SSSD 2.8.2 Release Notes

  • SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list. This parameter can be used in the domain section. Default value is true - that means that SSSD follows the system settings.

  • --enable-files-domain configure option is deprecated and will be removed in one of the next versions of SSSD.

  • sssctl analyze tool doesn’t require anymore to be run under root.

  • New mapping template for serial number, subject key id, SID, certificate hashes and DN components are added to libsss_certmap.

  • #5390 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search

  • #6383 - sssd is not waiting for network-online.target

  • #6403 - Add new Active Directory related certificate mapping templates

  • #6404 - [RFE] Add digest mapping feature from pam_pkcs11 in SSSD

  • #6451 - UPN check cannot be disabled explicitly but requires krb5_validate = false’ as a work-around

  • #6479 - Smart Card auth does not work with p11_uri (with-smartcard-required)

$ git shortlog --pretty=format:"%h  %s" -w0,4 2.8.1..2.8.2

Alejandro López (1):
    98412a4ec  BACKEND: Reload resolv.conf after initialization

Alexey Tikhonov (9):
    9258f0bec  UTILS: socket connect: added missing new line and adjusted log level to more appropriate
    2f8859890  UTILS: got rid of deprecated `inet_netof()` to please 'rpminspect'.
    541cd6772  TOOLS: don't export internal helpers
    bb97f89ab  TOOLS: fixed handling of init error
    581617c09  SSSCTL: don't require 'root' for "analyze" cmd
    cd1a94e58  SYSDB: pre-existence of MPG group in the cache isn't an error
    64c990553  Translations: add missing `tools/sssctl/sssctl_cert.c` and macros
    be569b0cb  Updated .pot/.po files
    f17bb003c  BUILD: deprecate `--enable-files-domain` build option

Cole Robinson (1):
    ece943486  MAN: Fix option typo on sssd-kcm.8

Dan Lavu (1):
    a8b6be403  Adding Ported DynDNS Testcases

Elena Mishina (1):
    8290b0e7e  po: update translations

Iker Pedrosa (1):
    77ef7b256  ci: fix codeql

Jakub Vavra (6):
    8e82f3d47  Tests: Add a test for bz1964121 override homedir to lowercase
    44717b82b  Tests: Add the missing admisc pytest marker.
    564af88dd  Tests: Wait a bit before collection log in test_0015_ad_parameters_ad_hostname_machine.
    d2b5c789c  Tests: Fix E126 in test_adparameters_ported.py
    e3be45977  Tests: Update fixture using adcli to handle password from stdin.
    765fe3de6  Tests: Fix automount OU removal from AD.

Justin Stephenson (3):
    7d0c70cc4  Analyzer: Ensure parsed id contains digit
    49b107175  SSSCTL: Add debug option to help message
    0253f7c3f  CI: Update core github actions

Madhuri Upadhye (1):
    5b7a4b4fe  Tests: Minor fixes for alltests

Pavel Březina (4):
    dc71321f7  ci: make /dev/shm writable
    8c4da4937  ci: install correct python development package
    37f934f27  pot: update pot files
    796b6daee  Release sssd-2.8.2

Piotr Drąg (1):
    5bd2aa9b8  po: update translations

Shridhar Gadekar (3):
    de1d4636c  Tests: gssapi ssh login minor fix
    25deb9e06  Tests: Use negative cache better for lookup by SIDs
    464c78beb  Test: gssapi test fix

Steeve Goveas (1):
    a34b4f5e8  Tests: Cannot SSH with AD user to ipa-client with invalid keytab

Sumit Bose (16):
    b00c72d29  PAC: allow to disable UPN check
    a3304cc6b  ipa: do not add guessed principal to the cache
    35a28524e  pac: relax default check
    cca0233ef  certmap: add support for serial number
    a2bca35c7  certamp: add support for subject key id
    47f3408e9  certmap: add support for SID extension
    8d8e3c7c6  certmap: fix for SAN URI
    6ad29f999  certmap: add bin_to_hex() helper function
    9a45e6162  sssctl: add cert-eval-rule sub-command
    3f336da42  certmap: add get_digest_list() and get_hash()
    8a6a874ba  certmap: dump new attributes in sss_cert_dump_content()
    698d56882  certmap: add LDAPU1 mapping rules
    17142068c  certmap: add tests for new attributes and LDAPU1 rules
    925d8a9f1  certmap: add LDAPU1 rules to man page
    12e39a456  certmap: Add documentation for some internal functions
    20037ae53  p11: fix size of argument array

Temuri Doghonadze (1):
    f1dc6cdde  po: update translations

Tomas Halman (1):
    99d46b2fa  RESOLV: Configuration option for DNS search

Weblate (1):
    5d4f9dfd6  po: update translations

Yuri Chornoivan (1):
    0909e8a15  po: update translations

aborah-sudo (5):
    a3b30043d  Tests: Removing tests from gating pipe line
    10641ea1f  Tests: Removing tests from gating pipe line
    19fd96f1d  Tests: fix test_bz1368467
    65e944bd5  Tests: fix test_sssctl_local.py::Testsssctl::test_0002_bz1599207
    16c814ade  Tests: port proxy_provider/rfc2307bis

김인수 (2):
    72eed0349  po: update translations
    0b4679616  po: update translations