Jump to: navigation, search


Revision as of 15:41, 29 June 2021 by Ab (talk | contribs) (Created page with " {{ReleaseDate|2021-06-29}} The FreeIPA team would like to announce FreeIPA 4.9.6 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Release date Released 2021-06-29

The FreeIPA team would like to announce FreeIPA 4.9.6 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.

Highlights in 4.9.6

  • 8402: [RFE] ipa-client-install forces nsupdate to bind with gssapi
Invoke nsupdate without authentication if the GSS-TSIG attempt fails at install time ; configure SSSD to use nsupdate without GSS-TSIG in this case.


Known Issues

  • FreeIPA 4.9.4 contains a new LDAP caching layer that might incorrectly return data in certain cases. This is known to affect ansible-freeipa operations with automember rules. FreeIPA 4.9.6 addresses this issue.

Bug fixes

FreeIPA 4.9.6 is a stabilization release for the features delivered as a part of 4.9.0 version series.

There are more than 10 bug-fixes since FreeIPA 4.9.5 release. Details of the bug-fixes can be seen in the list of resolved tickets below.


Upgrade instructions are available on Upgrade page.


Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.

Resolved tickets

  • #7752 ipa client throws http.client.ResponseNotReady error
  • #8402 (rhbz#1854557) [RFE] ipa-client-install forces nsupdate to bind with gssapi
  • #8532 (rhbz#1886837) Revise PKINIT upgrade code
  • #8726 Provide a better error message with updatedns and FQDN Is not provided
  • #8754 (rhbz#1919384) Certificate Serial Number issue
  • #8817 Running ipa-server-certinstall with v1 certificate fails with Attempted "__iter__" operation on ASN.1 schema object
  • #8880 (rhbz#1973023) CA_less ipa-server-install fails if CA cert subject contains non ascii chars
  • #8882 Directly integrate custodia
  • #8884 (rhbz#1967325) API returns the misleading error "Insufficient Access" if run as non-admin
  • #8885 (rhbz#1975139) Upgrade error: Add failure missing required attribute "objectclass"
  • #8889 [tests] healthcheck 0.9
  • #8897 (rhbz#1976286) ansible-freeipa automember test fails with `automember_add_condition: testgroup: 'objectclass'` due to ldap cache
  • #8898 plugin `plugins` doesn't work

Detailed changelog since 4.9.5

Alexander Bokovoy (2)

Antonio Torres (3)

  • ipatests: test host update using shortname commit #8726, #8884
  • host: try to resolve FQDN before command execution commit #8726, #8884
  • Allow PKINIT to be enabled when updating from a pre-PKINIT IPA CA server commit #8532

Christian Heimes (7)

François Cami (3)

  • ipa-client-install: update sssd.conf if nsupdate requires -g commit #8402
  • ipa-client-install: invoke nsupdate twice (GSS-TSIG, plain) commit #8402
  • ipa-client-install: remove fsync in do_nsupdate() commit #8402

Florence Blanc-Renaud (2)

  • ipatests: use non-ascii chars in CA-less install commit #8880
  • CA-less install: non-ASCII chars in CA cert subject commit #8880

Rob Crittenden (3)

  • Return a copy of cached entries, only with requested attributes commit #8897
  • Use get_replication_plugin_name in LDAP updater commit #8885
  • When loading certificates verify that it is X.509 v3 commit #8817

Stanislav Levin (4)

  • ipatests: Add tests for `env` plugin commit
  • ipatests: Add tests for `plugins` plugin commit #8898
  • plugins: Don't treat keys of api as bytes commit #8898
  • ipatests: healthcheck: Update IPAHostKeytab assumptions commit #8889

Serhii Tsymbaliuk (1)

  • WebUI: Fix certificate serial number representation commit #8754

Sudhir Menon (2)

  • Increase timeout for test_commands.py commit
  • ipatests: Test to check that ResponseNotReady error is not displayed when user session cache is deleted commit #7752