Jump to: navigation, search

IPAv2 201

Release date Released May 2 2011

May 2, 2011

The FreeIPA project team is pleased to announce the availability of the freeIPA 2.0.1 server.

It is available in Fedora 15 and Fedora rawhide.

Known Issues

  • If the domain and realm do not match you may need to use the --force flag with ipa-client-install.
  • Dogtag replication is done separately from IPA replication. The ipa-replica-manage tool does not currently operate on dogtag replication agreements.
  • The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate.

Changelog since 2.0.0

Endi S. Dewata (1):

  • Fixed undefined label in permission adder dialog box.

Jan Cholasta (10):

  • Fix wording of error message.
  • Add note about ipa-dns-install to ipa-server-install man page.
  • Fix typo in ipa-server-install.
  • Fix uninitialized variables.
  • Fix double definition of output_for_cli.
  • Add lint script for static code analysis.
  • Fix lint false positives.
  • Remove unused classes.
  • Fix some minor issues uncovered by pylint.
  • Fix uninitialized attributes.

Jr Aquino (4):

  • Escape LDAP characters in member and memberof searches
  • Add memberHost and memberUser to default indexes
  • Optimize and dynamically verify group membership
  • Delete the sudoers entry when disabling Schema Compat

Martin Kosek (12):

  • Inconsistent error message for duplicate user
  • Replica installation fails for self-signed server
  • Password policy commands do not include cospriority
  • Improve DNS PTR record validation
  • IPA replica is not started after the reboot
  • Improve Directory Service open port checker
  • Log temporary files in ipa-client-install
  • Prevent uninstalling client on the IPA server
  • pwpolicy-mod doesn't accept old attribute values
  • Forbid reinstallation in ipa-client-install
  • ipa-client-install uninstall does not work on IPA server
  • LDAP Updater may crash IPA installer

Pavel Zuna (1):

  • Fix gidnumber option of user-add command.

Rob Crittenden (18):

  • Allow a client to enroll using principal when the host has a OTP
  • Make retrieval of the CA during DNS discovery non-fatal.
  • Cache the value of get_ipa_config() in the request context.
  • Change default gecos from uid to first and last name.
  • Fix ORDERING in some attributetypes and remove other unnecessary elements.
  • postalCode should be a string not an integer.
  • Fix traceback in ipa-nis-manage.
  • Suppress --on-master from ipa-client-install command-line and man page.
  • Sort entries returned by *-find by the primary key (if any).
  • The default groups we create should have ipaUniqueId set
  • Always ask members in LDAP*ReverseMember commands.
  • Provide attributelevelrights for the aci components in permission_show.
  • Wait for memberof task and DS to start before proceeding in installation.
  • Convert manager from userid to dn for storage and back for displaying.
  • Modify the default attributes shown in user-find to match the UI design.
  • Ensure that the zonemgr passed to the installer conforms to IA5String.
  • Handle principal not found errors when converting replication agreements

Simo Sorce (2):

  • Fix resource leaks.
  • ipautil: Preserve environment unless explicitly overridden by caller.