (18):
    * idmap: allow first RID to be set
    * idmap: add optional unique range id
    * idmap: add option to indicate external_mapping
    * idmap: allow NULL domain sid for external mappings
    * idmap: add calls to check if ID mapping conforms to ranges
    * idmap: add sss_idmap_domain_has_algorithmic_mapping
    * Add cmocka based tests for libsss_idmap
    * Add now options ldap_min_id and ldap_max_id
    * SDAP IDMAP: Add configured domain to idmap context
    * Allow different methods to find new domains for idmapping
    * Add sdap_idmap_domain_has_algorithmic_mapping()
    * Replace SDAP_ID_MAPPING checks with 
sdap_idmap_domain_has_algorithmic_mapping
    * Add ipa_idmap_init()
    * Add support for new ipaRangeType attribute
    * Replace new_subdomain() with find_subdomain_by_name()
    * IPA: read ranges before subdomains
    * Save mpg state for subdomains
    * Read mpg state for subdomains from cache 

_______________________________________________
Freeipa-interest mailing list
Freeipa-interest@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-interest

Reply via email to