SSSD/sssd 2.12.0

sssd-2.12.0

on GitHub

See full release notes here.

What's Changed

• ci: fix dependabot.yml schema validation by @ikerexxe in #8160
• sssd: add ldb-modules-path by @liberodark in #8116
• build(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #8163
• OIDC_CHILD: a couple of cosmetic fixes by @alexey-tikhonov in #8172
• build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #8164
• Dont store gid 0 for non-posix groups by @justin-stephenson in #8075
• Tests:Added IPA Certificate Authority Tests by @krishnavema in #8159
• tests: add pysss_nss_idmap system test by @sumit-bose in #8133
• ci: run long jobs only if Accepted label is not set by @pbrezina in #8182
• man: Clarify the user_attributes option by @justin-stephenson in #8193
• test: check is an2ln plugin is disabled or not by @sumit-bose in #8145
• tests: add test_pac_responder.py by @sumit-bose in #8151
• ipa: filter DNs for ipa_add_trusted_memberships_send() by @sumit-bose in #8147
• Test migration sssldap by @thalman in #8120
• removing intg infopipe tests and made some minor updates to infopipe by @danlavu in #8161
• Unifying boilerplate code for handling child processes - part 2 by @alexey-tikhonov in #8174
• Replacing provider conditionals with set_server method by @danlavu in #8081
• krb5_child: use ERR_CHECK_NEXT_AUTH_TYPE instead of EAGAIN by @sumit-bose in #8176
• fixing and making automatic kcm renewal test more forgiving by @danlavu in #8183
• Test migration sssctl by @thalman in #8114
• file_watch.c: Do not pass IN_IGNORED to inotify_add_watch by @arrowd in #8228
• Tests: Adding GDM Passkey tests by @spoore1 in #8150
• SPEC: require reasonably up to date 'libldb' version by @alexey-tikhonov in #8240
• Tests: ADuser external group cache update by @shridhargadekar in #8046
• Filter IPv6 addresses not suitable for DNS updates by @thalman in #8142
• SUBID: add LDAP provider support by @alexey-tikhonov in #8097
• config/cfg_rules.ini: Make regexp's more POSIX compliant by @arrowd in #8227
• ipa: check for empty trusts in ipa_get_trust_type() by @sumit-bose in #8254
• Unifying boilerplate code for handling child processes - part 3 by @alexey-tikhonov in #8203
• CONFIG: disable 'session_provider' by default by @alexey-tikhonov in #8250
• Fix file ownership tests on FreeBSD by @arrowd in #8226
• sbus: defer notification callbacks by @pbrezina in #8202
• Passwordless-gdm by @ikerexxe in #8212
• intg: remove test_session_recording.py by @spoore1 in #8243
• Tests: Rectify the docstring n testcode by @shridhargadekar in #8255
• IPA: remove 'ipa_enable_dns_sites' option by @alexey-tikhonov in #8264
• ipa trust bugfix and improvement of handling unknown trust type error by @justin-stephenson in #8258
• Passkey local fix and improvements by @justin-stephenson in #8185
• IPA HBAC test cases by @madhuriupadhye in #7987
• tests: standardize HBAC test name format by @madhuriupadhye in #8279
• tests: Add incomplete triples and complex hierarchy netgroup tests by @madhuriupadhye in #8262
• intg: remove ent_test.py by @pbrezina in #8283
• Fix for test_access_control_simple__permits_user_login_based_on_group samba failure by @justin-stephenson in #8263
• adding subid test by @danlavu in #8225
• krb5: fix OTP authentication by @sumit-bose in #8296
• SSSD on IPA should fail with short names by @thalman in #8261
• tests: Add netgroup offline and nested hierarchy by @madhuriupadhye in #8272
• SSSCTL: config-check: do not return an error if snippets directory does not exists by @scabrero in #7962
• KCM: root can't access arbitrary KCM cache by @alexey-tikhonov in #8301
• spec: clarify description of sssd-idp package by @sumit-bose in #8316
• cache_req: use sysdb_search_user_by_upn_with_view_res() by @sumit-bose in #7998
• KRB5: let 'krb5_child' tolerate missing cap-set-id by @alexey-tikhonov in #8312
• pac: fix issue with pac_check=no_check by @sumit-bose in #8318
• sysdb: do not treat missing id-override as an error by @sumit-bose in #8325
• ci: bump cross-platform-actions/action from 0.29.0 to 0.32.0 by @dependabot[bot] in #8322
• ci: bump actions/checkout from 4 to 6 by @dependabot[bot] in #8321
• ci: bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #8320
• adding enumeration system tests by @danlavu in #8280
• ipa s2n: do not try to update user-private-group by @sumit-bose in #8002
• IDP: avoid logging value of 'idp_client_secret' by @alexey-tikhonov in #8332
• Tests: Update test_0003_ad_parameters_junk_domain_invalid_keytab by @jakub-vavra-cz in #8350
• Changes around FILE:/DIR: ccache checks by @alexey-tikhonov in #8344
• Translations update from Fedora Weblate by @weblate in #8009
• scripts: authenticate git push for release by @pbrezina in #8352
• scripts: use sssd-bot token for release script by @pbrezina in #8353

New Contributors

• @liberodark made their first contribution in #8116
• @dependabot[bot] made their first contribution in #8163
• @krishnavema made their first contribution in #8159
• @pbrezina made their first contribution in #8182
• @thalman made their first contribution in #8120
• @arrowd made their first contribution in #8228
• @spoore1 made their first contribution in #8150
• @scabrero made their first contribution in #7962

Full Changelog: 2.11.0...2.12.0