The FreeIPA team is proud to announce version FreeIPA v3.1.5.
It can be downloaded from http://www.freeipa.org/page/Downloads. The new version has also been built for Fedora 18 and is on its way to updates-testing: https://admin.fedoraproject.org/updates/freeipa-3.1.5-1.fc18
Highlights in 3.1.5#
Bug fixes#
Directory Server CLDAP responder now returns a result in all cases to avoid timeouts or freezes with Windows DC or other tools probing this interface.
Upgrading#
An IPA server can be upgraded simply by installing updated rpms. The server does not need to be shut down in advance.
Please note, that the referential integrity extension requires an extended set of indexes to be configured. RPM update for an IPA server with a excessive number of hosts, SUDO or HBAC entries may require several minutes to finish.
If you have multiple servers you may upgrade them one at a time. It is expected that all servers will be upgraded in a relatively short period (days or weeks not months). They should be able to co-exist peacefully but new features will not be available on old servers and enrolling a new client against an old server will result in the SSH keys not being uploaded.
Downgrading a server once upgraded is not supported.
Upgrading from 2.2.0 is supported. Upgrading from previous versions is not supported and has not been tested.
An enrolled client does not need the new packages installed unless you want to re-enroll it. SSH keys for already installed clients are not uploaded, you will have to re-enroll the client or manually upload the keys.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list: http://www.redhat.com/mailman/listinfo/freeipa-users
Detailed Changelog since 3.1.4#
Alexander Bokovoy (1)
Fix cldap parser to work with a single equality filter (NtVer=…)
Martin Kosek (1):
Become IPA 3.1.5
Petr Viktorin (1):
Remove leading zero from IPA_NUM_VERSION
Simo Sorce (2):
CLDAP: Fix domain handling in netlogon requests
CLDAP: Return empty reply on non-fatal errors