sssd/0011-MAN-GPO-Security-Filtering-limitation.patch

From bb20c565417a2c2ab274b254e6238657c5d8c73a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Thu, 26 Oct 2017 17:12:17 +0200
Subject: [PATCH 11/79] MAN: GPO Security Filtering limitation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Note in the man pages that current version of SSSD does not support
host entries in the 'Security filtering' list.

Resolves:
https://pagure.io/SSSD/sssd/issue/3444

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
---
 src/man/sssd-ad.5.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 08c1dd09fb829c6cffb416250b9b518668ec5790..649042d587de3d3600fff59866681e302c721af8 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -345,6 +345,13 @@ DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,
                             particular user is allowed to logon to a particular
                             host.
                         </para>
+                        <para>
+                            NOTE: The current version of SSSD does not support
+                            host (computer) entries in the GPO 'Security
+                            Filtering' list. Only user and group entries are
+                            supported. Host entries in the list have no
+                            effect.
+                        </para>
                         <para>
                             NOTE: If the operation mode is set to enforcing, it
                             is possible that users that were previously allowed
-- 
2.15.1
Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system Backport few upstream features from 1.16.1 2017-12-04 20:33:29 +00:00			`From bb20c565417a2c2ab274b254e6238657c5d8c73a Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>`
			`Date: Thu, 26 Oct 2017 17:12:17 +0200`
			`Subject: [PATCH 11/79] MAN: GPO Security Filtering limitation`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Note in the man pages that current version of SSSD does not support`
			`host entries in the 'Security filtering' list.`

			`Resolves:`
			`https://pagure.io/SSSD/sssd/issue/3444`

			`Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>`
			`---`
			`src/man/sssd-ad.5.xml \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml`
			`index 08c1dd09fb829c6cffb416250b9b518668ec5790..649042d587de3d3600fff59866681e302c721af8 100644`
			`--- a/src/man/sssd-ad.5.xml`
			`+++ b/src/man/sssd-ad.5.xml`
			`@@ -345,6 +345,13 @@ DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,`
			`particular user is allowed to logon to a particular`
			`host.`
			`</para>`
			`+ <para>`
			`+ NOTE: The current version of SSSD does not support`
			`+ host (computer) entries in the GPO 'Security`
			`+ Filtering' list. Only user and group entries are`
			`+ supported. Host entries in the list have no`
			`+ effect.`
			`+ </para>`
			`<para>`
			`NOTE: If the operation mode is set to enforcing, it`
			`is possible that users that were previously allowed`
			`--`
			`2.15.1`