On Wed, Mar 15, 2017 at 04:17:51PM +0100, Jakub Hrozek wrote:
> Hi,
>
> I prepared release notes for today's release. They are written in
> anticipation that PR#186 with the subdomain config will be merged.
>
> The RST I pushed to the sssd/docs repo is below:
>
> SSSD 1.15.2
> ===========
>
> Highlights
> ----------
> * It is now possible to configure certain parameters of a trusted domain
> in a configuration file sub-section. In particular, it is now possible
> to configure which Active Directory DCs the SSSD talks to with a
> configuration like this::
>
> [domain/ipa.test]
> # IPA domain configuration. This domain trusts a Windows domain win.test
>
> [domain/ipa.test/win.test]
> ad_server = dc.win.test
>
> * Several issues related to socket-activating the NSS service, especially
> if SSSD was configured to use a non-privileged user were fixed. The NSS
> service now starts as root to avoid triggering a name-service lookup
> while the NSS service is not running yet. Additionally, the NSS service
> is started before any other service to make sure username resolution works
> and the other service can resolve the SSSD user correctly.
>
> * A new option ``cache_first`` allows the administrator to change the way
> multiple domains are searched. When this option is enabled, SSSD will
> first try to "pin" the requested name or ID to a domain by searching
> the entries that are already cached and contact the domain that contains
> the cached entry first. Previously, SSSD would check the cache and the
> remote server for each domain. This option brings performance benefit
> for setups that use multiple domains (even auto-discovered trusted
> domains), especially for ID lookups that would previously iterate over
> all domains. Please note that this option must be enabled with care as the
> administrator must ensure that the ID space of domains does not overlap.
>
> * The SSSD D-Bus interface gained two new methods:
> ``FindByNameAndCertificate`` and ``ListByCertificate``. These methods will
> be used primarily by IPA to correctly match multple users who use the
^^^^^^^
*be used primarily by IPA and mod_lookup_identity ...
bye,
Sumit
> same certificate for Smart Card login.
>
> * A bug where SSSD did not properly sanitize a username with a newline
> character in it was fixed.
>
> Packaging Changes
> -----------------
> None in this release
>
> Documentation Changes
> ---------------------
> * A new option ``cache_first`` was added. Please see the Highlights
> section for more details
>
> * The ``override_homedir`` option supports a new template expansion ``l``
> that expands to the first letter of username
>
>
> Tickets Fixed
> -------------
> Please note that due to a bug in the pagure.io tracker, some tickets that
> have dependencies set to other tickets cannot be closed at the moment.
>
> * `#3317 <https://pagure.io/SSSD/sssd/issue/3317>`_ - Newline characters
> (\n) must be sanitized before LDAP requests take place
> * `#3316 <https://pagure.io/SSSD/sssd/issue/3316>`_ - sssd-secrets doesn't
> exit on idle
> * `#3314 <https://pagure.io/SSSD/sssd/issue/3314>`_ - sssd ignores entire
> groups from proxy provider if one member is listed twice
> * `#3164 <https://pagure.io/SSSD/sssd/issue/3164>`_ - when group is
> invalidated using sss_cache dataExpireTimestamp entry in the domain and
> timestamps cache are inconsistent
> * `#2668 <https://pagure.io/SSSD/sssd/issue/2668>`_ - [RFE] Add more
> flexible templating for override_homedir config option
> * `#2599 <https://pagure.io/SSSD/sssd/issue/2599>`_ - Make it possible to
> configure AD subdomain in the server mode
> * `#3223 <https://pagure.io/SSSD/sssd/issue/3323>`_ - The
> sssd-$RESPONDER.service units should bind to their socket units
> * `#3322 <https://pagure.io/SSSD/sssd/issue/3322>`_ - chown in ExecStartPre
> of sssd-nss.service hangs forever
> * `#843 <https://pagure.io/SSSD/sssd/issue/843>`_ - Login time increases
> strongly if more than one domain is configured
> * `#2320 <https://pagure.io/SSSD/sssd/issue/2320>`_ - use the sss_parse_inp
> request in other responders than dbus
>
> Detailed Changelog
> ------------------
> _______________________________________________
> sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
> To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
