The FreeIPA team would like to announce FreeIPA v4.2.3 bug fixing release!

It can be downloaded from http://www.freeipa.org/page/Downloads. The builds are available for Fedora 23 and rawhide. Builds for Fedora 22 are available in the official COPR repository.

Highlights in 4.2.3#

FreeIPA 4.2.3 is a bugfix release to improve upgrade experience from FreeIPA 4.1 for Fedora 23 where Tomcat 8 was introduced.

Bug fixes#

  • fixed upgrade failures #5359 and #5360

  • fixed regression in automember Web UI - disappearing expression

Enhancements#

  • new French and German translations

  • improved validation of Realm Domains,

  • ipa-adtrust-install prints complete SRV records so that they are suitable for copy&pasting to zone files

Upgrading#

Upgrade instructions are available on Upgrade page.

Feedback#

Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode.

Detailed Changelog since 4.2.2#

David Kupka (1)#

  • comment: Add Documentation string to deduplicate function

Gabe Alford (2)#

  • Remove bind configuration detected question

  • Warn if no installation found when running ipa-server-install –uninstall

Jan Cholasta (3)#

  • schema: do not derive ipaVaultPublicKey from ipaPublicKey

  • upgrade: make sure ldap2 is connected in export_kra_agent_pem

  • vault: fix private service vault creation

Martin Babinsky (4)#

  • remove ID overrides when deleting a user

  • execute user-del pre-callback also during user preservation

  • fix class teardown in user plugin tests

  • always ask the resolver for the reverse zone when manipulating PTR records

Martin Bašti (12)#

  • CI TEST: Vault

  • CI Test: add setup_kra options into install scripts

  • Replace tab with space in test_user_plugin.py

  • DNSSEC CI: wait until DS records is replicated

  • DNSSEC: Remove service containers from LDAP after uninstalling

  • DNSSEC: warn user if DNSSEC key master is not installed

  • KRA: fix check that CA is installed

Milan Kubík (6)#

  • ipatests: add fuzzy instances for CA ACL DN and RDN

  • ipatests: Add initial CAACLTracker implementation

  • tests: add test to check the default ACL

  • ipatests: CA ACL - added config templates

  • ipatests: added unlock_principal_password and change_principal

  • ipatests: CA ACL and cert profile functional test

Oleg Fayans (1)#

  • Fixed a timing issue with drill returning non-zero exitcode

Petr Voborník (2)#

  • Update .po files

  • Become IPA 4.2.3

Petr Špaček (1)#

  • ipa-adtrust-install: Print complete SRV records

Stanislav Laznicka (1)#

  • Fixes disappearing automember expressions

Tomáš Babej (10)#

  • util: Add detect_dns_zone_realm_type helper

  • realmdomains: Minor style and wording improvements

  • realmdomains: Add validation that realmdomain being added is indeed from our realm

  • realmdomains: Issue a warning when automated management of realmdomains failed

  • realmdomains: Do not fail due the ValidationError when adding _kerberos TXT record

  • tests: Amend result assertions in realmdomains tests

  • idoverride: Ignore ValidationErrors when converting the anchor

  • tests: Add tests for idoverride object integrity

  • trusts: Make trust_show.get_dn raise properly formatted NotFound

  • trustdomain: Perform validation of the trust domain first