FYI, for any Fedora testers out there, we have updated to 4.0.3 in
Fedora 21 in part because it substantially reduces the size of the
install media for the upcoming Alpha release. If you'd like to test and
provide feedback on the packages, the link is here:
On Fri, 2014-09-12 at 22:26 +0200, Petr Viktorin wrote:
> The FreeIPA team would like to announce FreeIPA v4.0.3 bugfix release!
> It can be downloaded from http://www.freeipa.org/page/Downloads. The
> builds will be available for Fedora 21 Beta. Builds for Fedora 20 are
> available in the official
> [https://copr.fedoraproject.org/coprs/mkosek/freeipa/ COPR repository].
> == Bug fixes in 4.0.3 ==
> * Several issues concerning integration with 389 Directory Server 1.3.3
> were fixed.
> * An upgrade crash was fixed.
> == Known Issues ==
> * On Fedora 21 Alpha, FreeIPA server configuration should be done after
> upgrading packages from updates-testing.
> == Upgrading ==
> An IPA server can be upgraded simply by installing updated rpms. The
> server does not need to be shut down in advance.
> Please note that if you are doing the upgrade in special environment
> (e.g. FedUp) which does not allow running the LDAP server during upgrade
> process, upgrade scripts need to be run manually after the first boot:
> # ipa-ldap-updater --upgrade
> # ipa-upgradeconfig
> Also note that the performance improvements require an extended set of
> indexes to be configured. RPM update for an IPA server with a excessive
> number of users may require several minutes to finish.
> If you have multiple servers you may upgrade them one at a time. It is
> expected that all servers will be upgraded in a relatively short period
> (days or weeks, not months). They should be able to co-exist peacefully
> but new features will not be available on old servers and enrolling a
> new client against an old server will result in the SSH keys not being
> Downgrading a server once upgraded is not supported.
> Upgrading from 3.3.0 and later versions is supported. Upgrading from
> previous versions is not supported and has not been tested.
> An enrolled client does not need the new packages installed unless you
> want to re-enroll it. SSH keys for already installed clients are not
> uploaded, you will have to re-enroll the client or manually upload the keys.
> == Feedback ==
> Please provide comments, bugs and other feedback via the freeipa-users
> mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or
> #freeipa channel on Freenode.
> == Detailed Changelog since 4.0.2 ==
> === David Kupka (1) ===
> * Fix typo causing ipa-upgradeconfig to fail.
> === Ludwig Krispenz (1) ===
> * Update SSL ciphers configured in 389-ds-base
> === Nathaniel McCallum (1) ===
> * Update qrcode support for newer python-qrcode
> === Petr Viktorin (4) ===
> * Update referential integrity config for DS 1.3.3
> * permission plugin: Auto-add operational atttributes to read permissions
> * Allow deleting obsolete permissions; remove operational attribute
> * Become IPA 4.0.3
> Freeipa-devel mailing list
Freeipa-devel mailing list