Bug 3586

Summary: [UPDATE REQUEST] [UPSTREAM UPDATE] sssd
Product: Server Bugs Reporter: Andrew Lukoshko <andrew.lukoshko>
Component: Main PackagesAssignee: Andrew Lukoshko <andrew.lukoshko>
Status: RESOLVED FIXED QA Contact: ROSA Server Bugs <server-bugs>
Severity: normal    
Priority: Normal CC: v.potapov
Version: unspecifiedFlags: v.potapov: qa_verified+
andrew.lukoshko: published_server+
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Andrew Lukoshko 2014-01-13 15:49:55 MSK 
* When the SSSD daemon was acting as a client of an IPA server that established a trust relationship with an Active Directory server, creating system accounts using the shadow-utils programs took a long time. This was caused by the shadow-utils package examining the whole UID or GID space and SSSD was unable to filter these requests out. This bug has been fixed and creating system accounts now takes significantly less time.

* Previously, if the SSSD daemon was configured with a proxy back end and an Lightweight Directory Access Protocol (LDAP) authentication, the LDAP back end was unable to look up the Distinguished Name (DN) of the authenticated user. This update adds the possibility to look up the user DN during authentication.

* Previously, if the "default_domain_suffix" option was specified in the sssd.conf file, all automounter maps were fully qualified, which disrupted the automounter integration. This bug has been fixed and sssd can now successfully retrieve autofs maps from an IPA domain.

* Previously, the SSSD daemon did not free per-client allocated memory when netgroups were requested. As a consequence, if netgroups were used by a long-running application, the sssd_nss process grew large in memory consumption. This bug has been fixed and sssd_nss memory footprint no longer grows significantly in this scenario.

http://rhn.redhat.com/errata/RHBA-2014-0005.html

https://abf.rosalinux.ru/build_lists/1513334
https://abf.rosalinux.ru/build_lists/1513335
Comment 1 Vladimir Potapov 2014-01-15 17:33:27 MSK 
sssd-1.9.2-129.res6.4
********************** RHEL Advisory ***************************
* When the SSSD daemon was acting as a client of an IPA server that established a trust relationship with an Active Directory server, creating system accounts using the shadow-utils programs took a long time. This was caused by the shadow-utils package examining the whole UID or GID space and SSSD was unable to filter these requests out. This bug has been fixed and creating system accounts now takes significantly less time.

* Previously, if the SSSD daemon was configured with a proxy back end and an Lightweight Directory Access Protocol (LDAP) authentication, the LDAP back end was unable to look up the Distinguished Name (DN) of the authenticated user. This update adds the possibility to look up the user DN during authentication.

* Previously, if the "default_domain_suffix" option was specified in the sssd.conf file, all automounter maps were fully qualified, which disrupted the automounter integration. This bug has been fixed and sssd can now successfully retrieve autofs maps from an IPA domain.

* Previously, the SSSD daemon did not free per-client allocated memory when netgroups were requested. As a consequence, if netgroups were used by a long-running application, the sssd_nss process grew large in memory consumption. This bug has been fixed and sssd_nss memory footprint no longer grows significantly in this scenario.
******************************************************************
QA Verified