Skip to content


Choose a tag to compare
@pbrezina pbrezina released this 16 Apr 09:01
· 3082 commits to master since this release

SSSD 1.16.5


New Features

  • New option ad_gpo_ignore_unreadable was added that allows SSSD to ignore unreadable GPO containers in AD.
  • It is possible to configure auto_private_groups per subdomain or with subdomain_inherit.

Security issues fixed

  • A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. (CVE-2018-16838)

Notable bug fixes

  • Multiple URI specified in ldap_uri did not work properly if they differed only in port number.
  • Several issues with SUDO rules processing have been fixed.
  • SSSD sometimes incorrectly started in offline mode. This was fixed.
  • Issue with missing nested groups after add/remove operation on the sever was fixed.
  • A use-after-free error causing SSSD service to crash was fixed.

See full release notes here.