From 465dc70658e4e236a1d31d0ccd3c8aa384bac8b0 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mar 15 2017 15:14:09 +0000 Subject: Add 1.15.2 release notes --- diff --git a/users/releases.rst b/users/releases.rst index e8aa270..ffe9e06 100644 --- a/users/releases.rst +++ b/users/releases.rst @@ -9,6 +9,8 @@ for a longer time than other releases. 1.15.x Series ^^^^^^^^^^^^^ +---------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------+----------------+---------------------------------------------+--------------------------------------------------------------+ +|`sssd-1.15.2.tar.gz `_ |`sssd-1.15.2.tar.gz.asc `_ |SHA1SUM: ``e737cb28d8e451f36d69f4a7d64d285c4859dce1``|Date: 2017-03-03|:doc:`Release notes ` |`Manpages `_| ++---------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------+----------------+---------------------------------------------+--------------------------------------------------------------+ |`sssd-1.15.1.tar.gz `_ |`sssd-1.15.1.tar.gz.asc `_ |SHA1SUM: ``e737cb28d8e451f36d69f4a7d64d285c4859dce1``|Date: 2017-03-03|:doc:`Release notes ` |`Manpages `_| +---------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------+----------------+---------------------------------------------+--------------------------------------------------------------+ |`sssd-1.15.0.tar.gz `_ |`sssd-1.15.0.tar.gz.asc `_ |SHA1SUM: ``0c9fc62c1b9bcdca649223d9f673b9a73f273e56``|Date: 2017-01-25|:doc:`Release notes ` |`Manpages `_| diff --git a/users/relnotes/notes_1_15_2.rst b/users/relnotes/notes_1_15_2.rst new file mode 100644 index 0000000..dc48571 --- /dev/null +++ b/users/relnotes/notes_1_15_2.rst @@ -0,0 +1,73 @@ +SSSD 1.15.2 +=========== + +Highlights +---------- + * It is now possible to configure certain parameters of a trusted domain + in a configuration file sub-section. In particular, it is now possible + to configure which Active Directory DCs the SSSD talks to with a + configuration like this:: + + [domain/ipa.test] + # IPA domain configuration. This domain trusts a Windows domain win.test + + [domain/ipa.test/win.test] + ad_server = dc.win.test + + * Several issues related to socket-activating the NSS service, especially + if SSSD was configured to use a non-privileged user were fixed. The NSS + service now starts as root to avoid triggering a name-service lookup + while the NSS service is not running yet. Additionally, the NSS service + is started before any other service to make sure username resolution works + and the other service can resolve the SSSD user correctly. + + * A new option ``cache_first`` allows the administrator to change the way + multiple domains are searched. When this option is enabled, SSSD will + first try to "pin" the requested name or ID to a domain by searching + the entries that are already cached and contact the domain that contains + the cached entry first. Previously, SSSD would check the cache and the + remote server for each domain. This option brings performance benefit + for setups that use multiple domains (even auto-discovered trusted + domains), especially for ID lookups that would previously iterate over + all domains. Please note that this option must be enabled with care as the + administrator must ensure that the ID space of domains does not overlap. + + * The SSSD D-Bus interface gained two new methods: + ``FindByNameAndCertificate`` and ``ListByCertificate``. These methods will + be used primarily by IPA to correctly match multple users who use the + same certificate for Smart Card login. + + * A bug where SSSD did not properly sanitize a username with a newline + character in it was fixed. + +Packaging Changes +----------------- +None in this release + +Documentation Changes +--------------------- + * A new option ``cache_first`` was added. Please see the Highlights + section for more details + + * The ``override_homedir`` option supports a new template expansion ``l`` + that expands to the first letter of username + + +Tickets Fixed +------------- +Please note that due to a bug in the pagure.io tracker, some tickets that +have dependencies set to other tickets cannot be closed at the moment. + + * `#3317 `_ - Newline characters (\n) must be sanitized before LDAP requests take place + * `#3316 `_ - sssd-secrets doesn't exit on idle + * `#3314 `_ - sssd ignores entire groups from proxy provider if one member is listed twice + * `#3164 `_ - when group is invalidated using sss_cache dataExpireTimestamp entry in the domain and timestamps cache are inconsistent + * `#2668 `_ - [RFE] Add more flexible templating for override_homedir config option + * `#2599 `_ - Make it possible to configure AD subdomain in the server mode + * `#3223 `_ - The sssd-$RESPONDER.service units should bind to their socket units + * `#3322 `_ - chown in ExecStartPre of sssd-nss.service hangs forever + * `#843 `_ - Login time increases strongly if more than one domain is configured + * `#2320 `_ - use the sss_parse_inp request in other responders than dbus + +Detailed Changelog +------------------