IPAv2 210 - Free IPA

banners

From Free IPA

Jump to: navigation,search

August 17, 2011

The FreeIPA project team is pleased to announce the availability of the freeIPA 2.1.0 server.

It is available in Fedora 15.

[edit]

Known Issues

The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate.

[edit]

Changelog since 2.0.1

Adam Young (62):

Fixed labels for sudo and hbac rules
update metadata with label changes
define entities using builder and more declarative syntax
default all false no longer default to all: true for searches, only specify it for user searches
code review fixes
make use of new user-find columns.
fix JSL error
Upgrade to jquery 1.5.2
action panel to top tabs
remove jquery-cookie library
update ipa init a simple script to update the metatdate et alles that comes from the ipa_init batch call
whitespace and -x removal
create entities on demand. fixed changes from code review
automount UI
redirect on show error.
redirect on error Code for redirecting on error has been moved to IPA.facet so it can be called from both details and assocaiton facets.
automount delete key indirect automount maps
scrollable content areas
dialog scrolling table
JSON marshalling list
dns multiple records show multiple records that share the same dnsname
no redirect on search
test for dirty
test dirty textarea runs the testdirty check before setting the undo tag for a textarea
test dirty multivalue test the multivalue widgets for changes before showing the undo link.
test dirty onchange
entity select widget for manager
hide automount tabs.
service host entity select Use the entity select widget for add service
entity select undo
no redirect on unknown error If the error name is indicates a server wide error, do not attempt to redirect.
editable entity_select
ipaddress for host add
entity select for password policy
tooltips for host add
automountkey details
identify target as section for permissions
optional uid
validate required fields
Generate record type list from metadata
shorten url cache state in a javascript variable, and leave on information about the current entity in the URL hash params
containing entity pkeys
undefined pkeys
config fields
ipadefaultemaildomain
config widgets entity select default group checkbox for migration
entity link for password policy
validate ints
password expiration label
HBAC deny warning
check required on add
clear errors on reset
indirect admins
entity_select naming
remove HBAC warning from static UI
dnsrecord-mod ui
no dns
remove hardcoded DNS label for record name.
move dns to identity tab
removing setters setup and init
dns section header i18n.
use other_entity for adder columns

Alexander Bokovoy (10):

Convert Bool to TRUE/FALSE when working with LDAP backend
Minor typos in the examples
Convert nsaccountlock to always work as bool towards Python code
Rearrange logging for NSCD daemon.
Fix sssd.conf to always have IPA certificate for the domain.
Add hbactest command.
Modify /etc/sysconfig/network on a client when IPA manages hostname
Make proper LDAP configuration reporting for ipa-client-install
Ensure network configuration file has proper permissions
Pass empty options as empty arrays for supported dns record types.

Endi S. Dewata (114):

Fixed undefined label in permission adder dialog box.
Initial Selenium test cases.
Added functional test runner.
Refactored action panel and client area.
Refactored builder interface.
Refactored search facet.
Entitlements.
Updated Selenium tests.
Merged IPA.cmd() into IPA.command().
Entitlement registration.
Entitlement import.
Entitlement download.
Moved adder dialog box into entity.
Standardized action panel buttons creation.
Entitlement quantity validation.
Refactored navigation.
Use entity names for tab state.
Moved entity contents outside navigation.
Added facet container.
Fixed self-service UI.
Updated Selenium tests.
Updated Selenium tests.
Updated DNS interface.
Added Selenium tests for DNS.
Added UUID field for entitlement registration.
Added Self-Service and Delegation tests.
Customizable facet groups.
Read-only association facet.
jQuery ordered map.
Fixed problem disabling HBAC and SUDO rules.
Fixed Ajax error handling.
Fixed details tests.
Fixed adder dialog title.
Fixed Add and Edit without primary key.
Fixed Selenium tests.
Fixed URL parameter parsing.
Added Update and Reset buttons into Dirty dialog.
Fixed problem deleting value in text field.
Added pagination for associations.
Fixed pagination problem.
Temporary fix for indirect member tabs.
Fixed blank dialog box on internal error.
Fixed resizing issues.
Added selectable option for table widget.
Entitlement status.
Fixed tab navigation.
Fixed build break.
Fixed paging for indirect members.
Renamed associate.js to association.js.
Fixed self-service links.
Merged direct and indirect association facets
Storing page number in URL.
Removed FreeWay font files.
Fixed problem with navigation tabs on reload.
Converted entity header into facet header.
Added navigation breadcrumb.
Added record count into association facet tabs.
Added singular entity labels.
Fixed entity labels.
Fixed DNS records page title.
Fixed undo all problem.
Removed unused images.
Fixed hard-coded messages.
Added confirmation dialog for user activation.
Fixed button style in Entitlements
Removed invalid associations.
Added arrow icons for details sections.
Fixed object_name usage.
Fixed HBAC/Sudo rules associations.
Fixed blank self-service page.
Fixed dirty dialog problems in HBAC/Sudo rules.
Fixed test fixture file name.
Fixed missing entitlement import button label
Added sudo options.
Fixed collapsed table in Chrome.
Fixed object_name and object_name_plural internationalization
Fixed label capitalization
Entity select widget improvements
Removed reverse zones from host adder dialog.
Fixed host details fields.
Added checkbox to remove hosts from DNS.
Creating reverse zones from IP address.
Removed entitlement registration UUID field.
Fixed problem loading data in HBAC/sudo details page.
Removed HBAC access time code.
Removed custom layouts using HTML templates.
Refactored IPA.current_facet().
Fixed problem with navigation state loading.
Fixed navigation problems.
Fixed navigation unit test.
Fixed click handlers on certificate buttons.
New icons for entitlement buttons
Fixed problem bookmarking Policy/IPA Server tabs
Fixed problem setting host OTP.
Fixed hard-coded labels in sudo rules.
Fixed hard-coded label in Find button.
Fixed missing section header in sudo command group.
Fixed problem unprovisioning service.
Fixed missing memberof definition in HBAC service.
Added association facets for HBAC and sudo.
Fixed certificate buttons.
Fixed missing icons.
Fixed misaligned search icon.
Resizable adder dialog box.
Linked entries in HBAC/sudo details page.
Fixed 3rd level tab style.
Fixed facet group labels.
Fixed error after login on IE
Fixed host adder dialog.
Fixed DNS zone adder dialog.
Fixed broken links in ipa_error.css and ipa_migration.css.
Fixed problem clicking 3rd level tabs.
Fixed link style in dialog box.
Fixed problem with buttons in enrollment dialog.

Jakub Hrozek (1):

Remove wrong kpasswd sysconfig

Jan Cholasta (34):

Fix wording of error message.
Add note about ipa-dns-install to ipa-server-install man page.
Fix typo in ipa-server-install.
Fix uninitialized variables.
Fix double definition of output_for_cli.
Add lint script for static code analysis.
Fix lint false positives.
Remove unused classes.
Fix some minor issues uncovered by pylint.
Fix uninitialized attributes.
Run lint during each build.
Several improvements of the lint script.
Fix issues found by Coverity.
Fix regressions introduced by pylint false positive fixes.
Assume ipa help for plugins.
Parse netmasks in IP addresses passed to server install.
Honor netmask in DNS reverse zone setup.
Do stricter checking of IP addressed passed to server install.
Fix directory manager password validation in ipa-nis-manage.
Improve IP address handling in the host-add command.
Verify that the hostname is fully-qualified before accessing the service information in ipactl.
Remove redundant configuration values from krb5.conf.
Replace the 'private' option in netgroup-find with 'managed'.
Configure SSSD to store user password if offline.
Fix creation of reverse DNS zones.
Add ability to specify DNS reverse zone name by IP network address.
Fix exit status of ipa-nis-manage enable.
Update minimum required version of python-netaddr.
Clean up of IP address checks in install scripts.
Don't delete NIS netgroup compat suffix on 'ipa-nis-manage disable'.
Fix ipa-compat-manage not working after recent ipa-nis-manage change.
Make sure that hostname specified by user is not an IP address.
Fix external CA install.
Ask for reverse DNS zone information in attended install right after asking for DNS forwarders, so that DNS configuration is done in one place.

John Dennis (9):

Module for DN objects plus unit test
assert_deepequal supports callback for equality testing
Add backslash escape support for cvs reader
Use DN class in get_primary_key_from_dn to return decoded value
Update test_role_plugin test to include a comma in a privilege
Ticket 1485 - DN pairwise grouping
Make AVA, RDN & DN comparison case insensitive. No need for lowercase normalization.
Clean up existing DN object usage
transifex translation adjustment

Jr Aquino (15):

Escape LDAP characters in member and memberof searches
Add memberHost and memberUser to default indexes
Optimize and dynamically verify group membership
Delete the sudoers entry when disabling Schema Compat
Return copy of config from ipa_get_config()
Typo in host_nis_groups has been creating 2 CN's
Add sudorule and hbacrule to memberof and indirectmemberof attributes
Display remaining external hosts when removing from sudorule
Raise DuplicateEntry Error when adding a duplicate sudo option
Don't add empty tuple to entry_attrs['externalhost']
oneliner correct typo in ipasudorunas_group
Return correct "RunAs External Group" when removing members
remove escapes from the cvs parser in ipaserver/install/ldapupdate
Correct behavior for sudorunasgroup vs sudorunasuser
Correct sudo runasuser and runasgroup attributes in schema

Martin Kosek (68):

Inconsistent error message for duplicate user
Replica installation fails for self-signed server
Remove doc from API.txt
Revert "Remove doc from API.txt"
Password policy commands do not include cospriority
Improve DNS PTR record validation
Remove unwanted trimming in text fields
Need force option in DNS zone adder dialog
IPA replica is not started after the reboot
Improve Directory Service open port checker
Log temporary files in ipa-client-install
Prevent uninstalling client on the IPA server
pwpolicy-mod doesn't accept old attribute values
Forbid reinstallation in ipa-client-install
ipa-client-install uninstall does not work on IPA server
LDAP Updater may crash IPA installer
NS records not updated by replica
Bad return values for ipa-rmkeytab command
Update spec with missing BuildRequires for pylint check
Let selinux-policy handle port 7390
Limit passwd plugin to user container
Consolidate man pages and IPA tools help
Remove doc from API.txt
Improve service manipulation in client install
Running ipa-replica-manage as non-root cause errors
KDC autodiscovery may fail when domain is not realm
A new flag to disable creation of UPG
Fix reverse zone creation in ipa-replica-prepare
Improve interactive mode for DNS plugin
Localization fails for MaxArgumentError
Fix forward zone creation in ipa-replica-prepare
Connection check program for replica installation
Fix support for nss-pam-ldapd
Skip know_host check for ipa-replica-conncheck
IPA installation with --no-host-dns fails
Handle LDAP search references
Add ignore lists to migrate-ds command
Improve DNS zone creation
Add a list of managed hosts
Missing krbprincipalname when uid is not set
Add port 9443 to replica port checking
Fix doc for sudorule runasuser commands
Improve IP address handling in IPA option parser
Multi-process build problems
DNS installation fails when domain and host domain mismatch
Fix IPA install for secure umask
Allow recursion by default
Add DNS record modification command
Filter reverse zones in dnszone-find
Remove sensitive information from logs
Fix ipa-dns-install
Fix self-signed replica installation
Check IPA configuration in install tools
Add new dnszone-find test
Fix typo in ipa-replica-prepare
Improve long integer type validation
Fix sudorule-remove-user
Add missing automount summaries
Fix man page ipa-csreplica-manage
Fix automountkey commands summary
Fix invalid issuer in unit tests
Hide continue option from automountkey-del
Improve error message in ipactl
Improve dnszone-add error message
Fix idnsUpdatePolicy for reverse zone record
Fix client enrollment
Update 389-ds-base version
Update pki-ca version

Nalin Dahyabhai (1):

Select a server with a CA on it when submitting signing requests.

Pavel Zuna (1):

Fix gidnumber option of user-add command.

Petr Vobornik (3):

fixed empty dns record update
Fixed adding host without DNS reverse zone
Redirection after changing browser configuration

Rich Megginson (3):

winsync enables disabled users in AD
modify user deleted in AD crashes winsync
memory leak in ipa_winsync_get_new_ds_user_dn_cb

Rob Crittenden (90):

Allow a client to enroll using principal when the host has a OTP
Make retrieval of the CA during DNS discovery non-fatal.
Cache the value of get_ipa_config() in the request context.
Change default gecos from uid to first and last name.
Fix ORDERING in some attributetypes and remove other unnecessary elements.
postalCode should be a string not an integer.
Fix traceback in ipa-nis-manage.
Suppress --on-master from ipa-client-install command-line and man page.
Sort entries returned by *-find by the primary key (if any).
The default groups we create should have ipaUniqueId set
Always ask members in LDAP*ReverseMember commands.
Provide attributelevelrights for the aci components in permission_show.
Wait for memberof task and DS to start before proceeding in installation.
Convert manager from userid to dn for storage and back for displaying.
Modify the default attributes shown in user-find to match the UI design.
Ensure that the zonemgr passed to the installer conforms to IA5String.
Handle principal not found errors when converting replication a greements
Bump version to 2.0.90 to distinguish between 2.0.x
Properly handle --no-reverse being passed on the CLI in interactive mode
Update min nvr for selinux-policy and pki-ca for F-15+
Test for forwarded Kerberos credentials cache in wsgi code.
Properly configure nsswitch.conf when using the --no-sssd option.
Enable 389-ds SSL host checking by defauilt
Configure Managed Entries on replicas.
Document that deleting and re-adding a replica requires a dirsrv restart.
Fix migration to work between v2 servers and remove search/size limits.
Add option to limit the attributes allowed in an entry.
Include the word 'member' with autogenerated optional member labels.
Do a lazy retrieval of the LDAP schema rather than at module load.
Add UID, GID and e-mail to the user default attributes.
Fix external CA installation
Remove root autobind search restriction, fix upgrade logging & error handling
Support initializing memberof during replication re-init using GSSAPI
Do better detection on status of CA DS instance when installing.
Fix indirect member calculation
Remove automountinformation as part of the DN for automount.
Don't let a JSON error get lost in cascading errors.
Add message output summary to sudorule del, mod and find.
Return an error message when revocation reason 7 is used
Require an imported certificate's issuer to match our issuer.
On a master configure sssd to only talk to the local master.
The IP address provided to ipa-server-install must be local
Do lazy LDAP schema retrieval in json handler.
Make data type of certificates more obvious/predictable internally.
Update translation files
Let the framework be able to override the hostname.
Make dogtag an optional (and default un-) installed component in a replica.
Slight performance improvement by not doing some checking in production mode
Set the client auth callback after creating the SSL connection.
Add pwd expiration notif (ipapwdexpadvnotify) to config plugin def attr list
Enforce class rules when query=True, continue to not run validators.
find_entry_by_attr() should fail if multiple entries are found
Fix error in AttrValueNotFound exception example
Fix test failure in updater when adding values to a single-value attr
Reset failed login count to 0 when admin resets password.
Disallow direct modifications to enrolledBy.
Document registering to an entitlement server with a UUID as not implemented.
In sudo labels we should use RunAs and not Run As.
Remove the ability to create new HBAC deny rules.
Validate that the certificate subject base is in valid DN format.
Use information from the certificate subject when setting the NSS nickname.
Create tool to manage dogtag replication agreements
Fix failing tests due to object name changes
Set nickname of the RA to 'IPA RA' to avoid confusion with dogtag RA
Set the ipa-modrdn plugin precedence to 60 so it runs last
Generate a database password by default in all cases.
Specify the package name when the replication plugin is missing.
Change client enrollment principal prompt to hopefully be clearer.
Optionally wait for 389-ds postop plugins to complete
A removed external host is shown in output when removing external hosts.
Don't set krbLastPwdChange when setting a host OTP password.
Fix regression when calculating external groups.
With the external user/group management fixed, correct the unit tests.
Set a default minimum value for class Int, handle long values better.
Make ipa-client-install error messages more understandable and relevant.
Add Alexander Bokovoy and Jan Cholasta to contributors file
Only call entry_from_entry() after waiting for the new entry.
Hide the HBAC access type attribute now that deny is deprecated.
Autofill the default revocation reason
Don't check for leading/trailing spaces in a File parameter
Add an arch-specific Requires on cyrus-sasl-gssapi
Revert use of 'can be at least' to 'must be at least' in minvalue validator
Don't leave dangling map if adding an indirect map fails
Fix message in test case for checking minimum values
When setting a host password don't set krbPasswordExpiration.
Set minimum version of pki-ca to 9.0.10 to pick up new ipa cert profile
Deprecated managing users and runas user/group in sudorule add/mod
Fix date order in changelog.
Re-arrange CA configuration code to reduce the number of restarts.

Simo Sorce (4):

Fix resource leaks.
ipautil: Preserve environment unless explicitly overridden by caller.
install-scripts: avoid using --list with chkconfig
Don't set the password expiration to the current time

Yuri Chornoivan (1):

Typos in freeIPA messages and man page

Kyle Baker (5):

Background images and tab hover
Search bar style and positioning changes
List page spacing changes
Tab and spacing on list
Facet icon swap and tab sizing

Retrieved from "http://www.freeipa.com/page/IPAv2_210"

Navigation

banners

From Free IPA

Known Issues

Changelog since 2.0.1