IPAv2_211

IPAv2_211#

__NOTOC__ September 7, 2011

The FreeIPA project team is pleased to announce the availability of the freeIPA 2.1.1 server.

It is available in Fedora 15.

Known Issues#

  • The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate.

Changelog since 2.1.0#

Adam Young (1):

  • enable proxy for dogtag

Alexander Bokovoy (1):

  • Propagate environment when it is required.

Endi S. Dewata (19):

  • Fixed browser configuration pages

  • Hide activation/deactivation link from regular users.

  • Fixed problem selecting value from combobox

  • Fixed inconsistent layout for password reset dialog.

  • Removed ‘Hide already enrolled’ checkbox.

  • Replaced page dirty dialog title.

  • Updated add and delete association dialog titles.

  • Removed unnecessary HBAC/sudo rule category modification.

  • Fixed command partial failure handling.

  • Fixed default map type in automount map adder dialog.

  • Fixed host OTP status.

  • Fixed host keytab status after setting OTP.

  • Fixed host adder dialog to show default DNS zone.

  • Fixed hard-coded UI messages.

  • Fixed problem adding hostgroup into netgroup.

  • Fixed problem with combobox.

  • Fixed hard-coded UI message in entity.js.

  • Fixed missing permission filter field.

  • Fixed problem with combobox using Sahi

Jan Cholasta (6):

  • Make sure messagebus is running prior to starting certmonger.

  • Verify that passwords specified through command line options of ipa-server install meet the length requirement.

  • Add option to install without the automatic redirect to the Web UI.

  • Search for users in all the naming contexts present on the directory server.

  • Add subscription-manager dependency for RHEL.

  • Verify that the external CA certificate files are correct.

John Dennis (11):

  • ticket 1568 - DN objects should support the insert method

  • ticket 1569 - Test DN object non-latin Unicode support

  • ticket 1600 - convert unittests to use DN objects

  • ticket 1659 - invalid i18n string in dns.py

  • ticket 1660 - update LINGUAS file, add missing po files

  • ticket 1661 - Update all po files

  • ticket 1650 - compute accurate translation statistics

  • ticket 1707 - add documentation validation to makeapi tool

  • ticket 1705 - internationalize help topics

  • ticket 1706 - internationalize cli help framework

  • ticket 1669 - improve i18n docstring extraction

Jr Aquino (2):

  • Improve sudorule documentation

  • Create FreeIPA CLI Plugin for the 389 Auto Membership plugin

Martin Kosek (6):

  • Add missing attribute labels for sudorule

  • Fix automountkey-mod

  • Fix automountlocation-import conflicts

  • ipa-client-install breaks network configuration

  • Fix sudo help and summaries

  • Let Bind track data changes

Petr Vobornik (8):

  • error dialog for batch command

  • Uncheck checkboxes in association after deletion

  • Show error in adding associations

  • Validation of details facet before update

  • Modify serial associator to use batch

  • Modifying sudo options refreshes the whole page

  • Enable update and reset button only if dirty

  • Attributes table not scrollable

Rob Crittenden (24):

  • Add information on setting api.env.host in the ipactl.8 man page

  • Log each command in a batch separately.

  • Do batch logging on successful commands too, not just failures.

  • Fix wording in examples of delegation plugin.

  • Suppress 389-ds debug output when starting services

  • Fix thread deadlock by using pthreads library instead of NSPR.

  • Change the way has_keytab is determined, also check for password.

  • Add additional pam ftp services to HBAC, and a ftp HBAC service group

  • Add label for HBAC services to show as members

  • Add option to only prompt once for passwords, use in entitle_register

  • Retrieve password/keytab state when modifying a host.

  • Disable reverse lookups in ipa-join and ipa-getkeytab

  • Remove more 389-ds files/directories on uninstallation.

  • Remove 389-ds upgrade state during uninstall

  • Set min nvr of pki-ca to 9.0.12 for fix in BZ 700505

  • Add common is_installed() fn, better uninstall logging, check for errors.

  • Add external source hosts to HBAC.

  • Roll back changes if client installation fails.

  • Add netgroup as possible memberOf for hostgroups

  • Sort lists so order is predictable and tests pass as expected.

  • Suppress managed netgroups from showing as memberof hostgroups.

  • Use the IPA server cert profile in the installer.

  • Set min nvr of 389-ds-base to 1.2.9.7-1 for BZ 728605

  • Become IPA 2.1.1

Simo Sorce (1):

  • conncheck: Fix List of ports to check