[Freeipa-interest] Announcing SSSD 1.4.0

Stephen Gallagher sgallagh at redhat.com
Mon Oct 18 18:53:07 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The SSSD team proudly announces the release of the System Security
Services Daemon version 1.4.0.

As always, SSSD 1.4.0 can be downloaded at https://fedorahosted.org/sssd


== Highlights ==
 * Added support for netgroups to the LDAP provider
 * Performance improvements made to group processing of RFC2307 LDAP servers
 * Fixed nested group issues with RFC2307bis LDAP servers without a
memberOf plugin
 * Build-system improvements to support Gentoo
 * Split out several libraries into the ding-libs tarball
 * Manpage reviewed and updated

== Detailed Changelog ==

Jakub Hrozek (30):
 * Fix wrong return value in HBAC time rules evaluation
 * Package systemd unit file
 * Move crypto functions into its own subdir
 * Add safe copy/move macros for uint16_t
 * Password obfuscation utility functions
 * Fix pysss linking
 * Python bindings for obfuscation
 * sss_obfuscate tool
 * Deobfuscate password in back ends
 * Fix assorted minor bugs in sss_ tools
 * Fix parameter order when initializing decryption
 * Revert "Make ldap bind asynchronous"
 * Define objectclass with a constant
 * Use a different min_id for local domain
 * Add parameter to skip cleanup in sysdb test
 * Fix sysdb_group_dn_name
 * Fix sysdb_attrs_to_list
 * Request the correct attribute name
 * Add KDC to the list of LDAP options
 * Report Kerberos error code from ldap_child_get_tgt_sync
 * Make ldap_child report kerberos return code to parent
 * Initialize kerberos service for GSSAPI
 * Check for GSSAPI before attempting to kinit
 * Add sysdb_attrs_get_ulong utility function
 * sysdb interface for adding incomplete groups
 * Save dummy groups to cache during initgroups
 * sysdb interface for adding fake users
 * Save dummy member users during RFC2307 getgr{nam,gid}
 * Use unsigned long for conversion to id_t
 * set in_transaction explicitly to false

Jan Zeleny (14):
 * Initialized return value in dp_copy_options()
 * Fixed potential comparison of undefined variable
 * Fixed printing of undefined value in sdap_async_accounts.c
 * Fixed uninialized value in proxy_id provider
 * Cleaned some dead assignments
 * Reviewed sssd-ldap man page
 * Fixed small issue in memory context hierarchy
 * Dead assignments cleanup in providers code
 * Dead assignments cleanup in NSS responder
 * Dead assignments cleanup in memberof module
 * Dead assignments cleanup in various places in SSSD
 * Disable events on ldap fd when offline.
 * Man pages should mention supported providers
 * Move all references to ldap_<entity>_search_base to "advanced" section

Martin Nagy (1):
 * Make ldap bind asynchronous

Maxim (6):
 * Fix building sssd
 * Fix configure check for ldb
 * Add gentoo distrubutions
 * Add custom pam module dir
 * Add gentoo-specific init dir
 * Remove useless /etc/dbus-1/system.d directory from installation

Ralf Haferkamp (2):
 * Shortcut for save_group() to accept sysdb DNs as member attributes
 * Return all group members from getgr(nam|gid)

Simo Sorce (2):
 * Check if control is supported before using it.
 * Add option to limit nested groups

Stephen Gallagher (36):
 * Fix chpass operations with LDAP provider
 * Remove common directory
 * Rewrite toplevel Makefile
 * Build SSSD RPMs with external libraries
 * Remove src/Makefile.am and src/configure.ac
 * Don't build SSSDConfig API when configured with --without-python-bindings
 * Treat a zero-length password as a failure
 * Properly handle errors from a password change operation
 * Handle multiple simultaneous enumeration requests
 * Remove generated manpages when performing "make clean"
 * Request all group attributes during initgroups processing
 * Fix missing variable substitution in DEBUG message
 * Initgroups on a non-cached user should go to the data provider
 * Fix assorted specfile issues
 * Initialize debug_level to zero in crypto tests
 * Return offline instead of error
 * Add common hash table setup
 * Add utility function sss_strnlen()
 * Store entry_cache_timeout in sss_domain_info object
 * Require explicit setting of callback context for check_cache
 * Netgroups sysdb API
 * netgroup tests
 * Rename group.c and passwd.c for clarity
 * Add support for netgroups to NSS sss_client
 * Add negative cache features for netgroups
 * Split out some helper functions for the NSS responder
 * Add netgroup support to the NSS responder
 * Rename upgrade_config.py and build it properly
 * Assorted specfile changes
 * Make sdap_save_users_send handle zero users gracefully
 * Handle nested groups in RFC2307bis
 * Modify sysdb_[add|remove]_group_member to accept users and groups
 * Add proper nested initgroup support for RFC2307bis servers
 * Updating translation files for release
 * Fix 'make distcheck' for XML documentation
 * Updating version for SSSD 1.4.0 release

Sumit Bose (21):
 * Store rootdse supported features in sdap_handler
 * Handle host objects like other objects
 * Save all data to sysdb in one transaction
 * Use new MIT krb5 API for better password expiration warnings
 * Suppress some 'may be used uninitialized' warnings
 * Suppress some 'unchecked return value' warnings
 * Use POPT_TABLEEND to close option table
 * Add a missing include file
 * Rename index to idx
 * Distribute XML sources instead of man-pages
 * Remove unused defines
 * Raise the required version of libdhash
 * Add missing tevent_req_done()
 * Return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUND
 * Add handling of nested netgroups to nss client
 * Do not fail if netgroup exists just update the attributes
 * Add sysdb_netgroup_base_dn()
 * Also return member groups to the client
 * Add infrastructure to LDAP provider for netgroup support
 * Implement netgroup support for LDAP provider
 * Avoid a global variable in netgroup client.


- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky8l5MACgkQeiVVYja6o6OpJACcDhrk8Bm/+e+p4kayk6XDWBJP
ckwAnjCNzn/m97d4+foPDPi4j1H3X7pT
=LQ2X
-----END PGP SIGNATURE-----

More information about the Freeipa-interest mailing list