| |
@@ -129,77 +129,77 @@
|
| |
|
| |
Tickets Fixed
|
| |
-------------
|
| |
- * `#3424 <https://pagure.io/SSSD/sssd/issue/#3424>`_ - calling nspr_nss_setup/cleanup repeatedly in sss_encrypt SIGABRTs NSS eventually
|
| |
- * `#3452 <https://pagure.io/SSSD/sssd/issue/#3452>`_ - ad_account_can_shortcut: allow shortcut for unhandled IDs
|
| |
- * `#3447 <https://pagure.io/SSSD/sssd/issue/#3447>`_ - files provider should not use LOCAL_pam_handler but call the backend
|
| |
- * `#3435 <https://pagure.io/SSSD/sssd/issue/#3435>`_ - Create a function to copy search bases between sdap_domain structures
|
| |
- * `#3431 <https://pagure.io/SSSD/sssd/issue/#3431>`_ - Loading enterprise principals doesn't work with a primed cache
|
| |
- * `#3426 <https://pagure.io/SSSD/sssd/issue/#3426>`_ - IPA client cannot change AD Trusted User password
|
| |
- * `#3418 <https://pagure.io/SSSD/sssd/issue/#3418>`_ - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer
|
| |
- * `#3410 <https://pagure.io/SSSD/sssd/issue/#3410>`_ - python-sssdconfig doesn't parse hexadecimal debug_level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError
|
| |
- * `#3408 <https://pagure.io/SSSD/sssd/issue/#3408>`_ - Accept changed principal if krb5_canonicalize=True
|
| |
- * `#3404 <https://pagure.io/SSSD/sssd/issue/#3404>`_ - man: Update option "ipa_server_mode=True" in "man sssd-ipa"
|
| |
- * `#3403 <https://pagure.io/SSSD/sssd/issue/#3403>`_ - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled
|
| |
- * `#3398 <https://pagure.io/SSSD/sssd/issue/#3398>`_ - MAN: The timeout option doesn't say after how many heartbeats will the process be killed
|
| |
- * `#3397 <https://pagure.io/SSSD/sssd/issue/#3397>`_ - ad provider: Child domains always use autodiscovered search bases
|
| |
- * `#3393 <https://pagure.io/SSSD/sssd/issue/#3393>`_ - sss_nss_getlistbycert() does not return results from multiple domains
|
| |
- * `#3391 <https://pagure.io/SSSD/sssd/issue/#3391>`_ - sss_override doesn't work with files provider
|
| |
- * `#3389 <https://pagure.io/SSSD/sssd/issue/#3389>`_ - subdomain_homedir is not present in cfg_rules.ini
|
| |
- * `#3378 <https://pagure.io/SSSD/sssd/issue/#3378>`_ - domain_to_basedn() function should use SDAP_SEARCH_BASE value from the domain code
|
| |
- * `#3377 <https://pagure.io/SSSD/sssd/issue/#3377>`_ - sssd-ad man page should clarify that GSSAPI is used
|
| |
- * `#3375 <https://pagure.io/SSSD/sssd/issue/#3375>`_ - minor typo fix that might have big impact
|
| |
- * `#3361 <https://pagure.io/SSSD/sssd/issue/#3361>`_ - sssd_be crashes if ad_enabled_domains is selected
|
| |
- * `#3359 <https://pagure.io/SSSD/sssd/issue/#3359>`_ - Allow to disable krb5 locator plugin selectively
|
| |
- * `#3358 <https://pagure.io/SSSD/sssd/issue/#3358>`_ - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11
|
| |
- * `#3354 <https://pagure.io/SSSD/sssd/issue/#3354>`_ - ifp: Users.FindByCertificate fails when certificate contains data before encapsilation boundary
|
| |
- * `#3344 <https://pagure.io/SSSD/sssd/issue/#3344>`_ - Include sssd-secrets in SEE ALSO section of sssd.conf man page
|
| |
- * `#3343 <https://pagure.io/SSSD/sssd/issue/#3343>`_ - Properly fall back to local Smartcard authentication
|
| |
- * `#3340 <https://pagure.io/SSSD/sssd/issue/#3340>`_ - The option enable_files_domain does not work if sssd is not compiled with --enable-files-domain
|
| |
- * `#3339 <https://pagure.io/SSSD/sssd/issue/#3339>`_ - sssd failed to start with missing /etc/sssd/sssd.conf if compiled without --enable-files-domain
|
| |
- * `#3332 <https://pagure.io/SSSD/sssd/issue/#3332>`_ - Issue processing ssh keys from certificates in ssh respoder
|
| |
- * `#3448 <https://pagure.io/SSSD/sssd/issue/#3448>`_ - Idle nss file descriptors should be closed
|
| |
- * `#3428 <https://pagure.io/SSSD/sssd/issue/#3428>`_ - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf
|
| |
- * `#3356 <https://pagure.io/SSSD/sssd/issue/#3356>`_ - Config file validator doesn't process entries from application domain
|
| |
- * `#3331 <https://pagure.io/SSSD/sssd/issue/#3331>`_ - Wrong pam return code for user from subdomain with
|
| |
- * `#3329 <https://pagure.io/SSSD/sssd/issue/#3329>`_ - Wrong principal found with ad provider and long host name
|
| |
- * `#3421 <https://pagure.io/SSSD/sssd/issue/#3421>`_ - Wrong search base used when SSSD is directly connected to AD child domain
|
| |
- * `#3406 <https://pagure.io/SSSD/sssd/issue/#3406>`_ - sssd goes offline when renewing expired ticket
|
| |
- * `#3394 <https://pagure.io/SSSD/sssd/issue/#3394>`_ - LDAP to IPA migration doesn't work in master
|
| |
- * `#3392 <https://pagure.io/SSSD/sssd/issue/#3392>`_ - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD
|
| |
- * `#3382 <https://pagure.io/SSSD/sssd/issue/#3382>`_ - SSSD should use memberOf, not originalMemberOf to evaluate group membership for HBAC rules
|
| |
- * `#3381 <https://pagure.io/SSSD/sssd/issue/#3381>`_ - Per-subdomain LDAP filter is not applied for subsequent subdomains
|
| |
- * `#3373 <https://pagure.io/SSSD/sssd/issue/#3373>`_ - Infopipe method ListByCertificate does not return the users with overrides
|
| |
- * `#3372 <https://pagure.io/SSSD/sssd/issue/#3372>`_ - crash in sssd-kcm due to a race-condition between two concurrent requests
|
| |
- * `#3369 <https://pagure.io/SSSD/sssd/issue/#3369>`_ - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in
|
| |
- * `#3362 <https://pagure.io/SSSD/sssd/issue/#3362>`_ - fiter_users and filter_groups stop working properly in v 1.15
|
| |
- * `#3351 <https://pagure.io/SSSD/sssd/issue/#3351>`_ - User lookup failure due to search-base handling
|
| |
- * `#3347 <https://pagure.io/SSSD/sssd/issue/#3347>`_ - gpo_child fails when log is enabled in smb
|
| |
- * `#3318 <https://pagure.io/SSSD/sssd/issue/#3318>`_ - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches
|
| |
- * `#3310 <https://pagure.io/SSSD/sssd/issue/#3310>`_ - Support delivering non-POSIX users and groups through the IFP and PAM interfaces
|
| |
- * `#3050 <https://pagure.io/SSSD/sssd/issue/#3050>`_ - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts
|
| |
- * `#3001 <https://pagure.io/SSSD/sssd/issue/#3001>`_ - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when SSSD acts as an IPA client for server with IPA-AD trusts
|
| |
- * `#2887 <https://pagure.io/SSSD/sssd/issue/#2887>`_ - [RFE] KCM ccache daemon in SSSD
|
| |
- * `#3419 <https://pagure.io/SSSD/sssd/issue/#3419>`_ - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication
|
| |
- * `#3407 <https://pagure.io/SSSD/sssd/issue/#3407>`_ - IPA: do not lookup IPA users via extdom plugin
|
| |
- * `#3405 <https://pagure.io/SSSD/sssd/issue/#3405>`_ - Handle certmap errors gracefully during user lookups
|
| |
- * `#3395 <https://pagure.io/SSSD/sssd/issue/#3395>`_ - Properly support IPA's promptusername config option
|
| |
- * `#3387 <https://pagure.io/SSSD/sssd/issue/#3387>`_ - Dbus activate InfoPipe does not answer some initial request
|
| |
- * `#3385 <https://pagure.io/SSSD/sssd/issue/#3385>`_ - Smart card login fails if same cert mapped to IdM user and AD user
|
| |
- * `#3355 <https://pagure.io/SSSD/sssd/issue/#3355>`_ - application domain requires inherit_from and cannot be used separately
|
| |
- * `#3327 <https://pagure.io/SSSD/sssd/issue/#3327>`_ - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package
|
| |
- * `#3297 <https://pagure.io/SSSD/sssd/issue/#3297>`_ - selinux_provider fails in a container if libsemanage is not available
|
| |
- * `#3268 <https://pagure.io/SSSD/sssd/issue/#3268>`_ - D-Bus GetUserGroups method of sssd is always qualifying all group names
|
| |
- * `#3240 <https://pagure.io/SSSD/sssd/issue/#3240>`_ - Smartcard authentication with UPN as logon name might fail
|
| |
- * `#3210 <https://pagure.io/SSSD/sssd/issue/#3210>`_ - [RFE] Read prioritized list of trusted domains for unqualified ID resolution from IDM server
|
| |
- * `#3192 <https://pagure.io/SSSD/sssd/issue/#3192>`_ - [sssd-secrets] https proxy talks plain http
|
| |
- * `#3182 <https://pagure.io/SSSD/sssd/issue/#3182>`_ - sssd does not refresh expired cache entries with enumerate=true
|
| |
- * `#3065 <https://pagure.io/SSSD/sssd/issue/#3065>`_ - sssctl: distinguish between autodiscovered and joined domains
|
| |
- * `#2940 <https://pagure.io/SSSD/sssd/issue/#2940>`_ - The member link is not removed when the last group's nested member goes away
|
| |
- * `#2714 <https://pagure.io/SSSD/sssd/issue/#2714>`_ - Add SSSD domain as property to user on D-Bus
|
| |
- * `#1498 <https://pagure.io/SSSD/sssd/issue/#1498>`_ - sss_ssh_knownhostsproxy prevents connection if the network is unreachable via one IP address
|
| |
- * `#3330 <https://pagure.io/SSSD/sssd/issue/#3330>`_ - sssctl config-check does not give any error when default configuration file is not present
|
| |
- * `#3292 <https://pagure.io/SSSD/sssd/issue/#3292>`_ - RFE: Create troubleshooting tool to check authentication, authorization and extended attribute lookup
|
| |
- * `#3133 <https://pagure.io/SSSD/sssd/issue/#3133>`_ - RFE to add option of check user access in SSSD
|
| |
+ * `#3424 <https://pagure.io/SSSD/sssd/issue/3424>`_ - calling nspr_nss_setup/cleanup repeatedly in sss_encrypt SIGABRTs NSS eventually
|
| |
+ * `#3452 <https://pagure.io/SSSD/sssd/issue/3452>`_ - ad_account_can_shortcut: allow shortcut for unhandled IDs
|
| |
+ * `#3447 <https://pagure.io/SSSD/sssd/issue/3447>`_ - files provider should not use LOCAL_pam_handler but call the backend
|
| |
+ * `#3435 <https://pagure.io/SSSD/sssd/issue/3435>`_ - Create a function to copy search bases between sdap_domain structures
|
| |
+ * `#3431 <https://pagure.io/SSSD/sssd/issue/3431>`_ - Loading enterprise principals doesn't work with a primed cache
|
| |
+ * `#3426 <https://pagure.io/SSSD/sssd/issue/3426>`_ - IPA client cannot change AD Trusted User password
|
| |
+ * `#3418 <https://pagure.io/SSSD/sssd/issue/3418>`_ - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer
|
| |
+ * `#3410 <https://pagure.io/SSSD/sssd/issue/3410>`_ - python-sssdconfig doesn't parse hexadecimal debug_level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError
|
| |
+ * `#3408 <https://pagure.io/SSSD/sssd/issue/3408>`_ - Accept changed principal if krb5_canonicalize=True
|
| |
+ * `#3404 <https://pagure.io/SSSD/sssd/issue/3404>`_ - man: Update option "ipa_server_mode=True" in "man sssd-ipa"
|
| |
+ * `#3403 <https://pagure.io/SSSD/sssd/issue/3403>`_ - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled
|
| |
+ * `#3398 <https://pagure.io/SSSD/sssd/issue/3398>`_ - MAN: The timeout option doesn't say after how many heartbeats will the process be killed
|
| |
+ * `#3397 <https://pagure.io/SSSD/sssd/issue/3397>`_ - ad provider: Child domains always use autodiscovered search bases
|
| |
+ * `#3393 <https://pagure.io/SSSD/sssd/issue/3393>`_ - sss_nss_getlistbycert() does not return results from multiple domains
|
| |
+ * `#3391 <https://pagure.io/SSSD/sssd/issue/3391>`_ - sss_override doesn't work with files provider
|
| |
+ * `#3389 <https://pagure.io/SSSD/sssd/issue/3389>`_ - subdomain_homedir is not present in cfg_rules.ini
|
| |
+ * `#3378 <https://pagure.io/SSSD/sssd/issue/3378>`_ - domain_to_basedn() function should use SDAP_SEARCH_BASE value from the domain code
|
| |
+ * `#3377 <https://pagure.io/SSSD/sssd/issue/3377>`_ - sssd-ad man page should clarify that GSSAPI is used
|
| |
+ * `#3375 <https://pagure.io/SSSD/sssd/issue/3375>`_ - minor typo fix that might have big impact
|
| |
+ * `#3361 <https://pagure.io/SSSD/sssd/issue/3361>`_ - sssd_be crashes if ad_enabled_domains is selected
|
| |
+ * `#3359 <https://pagure.io/SSSD/sssd/issue/3359>`_ - Allow to disable krb5 locator plugin selectively
|
| |
+ * `#3358 <https://pagure.io/SSSD/sssd/issue/3358>`_ - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11
|
| |
+ * `#3354 <https://pagure.io/SSSD/sssd/issue/3354>`_ - ifp: Users.FindByCertificate fails when certificate contains data before encapsilation boundary
|
| |
+ * `#3344 <https://pagure.io/SSSD/sssd/issue/3344>`_ - Include sssd-secrets in SEE ALSO section of sssd.conf man page
|
| |
+ * `#3343 <https://pagure.io/SSSD/sssd/issue/3343>`_ - Properly fall back to local Smartcard authentication
|
| |
+ * `#3340 <https://pagure.io/SSSD/sssd/issue/3340>`_ - The option enable_files_domain does not work if sssd is not compiled with --enable-files-domain
|
| |
+ * `#3339 <https://pagure.io/SSSD/sssd/issue/3339>`_ - sssd failed to start with missing /etc/sssd/sssd.conf if compiled without --enable-files-domain
|
| |
+ * `#3332 <https://pagure.io/SSSD/sssd/issue/3332>`_ - Issue processing ssh keys from certificates in ssh respoder
|
| |
+ * `#3448 <https://pagure.io/SSSD/sssd/issue/3448>`_ - Idle nss file descriptors should be closed
|
| |
+ * `#3428 <https://pagure.io/SSSD/sssd/issue/3428>`_ - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf
|
| |
+ * `#3356 <https://pagure.io/SSSD/sssd/issue/3356>`_ - Config file validator doesn't process entries from application domain
|
| |
+ * `#3331 <https://pagure.io/SSSD/sssd/issue/3331>`_ - Wrong pam return code for user from subdomain with
|
| |
+ * `#3329 <https://pagure.io/SSSD/sssd/issue/3329>`_ - Wrong principal found with ad provider and long host name
|
| |
+ * `#3421 <https://pagure.io/SSSD/sssd/issue/3421>`_ - Wrong search base used when SSSD is directly connected to AD child domain
|
| |
+ * `#3406 <https://pagure.io/SSSD/sssd/issue/3406>`_ - sssd goes offline when renewing expired ticket
|
| |
+ * `#3394 <https://pagure.io/SSSD/sssd/issue/3394>`_ - LDAP to IPA migration doesn't work in master
|
| |
+ * `#3392 <https://pagure.io/SSSD/sssd/issue/3392>`_ - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD
|
| |
+ * `#3382 <https://pagure.io/SSSD/sssd/issue/3382>`_ - SSSD should use memberOf, not originalMemberOf to evaluate group membership for HBAC rules
|
| |
+ * `#3381 <https://pagure.io/SSSD/sssd/issue/3381>`_ - Per-subdomain LDAP filter is not applied for subsequent subdomains
|
| |
+ * `#3373 <https://pagure.io/SSSD/sssd/issue/3373>`_ - Infopipe method ListByCertificate does not return the users with overrides
|
| |
+ * `#3372 <https://pagure.io/SSSD/sssd/issue/3372>`_ - crash in sssd-kcm due to a race-condition between two concurrent requests
|
| |
+ * `#3369 <https://pagure.io/SSSD/sssd/issue/3369>`_ - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in
|
| |
+ * `#3362 <https://pagure.io/SSSD/sssd/issue/3362>`_ - fiter_users and filter_groups stop working properly in v 1.15
|
| |
+ * `#3351 <https://pagure.io/SSSD/sssd/issue/3351>`_ - User lookup failure due to search-base handling
|
| |
+ * `#3347 <https://pagure.io/SSSD/sssd/issue/3347>`_ - gpo_child fails when log is enabled in smb
|
| |
+ * `#3318 <https://pagure.io/SSSD/sssd/issue/3318>`_ - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches
|
| |
+ * `#3310 <https://pagure.io/SSSD/sssd/issue/3310>`_ - Support delivering non-POSIX users and groups through the IFP and PAM interfaces
|
| |
+ * `#3050 <https://pagure.io/SSSD/sssd/issue/3050>`_ - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts
|
| |
+ * `#3001 <https://pagure.io/SSSD/sssd/issue/3001>`_ - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when SSSD acts as an IPA client for server with IPA-AD trusts
|
| |
+ * `#2887 <https://pagure.io/SSSD/sssd/issue/2887>`_ - [RFE] KCM ccache daemon in SSSD
|
| |
+ * `#3419 <https://pagure.io/SSSD/sssd/issue/3419>`_ - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication
|
| |
+ * `#3407 <https://pagure.io/SSSD/sssd/issue/3407>`_ - IPA: do not lookup IPA users via extdom plugin
|
| |
+ * `#3405 <https://pagure.io/SSSD/sssd/issue/3405>`_ - Handle certmap errors gracefully during user lookups
|
| |
+ * `#3395 <https://pagure.io/SSSD/sssd/issue/3395>`_ - Properly support IPA's promptusername config option
|
| |
+ * `#3387 <https://pagure.io/SSSD/sssd/issue/3387>`_ - Dbus activate InfoPipe does not answer some initial request
|
| |
+ * `#3385 <https://pagure.io/SSSD/sssd/issue/3385>`_ - Smart card login fails if same cert mapped to IdM user and AD user
|
| |
+ * `#3355 <https://pagure.io/SSSD/sssd/issue/3355>`_ - application domain requires inherit_from and cannot be used separately
|
| |
+ * `#3327 <https://pagure.io/SSSD/sssd/issue/3327>`_ - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package
|
| |
+ * `#3297 <https://pagure.io/SSSD/sssd/issue/3297>`_ - selinux_provider fails in a container if libsemanage is not available
|
| |
+ * `#3268 <https://pagure.io/SSSD/sssd/issue/3268>`_ - D-Bus GetUserGroups method of sssd is always qualifying all group names
|
| |
+ * `#3240 <https://pagure.io/SSSD/sssd/issue/3240>`_ - Smartcard authentication with UPN as logon name might fail
|
| |
+ * `#3210 <https://pagure.io/SSSD/sssd/issue/3210>`_ - [RFE] Read prioritized list of trusted domains for unqualified ID resolution from IDM server
|
| |
+ * `#3192 <https://pagure.io/SSSD/sssd/issue/3192>`_ - [sssd-secrets] https proxy talks plain http
|
| |
+ * `#3182 <https://pagure.io/SSSD/sssd/issue/3182>`_ - sssd does not refresh expired cache entries with enumerate=true
|
| |
+ * `#3065 <https://pagure.io/SSSD/sssd/issue/3065>`_ - sssctl: distinguish between autodiscovered and joined domains
|
| |
+ * `#2940 <https://pagure.io/SSSD/sssd/issue/2940>`_ - The member link is not removed when the last group's nested member goes away
|
| |
+ * `#2714 <https://pagure.io/SSSD/sssd/issue/2714>`_ - Add SSSD domain as property to user on D-Bus
|
| |
+ * `#1498 <https://pagure.io/SSSD/sssd/issue/1498>`_ - sss_ssh_knownhostsproxy prevents connection if the network is unreachable via one IP address
|
| |
+ * `#3330 <https://pagure.io/SSSD/sssd/issue/3330>`_ - sssctl config-check does not give any error when default configuration file is not present
|
| |
+ * `#3292 <https://pagure.io/SSSD/sssd/issue/3292>`_ - RFE: Create troubleshooting tool to check authentication, authorization and extended attribute lookup
|
| |
+ * `#3133 <https://pagure.io/SSSD/sssd/issue/3133>`_ - RFE to add option of check user access in SSSD
|
| |
|
| |
Detailed Changelog
|
| |
------------------
|
| |
Reported in https://pagure.io/SSSD/sssd/issue/3466
Done via fork and edit :-)