The FreeIPA Project ( is proud to present FreeIPA
version 2.0.

FreeIPA is an integrated security information management solution
combining Linux (Fedora), 389 Directory Server, MIT Kerberos and NTP.
FreeIPA binds together a number of technologies and adds a web interface
and command-line administration tools.

Features of FreeIPA v2.0 include:
* Centralized authentication via Kerberos or LDAP
* Identity management for users, groups, hosts and services
* Pluggable and extensible framework for UI/CLI
* Rich CLI
* Web-based User Interface
* Server X.509 v3 certificate provisioning capabilities
* Managing host identities including grouping hosts
* Defining host-based access control rules that will be enforced
  on the client side by the IPA back end for SSSD [1]
* Serving netgroups based on user and host objects stored in IPA
* Serving sets of automount maps to different clients
* Finer-grained management delegation
* Group-based password policies
* Centrally-managed SUDO
* Automatic management of private groups
* Compatibility with broad set of clients
* Painless password migration
* Optional integrated DNS server managed by IPA
* Optional integrated Certificate Authority to manage server certificates managed by IPA
* Can act as NIS server for legacy systems
* Supports multi-server deployment based on the multi-master replication
* User and group replication with MS Active Directory

We encourage users and developers to start testing and deploying FreeIPA in their environments. A very simple installation procedure is provided and is part of the effort of making these complex technologies simple to use and friendly to administrators. We encourage people to experiment and evaluate the current release, we welcome feedback on the overall experience and bug reports [2].

We also would like to encourage interested users and developers to join our mailing list and discuss features and development directions [3].

The complete source code[4] is available for download here:

See our git repository at for a complete changelog.

FreeIPA 2.0 is available in Fedora 15, see Known Issues below. You will need to enable the updates-testing repository, e.g.

 # yum install freeipa-server --enablerepo=updates-testing

Have Fun!

The FreeIPA Project Team.


[2] (component is ipa)

Known Issues

* The latest tomcat6 package has not been pushed to updates-testing. You need tomcat6-6-0.30-5 or higher. The packages can be retrieved from koji at . The installation will fail restarting the CA with the current tomcat6 package in Fedora 15. * If the domain and realm do not match you may need to use the --force flag with ipa-client-install. * Dogtag replication is done separately from IPA replication. The ipa-replica-manage tool does not currently operate on dogtag replication agreements. * The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate.

Detailed Changlog since FreeIPA v2.0.0 rc3

Adam Young (1):
* pwpolicy priority Priority is now a required field in order to add a new password policy. Thus, not having the field present means we cannot create one.

Endi S. Dewata (1):
 * Removed nested role from UI.

Martin Kosek (2):
 * Wait for Directory Server ports to open
 * Prevent stacktrace when DNS AAAA record is added

Pavel Zuna (1):
 * Update translation file (ipa.pot).

Rob Crittenden (4):
 * Always consider domain and server when doing DNS discovery in client.
 * Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
 * Ensure that the system hostname is lower-case.
 * Automatically update IPA LDAP on rpm upgrades

Simo Sorce (1):
* Domain to Realm Explicitly use the realm specified on the command line. Many places were assuming that the domain and realm were the same.
 * Fix uninitialized variable.

Freeipa-users mailing list

Reply via email to