SSSD 2.8.0 Release Notes
Highlights
General information
- The new D-Bus function ListByAttr() allows the caller to look for users that have an attribute with a certain value. For performance reasons, it is recommended that the attribute is indexed both on the remote server and on the local cache. The sssctl tool now provides the cache-index command to help you manage indexes on the local cache.
New features
- Introduced the dbus function org.freedesktop.sssd.infopipe.Users.ListByAttr(attr, value, limit) listing upto limit users matching the filter attr=value.
- sssctl is now able to create, list and delete indexes on the local caches. Indexes are useful for the new D-Bus ListByAttr() function.
- sssctl is now able to read and set each component's debug level independently.
Important fixes
domains
option in [sssd]
section can now be completely omitted if domains are enabled via domains/enabled
option
Configuration changes
- New option 'core_dumpable' to manage 'PR_SET_DUMPABLE' flag of SSSD processes. Enabled by default.
- New option 'ldap_enumeration_refresh_offset' to set the maximum period deviation between enumeration updates. Defaults to 30 seconds.
- New option 'subdomain_refresh_interval_offset' to set the maximum period deviation when refreshing the subdomain list.
- New option 'dyndns_refresh_interval_offset' to set the maximum period deviation when updating the client's DNS entry. Defaults to 0.
- New option 'refresh_expired_interval_offset' to set the maximum period deviation when refreshing expired entries in background.
- New option 'ldap_purge_cache_offset' to set the maximum time deviation between cache cleanups. Defaults to 0.
- Option 'ad_machine_account_password_renewal_opts' now accepts an optional third part as the maximum deviation in the provided period (first part) and initial delay (second part). If the period and initial delay are provided but not the offset, the offset is assumed to be 0. If no part is provided, the default is 86400:750:300.
- override_homedir now recognizes the %h template which is replaced by the original home directory retrieved from the identity provider, but in lower case.
See full release notes here.