The FreeIPA team would like to announce FreeIPA 4.4.2 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 24 will be available in the official COPR repository.
Highlights in 4.4.2#
Known Issues#
Bug fixes#
FreeIPA 4.4.2 is a stabilization release for the features delivered as a part of 4.4.0. There are more than 40 bug-fixes which details can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode.
Resolved tickets#
#4802 Investigate & document if TLS 1.2 is properly supported
#5557 Strict dependency of optional package pam_krb5
#5644 dnsrecord-del incompatible with admintools < ver 3.2 and server >= ver 3.2
#5725 failed ipa-server-install –uninstall returns exit code 0
#5754 ipa-client-install man page has incorrect data on hostname
#5755 test_0006_service_show in test_cert_plugin uses global variable wrong
#5809 ipa-server-install fails when using external certificates that encapsulate RDN components in double quotes
#5814 Change IP address validation errors to warnings [support for cloud environments]
#5818 webui: “Restore” option is not available for a preserved user in detailed info
#5822 Cannot create user with username exactly 255 charaters long
#5855 method get_primary_key_from_dn does not work for netgroups properly
#6057 adding two way non transitive(external) trust displays internal error on the console
#6095 ipa command stuck forever on higher versioned client with lower versioned server
#6155 [tracker] Failed to configure CA instance
#6190 Regressions found by test: ipa.test_ipalib.test_parameters
#6203 dnsrecord-add does not prompt for missing record parts internactively
#6212 Pretty-print mismatches in tests
#6216 webui: cert_revoke should use –cacn to set correct CA when revoking certificate
#6221 Certificate revocation in service-del and host-del isn’t aware of Sub CAs
#6230 installer: external CA step 1 successful but reports ScriptError
#6238 Unable to view certificates issued by Sub CA in Web UI
#6256 [tracker] Revoke certificate on lightweight CA deletion
#6257 Implement ca-enable/disable commands.
#6260 cert-request: use better error message when CA is disabled
#6273 Command autocompletion without installed server prints an error message
#6279 CLI always sends default command version
#6285 Tests: Regex errors in trust tests
#6288 ipa-certupdate fails with “CA is not configured”
#6294 TypeError in installer
#6296 client-install with IPv6 address fails on link-local address (always)
#6300 Remove the assertion of incorrect return code from replica_promotion tests
#6301 Fix replica_promotion tests
#6304 cert-find –certificate does not work for certificates not in LDAP
#6306 Add cleanup to integration trust tests
#6309 cert-request does not raise error when CSR does not match profile pattern
#6312 Failing ldap backend test because service not found
#6313 Failing test in test_ipalib/test_plugable
#6322 Add krb5kdc restart to integration trust tests
#6323 Tests: Remove usage of krb5 ccache from test_ipaserver/test_ldap
#6326 Update host test with ipa-join
#6327 regression in `ipa cert-revoke –help`
#6328 ipa trust-fetch-domains throws internal error
#6329 WinSync users who have First.Last casing creates users who can have their password set
#6330 Invalid description for –hostname option in ipa-server-install man page
#6333 Skipped test_ipalib/test_text::test_TestLang::test_test_lang in outoftree suite
#6338 [Tests] Remove SSSD restart from integration tests
#6341 Certificate UI on details page shows add button even if user doesn’t have write right
#6349 Tests: incomplete cleanup of CA plugin XMLRPC tests
#6366 Extend CA ACL tests for test cases with CSR containing Subject Alt Name
#6368 otpd doesn’t properly handle closing of ldap connection
#6373 test_util.test_assert_deepequal fails
#6382 Test: disable test for wrong client domain in domain level 0
#6385 ipa-server-install –external-ca fails with AttributeError
#6390 python-dns 1.15.0 breaks FreeIPA
#6391 make FreeIPA codebase ready for pylint in Fedora rawhide
#5791 CA fails to start after doing ipa-ca-install –external-ca
Detailed changelog since 4.4.1#
Christian Heimes (1)#
David Kupka (2)#
Florence Blanc-Renaud (2)#
Fraser Tweedale (10)#
Jan Cholasta (8)#
Lenka Doudova (11)#
Tests: Remove usage of krb5 ccache from test_ipaserver/test_ldap cgit #6323
Tests: Add krb5kdc.service restart to integration trust tests cgit #6322
Tests: Remove SSSD restart from integration tests cgit #6338
Tests: Fix integration sudo tests setup and checks cgit #6262
Tests: Fix regex errors in integration trust tests cgit #6285
Martin Babinsky (13)#
mod_nss: use more robust quoting of NSSNickname directive cgit #5809
Make Continuous installer continuous only during execution phase cgit #5725
use separate exception handlers for executors and validators cgit #5725
ipa passwd: use correct normalizer for user principals cgit #6329
trust-fetch-domains: contact forest DCs when fetching trust domain info cgit #6328
netgroup: avoid extraneous LDAP search when retrieving primary key from DN cgit #5855
ldapupdate: Use proper inheritance in BadSyntax exception cgit #6294
raise ValidationError when deprecated param is passed to command cgit #6190
Always fetch forest info from root DCs when establishing one-way trust cgit #6057
factor out `populate_remote_domain` method into module-level function cgit #6057
Always fetch forest info from root DCs when establishing two-way trust cgit #6057
Martin Basti (17)#
Test: dont use global variable for iteration in test_cert_plugin cgit #5755
Fix regexp patterns in parameters to not enforce length cgit #5822
Catch DNS exceptions during emptyzones named.conf upgrade cgit #6205
Tests: extend DNS cmdline tests with lowercased record type cgit #6203
Show warning when net/broadcast IP address is used in installer cgit #5814
Fix ScriptError to always return string from __str__ cgit #6294
Set zanata project-version fo 4.4 branch cgit