=== SSSD 1.11 beta 2 === The SSSD team is proud to announce the second beta release of version 1.11 of the System Security Services Daemon.
This pre-release does not bring substantial changes visible to the end-user. It is intended to be part of the development of FreeIPA 3.3 and its focus of supporting legacy (non-SSSD) clients in a setup where IPA server established a trust relationship with an Active Directory clients. A Fedora Test Day aimed at exercising the new features is planned for July 25th. See the Test Day page for more information: https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients As always, the source is available from https://fedorahosted.org/sssd. == Feedback == Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users == Highlights == * Includes several fixes related to setup where the SSSD is running on IPA client in a special "server mode". * The default DNS timeouts have been tweaked in order to allow the c-ares resolver to cycle through all available name servers * The pysss module now contains a new method `getgroupslist` that provides a Python interface to the POSIX `getgroupslist(3)` call * The sss_debuglevel tool is now able to change debug level of all responders, including PAC or autofs == Tickets Fixed == https://fedorahosted.org/sssd/ticket/1965 man: document that the default access provider in AD provider is "permit" https://fedorahosted.org/sssd/ticket/1988 [RFE] sss_cache has no option to clear all cached entries of all types https://fedorahosted.org/sssd/ticket/1997 When resolving a SID, search for groups first, then users https://fedorahosted.org/sssd/ticket/1998 sssd-ad man page states that ad_server can be an IP address even though SSSD doesn't support that https://fedorahosted.org/sssd/ticket/2005 SSSD filter out ldap user/group if uid/gid is zero https://fedorahosted.org/sssd/ticket/2009 Disallow or warn if full_name_format is set to a non-default value when IPA server mode is on https://fedorahosted.org/sssd/ticket/2023 AD provider in server mode follows referrals https://fedorahosted.org/sssd/ticket/2025 pysss module linking is broken == Documentation Changes == * The dns_resolver_timeout option default value was changed from 5 to 6 seconds. At the same time, the timeout that controls how long the internal resolver communicates with a single DNS server was changed to 2 seconds. This change would allow the resolver to cycle through up to 3 nameservers until the `dns_resolver_timeout` fires. * the sss_cache utility gained a new option -E. This option is a shortcut to tell sss_cache to invalidate all entries in the cache. Please note that invalidating sudo rules is still not implemented as it requires cooperation with the back end as well. == Detailed Changelog == This changelog does not include commits already released in 1.10.1 release. To see all changes since 1.11 beta2, run: $ git shortlog sssd-1_11_0_beta1..sssd-1_11_0_beta2 from a directory that contains the SSSD git checkout. Alexander Bokovoy (3): * build: fix dependencies for pysss module * pysss: add pysss.getgrouplist(username) * pysss: prevent crashing when group is unresolvable Jakub Hrozek (13): * Bumping the version for the 1.11 beta2 release * LDAP: When resolving a SID, search for groups first, then users * MAN: clarify the default access provider for AD * MAN: IP addresss does not work when used for ad_server * MAN: Clarify the min_id/max_id limits further * Remove unused be_ctx->sigchld_ctx * IPA: warn if full_name_format is customized in server mode * AD: Set the bool value same as default value in opts * Fix the default FQDN format * SUDO: realloc with sizeof(uint32_t) when adding uint32_t * KRB5: Do not send PAC in server mode * LDAP: Use domain-specific name where appropriate * Updating translations for the 1.11 beta2 release Lukas Slebodnik (11): * BUILD: Use pkg-config to detect cmocka * Use conditional build for retrieving ccache. * Remove unused function parameter * Fix clang format string warning. * Use functionm ldb_dn_get_linearized to format struct ldb_dn * Add mising argument required by format string * Remove unused memory context from function unpack_authtok * Fix warnings: uninitialized variable * Fix autotols warnings: macro xyz not found in library * Fix possible dereference of a NULL pointer. * Every time release allocated memory in function py_sss_getgrouplist Michal Zidek (5): * sss_cache: Add option to invalidate all entries * Missing space in debug message * Remove unused constant. * Set default DNS resolution timeout to 6 seconds. * Lower timeout to contact DNS server Ondrej Kos (1): * TOOLS: Update all services with sss_debuglevel Pavel Březina (1): * remove unused variable _______________________________________________ Freeipa-interest mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-interest