- Update to new upstream release 1.12.2 (bugfix release, bnc#900159)
* Fixed a regression where the IPA provider did not fetch User
Private Groups correctly
* An important bug in the GPO access control which resulted in a
wrong principal being used, was fixed.
* Several new options are available for deployments that need to
restrict a certain PAM service from connecting to a certain SSSD
domain. For more details, see the description of
pam_trusted_users and pam_public_domains options in the
sssd.conf(5) man page and the domains option in the pam_sss(8)
man page.
* When SSSD is acting as an IPA client in setup with trusted AD
domains, it is able to return group members or full group
memberships for users from trusted AD domains.
* Support for the "views" feature of IPA.
- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
(merged upstream)
- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
to workaround bad autoconf invocation
- 0001-build-detect-endianness-at-configure-time.patch
Correct defective endianness test.
- Update to new upstream release 1.12.1
* The GPO access control was further enhanced to allow the access
control decisions while offline and map the Windows logon
rights onto Linux PAM services.
* The SSSD now ships a plugin for the rpc.idmapd daemon,
sss_rpcidmapd(5).
OBS-URL: https://build.opensuse.org/request/show/259244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
- Update to new upstream release 1.12.2 (bugfix release, bnc#900159)
* Fixed a regression where the IPA provider did not fetch User
Private Groups correctly
* An important bug in the GPO access control which resulted in a
wrong principal being used, was fixed.
* Several new options are available for deployments that need to
restrict a certain PAM service from connecting to a certain SSSD
domain. For more details, see the description of
pam_trusted_users and pam_public_domains options in the
sssd.conf(5) man page and the domains option in the pam_sss(8)
man page.
* When SSSD is acting as an IPA client in setup with trusted AD
domains, it is able to return group members or full group
memberships for users from trusted AD domains.
* Support for the "views" feature of IPA.
- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
(merged upstream)
- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
to workaround bad autoconf invocation
- 0001-build-detect-endianness-at-configure-time.patch
Correct defective endianness test.
- Update to new upstream release 1.12.1
* The GPO access control was further enhanced to allow the access
control decisions while offline and map the Windows logon
rights onto Linux PAM services.
* The SSSD now ships a plugin for the rpc.idmapd daemon,
sss_rpcidmapd(5).
OBS-URL: https://build.opensuse.org/request/show/259244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
- Update to new upstream release 1.11.5.1
* sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain
* SSSD pam module accepts usernames with leading spaces
* [RFE] Expose the list of trusted domains to IPA
* If both IPA and LDAP are set up with enumeration on, two enum tasks are running
* sssd.conf man pages don't list a configuration option.
* Make SSSD compilable on systems with non-standard paths to krb5 includes
* [freebsd] pam_sss: add ignore_unknown_user option
* MAN: Remove misleading memberof example from ldap_access_filter example
* not retrieving homedirs of AD users with posix attributes
* Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes
* Check IPA idranges before saving them to the cache
* Evaluate usage of sudo LDAP provider together with the AD provider
* Setting int option to 0 yields the default value
* ipa-server-mode: Use lower-case user name component in home dir path
* SSSD Does not cache SELinux map from FreeIPA correctly
* IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in
* sssd fails to handle expired passwords when OTP is used
* Add another Kerberos error code to trigger IPA password migration
* Double OK when starting the service
* SSSD should create the SELinux mapping file with format expected by pam_selinux
* Valgrind: Invalid read of int while processing netgroup
* other subdomains are unavailable when joined to a subdomain in the ad forest
* Error during password change
* configure time variables not expanded when running ./configure
* RHEL7 IPA selinuxusermap hbac rule not always matching
OBS-URL: https://build.opensuse.org/request/show/231991
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=53
- Update to new upstream release 1.11.5.1
* sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain
* SSSD pam module accepts usernames with leading spaces
* [RFE] Expose the list of trusted domains to IPA
* If both IPA and LDAP are set up with enumeration on, two enum tasks are running
* sssd.conf man pages don't list a configuration option.
* Make SSSD compilable on systems with non-standard paths to krb5 includes
* [freebsd] pam_sss: add ignore_unknown_user option
* MAN: Remove misleading memberof example from ldap_access_filter example
* not retrieving homedirs of AD users with posix attributes
* Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes
* Check IPA idranges before saving them to the cache
* Evaluate usage of sudo LDAP provider together with the AD provider
* Setting int option to 0 yields the default value
* ipa-server-mode: Use lower-case user name component in home dir path
* SSSD Does not cache SELinux map from FreeIPA correctly
* IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in
* sssd fails to handle expired passwords when OTP is used
* Add another Kerberos error code to trigger IPA password migration
* Double OK when starting the service
* SSSD should create the SELinux mapping file with format expected by pam_selinux
* Valgrind: Invalid read of int while processing netgroup
* other subdomains are unavailable when joined to a subdomain in the ad forest
* Error during password change
* configure time variables not expanded when running ./configure
* RHEL7 IPA selinuxusermap hbac rule not always matching
OBS-URL: https://build.opensuse.org/request/show/231991
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=53
* sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain
* SSSD pam module accepts usernames with leading spaces
* [RFE] Expose the list of trusted domains to IPA
* If both IPA and LDAP are set up with enumeration on, two enum tasks are running
* sssd.conf man pages don't list a configuration option.
* Make SSSD compilable on systems with non-standard paths to krb5 includes
* [freebsd] pam_sss: add ignore_unknown_user option
* MAN: Remove misleading memberof example from ldap_access_filter example
* not retrieving homedirs of AD users with posix attributes
* Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes
* Check IPA idranges before saving them to the cache
* Evaluate usage of sudo LDAP provider together with the AD provider
* Setting int option to 0 yields the default value
* ipa-server-mode: Use lower-case user name component in home dir path
* SSSD Does not cache SELinux map from FreeIPA correctly
* IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in
* sssd fails to handle expired passwords when OTP is used
* Add another Kerberos error code to trigger IPA password migration
* Double OK when starting the service
* SSSD should create the SELinux mapping file with format expected by pam_selinux
* Valgrind: Invalid read of int while processing netgroup
* other subdomains are unavailable when joined to a subdomain in the ad forest
* Error during password change
* configure time variables not expanded when running ./configure
* RHEL7 IPA selinuxusermap hbac rule not always matching
* AD Enumeration reads data from LDAP while regular lookups connect to GC
* Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not
* sssd_be crashes when ad_access_filter uses FOREST keyword.
* "System Error" when invalid ad_access_filter is used
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=111