[Freeipa-interest] Announcing FreeIPA v2 Server
The FreeIPA Project (http://freeipa.org) is proud to present FreeIPA version 2.0. FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos and NTP. FreeIPA binds together a number of technologies and adds a web interface and command-line administration tools. Features of FreeIPA v2.0 include: * Centralized authentication via Kerberos or LDAP * Identity management for users, groups, hosts and services * Pluggable and extensible framework for UI/CLI * Rich CLI * Web-based User Interface * Server X.509 v3 certificate provisioning capabilities * Managing host identities including grouping hosts * Defining host-based access control rules that will be enforced on the client side by the IPA back end for SSSD [1] * Serving netgroups based on user and host objects stored in IPA * Serving sets of automount maps to different clients * Finer-grained management delegation * Group-based password policies * Centrally-managed SUDO * Automatic management of private groups * Compatibility with broad set of clients * Painless password migration * Optional integrated DNS server managed by IPA * Optional integrated Certificate Authority to manage server certificates managed by IPA * Can act as NIS server for legacy systems * Supports multi-server deployment based on the multi-master replication * User and group replication with MS Active Directory We encourage users and developers to start testing and deploying FreeIPA in their environments. A very simple installation procedure is provided and is part of the effort of making these complex technologies simple to use and friendly to administrators. We encourage people to experiment and evaluate the current release, we welcome feedback on the overall experience and bug reports [2]. We also would like to encourage interested users and developers to join our mailing list and discuss features and development directions [3]. The complete source code[4] is available for download here: http://www.freeipa.org/page/Downloads See our git repository at http://git.fedorahosted.org/git/freeipa.git/ for a complete changelog. FreeIPA 2.0 is available in Fedora 15, see Known Issues below. You will need to enable the updates-testing repository, e.g. # yum install freeipa-server --enablerepo=updates-testing Have Fun! The FreeIPA Project Team. --- [1] https://fedorahosted.org/sssd/ [2] https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora (component is ipa) [3] http://freeipa.org/page/Contribute Known Issues * The latest tomcat6 package has not been pushed to updates-testing. You need tomcat6-6-0.30-5 or higher. The packages can be retrieved from koji at http://koji.fedoraproject.org/koji/buildinfo?buildID=231410 . The installation will fail restarting the CA with the current tomcat6 package in Fedora 15. * If the domain and realm do not match you may need to use the --force flag with ipa-client-install. * Dogtag replication is done separately from IPA replication. The ipa-replica-manage tool does not currently operate on dogtag replication agreements. * The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate. Detailed Changlog since FreeIPA v2.0.0 rc3 Adam Young (1): * pwpolicy priority Priority is now a required field in order to add a new password policy. Thus, not having the field present means we cannot create one. Endi S. Dewata (1): * Removed nested role from UI. Martin Kosek (2): * Wait for Directory Server ports to open * Prevent stacktrace when DNS record is added Pavel Zuna (1): * Update translation file (ipa.pot). Rob Crittenden (4): * Always consider domain and server when doing DNS discovery in client. * Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance. * Ensure that the system hostname is lower-case. * Automatically update IPA LDAP on rpm upgrades Simo Sorce (1): * Domain to Realm Explicitly use the realm specified on the command line. Many places were assuming that the domain and realm were the same. * Fix uninitialized variable. ___ Freeipa-interest mailing list Freeipa-interest@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-interest
[Freeipa-interest] Announcing FreeIPA v2 Server Release Candidate 3 Release
To all freeipa-interest, freeipa-users and freeipa-devel list members, The FreeIPA project team is pleased to announce the availability of the Release Candidate 3 release of freeIPA 2.0 server [1]. This should be the last release candidate, becoming the final release if no critical problems are found. * Binaries are available for F-14 and F-15. * Please do not hesitate to share feedback, criticism or bugs with us on our mailing list: freeipa-us...@redhat.com Main Highlights of the Release Candidate. This release consists primarily of bug fixes and polish across all areas of the project. Modifications include but are not limited to * i18n improvements * Fixed the self-service page in the WebUI * Use TLS for CA replication * Setting up Winsync agreements has been fixed Focus of the Release Candidate Testing * There was a Fedora test day for FreeIPA on Feb 15th [2]. These tests are still relevant and feedback would be appreciated. We are particularly interested to know if there are any problems setting up replication. * The following section outlines the areas that we are mostly interested to test [3]. Significant Changes Since RC 2 To see all the tickets addressed since the rc2 release see [5]. Repositories and Installation * Use the following link to install the RC 3 packages [4]. * FreeIPA relies on the latest versions of the packages currently available from the updates-testing repository. Please make sure to enable this repository before you proceed with installation. Known Issues: * Installing IPA on Fedora-15 works but can take more time than Fedora 14 due to systemd. It is not recognizing some restarts as being successful so only continues after a 3-minute timeout. We are working on a solution. Thank you, The FreeIPA development team [1] http://www.freeipa.org/page/Downloads [2] https://fedoraproject.org/wiki/QA/Fedora_15_test_days [3] https://fedoraproject.org/wiki/Features/FreeIPAv2#How_To_Test [4] http://freeipa.org/downloads/freeipa-devel.repo [5] https://fedorahosted.org/freeipa/milestone/2.0.3.%20Bug%20Fixing%20%28GA%29 Detailed Changelog Adam Young (7): * Revert Set hard limit on number of commands in batch request to 256. * update API.txt * Use modified entity find commands for associations * fix truncated message * typo in truncation message * type in default text * Better truncated message Endi S. Dewata (13): * Removed association facets based on memberofindirect. * Replaced SUDO with Sudo in UI test data. * Fixed attribute for SUDO command group membership. * Save changes before modifying association. * Fixed host enrollment time * Fixed memory leak caused by IPA.dialog. * Fixed memory leak caused by is_dirty dialogs. * Fixed memory leak caused by reset password dialog. * Fixed memory leak caused by DNS record adder dialog. * Fixed memory leak caused by DNS record deleter dialog. * Fixed memory leak caused by IPA.error_dialog. * Fixed memory leak caused by certificate dialogs. * Fixed self service page. John Dennis (1): * Add Transifex tx client configuration file Martin Kosek (4): * IPA replica/server install does not check for a client * Inconsistent sysrestore file handling by IPA server installer * Improve error handling and return status codes in ipactl * ipa-dns-install script fails Pavel Zuna (10): * Remove deprecated i18n code from ipalib/request and all references to it. * Send Accept-Language header over XML-RPC and translate on server. * Fallback to default locale (en_US) if env. setting is corrupt. * Translate docstrings. * Fix translatable strings in ipalib plugins. * Fix i18n related failures in unit tests. * Use pygettext to generate translatable strings from plugin files. * Final i18n unit test fixes. * Fix error in user plugin email normalizer for empty --setattr=email=. * Use ldapi: instead of unsecured ldap: in ipa core tools. Rob Crittenden (12): * Set SuiteSpotGroup when setting up our 389-ds instances. * Use Sudo rather than SUDO as a label. * Replace only if old and new have nothing in common * Need to restart the dogtag 388-ds instance before using it. * Skip DNS validation checks if we're setting up DNS in ipa-server-install. * Fix style and grammatical issues in built-in command help. * Update API to reflect doc change in force parameter in dnszone_add * Always try to stop tracking the server cert when uninstalling client. * If --hostname is provided for ipa-client-install use it everywhere. * chkconfig the ipa service off when it is uninstalled. * Use TLS for dogtag replication agreements. * Become IPA v2 RC 3 (2.0.0.rc3) Simo Sorce (9): * Set the loginShell attribute on winsynced entries if configured * Fix winsync agreements setup * Unbreak the ipa winsync plugin. * Fix user synchronization. * Make activated/inactivated groups optional * Use wrapper for sasl gssapi binds so it behaves like other binds * Fix replica setup using replication admin kerberos
[Freeipa-interest] Announcing FreeIPA v2 Server Beta 2 Release
To all freeipa-interest, freeipa-users and freeipa-devel list members, The FreeIPA project team is pleased to announce the availability of the Beta 2 release of freeIPA 2.0 server [1]. * Binaries are available for F-14. * With the release of this Beta, freeIPA moves into the Release Candidate cycle. * Please do not hesitate to share feedback, criticism or bugs with us on our mailing list: freeipa-us...@redhat.com Main Highlights of the Beta This beta has a set of significant improvements across all areas of the project. Modifications include but are not limited to: * Support of the latest Dogtag packages. * Installation fixes. * Changes in the DIT structure. * New permissions defined against different elements of the tree. * Better startup and shutdown handling. * Replication improvements. * Incremental improvements in IPv6 support. * DNS improvements. * The package name has been changed to freeipa to avoid collision with IPA v1.x and many others. Focus of the Beta Testing * There is a Fedora test day for FreeIPA coming on Feb 10th [3]. Please join us in testing FreeIPA. The exact instructions will be provided later and will be available off the link on the page. * The following section outlines the areas that we are mostly interested to test [4]. Significant Changes Since Beta 1 To see all the tickets addressed between the two beta releases see [2]. Repositories and Installation * Use the following link to install the beta 2 packages [5]. * On Fedora-14 FreeIPA relies on the latest versions of the packages currently available from the updates-testing repository. Please make sure to enable this repository before you proceed with installation. Known Issues: * There are known issues that currently prevent FreeIPA from successfully installing on F-15 [6]. We will send a separate message when these issues are resolved. * Server-generated error messages are not translated yet. * IPv6 support is not complete. * The 'ipa help' command does not support localization. We plan to address all the outstanding tickets before the final 2.0 release. For the complete list see [7]. Thank you, The FreeIPA development team [1] http://www.freeipa.org/page/Downloads [2] https://fedorahosted.org/freeipa/milestone/0.8%20iteration%20-%20January%20%28cleanup%29 [3] https://fedoraproject.org/wiki/QA/Fedora_15_test_days [4] https://fedoraproject.org/wiki/Features/FreeIPAv2#How_To_Test [5] http://freeipa.org/downloads/freeipa-devel.repo [6] https://bugzilla.redhat.com/show_bug.cgi?id=674916 [7] https://fedorahosted.org/freeipa/milestone/2.0.1%20Bug%20fixing ___ Freeipa-interest mailing list Freeipa-interest@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-interest
