[Freeipa-interest] Announcing SSSD 1.5.13

Stephen Gallagher sgallagh at redhat.com
Mon Aug 29 14:56:52 UTC 2011


The SSSD team is proud to announce the LTM version 1.5.13 bugfix release
of the System Security Services Daemon. This release fixes several
regressions introduced in 1.5.12 during the HBAC rule rewrite and is a
highly recommended update for any FreeIPA deployment. Several other bugs
have also been fixed and are described below.

As always, it can be downloaded from https://fedorahosted.org/sssd/


== Highlights ==
 * Fixes a serious issue with LDAP connections when the communication is
dropped (e.g. VPN disconnection, waking from sleep)
 * SSSD is now less strict when dealing with users/groups with multiple
names when a definitive primary name cannot be determined
 * The LDAP provider will no longer attempt to canonicalize by default
when using SASL. An option to re-enable this has been provided.
 * Fixes for non-standard LDAP attribute names (e.g. those used by
Active Directory)
 * Three HBAC regressions have been fixed.

== Detailed Changelog ==
Jakub Hrozek (5):
 * Prevent segfault if vetoed_shells are specified without
allowed_shells
 * Handle timeout during sss_ldap_init_send
 * Return the first value of name if the multivalued name attribute does
not match RDN
 * Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
 * Use the default Kerberos realm for LDAP with GSSAPI auth

Ralf Haferkamp (1):
 * Allow the O_NONBLOCK flag to be reset correctly

Stephen Gallagher (6):
 * Bumping version to 1.5.13
 * Use sysdb attribute name for GID, not LDAP attribute
 * HBAC: Handle saving groups that have no members
 * HBAC: Use of hostgroups for targethost or sourcehost was broken
 * HBAC: Properly skip all non-group memberOf entries
 * Updating translation files for SSSD 1.5.13

Sumit Bose (1):
 * Improve password policy error code and message
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-interest/attachments/20110829/7297312f/attachment.sig>


More information about the Freeipa-interest mailing list