SSSD 1.16.5
Highlights
New Features
- New option ad_gpo_ignore_unreadable was added that allows SSSD to ignore unreadable GPO containers in AD.
- It is possible to configure auto_private_groups per subdomain or with subdomain_inherit.
Security issues fixed
- A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. (CVE-2018-16838)
Notable bug fixes
- Multiple URI specified in ldap_uri did not work properly if they differed only in port number.
- Several issues with SUDO rules processing have been fixed.
- SSSD sometimes incorrectly started in offline mode. This was fixed.
- Issue with missing nested groups after add/remove operation on the sever was fixed.
- A use-after-free error causing SSSD service to crash was fixed.