Skip to content

Releases: simp/pupmod-simp-sssd

Release of 6.1.5

22 Feb 18:25
6.1.5
Compare
Choose a tag to compare
* Fri Feb 22 2019 Trevor Vaughan <[email protected]> - 6.1.5-0
  - Change the sssd::provider::ldap::ldap_access_order defaults to
    ['ppolicy','pwd_expire_policy_renew'] by default to prevent
    accidental system lockouts on upgrade.

Release of 6.1.4

04 Feb 22:01
6.1.4
Compare
Choose a tag to compare
* Mon Jan 21 2019 Trevor Vaughan <[email protected]> - 6.1.4-0
  - Generated a REFERENCE.md
  - Set the 'min_id' settings across the board to '1' to match the sssd defaults
    since they really have nothing to do with the target system's relationship
    with a centralized authentication service.
  - Update the sssd::provider::ldap::ldap_access_order parameter to support the
    ppolicy related options that were added in sssd 1.14.0
    - ppolicy
    - pwd_expire_policy_reject
    - pwd_expire_policy_warn
    - pwd_expire_policy_renew

Release of 6.1.3

16 Nov 18:01
Compare
Choose a tag to compare
* Fri Oct 12 2018 Nick Miller <[email protected]> - 6.1.3-0
  - Changed $sssd::install::package_ensure from 'latest' to 'installed'
    - It will also respect `simp_options::package_ensure`

* Tue Sep 18 2018 Adam Yohrling <[email protected]> - 6.1.3-0
  - Added OracleLinux to operating system check for 128 bit cipher
    work-around

* Tue Aug 28 2018 Liz Nemsick <[email protected]> - 6.1.3-0
  - Fixed a bug in which the ldap_account_expire_policy setting
    for the LDAP provider could not be configured to use the system
    default. Now, when sssd::provider::ldap::ldap_account_expire_policy
    is set to '', that configuration parameter will not be written
    to the sssd configuration file. This allows the system default to
    be applied.
  - Fixed a bug in which any boolean setting for the LDAP provider
    configuration could not be configured to be 'false'.
  - Fixed bugs in which sssd::provider::ldap::debug_timestamps and
    sssd::provider::ldap::ldap_search_timeout were erroneously typed to
    be strings, instead of a Boolean and an Integer, respectively.
  - Fixed bugs in which ad_enable_dns_sites, ad_enable_gc settings,
    dyndns_update, dyndns_update_ptr, krb5_use_enterprise_principal,
    and ldap_idmap_autorid_compat settings for the AD provider could
    not be configured to be 'false'.
  - Fixed bugs in which ad_gpo_map_interactive, ad_gpo_map_remote_interactive,
    ad_gpo_map_network, ad_gpo_map_batch, ad_gpo_map_service, ad_gpo_map_permit
    and ad_gpo_map_deny settings for the AD provider were incorrectly formatted.
  - Fixed a bug in which the dyndns_iface setting for the AD provider was not
    set from sssd::provider::ad::dyndns_ifaces.

* Thu Aug 23 2018 Adam Yohrling <[email protected]> - 6.1.3-0
  - Add support for Oracle Enterprise Linux
  - Add support for Puppet 5

* Fri Jul 13 2018 Adam Yohrling <[email protected]> - 6.1.3-0
  - Added ldap_use_tokengroups, ldap_group_objectsid, ldap_user_objectsid to sssd::provider::ad
  - Updated required version of puppetlabs-stdlib to 4.19.0 since fact function is used

Release 6.1.2

06 Jul 20:16
6.1.2
Compare
Choose a tag to compare
* Update allowed auditd module range
* Fixture and test updates
* Avoid changing vendored RPM permissions
  * /etc/sssd/ owner is no longer managed
  * /etc/sssd/ permissions changed from 0640 to 0711
  * /etc/init.d/ssd permissions changed from 0754 to 0755 on EL6

Release of 6.1.1

30 Mar 15:33
Compare
Choose a tag to compare
* Wed Mar 28 2018 Nick Miller <[email protected]> - 6.1.1-0
  - sssd::provider::ad::ldap_schema should be a string, not a boolean
  - AD test cleanup

Release of 6.1.0

27 Mar 21:37
Compare
Choose a tag to compare
* Wed Mar 14 2018 Philippe Muller <[email protected]> - 6.1.0-0
  - Allow passing ldap_tls_cacert to sssd::provider::ldap

* Wed Feb 28 2018 Nick Miller <[email protected]> - 6.1.0-0
  - Some template and concat changes to make debugging the module easier
    - Add headers to more easily diagnose where to stick params
    - Order the concat sections
  - Add some missing params from sssd::provider::ad
    - default_shell
    - dyndns_update
    - fallback_homedir
    - krb5_realm
    - krb5_store_password_if_offline
    - ldap_schema

* Fri Jan 19 2018 Liz Nemsick <[email protected]> - 6.1.0-0
  - Added sssd class option to automatically configure SSSD for an IPA
    domain, when the host is joined to an IPA domain.

* Fri Dec 15 2017 Liz Nemsick <[email protected]> - 6.1.0-0
  - Leveraged PR from Mark Fitch to add ima provider configuration

* Wed Dec 13 2017 Trevor Vaughan <[email protected]> - 6.1.0-0
  - Enforce limits set in /etc/login.defs for uid_min and uid_max by default and
    fall back to something sensible for SSSD

Release of 6.0.4

28 Sep 20:30
Compare
Choose a tag to compare
* Mon Sep 18 2017 Lucas Yamanishi <[email protected]> - 6.0.4-0
  - Set minimum length on sssd::domains

Release of 6.0.3

15 Sep 20:16
Compare
Choose a tag to compare
* Mon Sep 11 2017 Judy Johnson <[email protected]> - 6.0.3-0
  - Only enable 'try_inotify' if explicitly set

* Wed Aug 30 2017 Nick Markowski <[email protected]> - 6.0.3-0
  - Sssd::DebugLevel now handles all variants specfied in sssd.conf man page
  - All instances of debug_level are now typed as Sssd::DebugLevel

Release of 6.0.2

12 Jul 15:19
Compare
Choose a tag to compare
* Thu Jul 06 2017 Liz Nemsick <[email protected]> - 6.0.2-0
  - Confine puppet version in metadata.json

6.0.1: (SIMP-2992) Work around for broken LDAP libs

13 Jun 21:19
Compare
Choose a tag to compare
(SIMP-2992) Work around for broken LDAP libs

The client LDAP libraries are broken in EL6 such that, if any 128 bit
ciphers are present in the cipher string, it will fall back to SSF=128
for connecting to an LDAP server.

This is unacceptable to the SIMP default configuration (SSF=256).

Also, fixed a bug in a template with regards to variables with prefaced
underscores.

SIMP-2992 #comment Update for SSSD