The FreeIPA Project is proud to announce the latest release of the FreeIPA. As always, the latest tarball can be found at http://freeipa.org/

FreeIPA 2.1.1 is available in Fedora 15. It is currently in the updates-testing repository along with a number of its dependencies. Fedora 16 and rawhide builds will be coming soon.

== Highlights ==

* Reduced number of ports needed to punch through firewall by proxying dogtag through port 443 * New plugin, automember, that can automatically add users and hosts to groups and hostgroups based on regular expressions.
 * Indicator in the UI and CLI when a host has a one-time password set
* DNS improvements - loading new zones via regular polling or LDAP persistent search

== Upgrading ==

=== Server ===

To upgrade a 2.0.0, 2.0.1 or 2.1.0 server do the following:
 # yum update freeipa-server --enablerepo=updates-testing

This will pull in updated freeIPA, 389-ds, dogtag, libcurl and xmlrpc-c packages (and perhaps some others). A script will be executed in the rpm postinstall phase to update the IPA LDAP server with any required changes.

There is a bug reported against 389-ds, https://bugzilla.redhat.com/show_bug.cgi?id=730387, related to read-write locks. The NSPR RW lock implementation does not safely allow re-entrant use of reader locks. This is a timing issue so it is difficult to predict. During testing one user experienced this and the upgrade hung. To break the hang kill the ns-slapd process for your realm, wait for the yum transaction to complete, then restart 389-ds and manually run the update process:

 # service dirsrv start
 # ipa-ldap-updater

=== Client ===

The ipa-client-install tool in the ipa-client package is just a configuration tool. There should be no need to re-run this on every client already enrolled.

== Detailed Changelog ==

Adam Young (1):
 * enable proxy for dogtag

Alexander Bokovoy (1):
 * Propagate environment when it is required.

Endi S. Dewata (19):
 * Fixed browser configuration pages
 * Hide activation/deactivation link from regular users.
 * Fixed problem selecting value from combobox
 * Fixed inconsistent layout for password reset dialog.
 * Removed 'Hide already enrolled' checkbox.
 * Replaced page dirty dialog title.
 * Updated add and delete association dialog titles.
 * Removed unnecessary HBAC/sudo rule category modification.
 * Fixed command partial failure handling.
 * Fixed default map type in automount map adder dialog.
 * Fixed host OTP status.
 * Fixed host keytab status after setting OTP.
 * Fixed host adder dialog to show default DNS zone.
 * Fixed hard-coded UI messages.
 * Fixed problem adding hostgroup into netgroup.
 * Fixed problem with combobox.
 * Fixed hard-coded UI message in entity.js.
 * Fixed missing permission filter field.
 * Fixed problem with combobox using Sahi

Jan Cholasta (6):
 * Make sure messagebus is running prior to starting certmonger.
* Verify that passwords specified through command line options of ipa-server-install meet the length requirement.
 * Add option to install without the automatic redirect to the Web UI.
* Search for users in all the naming contexts present on the directory server.
 * Add subscription-manager dependency for RHEL.
 * Verify that the external CA certificate files are correct.

John Dennis (11):
 * ticket 1568 - DN objects should support the insert method
 * ticket 1569 - Test DN object non-latin Unicode support
 * ticket 1600 - convert unittests to use DN objects
 * ticket 1659 - invalid i18n string in dns.py
 * ticket 1660 - update LINGUAS file, add missing po files
 * ticket 1661 - Update all po files
 * ticket 1650 - compute accurate translation statistics
 * ticket 1707 - add documentation validation to makeapi tool
 * ticket 1705 - internationalize help topics
 * ticket 1706 - internationalize cli help framework
 * ticket 1669 - improve i18n docstring extraction

Jr Aquino (2):
 * Improve sudorule documentation
 * Create FreeIPA CLI Plugin for the 389 Auto Membership plugin

Martin Kosek (6):
 * Add missing attribute labels for sudorule
 * Fix automountkey-mod
 * Fix automountlocation-import conflicts
 * ipa-client-install breaks network configuration
 * Fix sudo help and summaries
 * Let Bind track data changes

Petr Vobornik (8):
 * error dialog for batch command
 * Uncheck checkboxes in association after deletion
 * Show error in adding associations
 * Validation of details facet before update
 * Modify serial associator to use batch
 * Modifying sudo options refreshes the whole page
 * Enable update and reset button only if dirty
 * Attributes table not scrollable

Rob Crittenden (24):
 * Add information on setting api.env.host in the ipactl.8 man page
 * Log each command in a batch separately.
 * Do batch logging on successful commands too, not just failures.
 * Fix wording in examples of delegation plugin.
 * Suppress 389-ds debug output when starting services
 * Fix thread deadlock by using pthreads library instead of NSPR.
 * Change the way has_keytab is determined, also check for password.
 * Add additional pam ftp services to HBAC, and a ftp HBAC service group
 * Add label for HBAC services to show as members
 * Add option to only prompt once for passwords, use in entitle_register
 * Retrieve password/keytab state when modifying a host.
 * Disable reverse lookups in ipa-join and ipa-getkeytab
 * Remove more 389-ds files/directories on uninstallation.
 * Remove 389-ds upgrade state during uninstall
 * Set min nvr of pki-ca to 9.0.12 for fix in BZ 700505
* Add common is_installed() fn, better uninstall logging, check for errors.
 * Add external source hosts to HBAC.
 * Roll back changes if client installation fails.
 * Add netgroup as possible memberOf for hostgroups
 * Sort lists so order is predictable and tests pass as expected.
 * Suppress managed netgroups from showing as memberof hostgroups.
 * Use the IPA server cert profile in the installer.
 * Set min nvr of 389-ds-base to 1.2.9.7-1 for BZ 728605
 * Become IPA 2.1.1

Simo Sorce (1):
 * conncheck: Fix List of ports to check

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to