=== SSSD 1.9.1 ===
The SSSD team is proud to announce the release of version 1.9.1 of
the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly, initially for F-18
and rawhide and later also backported to F-17.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
== Highlights ==
* The distribution tarball was fixed to include a missing file, which
prevented "make rpms" from running correctly.
* Handle gracefully the situation where the namingContext is zero-length,
such as when connected to the Novell eDirectory server.
* A new option default_domain_suffix was added. This option is mainly
useful for environments whose users come from a trusted domain so that
the user doesn't have to specify that trusted domain with every user lookup.
* Many man page fixes that were held from the 1.9.0 release during the
* The entries in the generated known_hosts file are now expired preventing
the file from growing indefinitely
* The PID file is now created after all the SSSD services start up to
avoid notifying the user via the init system before SSSD is able to
== Tickets Fixed ==
SSSD is slow at startup
Init script reports complete before sssd is actually working
Range Retrieval: Unable to retrieve all members when filter is used
in search base.
Mention ldap_schema types on newlines or comma separate them.
ldap_chpass_update_last_change is not included in the manual page
Explain default re_expression in IPA and AD provider man pages
[RFE] Login with users from a trusted domain always requires a FQ name
Improve recreating new ccache file when the old one is not accessible
Flip the default value of ldap_initgroups_use_matching_rule_in_chain
Fix sssd-ad id ranges
[man sssd-ldap] 'ldap_access_filter' description needs to be updated
Manpage has ldap_autofs_search_base as experimental feature
User authentication using LDAP doesn't work
sss_seed "-h" and "--help" options should output similar results
User authentication fails when password is read from a file using -p
option of SSS_SEED tool.
Providing invalid UID/GID values, terminates sss_seed tool without
any error message
sss_seed should not allow blank passwords
Domains overlap in range 1 - 4294967295
Document the need to restart autofs service.
== Detailed Changelog ==
Jakub Hrozek (11):
* Bumping the version to 1.9.1 release
* Document ldap_chpass_update_last_change
* sudo and autofs search bases should not be marked experimental
* Flip the default value of ldap_initgroups_use_matching_rule_in_chain
* Include param_help_py.xml in the list of po4a sources
* Note that Range Retrieval is not supported when filter is used in the search base.
* Change the log level of two DEBUG messages in check_domain_ranges
* Remove unused variable
* Check for existing pidfile before starting the providers
* man: Note that automounter must be restarted to re-read the master map
* Updating the translations for 1.9.1 release
Jan Cholasta (2):
* SSH: Refactor sysdb and related code
* SSH: Expire hosts in known_hosts
Michal Zidek (7):
* Change option to display help message in man pages.
* sss_seed: Option --debug did not work in sss_seed tool.
* sss_seed: Show error message when interactive input fails.
* sss_seed: Make only first line of password file valid.
* sss_seed: Passwords longer then PASS_MAX not allowed.
* sss_seed: Improved error message when the domain does not exist.
* Variable in sdap_sudo_rules_refresh_send could be used, uninitialized.
Ondrej Kos (4):
* sssd-ldap manpage: ldap_scheme formatting
* Log possibly non-randomizable ccache file template
* Slices calculation is alway wrong for default values
* Fix default upper limit of slices
Pavel Březina (5):
* Fix few coding style issues
* monitor: create pid file after all responders are started
* remove left over principal selection
* manpage: ldap_access_filter is not always mandatory
* do not create pid file twice
Stephen Gallagher (2):
* LDAP: Handle empty namingContexts values safely
* BUILD: Include the patch file in the tarball
Sumit Bose (4):
* Add new option default_domain_suffix
* Use flat name for master domain as well
* sysdb_master_domain_get_info: fix copy-and-paste error
* Add man page section about provider specific re_expression