The FreeIPA team would like to announce FreeIPA 4.9.6 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Highlights in 4.9.6#
8402: [RFE] ipa-client-install forces nsupdate to bind with gssapi
Invoke nsupdate without authentication if the GSS-TSIG attempt fails at install time ; configure SSSD to use nsupdate without GSS-TSIG in this case.
Enhancements#
Known Issues#
FreeIPA 4.9.4 contains a new LDAP caching layer that might incorrectly return data in certain cases. This is known to affect ansible-freeipa operations with automember rules. FreeIPA 4.9.6 addresses this issue.
Bug fixes#
FreeIPA 4.9.6 is a stabilization release for the features delivered as a part of 4.9.0 version series.
There are more than 10 bug-fixes since FreeIPA 4.9.5 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#7752 ipa client throws http.client.ResponseNotReady error
#8402 (rhbz#1854557) [RFE] ipa-client-install forces nsupdate to bind with gssapi
#8532 (rhbz#1886837) Revise PKINIT upgrade code
#8726 Provide a better error message with updatedns and FQDN Is not provided
#8754 (rhbz#1919384) Certificate Serial Number issue
#8817 Running ipa-server-certinstall with v1 certificate fails with Attempted “__iter__” operation on ASN.1 schema object
#8880 (rhbz#1973023) CA_less ipa-server-install fails if CA cert subject contains non ascii chars
#8882 Directly integrate custodia
#8884 (rhbz#1967325) API returns the misleading error “Insufficient Access” if run as non-admin
#8885 (rhbz#1975139) Upgrade error: Add failure missing required attribute “objectclass”
#8889 [tests] healthcheck 0.9
#8897 (rhbz#1976286) ansible-freeipa automember test fails with `automember_add_condition: testgroup: ‘objectclass’` due to ldap cache
#8898 plugin `plugins` doesn’t work