Jakub Hrozek
2013-07-24 14:23:20 UTC
=== SSSD 1.11 beta 2 ===
The SSSD team is proud to announce the second beta release of version 1.11
of the System Security Services Daemon.
This pre-release does not bring substantial changes visible to the end-user. It
is intended to be part of the development of FreeIPA 3.3 and its focus of
supporting legacy (non-SSSD) clients in a setup where IPA server established
a trust relationship with an Active Directory clients.
A Fedora Test Day aimed at exercising the new features is planned for July
25th. See the Test Day page for more information:
https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients
As always, the source is available from https://fedorahosted.org/sssd.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* Includes several fixes related to setup where the SSSD is running on
IPA client in a special "server mode".
* The default DNS timeouts have been tweaked in order to allow the c-ares
resolver to cycle through all available name servers
* The pysss module now contains a new method `getgroupslist` that provides
a Python interface to the POSIX `getgroupslist(3)` call
* The sss_debuglevel tool is now able to change debug level of all
responders, including PAC or autofs
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1965
man: document that the default access provider in AD provider is "permit"
https://fedorahosted.org/sssd/ticket/1988
[RFE] sss_cache has no option to clear all cached entries of all types
https://fedorahosted.org/sssd/ticket/1997
When resolving a SID, search for groups first, then users
https://fedorahosted.org/sssd/ticket/1998
sssd-ad man page states that ad_server can be an IP address even though SSSD doesn't support that
https://fedorahosted.org/sssd/ticket/2005
SSSD filter out ldap user/group if uid/gid is zero
https://fedorahosted.org/sssd/ticket/2009
Disallow or warn if full_name_format is set to a non-default value when IPA server mode is on
https://fedorahosted.org/sssd/ticket/2023
AD provider in server mode follows referrals
https://fedorahosted.org/sssd/ticket/2025
pysss module linking is broken
== Documentation Changes ==
* The dns_resolver_timeout option default value was changed from 5
to 6 seconds. At the same time, the timeout that controls how long the
internal resolver communicates with a single DNS server was changed to
2 seconds. This change would allow the resolver to cycle through up to 3
nameservers until the `dns_resolver_timeout` fires.
* the sss_cache utility gained a new option -E. This option is a
shortcut to tell sss_cache to invalidate all entries in the cache. Please
note that invalidating sudo rules is still not implemented as it requires
cooperation with the back end as well.
== Detailed Changelog ==
This changelog does not include commits already released in 1.10.1
release. To see all changes since 1.11 beta2, run:
$ git shortlog sssd-1_11_0_beta1..sssd-1_11_0_beta2
from a directory that contains the SSSD git checkout.
Alexander Bokovoy (3):
* build: fix dependencies for pysss module
* pysss: add pysss.getgrouplist(username)
* pysss: prevent crashing when group is unresolvable
Jakub Hrozek (13):
* Bumping the version for the 1.11 beta2 release
* LDAP: When resolving a SID, search for groups first, then users
* MAN: clarify the default access provider for AD
* MAN: IP addresss does not work when used for ad_server
* MAN: Clarify the min_id/max_id limits further
* Remove unused be_ctx->sigchld_ctx
* IPA: warn if full_name_format is customized in server mode
* AD: Set the bool value same as default value in opts
* Fix the default FQDN format
* SUDO: realloc with sizeof(uint32_t) when adding uint32_t
* KRB5: Do not send PAC in server mode
* LDAP: Use domain-specific name where appropriate
* Updating translations for the 1.11 beta2 release
Lukas Slebodnik (11):
* BUILD: Use pkg-config to detect cmocka
* Use conditional build for retrieving ccache.
* Remove unused function parameter
* Fix clang format string warning.
* Use functionm ldb_dn_get_linearized to format struct ldb_dn
* Add mising argument required by format string
* Remove unused memory context from function unpack_authtok
* Fix warnings: uninitialized variable
* Fix autotols warnings: macro xyz not found in library
* Fix possible dereference of a NULL pointer.
* Every time release allocated memory in function py_sss_getgrouplist
Michal Zidek (5):
* sss_cache: Add option to invalidate all entries
* Missing space in debug message
* Remove unused constant.
* Set default DNS resolution timeout to 6 seconds.
* Lower timeout to contact DNS server
Ondrej Kos (1):
* TOOLS: Update all services with sss_debuglevel
Pavel Březina (1):
* remove unused variable
The SSSD team is proud to announce the second beta release of version 1.11
of the System Security Services Daemon.
This pre-release does not bring substantial changes visible to the end-user. It
is intended to be part of the development of FreeIPA 3.3 and its focus of
supporting legacy (non-SSSD) clients in a setup where IPA server established
a trust relationship with an Active Directory clients.
A Fedora Test Day aimed at exercising the new features is planned for July
25th. See the Test Day page for more information:
https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients
As always, the source is available from https://fedorahosted.org/sssd.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* Includes several fixes related to setup where the SSSD is running on
IPA client in a special "server mode".
* The default DNS timeouts have been tweaked in order to allow the c-ares
resolver to cycle through all available name servers
* The pysss module now contains a new method `getgroupslist` that provides
a Python interface to the POSIX `getgroupslist(3)` call
* The sss_debuglevel tool is now able to change debug level of all
responders, including PAC or autofs
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1965
man: document that the default access provider in AD provider is "permit"
https://fedorahosted.org/sssd/ticket/1988
[RFE] sss_cache has no option to clear all cached entries of all types
https://fedorahosted.org/sssd/ticket/1997
When resolving a SID, search for groups first, then users
https://fedorahosted.org/sssd/ticket/1998
sssd-ad man page states that ad_server can be an IP address even though SSSD doesn't support that
https://fedorahosted.org/sssd/ticket/2005
SSSD filter out ldap user/group if uid/gid is zero
https://fedorahosted.org/sssd/ticket/2009
Disallow or warn if full_name_format is set to a non-default value when IPA server mode is on
https://fedorahosted.org/sssd/ticket/2023
AD provider in server mode follows referrals
https://fedorahosted.org/sssd/ticket/2025
pysss module linking is broken
== Documentation Changes ==
* The dns_resolver_timeout option default value was changed from 5
to 6 seconds. At the same time, the timeout that controls how long the
internal resolver communicates with a single DNS server was changed to
2 seconds. This change would allow the resolver to cycle through up to 3
nameservers until the `dns_resolver_timeout` fires.
* the sss_cache utility gained a new option -E. This option is a
shortcut to tell sss_cache to invalidate all entries in the cache. Please
note that invalidating sudo rules is still not implemented as it requires
cooperation with the back end as well.
== Detailed Changelog ==
This changelog does not include commits already released in 1.10.1
release. To see all changes since 1.11 beta2, run:
$ git shortlog sssd-1_11_0_beta1..sssd-1_11_0_beta2
from a directory that contains the SSSD git checkout.
Alexander Bokovoy (3):
* build: fix dependencies for pysss module
* pysss: add pysss.getgrouplist(username)
* pysss: prevent crashing when group is unresolvable
Jakub Hrozek (13):
* Bumping the version for the 1.11 beta2 release
* LDAP: When resolving a SID, search for groups first, then users
* MAN: clarify the default access provider for AD
* MAN: IP addresss does not work when used for ad_server
* MAN: Clarify the min_id/max_id limits further
* Remove unused be_ctx->sigchld_ctx
* IPA: warn if full_name_format is customized in server mode
* AD: Set the bool value same as default value in opts
* Fix the default FQDN format
* SUDO: realloc with sizeof(uint32_t) when adding uint32_t
* KRB5: Do not send PAC in server mode
* LDAP: Use domain-specific name where appropriate
* Updating translations for the 1.11 beta2 release
Lukas Slebodnik (11):
* BUILD: Use pkg-config to detect cmocka
* Use conditional build for retrieving ccache.
* Remove unused function parameter
* Fix clang format string warning.
* Use functionm ldb_dn_get_linearized to format struct ldb_dn
* Add mising argument required by format string
* Remove unused memory context from function unpack_authtok
* Fix warnings: uninitialized variable
* Fix autotols warnings: macro xyz not found in library
* Fix possible dereference of a NULL pointer.
* Every time release allocated memory in function py_sss_getgrouplist
Michal Zidek (5):
* sss_cache: Add option to invalidate all entries
* Missing space in debug message
* Remove unused constant.
* Set default DNS resolution timeout to 6 seconds.
* Lower timeout to contact DNS server
Ondrej Kos (1):
* TOOLS: Update all services with sss_debuglevel
Pavel Březina (1):
* remove unused variable