2011-09-27 06:58:45 |
Timo Aaltonen |
description |
There is a new release available from the stable branch. The latest one was release in 2011-08-29, so no showstoppers in there whereas the current version has a few.
Here's a breakup of the release notes from each one since 1.5.8. So while there are a couple of new features, they are more for admin flexibility or related to FreeIPA (which is not packaged).
1.5.9:
New Features
Support for overriding home directory, shell and primary GID locally
Properly honor TTL values from SRV record lookups
Support non-POSIX groups in nested group chains (for RFC2307bis LDAP servers)
Important Bugfixes
Properly escape IPv6 addresses in the failover code
Do not crash if inotify fails (e.g. resource exhaustion)
Don't add multiple TGT renewal callbacks (too many log messages)
1.5.10:
Fixed a regression introduced in 1.5.9 that could result in blocking calls to LDAP
1.5.11:
Fix a serious regression that prevented SSSD from working with ldaps:// URIs
IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 address being saved to the AAAA record.
1.5.12:
Fixes a regression introduced in 1.5.11 with hostname resolution
Fixes an issue where sssd_pam would leak file descriptors until resource exhaustion
Complete rewrite of the FreeIPA Host-Based Access Control (HBAC) resolver
New shared library for HBAC access-control
Fixes for password expiration handling with LDAP auth
New option to veto certain centrally-managed shells (Patch by John Hodrien)
1.5.13:
Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep)
SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined
The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided.
Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory)
Three HBAC regressions have been fixed. |
There is a new release available from the stable branch. The latest one was released in 2011-08-29, so no showstoppers in there whereas the current version has a few.
Here's a breakup of the release notes from each one since 1.5.8. So while there are a couple of new features, they are more for admin flexibility or related to FreeIPA (which is not packaged).
1.5.9:
New Features
Support for overriding home directory, shell and primary GID locally
Properly honor TTL values from SRV record lookups
Support non-POSIX groups in nested group chains (for RFC2307bis LDAP servers)
Important Bugfixes
Properly escape IPv6 addresses in the failover code
Do not crash if inotify fails (e.g. resource exhaustion)
Don't add multiple TGT renewal callbacks (too many log messages)
1.5.10:
Fixed a regression introduced in 1.5.9 that could result in blocking calls to LDAP
1.5.11:
Fix a serious regression that prevented SSSD from working with ldaps:// URIs
IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 address being saved to the AAAA record.
1.5.12:
Fixes a regression introduced in 1.5.11 with hostname resolution
Fixes an issue where sssd_pam would leak file descriptors until resource exhaustion
Complete rewrite of the FreeIPA Host-Based Access Control (HBAC) resolver
New shared library for HBAC access-control
Fixes for password expiration handling with LDAP auth
New option to veto certain centrally-managed shells (Patch by John Hodrien)
1.5.13:
Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep)
SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined
The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided.
Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory)
Three HBAC regressions have been fixed. |
|