The FreeIPA team would like to announce FreeIPA 4.5.4 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and 26 will be available in the official COPR repository.
Highlights in 4.5.4#
Enhancements#
Known Issues#
Bug fixes#
FreeIPA 4.5.4 is a stabilization release for the features delivered as a part of 4.5.0. There are more than 30 bug-fixes details of which can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#7179 In case full PKINIT configuration is failing during server/replica install the error message should be more meaningful.
#7175 [Backport 7143 to ipa-4-5] “unknown command ‘undefined’” error when changing user’s password via the web UI
#7173 Switch from externally-signed to self-signed CA fails
#7172 Enterprise principals should be able to trigger a refresh of the trusted domain data in the KDC
#7146 ipa_otptoken_import.py fails to parse the correct suite defined under the AlrgorithmParameters
#7144 pkinit-status command fails after an upgrade from a pre-4.5 IPA
#7141 Updating from RHEL 7.3 fails with Server-Cert not found (ipa-server-upgrade)
#7127 sssd.conf not updated after promoting client to promotion
#7126 FreeIPA/IdM installations which were upgraded from versions with 389 DS prior to 1.3.3.0 doesn’t have whomai plugin enabled and thus startup of Web UI fails
#7125 ipa-server-upgrade failes with “This entry already exists”
#7123 External CA renewal fails when IPA CA subject DN does not match “CN=Certificate Authority, {subject-base}”
#7120 Unable to set ca renewal master on replica
#7116 dnssec: fix localhsm.py with openhsm >= 2.2.0
#7112 user-show command fails when sizelimit is configured to number <= number of entity which is user member of
#7108 ipa-backup broken because of cyclic import
#7106 TypeError in renew_ca_cert prevents from swiching back to self-signed CA
#7086 [ipatests] - add caless to cafull tests
#7083 failed ipa-server-upgrade , time out from dogtag services , custodia errors
#7074 IPA shouldn’t allow objectclass if not all in lower case
#7066 WebUI: All columns of user in group table are clickable
#7035 ipa-otptoken-import - XML file is missing PBKDF2 parameters!
#7017 NULL LDAP context in call to ldap_search_ext_s during search in cn=ad,cn=trusts,dc=example,dc=com
#6999 ipa command throws backtrace instead of showing help with wrong syntax
#6979 Suggest user to install libyubikey package instead of traceback
#6952 Suggest CA installation command in KRA installation warning
#6622 [tests] ipatests.util.unlock_principal_password does not respect configured ldap_uri
#6605 make lint + make modifies PO files in place
#6592 [tracker] SELinux policy tracker for 4.5
#6582 Web UI: Change “Host Based” and “Role Based” to “Host-Based” and “Role-Based”
#6447 [WebUI] Remove offline version of WebUI
#6261 Replace ERROR: cannot connect to ‘http://localhost:8888/ipa/json’: [Errno 111] Connection refused with ‘IPA is not configured on this system’
#6176 Updating of dns system records rapidly slowdown uninstallation
Detailed changelog since 4.5.3#
Alexander Bokovoy (2)#
Abhijeet Kasurde (1)#
Alexander Koksharov (1)#
Aleksei Slaikovskii (2)#
Christian Heimes (1)#
David Kreitschmann (2)#
David Kupka (11)#
tests: certmap: Add test for user-{add,remove}-certmap commit #7105
tests: certmap: Add test for certmapconfig-{mod,show} commit #7105
tests: tracker: Add CertmapconfigTracker to tests certmapconfig-* commands commit #7105
tests: certmap: Add basic tests for certmaprule commands commit #7105
tests: tracker: Add CertmapTracker for testing certmap-* commands commit #7105
tests: tracker: Add ConfigurationTracker to test *config-{mod,show} commands commit #7105
tests: tracker: Add EnableTracker to test *-{enable,disable} commands commit #7105
tests: tracker: Split Tracker into one-purpose Trackers commit #7105
Felipe Volpone (4)#
Changing idoverrideuser-* to treat objectClass case insensitively commit #7074
Fixing how sssd.conf is updated when promoting a client to replica commit #7127
Removing part of circular dependency of ipalib in ipaplaform commit #7108
Changing how commands handles error when it can’t connect to IPA server commit #6261
Florence Blanc-Renaud (5)#
ipa-cacert-manage renew: switch from ext-signed CA to self-signed commit #7173
Backport 4-5: Fix ipa-server-upgrade with server cert tracking commit #7141
Backport PR 1008 to ipa-4-5 Fix ipa-server-upgrade: This entry already exists commit #7125
Backport PR 988 to ipa-4-5 Fix Certificate renewal (with ext ca) commit #7106
Fraser Tweedale (2)#
Martin Basti (1)#
Michal Reznik (3)#
Nathaniel McCallum (1)#
Petr Čech (1)#
Petr Vobornik (2)#
Pavel Vomacka (9)#
WebUI: Fix calling undefined method during reset passwords commit #7175
WebUI: remove unused parameter from get_whoami_command commit #7175
Adds whoami DS plugin in case that plugin is missing commit #7126
WebUI: remove creating js/libs symlink from makefile commit #6447
Revert “Web UI: Remove offline version of Web UI” commit
WebUI: Add hyphenate versions of Host(Role) Based strings commit #6582
WebUI: fix incorrectly shown links in association tables commit #7066
Rob Crittenden (1)#
Sumit Bose (1)#
Stanislav Laznicka (4)#
Thierry Bordaz (1)#
Tibor Dudlák (1)#
Tomas Krizek (11)#
Become IPA 4.5.4 commit
Update contributors commit
Update translations commit
prci: use f26 template for ipa-4-5 commit
prci: rename template to ci-ipa-4-5-f25 commit
prci: add caless tests commit
build: checkout *.po files at the end of makerpms.sh commit #6605
freeipa-pr-ci: enable pull-request CI commit
4.5 set back to git snapshot commit