May 2, 2011
The FreeIPA project team is pleased to announce the availability of the freeIPA 2.0.1 server.
It is available in Fedora 15 and Fedora rawhide.
- If the domain and realm do not match you may need to use the --force flag with ipa-client-install.
- Dogtag replication is done separately from IPA replication. The ipa-replica-manage tool does not currently operate on dogtag replication agreements.
- The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate.
Changelog since 2.0.0
Endi S. Dewata (1):
- Fixed undefined label in permission adder dialog box.
Jan Cholasta (10):
- Fix wording of error message.
- Add note about ipa-dns-install to ipa-server-install man page.
- Fix typo in ipa-server-install.
- Fix uninitialized variables.
- Fix double definition of output_for_cli.
- Add lint script for static code analysis.
- Fix lint false positives.
- Remove unused classes.
- Fix some minor issues uncovered by pylint.
- Fix uninitialized attributes.
Jr Aquino (4):
- Escape LDAP characters in member and memberof searches
- Add memberHost and memberUser to default indexes
- Optimize and dynamically verify group membership
- Delete the sudoers entry when disabling Schema Compat
Martin Kosek (12):
- Inconsistent error message for duplicate user
- Replica installation fails for self-signed server
- Password policy commands do not include cospriority
- Improve DNS PTR record validation
- IPA replica is not started after the reboot
- Improve Directory Service open port checker
- Log temporary files in ipa-client-install
- Prevent uninstalling client on the IPA server
- pwpolicy-mod doesn't accept old attribute values
- Forbid reinstallation in ipa-client-install
- ipa-client-install uninstall does not work on IPA server
- LDAP Updater may crash IPA installer
Pavel Zuna (1):
- Fix gidnumber option of user-add command.
Rob Crittenden (18):
- Allow a client to enroll using principal when the host has a OTP
- Make retrieval of the CA during DNS discovery non-fatal.
- Cache the value of get_ipa_config() in the request context.
- Change default gecos from uid to first and last name.
- Fix ORDERING in some attributetypes and remove other unnecessary elements.
- postalCode should be a string not an integer.
- Fix traceback in ipa-nis-manage.
- Suppress --on-master from ipa-client-install command-line and man page.
- Sort entries returned by *-find by the primary key (if any).
- The default groups we create should have ipaUniqueId set
- Always ask members in LDAP*ReverseMember commands.
- Provide attributelevelrights for the aci components in permission_show.
- Wait for memberof task and DS to start before proceeding in installation.
- Convert manager from userid to dn for storage and back for displaying.
- Modify the default attributes shown in user-find to match the UI design.
- Ensure that the zonemgr passed to the installer conforms to IA5String.
- Handle principal not found errors when converting replication agreements
Simo Sorce (2):
- Fix resource leaks.
- ipautil: Preserve environment unless explicitly overridden by caller.