AD Bridge 22.3 Release Notes

December 8, 2022

New Features and Enhancements:

Azure Integration for Migrated Accounts

  • AD Bridge can now authenticate against Azure AD with accounts that have been migrated to Azure AD with Azure AD Connect. This requires:
    • An application set up in the Azure tenant under App registrations to Allow public client flows and to permit Microsoft Graph both user.read.all and group.read.all rights.
    • Secret generated for the application and stored on the endpoint in a file.
    • Azure AD connect set up to migrate Active Directory users to Azure AD.
    • Active Directory user accounts must be setup with IDs provided by the Suggest button in the AD Bridge plugin: Active Directory Users and Computers plugin.
    • Joining to Azure with the new /opt/pbis/bin/tenantjoin-cli binary.

Azure-OAuth Provider

  • Integrated config wait time option.
  • Updated config option for user login authentication wait time.
  • Azure user logging off generates an event.
  • Azure user failed logon generates an event.
  • Curl timeouts are now configurable via the config tool.
  • Azure user logon generates an event.
  • Removed Azure-OAuth from provider list via tenantjoin-cli leave.
  • Added Azure-OAuth to provider list via tenantjoin-cli.
  • tenantjoin-cli provider hint dependent on provider config.
  • Verifies if users' accounts are enabled on authentication requests within a session.
  • Added option to provide tenant-name with tenantjoin-cli.
  • tenantjoin-cli will prompt that it requires superuser privileges when run.
  • get-status displays primary domain name.
  • tenantjoin-cli allows rejoins.
  • tenantjoin-cli validates input.
  • tenantjoin-cli persists after a reboot.
  • Hash on-premises security identifier for UID.
  • Audit tenantjoin-cli joins.
  • Allows simultaneous Azure user logins.
  • Azure user login.
  • Ability to join a tenant (with tenantjoin-cli).
  • Automatically acquire new access token.
  • get-status displays tenant information.
  • Azure user is prompted with authorization URL when logging in with SSH.
  • Support tenantjoin --cli --leave option.
  • Added config options for OAuth.
  • Updated config providers to include Azure-OAuth.
  • Added Azure-OAuth provider.

Issues Resolved:

  • Resolved issue in which msiexec failed to install individual modules.
  • Resolved issue in which users were unable to log in to a Samba share using the FQDN.

Notes:

  • AD Bridge 22.3.0.267 supports upgrades from 10.1, 21.1, 22.1, and 22.2.
  • This is the last release to support Solaris 10 through 11.3.