Dmitri Pal wrote:
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Beta 1 release of freeIPA 2.0 server .
- Binaries are available for F-13 and F-14.
- With this beta freeIPA is feature complete.
- Please do not hesitate to share feedback, criticism or bugs with us on
our mailing list: freeipa-us...@redhat.com
Main Highlights of the Beta
- This beta is the first attempt to show all planned capabilities of the
- For the first time the new UI is mostly operational and can be used to
perform management of the system.
- Some areas are still very rough and we will appreciate your help with
Focus of the Beta Testing
- Please take a moment and look at the new Web UI. Any feedback about
the general approaches, work flows, and usability is appreciated. It is
still very rough but one can hopefully get a good understanding of how
we plan the final UI to function and look like.
- Replication management was significantly improved. Testing of multi
replica configurations should be easier.
- We are looking for a feedback about the DNS integration and networking
issues you find in your environment configuring and using IPA with the
embedded DNS enabled.
It would also be beneficial if Delegated Administration (ACIs, task
groups and role groups) were an area of focus too. This area has had
Significant Changes Since Alpha 5
- FreeIPA has changed its license to GPLv3+
- Having IPA manage the reverse zone is optional.
- The access control subsystem was re-written to be more understandable.
For details see 
- Support for SUDO rules
- There is now a distinction between replicas and their replication
agreements in the ipa-replica-manage command. It is now much easier to
manage the replication topology.
- Renaming entries is easier with the --rename option of the mod commands.
- Fix special character handling in passwords, ensure that passwords are
- Certificates can be saved as PEM files in service-show and host-show
- All IPA services are now started/stopped using the ipactl command.
This gives us better control over the start/stop order during
- Set up ntpd first so the time is sane.
- Better multi-valued value handle with --setattr and --addattr.
- Add support for both RFC2307 and RFC2307bis to migration.
- UID ranges were reduced by default from 1M to 200k.
- Add ability to add/remove DNS records when adding/removing a host entry.
- A number of i18n issues have been addressed.
- Updated a lot of man pages.
What is not Complete
- We are still using older version of the Dogtag. New version of the
Dogtag Certificate System will be based on tomcat6 and is forthcoming.
- We plan to take advantage of Kerberos 1.9 that was released today but
we have not finished the integration effort yet.
- IPV6 works in the installer but not the server itself
- Make sure you machine can properly resolve its name before installing
the server. Edit /etc/hosts to remove host name from the localhost and
localhost6 lines if needed.
- The UI is still rough in places<br>Use the following query  to see
the tickets currently open against UI.
- Dogtag does not work out-of-the-box on Fedora 14. To fix it for for
the time being run:
# ln -s /usr/share/java/xalan-j2-serializer.jar
- Instead of Dogtag on F14 you can also try the self-signed CA which is
similar to the CA that was provided in IPA v1. This was designed for
testing and development and not recommended for deployment.
- Make sure you enable updates-testing repository on your fedora machine.
FreeIPA development team
Freeipa-devel mailing list
Jenny Galipeau <jgali...@redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Freeipa-devel mailing list