Update to latest 2.7 major release.
Lock-free client support will be only built if libc provides
Add requirement of adcli to sssd-ad.

Update to latest 2.7 major release:
cache: fixed missing error code.
leak.

Update russian translations (by Elena Mishina <lepata@basealt.ru>)

Update to 2.7 major release:
valued RDNs if a unique name must be determined

AD Domain in the AD Forest Missing after sssd latest update
sdap_idmap.c/sssd_idmap.c incorrectly calculates rangesize from upper/lower
Regression on rawhide with ssh auth using password
sssd-ad broken in 2.6.2, 389 used as kerberos port
sssd error triggers backtrace: write_krb5info_file_from_fo_server

Update to latest release:
qualified name does not work with cache_first is True.
pings(netlogon).

Update with latest libldb-2.3.2-alt2 fixes.
Backport newest fixes from upstream:
pam process in get_active_uid_linux()
ping to our local domain

Revert reverted patch with change owner/permissions of user deskprofile path

Update to 2.6.1 stable release.
Revert "Don't change owner/permissions of user deskprofile path" patch

Update to 2.6.0 (with upstream fixes from master - 7bfdd3db8e4c).
Security issue in the sssctl command - shell command injection via the
fetch and cache-expire subcommands (fixes: CVE-2021-3621).
pam_sss: Allow offline authentication against non-ipa-desktopprofiles aware DC
Add filter for Active Directory trusted domains which are not trusted (one-way

FTBFS: disable LTO

Update to 2.5.2:

Update to 2.5.0:
provider, libwbclient, pcre1.

Apply internal, domain and service fixes from upstream.
Add compatibility support of unprivileged mode with "user = _sssd"
2.4.2 default user is set to root.

Update to 2.4.2
Add CapabilityBoundingSet option as a security hardening measure

Update authentication features: