[Freeipa-interest] Announcing SSSD 1.11 beta 2

Jakub Hrozek jhrozek at redhat.com
Wed Jul 24 14:23:20 UTC 2013 

                      === SSSD 1.11 beta 2 ===

The SSSD team is proud to announce the second beta release of version 1.11
of the System Security Services Daemon.

This pre-release does not bring substantial changes visible to the end-user. It
is intended to be part of the development of FreeIPA 3.3 and its focus of
supporting legacy (non-SSSD) clients in a setup where IPA server established
a trust relationship with an Active Directory clients.

A Fedora Test Day aimed at exercising the new features is planned for July
25th. See the Test Day page for more information:
https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients

As always, the source is available from https://fedorahosted.org/sssd.

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel or
sssd-users mailing lists:
    https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
    https://lists.fedorahosted.org/mailman/listinfo/sssd-users

== Highlights ==
 * Includes several fixes related to setup where the SSSD is running on
   IPA client in a special "server mode".
 * The default DNS timeouts have been tweaked in order to allow the c-ares
   resolver to cycle through all available name servers
 * The pysss module now contains a new method `getgroupslist` that provides
   a Python interface to the POSIX `getgroupslist(3)` call
 * The sss_debuglevel tool is now able to change debug level of all
   responders, including PAC or autofs

== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1965
    man: document that the default access provider in AD provider is "permit"
https://fedorahosted.org/sssd/ticket/1988
    [RFE] sss_cache has no option to clear all cached entries of all types
https://fedorahosted.org/sssd/ticket/1997
    When resolving a SID, search for groups first, then users
https://fedorahosted.org/sssd/ticket/1998
    sssd-ad man page states that ad_server can be an IP address even though SSSD doesn't support that
https://fedorahosted.org/sssd/ticket/2005
    SSSD filter out ldap user/group if uid/gid is zero
https://fedorahosted.org/sssd/ticket/2009
    Disallow or warn if full_name_format is set to a non-default value when IPA server mode is on
https://fedorahosted.org/sssd/ticket/2023
    AD provider in server mode follows referrals
https://fedorahosted.org/sssd/ticket/2025
    pysss module linking is broken

== Documentation Changes ==
* The dns_resolver_timeout option default value was changed from 5
  to 6 seconds. At the same time, the timeout that controls how long the
  internal resolver communicates with a single DNS server was changed to
  2 seconds. This change would allow the resolver to cycle through up to 3
  nameservers until the `dns_resolver_timeout` fires.
* the sss_cache utility gained a new option -E. This option is a
  shortcut to tell sss_cache to invalidate all entries in the cache. Please
  note that invalidating sudo rules is still not implemented as it requires
  cooperation with the back end as well.

== Detailed Changelog ==
This changelog does not include commits already released in 1.10.1
release. To see all changes since 1.11 beta2, run:
 $ git shortlog sssd-1_11_0_beta1..sssd-1_11_0_beta2
from a directory that contains the SSSD git checkout.

Alexander Bokovoy (3):
      * build: fix dependencies for pysss module
      * pysss: add pysss.getgrouplist(username)
      * pysss: prevent crashing when group is unresolvable
 
Jakub Hrozek (13):
      * Bumping the version for the 1.11 beta2 release
      * LDAP: When resolving a SID, search for groups first, then users
      * MAN: clarify the default access provider for AD
      * MAN: IP addresss does not work when used for ad_server
      * MAN: Clarify the min_id/max_id limits further
      * Remove unused be_ctx->sigchld_ctx
      * IPA: warn if full_name_format is customized in server mode
      * AD: Set the bool value same as default value in opts
      * Fix the default FQDN format
      * SUDO: realloc with sizeof(uint32_t) when adding uint32_t
      * KRB5: Do not send PAC in server mode
      * LDAP: Use domain-specific name where appropriate
      * Updating translations for the 1.11 beta2 release
 
Lukas Slebodnik (11):
      * BUILD: Use pkg-config to detect cmocka
      * Use conditional build for retrieving ccache.
      * Remove unused function parameter
      * Fix clang format string warning.
      * Use functionm ldb_dn_get_linearized to format struct ldb_dn
      * Add mising argument required by format string
      * Remove unused memory context from function unpack_authtok
      * Fix warnings: uninitialized variable
      * Fix autotols warnings: macro xyz not found in library
      * Fix possible dereference of a NULL pointer.
      * Every time release allocated memory in function py_sss_getgrouplist
 
Michal Zidek (5):
      * sss_cache: Add option to invalidate all entries
      * Missing space in debug message
      * Remove unused constant.
      * Set default DNS resolution timeout to 6 seconds.
      * Lower timeout to contact DNS server
 
Ondrej Kos (1):
      * TOOLS: Update all services with sss_debuglevel
 
Pavel Březina (1):
      * remove unused variable

More information about the Freeipa-interest mailing list