Jump to: navigation, search


Release date Released 2015-11-02

The FreeIPA team would like to announce FreeIPA v4.2.3 bug fixing release!

It can be downloaded from http://www.freeipa.org/page/Downloads. The builds are available for Fedora 23 and rawhide. Builds for Fedora 22 are available in the official COPR repository.

Highlights in 4.2.3

FreeIPA 4.2.3 is a bugfix release to improve upgrade experience from FreeIPA 4.1 for Fedora 23 where Tomcat 8 was introduced.

Bug fixes

  • fixed upgrade failures #5359 and #5360
  • fixed regression in automember Web UI - disappearing expression


  • new French and German translations
  • improved validation of Realm Domains,
  • ipa-adtrust-install prints complete SRV records so that they are suitable for copy&pasting to zone files


Upgrade instructions are available on Upgrade page.


Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode.

Detailed Changelog since 4.2.2

David Kupka (1)

  • comment: Add Documentation string to deduplicate function

Gabe Alford (2)

  • Remove bind configuration detected question
  • Warn if no installation found when running ipa-server-install --uninstall

Jan Cholasta (3)

  • schema: do not derive ipaVaultPublicKey from ipaPublicKey
  • upgrade: make sure ldap2 is connected in export_kra_agent_pem
  • vault: fix private service vault creation

Martin Babinsky (4)

  • remove ID overrides when deleting a user
  • execute user-del pre-callback also during user preservation
  • fix class teardown in user plugin tests
  • always ask the resolver for the reverse zone when manipulating PTR records

Martin Bašti (12)

  • CI TEST: Vault
  • CI Test: add setup_kra options into install scripts
  • Replace tab with space in test_user_plugin.py
  • DNSSEC CI: wait until DS records is replicated
  • DNSSEC: Remove service containers from LDAP after uninstalling
  • DNSSEC: warn user if DNSSEC key master is not installed
  • KRA: fix check that CA is installed

Milan Kubík (6)

  • ipatests: add fuzzy instances for CA ACL DN and RDN
  • ipatests: Add initial CAACLTracker implementation
  • tests: add test to check the default ACL
  • ipatests: CA ACL - added config templates
  • ipatests: added unlock_principal_password and change_principal
  • ipatests: CA ACL and cert profile functional test

Oleg Fayans (1)

  • Fixed a timing issue with drill returning non-zero exitcode

Petr Voborník (2)

  • Update .po files
  • Become IPA 4.2.3

Petr Špaček (1)

  • ipa-adtrust-install: Print complete SRV records

Stanislav Laznicka (1)

  • Fixes disappearing automember expressions

Tomáš Babej (10)

  • util: Add detect_dns_zone_realm_type helper
  • realmdomains: Minor style and wording improvements
  • realmdomains: Add validation that realmdomain being added is indeed from our realm
  • realmdomains: Issue a warning when automated management of realmdomains failed
  • realmdomains: Do not fail due the ValidationError when adding _kerberos TXT record
  • tests: Amend result assertions in realmdomains tests
  • idoverride: Ignore ValidationErrors when converting the anchor
  • tests: Add tests for idoverride object integrity
  • trusts: Make trust_show.get_dn raise properly formatted NotFound
  • trustdomain: Perform validation of the trust domain first