Downloads
FreeIPA v3
Current Release of FreeIPA
FreeIPA v3.2.1 is now available!
For more information about it see Release Notes. A build for Fedora 19 has been submitted to the updates-testing repository.
A tarball is available at http://freeipa.org/downloads/src/freeipa-3.2.1.tar.gz
To install:
# yum install freeipa-server # ipa-server-install
To upgrade an existing install:
# yum update freeipa-server
Enrolled client machines do not need to be updated unless you want to take advantage of new features. ipa-client is just a configuration script so the host will need to be re-enrolled (ipa-client-install --uninstall && ipa-client-install).
For additional installation options see: man ipa-server-install. Other documentation is available from man pages and command line help system that can be invoked by "ipa help" command.
Upgrading has been tested with FreeIPA v2.2.0 only. Other versions of FreeIPA v2 should work but are untested. Upgrading from v1.x is unsupported.
Upgrading from a previous version will not consolidate the 389-ds instances. Only new installations get a unified 389-ds backend. Upgraded servers will retain both instances.
FreeIPA v3.1.5 Release
For more information about it see Release Notes. A build for Fedora 18 was already submitted to updates-testing repository.
For additional information see the AD Trust design page and the AD Trust testing page.
A tarball is available at http://freeipa.org/downloads/src/freeipa-3.1.5.tar.gz
To install:
# yum install freeipa-server # ipa-server-install
To upgrade an existing install:
# yum update freeipa-server
Enrolled client machines do not need to be updated unless you want to take advantage of new features. ipa-client is just a configuration script so the host will need to be re-enrolled (ipa-client-install --uninstall && ipa-client-install).
For additional installation options see: man ipa-server-install. Other documentation is available from man pages and command line help system that can be invoked by "ipa help" command.
Upgrading has been tested with FreeIPA v2.2.0 only. Other versions of FreeIPA v2 should work but are untested. Upgrading from v1.x is unsupported.
Upgrading from a previous version will not consolidate the 389-ds instances. Only new installations get a unified 389-ds backend. Upgraded servers will retain both instances.
FreeIPA v3.0.2 Release
For more information about it see Release Notes.
The 3.0.x releases are replaced in Fedora 18 by FreeIPA 3.1.0.
For additional information see the AD Trust design page and the AD Trust testing page.
A tarball is available at http://freeipa.org/downloads/src/freeipa-3.0.2.tar.gz
To install:
# yum install freeipa-server # ipa-server-install
To upgrade an existing install:
# yum update freeipa-server
Enrolled client machines do not need to be updated unless you want to take advantage of new features. ipa-client is just a configuration script so the host will need to be re-enrolled (ipa-client-install --uninstall && ipa-client-install).
For additional installation options see: man ipa-server-install. Other documentation is available from man pages and command line help system that can be invoked by "ipa help" command.
Upgrading has been tested with FreeIPA v2.2.0 only. Other versions of FreeIPA v2 should work but are untested. Upgrading from v1.x is unsupported.
Latest development version
You can download latest sources from our Git reposistory.
FreeIPA v2
Current Release: 2.2.2
FreeIPA v2.2 Release (2.2.2) is now available!
For more information about it see Release Notes. Builds for Fedora 17 are available in the Fedora repositories (you may need to enable the updates-testing repository).
To install:
# yum install freeipa-server # ipa-server-install
To upgrade an existing install:
# yum update freeipa-server
Enrolled client machines do not need to be updated unless you want to take advantage of new features. ipa-client is just a configuration script so the host will need to be re-enrolled (ipa-client-install --uninstall && ipa-client-install).
For additional installation options see: man ipa-server-install. Other documentation is available from man pages and command line help system that can be invoked by "ipa help" command.
This build is NOT an upgrade for FreeIPA v1.x or any previously released alpha or beta. To upgrade from 1.x or an alpha or beta you must install this as a fresh installation. You can migrate users following the migration procedures described in the documentation.
A tarball for the release is available at http://freeipa.org/downloads/src/freeipa-2.2.2.tar.gz
Tar balls for the earlier releases can be downloaded from here.
The FreeIPA v2 Release (2.1.4)
For more information about it see Release Notes. Builds for Fedora 15, 16 and rawhide are available in the Fedora repositories (you may need to enable the updates-testing repository).
To install:
# yum install freeipa-server # ipa-server-install
To upgrade an existing install:
# yum update freeipa-server
NOTE: During testing one user reported a hang in the yum/rpm process. The ns-slapd process had deadlocked. If this occurs then you should kill the ns-slapd process for your realm (it will show in ps). Then restart ipa and run ipa-ldap-updater. It might look something like:
# yum update freeipa-server upgrading can take a while but if it takes more than say 10 minutes it is too long # ps -ef |grep ns-slapd # kill xxx wait for yum/rpm to finish up # service ipa restart # ipa-ldap-updater
Enrolled client machines do not need to be updated. ipa-client is just a configuration script.
Note: In this release the package has been renamed to "freeipa-server".
For additional installation options see: man ipa-server-install. Other documentation is available from man pages and command line help system that can be invoked by "ipa help" command.
In release candidate 2 we made a change to some LDAP operations because some were duplicated. This change causes some commands in older releases to be incompatible with the GA release. This in effect prevents pre-rc2 clients from joining GA installations, including the ipa-client package in RHEL 6.0. An updated srpm can be found here.
This build is NOT an upgrade for FreeIPA v1.x or any previously released alpha or beta. You must install this as a fresh installation. You can migrate users following the migration procedures described in the documentation.
A tarball for the release is available at http://freeipa.org/downloads/src/freeipa-2.1.4.tar.gz
Tar balls for the earlier releases can be downloaded from here.
Plans
See Roadmap for more information. Source is available from the development repository: see Contribute for more information.
Bleeding Edge
Like living on the bleeding edge? Try the repo at http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo
This contains the continuous builds of FreeIPA and SSSD. A new build gets spun up every time we make a commit. Beware, there be dragons.
The alpha and RC releases for 2 are available in our development release repository
FreeIPA v1
Current Release: 1.2.2
Version 1.2.2 is a bugfix release.
Main corrections:
- Fix group deletion in the web UI.
- Make the web UI work when both python-cherrypy and python-cherrypy2 are installed.
- Fix some Python 2.6 deprecation warnings
- Change method used to determine CAs to trust.
- Add the CA constraint to the self-signed CA FreeIPA generates.
NOTE: after an upgrade always run ipa-ldap-updater as root (needs to be run on each server you upgrade) to make sure all needed directory changes are uploaded as well. This command requires the Directory Manager password. The command is automatically run when you install a new master/replica.
Downloads
Installation instructions are covered in the Installation and Deployment Guide. It is available in the Documentation section.
Yum Repo
IPA v1 is available in the Fedora 12, 13 and 14 repos. To install simply run:
yum install ipa-server
On machines to be IPA clients replace ipa-server with ipa-client
There is no need to enable any additional repositories since this version of FreeIPA was currently accepted into Fedora.
v1 Notes
- If you are upgrading an existing FreeIPA installation see http://freeipa.org/page/NewCA for details on re-issuing the CA so it will work with Firefox 3.5+
- If you are upgrading form a version of FreeIPA older than 1.1.1 please make sure to also check instructions to properly fix CVE-2008-3274.
EXPORT CONTROL. As required by U.S. law, you (“Licensee”) represents and warrants that it: (a) understands that the Software is subject to export controls under the U.S. Commerce Department's Export Administration Regulations ("EAR"); (b) is not located in a prohibited destination country under the EAR or U.S. sanctions regulations (currently Cuba, Iran, Iraq, North Korea, Sudan and Syria); (c) will not export, re-export, or transfer the Software to any prohibited destination, entity, or individual without the necessary export license(s) or authorizations(s) from the U.S. Government; (d) will not use or transfer the Software for use in any sensitive nuclear, chemical or biological weapons, or missile technology end-uses unless authorized by the U.S. Government by regulation or specific license; (e) understands and agrees that if it is in the United States and exports or transfers the Software to eligible end users, it will, as required by EAR Section 740.17(e), submit semi-annual reports to the Commerce Department's Bureau of Industry & Security (BIS), which include the name and address (including country) of each transferee; and (f) understands that countries other than the United States may restrict the import, use, or export of encryption products and that it shall be solely responsible for compliance with any such import, use, or export restrictions.
A tarball is available at http://freeipa.org/downloads/src/freeipa-1.2.2.tar.gz
