From Free IPA

May 2, 2011

The FreeIPA project team is pleased to announce the availability of the freeIPA 2.0.1 server.

It is available in Fedora 15 and Fedora rawhide.

Known Issues

• If the domain and realm do not match you may need to use the --force flag with ipa-client-install.
• Dogtag replication is done separately from IPA replication. The ipa-replica-manage tool does not currently operate on dogtag replication agreements.
• The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate.

Changelog since 2.0.0

Endi S. Dewata (1):

• Fixed undefined label in permission adder dialog box.

Jan Cholasta (10):

• Fix wording of error message.
• Add note about ipa-dns-install to ipa-server-install man page.
• Fix typo in ipa-server-install.
• Fix uninitialized variables.
• Fix double definition of output_for_cli.
• Add lint script for static code analysis.
• Fix lint false positives.
• Remove unused classes.
• Fix some minor issues uncovered by pylint.
• Fix uninitialized attributes.

Jr Aquino (4):

• Escape LDAP characters in member and memberof searches
• Add memberHost and memberUser to default indexes
• Optimize and dynamically verify group membership
• Delete the sudoers entry when disabling Schema Compat

Martin Kosek (12):

• Inconsistent error message for duplicate user
• Replica installation fails for self-signed server
• Password policy commands do not include cospriority
• Improve DNS PTR record validation
• IPA replica is not started after the reboot
• Improve Directory Service open port checker
• Log temporary files in ipa-client-install
• Prevent uninstalling client on the IPA server
• pwpolicy-mod doesn't accept old attribute values
• Forbid reinstallation in ipa-client-install
• ipa-client-install uninstall does not work on IPA server
• LDAP Updater may crash IPA installer

Pavel Zuna (1):

• Fix gidnumber option of user-add command.

Rob Crittenden (18):

• Allow a client to enroll using principal when the host has a OTP
• Make retrieval of the CA during DNS discovery non-fatal.
• Cache the value of get_ipa_config() in the request context.
• Change default gecos from uid to first and last name.
• Fix ORDERING in some attributetypes and remove other unnecessary elements.
• postalCode should be a string not an integer.
• Fix traceback in ipa-nis-manage.
• Suppress --on-master from ipa-client-install command-line and man page.
• Sort entries returned by *-find by the primary key (if any).
• The default groups we create should have ipaUniqueId set
• Always ask members in LDAP*ReverseMember commands.
• Provide attributelevelrights for the aci components in permission_show.
• Wait for memberof task and DS to start before proceeding in installation.
• Convert manager from userid to dn for storage and back for displaying.
• Modify the default attributes shown in user-find to match the UI design.
• Ensure that the zonemgr passed to the installer conforms to IA5String.
• Handle principal not found errors when converting replication agreements

Simo Sorce (2):

• Fix resource leaks.
• ipautil: Preserve environment unless explicitly overridden by caller.