Hi,
I've pushed quite a couple of patches to the sssd-1-9 branch lately as part of work on RHEL-6.5. I think it would be nice to use that as basis of 1.9.6 upstream release.
Is there anything that the users or developers would like to include in the 1.9.6 ? There are some mmap patches on the list that need pushing to 1.9 but apart from them, I think this is pretty much it.
Here is a list of tickets 1.9.6 would fix in the 1.9 branch:
* Enabling enumeration causes sssd_be process to utilize 100% of the CPU https://fedorahosted.org/sssd/ticket/1893 * SSSD doesn't display warning for last grace login. https://fedorahosted.org/sssd/ticket/1890 * [RFE] support autoconfiguring SUDO with ipa provider and compat tree https://fedorahosted.org/sssd/ticket/1733 * SUDO is not working for users from trusted AD domain https://fedorahosted.org/sssd/ticket/1912 * getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality https://fedorahosted.org/sssd/ticket/1823 * [RFE] Add support for suppressing group members https://fedorahosted.org/sssd/ticket/1376 * If previous SRV query failed, the next try might not be retried in some cases https://fedorahosted.org/sssd/ticket/1886 * [abrt] sssd-1.10.0-4.fc19.beta1: get_server_status: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) https://fedorahosted.org/sssd/ticket/1947 * sssd_be goes to 99% CPU and causes significant login delays when client is under load https://fedorahosted.org/sssd/ticket/1806 * sudoHost mismatch response is incorrect sometimes https://fedorahosted.org/sssd/ticket/1693 * sssd fails to resolve hosts/services once the network is up https://fedorahosted.org/sssd/ticket/1933 * cyclic group memberships may not work depending on order of operations https://fedorahosted.org/sssd/ticket/1846 * sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs https://fedorahosted.org/sssd/ticket/2031 * sssd_be crashing with nested ldap groups contain a dangling member https://fedorahosted.org/sssd/ticket/1932 * sss_cache -N/-n should invalidate the hash table in sssd_nss https://fedorahosted.org/sssd/ticket/1759 * SSSD filter out ldap user/group if uid/gid is zero https://fedorahosted.org/sssd/ticket/2005 * SSSD service randomly dies https://fedorahosted.org/sssd/ticket/1980 * SYSV init script should use @sbindir@ https://fedorahosted.org/sssd/ticket/1986 * Enhance sssd init script so that it would source a configuration https://fedorahosted.org/sssd/ticket/1959 * SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable https://fedorahosted.org/sssd/ticket/1966 * resolv-tests failing with memory leak https://fedorahosted.org/sssd/ticket/1899 * sssd_nss terminated with segmentation fault https://fedorahosted.org/sssd/ticket/2018 * unite periodic refresh API https://fedorahosted.org/sssd/ticket/1891 * [RFE] Add a task to the SSSD to periodically refresh cached entries https://fedorahosted.org/sssd/ticket/1713 * passwd returns "Authentication token manipulation error" when entering wrong current password https://fedorahosted.org/sssd/ticket/2029 * Cannot change expired password of an AD user https://fedorahosted.org/sssd/ticket/1827
And here is a complete log of what's currently planned for 1.9.6 (git log --oneline sssd-1_9_5..sssd-1-9):
658e275 print hint about password complexity when new password is rejected f4f0a4c ldap, krb5: More descriptive msg on chpass failure. 261bc18 providers: refresh expired netgroups edbafc2 back end: add refresh expired records periodic task f47934c back end: periodical refresh of expired records API 651ab87 back end: periodic task API 4fda997 mmap_cache: Check if slot and name_ptr are not invalid. 560e2b4 resolv-tests failing with memory leak 8d4485d Set default DNS resolution timeout to 6 seconds. 1e50573 Lower timeout to contact DNS server 7a45875 Add a commit template 230e4e4 init script: source /etc/sysconfig/sssd 60d3b25 Configure SYSV init scripts properly 4a3ad2f Handle too many results from getnetgr. 67771f6 Do not call sss_cmd_done in function check_cache. 5d762a9 MAN: Clarify the min_id/max_id limits further 3678074 NSS: Clear cached netgroups if a request comes in from the sss_cache 845deed NSS: allow removing entries from netgroup hash table f081ea9 LDAP: Fix crash when processing nested groups c487f42 sudo: print better debug message when a rule has multiple cn values a810814 sudo: skip rule on error instead of failing completely e4c8fd0 Every time use permissive control in function memberof_mod. 26df163 Always set port status to neutral when resetting service. ec7fbcd sudo responder: use different callback for oob refresh e7769aa IPA: Do not download or store the member attribute of host groups ab4c050 failover: if expanded server is marked as neutral, invoke srv collapse 5ecdadb collapse_srv_lookup may free the server, make it clear from the API 5e0f0c4 failover: set state->out when meta server remains in SRV_RESOLVE_ERROR 868bf88 Add ignore_group_members option. c13eb93 Adding option to disable retrieving large AD groups. 200d054 Removing unused functions. 2aaa41c sudo responder: use fully qualified name for subdomain users 96db69c SUDO: IPA provider ac77faa Display the last grace warning, too 3896c82 Only try to relink ghost users if we're not enumerating