SSSD 2.9.1 Release Notes

Highlights

New features

Passkey: added option to write key mapping data to file.

Important fixes

A regression was fixed that prevented autofs lookups to function correctly when cache_first is set to True. Since this was set as a new default value in sssd-2.9.0, it is considered as a regression.
A regression where SSSD failed to properly watch for changes in ‘/etc/resolv.conf’ when it was a symbolic link or was a relative path, was fixed.

Tickets Fixed

#6442 - PAC errors when no PAC configured
#6652 - IPA: previously cached netgroup member is not remove correctly after it is removed from ipa
#6659 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000]
#6718 - file_watch-tests fail in v2.9.0 on Arch Linux
#6720 - [sssd] User lookup on IPA client fails with ‘s2n get_fqlist request failed’
#6739 - autofs mounts: Access to non-existent file very slow since 2.9.0
#6744 - sssd-be tends to run out of system resources, hitting the maximum number of open files
#6766 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy
#6768 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure

Detailed Changelog

$ git shortlog --pretty=format:"%h  %s" -w0,4 2.9.0..2.9.1

Alejandro López (12):
    eb43c2400  FILE WATCH: Callback not executed on link or relative path
    0c6f4926e  TESTS: Fix doble slash comments
    58855b712  SYSDB: Make enum sysdb_obj_type public
    3eb4c4a7e  IPA: Use a more specific filter when searching for BE_REQ_USER_AND_GROUP
    6239f50f6  PAM: Fix a possible segmentation fault
    4b0683bda  AD: The shortcut must be used equally on _send() and _done()
    509222428  TEST: Fix pam-srv-tests to correctly treat the test name
    228183bf4  IPA: Do not try to add duplicate values to the LDAP attributes
    42cf3c41c  UTIL: New function string_in_list_size()
    010e61ffa  UTIL: add_strings_lists() becomes add_strings_lists_ex()
    bfc88dc3c  RESPONDER: attr_in_list() is replaced by string_in_list_size()
    355b0c2e8  IPA: Do not duplicate the entry attributes.

Alexey Tikhonov (3):
    15dd35454  MAN: fix issue with multithread build
    d9749ba1f  RESPONDER: avoid log backtrace in case access denined
    d3c3408e0  SYSDB: in case (ignore_group_members == true) group is actually complete

Dan Lavu (1):
    33f10c4a5  Updating ad_multihost test

Elena Mishina (1):
    8d3acd3b9  po: update translations

Iker Pedrosa (1):
    425d88fa7  passkey: write mapping data to file

Jakub Vavra (4):
    2466310e8  Tests: Modify expiring/expired password test for RHEL 8.
    0192c1c8f  Tests: Add conditional skip for simple ifp test.
    58a007de8  Tests: Skip test_0016_ad_parameters_ad_hostname_valid on other architectures.
    19fecbf17  Tests: Improve stability of test_0004_bz2110091

Justin Stephenson (2):
    270f0ba01  Passkey: Adjust IPA passkey config error log level
    16275d9b4  IPA: Log missing IPA config data on default level

Kemal Oktay Aktoğan (1):
    d37d72f0e  po: update translations

Ludek Janda (3):
    d95212b26  po: update translations
    4f469c0b5  po: update translations
    c40d183cd  po: update translations

Madhuri Upadhye (4):
    6d0608180  Tests: Gating fixes for RHEL8.9 and RHEL9.3
    e4e8e3444  Tests: Add package for tc command
    256e013a8  Test: Test search filter specific user override or a specific group override
    301e5b389  Tests: When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working

Pavel Březina (5):
    640f41588  ipa: correctly remove missing attributes on netgroup update
    5711bb253  cache_req: remove unused field cache_behavior from state
    bc5fe9eb0  cache_req: fix propagation of offline status with cache_first = true
    7f6c10dce  pot: update pot files
    dc8d649bc  Release sssd-2.9.1

Piotr Drąg (1):
    f0d8f9364  po: update translations

Shridhar Gadekar (5):
    60806f593  Tests: move unstable default_debug to tier2
    a74d42dfa  Tests: fix default debug level for typo
    74c6fefe1  Tests: move test_access_control.py to tier2
    6125efe1f  Tests: Adding c-ares markers for related tests
    02b158ff7  Test: dropping unstable dyndns tests

Sumit Bose (6):
    d104c01f1  sysdb: fix string comparison when checking for overrides
    e5dfa2a8c  AD: add missing AD_AT_DOMAIN_NAME for sub-domain search
    4d2cf0b62  krb5: make sure sockets are closed on timeouts
    f63a54c3d  fail_over: protect against a segmentation fault
    895d194f3  ldap: return failure if there are no grace logins left
    5008f0f92  ad: use sAMAccountName to lookup hosts

Temuri Doghonadze (1):
    a94f39f0c  po: update translations

Yuri Chornoivan (1):
    abce376ce  po: update translations

aborah (4):
    de75ff3c4  Tests: Fix gating tests for 9.3
    b9a0b4245  Tests: Netgroups do not honor entry cache nowait percentage
    bb64f2cd2  Tests: Skip test_0001_bz2021196
    05bc18ce9  Tests: Add ssh module that is fast, reliable, accurate

김인수 (2):
    aa0615948  po: update translations
    8e80798d5  po: update translations