Re: [Freeipa-devel] Announcing FreeIPA v3.0.0 beta 2 Release
2012/8/17 Rob Crittenden rcrit...@redhat.com The FreeIPA team is proud to announce version FreeIPA v3.0.0 beta 2. Hi Rob, Regarding translations, I don't see yet a 3.0 branch on Transifex. Is it in the pipeline, so we could have time to work on translations for 3.0 GA? Regards, J. -- Jérôme Fenal - jfenal AT gmail.com - http://fenal.org/ Paris.pm - http://paris.mongueurs.net/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Announcing FreeIPA v3.0.0 beta 2 Release
Jérôme Fenal wrote: 2012/8/17 Rob Crittenden rcrit...@redhat.com mailto:rcrit...@redhat.com The FreeIPA team is proud to announce version FreeIPA v3.0.0 beta 2. Hi Rob, Regarding translations, I don't see yet a 3.0 branch on Transifex. Is it in the pipeline, so we could have time to work on translations for 3.0 GA? The master branch in Transifex equivalent to the master branch in IPA, and has been updated recently. We plan to branch for 3.0 in the IPA repo, I suppose we can look into branching in Transifex at the same time, but for now it should be safe to work from master. I don't believe Transifex really handles branches very well, but John knows more about it than I. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Announcing FreeIPA v3.0.0 beta 2 Release
On 08/20/2012 05:27 PM, Rob Crittenden wrote: Jérôme Fenal wrote: 2012/8/17 Rob Crittenden rcrit...@redhat.com mailto:rcrit...@redhat.com The FreeIPA team is proud to announce version FreeIPA v3.0.0 beta 2. Hi Rob, Regarding translations, I don't see yet a 3.0 branch on Transifex. Is it in the pipeline, so we could have time to work on translations for 3.0 GA? The master branch in Transifex equivalent to the master branch in IPA, and has been updated recently. We plan to branch for 3.0 in the IPA repo, I suppose we can look into branching in Transifex at the same time, but for now it should be safe to work from master. I don't believe Transifex really handles branches very well, but John knows more about it than I. Transifex has no concept of branches much to many developers dismay. The suggested solution in Transifex to create a new resource for each branch (which is what we did with 2.2). Currently in TX we have an ipa resource which maps to git's master and a 2.2 resource which maps to git's 2.2 branch.. It's kind of sucky because there is no connection in TX between resources and hence branches, each resource stands on it's own. That means even though 90% of the strings in one resource are the same as another resource (because they're just different branch versions) translators won't have the advantage of that information (unless they know). I brought the question of software branches up in the TX forums and was met with deafening silence. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] Announcing FreeIPA v3.0.0 beta 2 Release
The FreeIPA team is proud to announce version FreeIPA v3.0.0 beta 2.
It can be downloaded from http://www.freeipa.org/page/Downloads.
A build is available in the Fedora 18 and rawhide repositories or for
Fedora 17 via the freeipa-devel repo on www.freeipa.org:
http://freeipa.org/downloads/freeipa-devel.repo . To install in Fedora
17 and 18 the updates-testing repository needs to be enabled as well.
NOTE: The Fedora 18 build was submitted this morning (8/17) and has yet
to hit updates-testing. The packages are also at
http://koji.fedoraproject.org/koji/buildinfo?buildID=348836
For additional information see the AD Trust design page
http://freeipa.org/page/IPAv3_AD_trust and the AD Trust testing page
http://freeipa.org/page/IPAv3_testing_AD_trust.
== Highlights since 3.0.0 beta 1 ==
* NTLM password hash is generated for existing users on first use
of IPA cross-realm environment based on their Kerberos keys without
requiring a password change.
* Secure identifiers compatible with Active Directory are generated
automatically for existing users upon set up of IPA cross-realm
environment.
* Use certmonger to renew CA subsystem certificates
* Support for DNS zone transfers to non-IPA slaves
* Internal change to LDAP Distinguished Name handling to be more robust
* Better support for Internet Explorer 9 in the UI
* Allow multiple servers on client install command-line and configuring
without DNS discovery.
* Translation updates
== Upgrading ==
An IPA server can be upgraded simply by installing updated rpms. The
server does not need to be shut down in advance.
If you have multiple servers you may upgrade them one at a time. It is
expected that all servers will be upgraded in a relatively short period
(days or weeks not months). They should be able to co-exist peacefully
but new features will not be available on old servers and enrolling a
new client against an old server will result in the SSH keys not being
uploaded.
Downgrading a server once upgraded is not supported.
Upgrading from 2.2.0 should work but has not been fully tested. Proceed
with caution.
An enrolled client does not need the new packages installed unless you
want to re-enroll it. SSH keys for already installed clients are not
uploaded, you will have to re-enroll the client or manually upload the
keys (using host-mod).
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-devel
mailing list: http://www.redhat.com/mailman/listinfo/freeipa-devel
== Detailed changelog ==
Alexander Bokovoy (11):
* ipasam: improve SASL bind callback
* Use smb.conf 'dedicated keytab file' parameter instead of hard-coded value
* reduce redundant checks in ldapsam_search_users() to a single statement
* ipalib/plugins/trust.py: ValidationError takes 'error' named argument,
not 'reason'
* Handle various forms of admin accounts when establishing trusts
* Follow change in samba4 beta4 for sid_check_is_domain to
sid_check_is_our_sam
* Rework task naming in LDAP updates to avoid conflicting names in
certain cases
* When ipaNTHash is missing, ask IPA to generate it from kerberos keys
* Ensure ipa-adtrust-install is run with Kerberos ticket for admin user
* Handle exceptions when establishing trusts
* Add internationalization to DCE RPC code
David Spångberg (1):
* Indirect roles in WebUI
Gowrishankar Rajaiyan (1):
* Adding exit status 3 4 to ipa-client-install man page
Jan Cholasta (2):
* Add --{set,add,del}attr options to commands which are missing them.
* Raise Base64DecodeError instead of ConversionError when base64
decoding fails in Bytes parameters.
John Dennis (2):
* Use DN objects instead of strings
* Installation fails when CN is set in certificate subject base
Martin Kosek (12):
* Do not change LDAPObject objectclass list
* Add automount map/key update permissions
* Fix ipa-managed-entries man page typo
* Improve address family handling in sockets
* Enable SOA serial autoincrement
* Add range-mod command
* Warn user if an ID range with incorrect size was created
* Print ipa-ldap-updater errors during RPM upgrade
* Enforce CNAME constrains for DNS commands
* Avoid redundant info message during RPM update
* Bump bind-dyndb-ldap version for F18
* Fix winsync agreements creation
Petr Viktorin (7):
* Fix batch command error reporting
* Fix wrong option name in ipa-managed-entries man page
* Fix updating minimum_connections in ipa-upgradeconfig
* Framework for admin/install tools, with ipa-ldap-updater
* Arrange stripping .po files
* Update translations
* Create /etc/sysconfig/network if it doesn't exist
Petr Vobornik (31):
* Moved configuration to last position in navigation
* Display loginas information only after login
* Password policy measurement units.
* Web UI: kerberos ticket policy measurement units
* Add and remove dns per-domain permission in Web UI
* Differentiation of widget type and text_widget input type
* Fixed display of attributes_widget in IE9
* Bigger textarea for
