The FreeIPA team would like to announce FreeIPA 4.5.3 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and 26 will be available in the official COPR repository.
Highlights in 4.5.3#
Enhancements#
Known Issues#
When ipa-server-upgrade is executed during dnf system-upgrade, network should come online and the ipa-server-upgrade should finish successfully. If ipa-server-upgrade fails during system-upgrade, please run it manually once network is online.
Bug fixes#
FreeIPA 4.5.3 is a stabilization release for the features delivered as a part of 4.5.0. There are more than 10 bug-fixes details of which can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#7039 FreeIPA upgrade script requires network to be up, but network is not up during upgrade when using dnf system-upgrade
#7037 Replica installation grants HTTP principal access in WebUI
#7036 Advice plugins for smart card configuration produce scripts that configure the feature incompletely
#7029 Fix inconsistent reporting of server roles/attributes in *config-show commands
#7026 ipaserver installation fails in FIPS mode: OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode!
#7021 ipa-server-install failure on checking matching interfaces - invalid format of netmas
#7007 Use CommonNameToSANDefault in default profile (new installs only)
#6877 ipasam needs changes for Samba 4.7
#6838 [ipa-replica-install] - 406 Client Error: Failed to validate message: Incorrect number of results (0) searching forpublic key for host
#4317 Allow –ip-address even when not present in local interface
Detailed changelog since 4.5.2#
Alexander Bokovoy (2)#
Fraser Tweedale (1)#
Martin Babinsky (15)#
replica install: drop-in IPA specific config to tmpfiles.d commit #7053
Do not remove the old masters when setting the attribute fails commit #7029
*config-show: Do not show empty roles/attributes commit #7029
smart-card-advises: ensure that krb5-pkinit is installed on client commit #7036
smart card advise: use password when changing trust flags on HTTP cert commit #7036
smart card advises: use a wrapper around Bash `for` loops commit #7036
Use the compound statement formatting API for configuring PKINIT commit #7036
Fix indentation of statements in Smart card advises commit #7036
delegate formatting of compound Bash statements to dedicated classes commit #7036
advise: add an infrastructure for formatting Bash compound statements commit #7036
delegate the indentation handling in advises to dedicated class commit #7036
add a class that tracks the indentation in the generated advises commit #7036
Allow to pass in multiple CA cert paths to the smart card advises commit #7036
smart-card advises: add steps to store smart card signing CA cert commit #7036
smart-card advises: configure systemwide NSS DB also on master commit #7036