On 10/13/2016 09:17 PM, Petr Vobornik wrote: > The FreeIPA team would like to announce FreeIPA 4.4.2 release! > > It can be downloaded from http://www.freeipa.org/page/Downloads. Builds > for Fedora 24 will be available in the official COPR repository > <https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-4/>. > > This announcement is also available on > http://www.freeipa.org/page/Releases/4.4.2 > > Fedora 25 update: > https://bodhi.fedoraproject.org/updates/freeipa-4.4.2-1.fc25
Please note that the FreeIPA Public demo was also upgraded to the version 4.4.2, if you want to try it out! Demo location: https://ipa.demo1.freeipa.org/ipa/ui/ The selected new features that may be best exhibited in the FreeIPA Web UI: * Improved Topology Management: - IPA Server -> Topology -> Graph - https://ipa.demo1.freeipa.org/ipa/ui/#/p/topology-graph * Added Overview of IPA server roles: - IPA Server -> Topology -> Server Roles - https://ipa.demo1.freeipa.org/ipa/ui/#/e/server_role/search - You can click on a role - You can also see roles of a server: - https://ipa.demo1.freeipa.org/ipa/ui/#/e/server/details/ipa.demo1.freeipa.org * Added DNS Location Mechanism: - IPA Server -> Topology -> IPA Locations - You can add a location - In the location details, you can add the servers to it (you can only test UI as changing a location of IPA server requires DNS server restart) * Added support for Sub-CAs - Open Authentication -> Certificate Authorities - Add new CA Authority, with subject like "CN=Certificate Authority,O=VPN,O=DEMO1.FREEIPA.ORG" - Set ACL for authority in "CA ACLs" so that Admin can use this CA - Generate new certificate: - Open for example a test Service - Click Options -> New Certificate - Follow the steps (and use the new Sub-CA). I typed these options to get the CSR: - cd /tmp/ - mkdir test - cd test/ - certutil -N -d . - certutil -R -d . -a -g 2048 -s 'CN=ipa.demo1.freeipa.org,O=VPN,O=DEMO1.FREEIPA.ORG' -8 'ipa.demo1.freeipa.org' - Paste the CSR blob to FreeIPA, it should pass - It will show that Issuer is "CN = Certificate Authority,O = VPN,O = DEMO1.FREEIPA.ORG", i.e. our new Sub-CA Enjoy! Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project