SHA256
1
0
forked from pool/sssd
sssd/sssd.spec

650 lines
19 KiB
RPMSpec
Raw Normal View History

#
# spec file for package sssd
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: sssd
Version: 1.12.5
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+
Group: System/Daemons
Url: https://fedorahosted.org/sssd/
#Git-Clone: git://git.fedorahosted.org/sssd
Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
Source2: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc
Source3: baselibs.conf
Accepting request 231991 from network:ldap - Update to new upstream release 1.11.5.1 * sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain * SSSD pam module accepts usernames with leading spaces * [RFE] Expose the list of trusted domains to IPA * If both IPA and LDAP are set up with enumeration on, two enum tasks are running * sssd.conf man pages don't list a configuration option. * Make SSSD compilable on systems with non-standard paths to krb5 includes * [freebsd] pam_sss: add ignore_unknown_user option * MAN: Remove misleading memberof example from ldap_access_filter example * not retrieving homedirs of AD users with posix attributes * Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes * Check IPA idranges before saving them to the cache * Evaluate usage of sudo LDAP provider together with the AD provider * Setting int option to 0 yields the default value * ipa-server-mode: Use lower-case user name component in home dir path * SSSD Does not cache SELinux map from FreeIPA correctly * IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in * sssd fails to handle expired passwords when OTP is used * Add another Kerberos error code to trigger IPA password migration * Double OK when starting the service * SSSD should create the SELinux mapping file with format expected by pam_selinux * Valgrind: Invalid read of int while processing netgroup * other subdomains are unavailable when joined to a subdomain in the ad forest * Error during password change * configure time variables not expanded when running ./configure * RHEL7 IPA selinuxusermap hbac rule not always matching OBS-URL: https://build.opensuse.org/request/show/231991 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=53
2014-05-02 09:51:48 +02:00
Source4: sssd.service
Source5: %name.keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Patch1: 0001-build-detect-endianness-at-configure-time.patch
%define servicename sssd
%define sssdstatedir %_localstatedir/lib/sss
%define dbpath %sssdstatedir/db
%define pipepath %sssdstatedir/pipes
%define pubconfpath %sssdstatedir/pubconf
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bind-utils
BuildRequires: cifs-utils-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: docbook-xsl-stylesheets
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
BuildRequires: krb5-devel >= 1.12
BuildRequires: libsmbclient-devel
BuildRequires: libtool
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
BuildRequires: libxml2-tools
BuildRequires: libxslt-tools
BuildRequires: nscd
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: pkgconfig >= 0.21
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(augeas) >= 1.0.0
BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
BuildRequires: pkgconfig(dhash) >= 0.4.2
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(ini_config) >= 1.1.0
BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares)
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
BuildRequires: pkgconfig(libcrypto)
BuildRequires: pkgconfig(libnfsidmap)
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
BuildRequires: pkgconfig(libpcre) >= 7
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
BuildRequires: pkgconfig(libsystemd-login)
BuildRequires: pkgconfig(ndr_nbt)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent)
%{?systemd_requires}
Requires: sssd-ldap = %version-%release
Requires(postun): pam-config
Provides: libsss_sudo = %version-%release
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
Provides: sssd-client = %version-%release
Obsoletes: libsss_sudo < %version-%release
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package ad
Summary: The ActiveDirectory backend plugin for sssd
License: GPL-3.0+
Group: System/Daemons
Requires: %name-krb5-common = %version
%description ad
Provides the Active Directory back end that the SSSD can utilize to
fetch identity data from and authenticate against an Active Directory
server.
%package dbus
Summary: The D-Bus responder of sssd
License: GPL-3.0+
Group: System/Base
Requires: %name = %version
%description dbus
Provides the D-Bus responder of sssd, called InfoPipe, which allows
information from sssd to be transmitted over the system bus.
%package ipa
Summary: FreeIPA backend plugin for sssd
License: GPL-3.0+
Group: System/Daemons
Requires: %name = %version
Requires: %name-krb5-common = %version-%release
Obsoletes: %name-ipa-provider < %version-%release
Provides: %name-ipa-provider = %version-%release
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity
data from and authenticate against an IPA server.
%package krb5
Summary: The Kerberos authentication backend plugin for sssd
License: GPL-3.0+
Group: System/Daemons
Requires: %name-krb5-common = %version-%release
%description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.
%package krb5-common
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
License: GPL-3.0+
Group: System/Daemons
%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can
use for Kerberos user or host authentication.
%package ldap
Summary: The LDAP backend plugin for sssd
License: GPL-3.0+
Group: System/Daemons
Requires: %name-krb5-common = %version-%release
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch
identity data from and authenticate against an LDAP server.
%package proxy
Summary: The proxy backend plugin for sssd
License: GPL-3.0+
Group: System/Daemons
%description proxy
Provides the proxy back end which can be used to wrap an existing NSS
and/or PAM modules to leverage SSSD caching.
%package tools
Summary: Commandline tools for sssd
License: GPL-3.0+ and LGPL-3.0+
Group: System/Management
Requires: python-sssd-config = %version
Requires: sssd = %version
%description tools
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%package wbclient
Summary: SSSD's implementation of the Winbind pipe protocol
License: LGPL-3.0+
Group: System/Libraries
%description wbclient
libwbclient is a plugin for the Samba client, though it has been
implemented as a regular shared library requested via DT_NEEDED.
sssd-wbclient implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and
groups identified by their SID to POSIX users and groups identified
by their POSIX UIDs and GIDs respectively.
%package wbclient-devel
Summary: Development files for SSSD winbind
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: %name-wbclient = %version
%description wbclient-devel
sssd-wbclient implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and
groups identified by their SID to POSIX users and groups identified
by their POSIX UIDs and GIDs respectively.
%package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0+
Group: System/Libraries
%description -n libipa_hbac0
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libipa_hbac-devel
Summary: Development files for the FreeIPA HBAC Evaluator library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libipa_hbac0 = %version
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization
requests.
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%package -n libnfsidmap-sss
Summary: Library to allow communication between libnfsidmap and SSSD
License: GPL-3.0+
Group: System/Libraries
Supplements: packageand(nfsidmap:sssd-client)
%description -n libnfsidmap-sss
A utility library to allow communication between libnfsidmap and SSSD.
%package -n libsss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0+
Group: System/Libraries
%description -n libsss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_idmap-devel
Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libsss_idmap0 = %version
%description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_nss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0+
Group: System/Libraries
%description -n libsss_nss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_nss_idmap-devel
Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libsss_nss_idmap0 = %version
%description -n libsss_nss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_simpleifp0
Summary: The SSSD D-Bus responder helper library
License: GPL-3.0+
Group: System/Libraries
%description -n libsss_simpleifp0
This subpackage provides a library that simplifies the D-Bus API for
the SSSD InfoPipe responder.
%package -n libsss_simpleifp-devel
Summary: Development files for the SSSD D-Bus responder helper library
License: GPL-3.0+
Group: Development/Libraries/C and C++
Requires: libsss_simpleifp0 = %version
%description -n libsss_simpleifp-devel
This subpackage provides the development files for sssd's simpleifp,
a library that simplifies the D-Bus API for the SSSD InfoPipe
responder.
%package -n libsss_sudo
Summary: A library to allow communication between sudo and SSSD
License: LGPL-3.0+
Group: System/Libraries
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
Supplements: packageand(sudo:sssd-client)
%description -n libsss_sudo
A utility library to allow communication between sudo and SSSD.
%package -n python-ipa_hbac
Summary: Python bindings for the FreeIPA HBAC Evaluator library
License: LGPL-3.0+
Group: Development/Libraries/Python
%py_requires
%description -n python-ipa_hbac
The python-ipa_hbac package contains the bindings so that libipa_hbac
can be used by Python applications.
%package -n python-sss_nss_idmap
Summary: Python bindings for libsss_nss_idmap
License: LGPL-3.0+
Group: Development/Libraries/Python
%py_requires
%description -n python-sss_nss_idmap
The libsss_nss_idmap-python contains the bindings so that
libsss_nss_idmap can be used by Python applications.
%package -n python-sssd-config
Summary: Python API for configuring sssd
License: GPL-3.0+ and LGPL-3.0+
Group: Development/Libraries/Python
%py_requires
%description -n python-sssd-config
Provide python module to access and manage configuration of the System
Security Services Daemon (sssd).
%prep
%setup -q
%patch -P 1 -p1
%build
%if 0%{?suse_version} < 1210
# pkgconfig file not present
export LDB_LIBS="-lldb"
export LDB_CFLAGS=" "
export LDB_DIR="%_libdir/ldb"
%else
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
%endif
# help configure find nscd
export PATH="$PATH:/usr/sbin"
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
autoreconf -fiv;
export CFLAGS="%optflags -fPIE"
export LDFLAGS="-pie"
%configure \
--with-crypto=libcrypto \
--with-db-path="%dbpath" \
--with-pipe-path="%pipepath" \
--with-pubconf-path="%pubconfpath" \
--with-init-dir="%_initrddir" \
--enable-nsslibdir="/%_lib" \
--enable-pammoddir="/%_lib/security" \
--with-ldb-lib-dir="$LDB_DIR" \
--with-selinux=no \
--with-os=suse \
--with-semanage=no \
--disable-ldb-version-check \
--disable-pac-responder
make %{?_smp_mflags} all
%install
b="%buildroot";
make install DESTDIR="$b"
# Copy default sssd.conf file
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
"$b/%_mandir"/{uk/man5,uk/man8};
install -d "$b/%_sysconfdir/sssd";
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
install -d "$b/%_unitdir";
install -m644 %{S:4} "$b/%_unitdir/sssd.service";
rm -Rf "$b/%_initddir"
ln -s service "$b/%_sbindir/rcsssd"
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
mkdir -p "$b/%_sysconfdir/ld.so.conf.d"
cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
%_libdir/%name/modules
EOF
find "$b" -type f -name "*.la" -delete;
rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1"
%find_lang %name --all-name
%pre
%service_add_pre sssd.service
%post
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
/sbin/ldconfig
%service_add_post sssd.service
%preun
%service_del_preun sssd.service
%postun
if [ "$1" = "0" ]; then
"%_sbindir/pam-config" -d --sss || :;
fi;
/sbin/ldconfig
# Clear caches, which may have an incompatible format afterwards
# (especially, downgrades)
rm -f /var/lib/sss/db/*.ldb
# del_postun includes a try-restart
%service_del_postun sssd.service
%insserv_cleanup
%post -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%post -n libsss_idmap0 -p /sbin/ldconfig
%postun -n libsss_idmap0 -p /sbin/ldconfig
%post -n libsss_nss_idmap0 -p /sbin/ldconfig
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
%post -n libsss_simpleifp0 -p /sbin/ldconfig
%postun -n libsss_simpleifp0 -p /sbin/ldconfig
%files -f sssd.lang
%defattr(-,root,root)
%doc COPYING
%_unitdir
%_bindir/sss_ssh_*
%_sbindir/sssd
%_sbindir/rcsssd
%dir %_mandir/??/
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5*
%_mandir/??/man5/sssd.conf.5*
%_mandir/??/man8/sssd.8*
%_mandir/man1/sss_ssh_*
%_mandir/man5/sssd-simple.5*
%_mandir/man5/sssd-sudo.5*
%_mandir/man5/sssd.conf.5*
%_mandir/man8/sssd.8*
%dir %_libdir/%name/
%_libdir/%name/libsss_child*
%_libdir/%name/libsss_crypt*
%_libdir/%name/libsss_debug*
%_libdir/%name/libsss_semanage*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%dir %_libdir/%name/modules/
%_libdir/%name/modules/libsss_autofs.so
%_libdir/libsss_sudo.so
%dir %_libdir/ldb/
%_libdir/ldb/memberof.so
%dir %_libexecdir/%name/
%_libexecdir/%name/sssd_autofs
%_libexecdir/%name/sssd_be
%_libexecdir/%name/sssd_nss
%_libexecdir/%name/sssd_pam
%_libexecdir/%name/sssd_ssh
%_libexecdir/%name/sssd_sudo
%_libexecdir/%name/sss_signal
%dir %sssdstatedir
%attr(700,root,root) %dir %dbpath/
%attr(755,root,root) %dir %pipepath/
%attr(700,root,root) %dir %pipepath/private/
%attr(755,root,root) %dir %pubconfpath/
%attr(750,root,root) %dir %_localstatedir/log/%name/
%dir %_sysconfdir/sssd/
%config(noreplace) %_sysconfdir/sssd/sssd.conf
%dir %_datadir/%name/
%_datadir/%name/sssd.api.conf
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-local.conf
%_datadir/%name/sssd.api.d/sssd-simple.conf
#
# sssd-client
#
/%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so
%_libdir/cifs-utils/
%_libdir/krb5/
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/man8/pam_sss.8*
%_mandir/man8/sssd_krb5_locator_plugin.8*
%files ad
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ad.so
%_libdir/%name/libsss_ad_common.so
%dir %_libexecdir/%name/
%_libexecdir/%name/gpo_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf
%_mandir/man5/sssd-ad.5*
%files dbus
%defattr(-,root,root)
%dir %_libexecdir/sssd/
%_libexecdir/sssd/sssd_ifp
%dir %_libdir/sssd/
%_libdir/sssd/libsss_config.so
%_mandir/man5/sssd-ifp.5*
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ifp.5*
%files ipa
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ipa*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf
%_mandir/man5/sssd-ipa.5*
%files krb5
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5.so
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5*
%files krb5-common
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5_common.so
%dir %_libexecdir/%name/
%_libexecdir/%name/krb5_child
%_libexecdir/%name/ldap_child
%files ldap
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ldap*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%_mandir/man5/sssd-ldap.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ldap.5*
%files proxy
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_proxy.so
%dir %_libexecdir/%name/
%_libexecdir/%name/proxy_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-proxy.conf
%files tools
%defattr(-,root,root)
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
%_sbindir/sss_groupadd
%_sbindir/sss_groupdel
%_sbindir/sss_groupmod
%_sbindir/sss_groupshow
%_sbindir/sss_seed
%_sbindir/sss_obfuscate
%_sbindir/sss_useradd
%_sbindir/sss_userdel
%_sbindir/sss_usermod
%dir %_mandir/??/man8/
%_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8*
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%files wbclient
%defattr(-,root,root)
%config %_sysconfdir/ld.so.conf.d/sssd-wbclient.conf
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%dir %_libdir/sssd/
%dir %_libdir/sssd/modules/
%_libdir/sssd/modules/libwbclient.so.*
%files wbclient-devel
%defattr(-,root,root)
%_includedir/wbclient_sssd.h
%dir %_libdir/sssd/
%dir %_libdir/sssd/modules/
%_libdir/sssd/modules/libwbclient.so
%_libdir/pkgconfig/wbclient_sssd.pc
%files -n libipa_hbac0
%defattr(-,root,root)
%_libdir/libipa_hbac.so.0*
%files -n libipa_hbac-devel
%defattr(-,root,root)
%_includedir/ipa_hbac.h
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc
Accepting request 259244 from network:ldap - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. * Several new options are available for deployments that need to restrict a certain PAM service from connecting to a certain SSSD domain. For more details, see the description of pam_trusted_users and pam_public_domains options in the sssd.conf(5) man page and the domains option in the pam_sss(8) man page. * When SSSD is acting as an IPA client in setup with trusted AD domains, it is able to return group members or full group memberships for users from trusted AD domains. * Support for the "views" feature of IPA. - Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch (merged upstream) - Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch to workaround bad autoconf invocation - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. - Update to new upstream release 1.12.1 * The GPO access control was further enhanced to allow the access control decisions while offline and map the Windows logon rights onto Linux PAM services. * The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5). OBS-URL: https://build.opensuse.org/request/show/259244 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
2014-11-04 17:27:34 +01:00
%files -n libnfsidmap-sss
%defattr(-,root,root)
%_libdir/libnfsidmap/
%_mandir/man5/sss_rpcidmapd.5*
%files -n libsss_idmap0
%defattr(-,root,root)
%_libdir/libsss_idmap.so.0*
%files -n libsss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_idmap.h
%_libdir/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc
%files -n libsss_nss_idmap0
%defattr(-,root,root)
%_libdir/libsss_nss_idmap.so.0*
%files -n libsss_nss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_nss_idmap.h
%_libdir/libsss_nss_idmap.so
%_libdir/pkgconfig/sss_nss_idmap.pc
%files -n libsss_simpleifp0
%defattr(-,root,root)
%_libdir/libsss_simpleifp.so.0*
%files -n libsss_simpleifp-devel
%defattr(-,root,root)
%_includedir/sss_sifp*.h
%_libdir/libsss_simpleifp.so
%_libdir/pkgconfig/sss_simpleifp.pc
%files -n python-ipa_hbac
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pyhbac.so
%files -n python-sss_nss_idmap
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pysss_nss_idmap.so
%files -n python-sssd-config
%defattr(-,root,root)
%python_sitearch/pysss.so
%python_sitearch/pysss_murmur.so
%python_sitelib/SSSDConfig*
%changelog