[Freeipa-devel] Announcing FreeIPA v2 Server

Fri Mar 25 18:22:35 UTC 2011

The FreeIPA Project (http://freeipa.org) is proud to present FreeIPA
version 2.0.

FreeIPA is an integrated security information management solution
combining Linux (Fedora), 389 Directory Server, MIT Kerberos and NTP.
FreeIPA binds together a number of technologies and adds a web interface
and command-line administration tools.

Features of FreeIPA v2.0 include:
* Centralized authentication via Kerberos or LDAP
* Identity management for users, groups, hosts and services
* Pluggable and extensible framework for UI/CLI
* Rich CLI
* Web-based User Interface
* Server X.509 v3 certificate provisioning capabilities
* Managing host identities including grouping hosts
* Defining host-based access control rules that will be enforced
   on the client side by the IPA back end for SSSD [1]
* Serving netgroups based on user and host objects stored in IPA
* Serving sets of automount maps to different clients
* Finer-grained management delegation
* Group-based password policies
* Centrally-managed SUDO
* Automatic management of private groups
* Compatibility with broad set of clients
* Painless password migration
* Optional integrated DNS server managed by IPA
* Optional integrated Certificate Authority to manage server 
certificates managed by IPA
* Can act as NIS server for legacy systems
* Supports multi-server deployment based on the multi-master replication
* User and group replication with MS Active Directory

We encourage users and developers to start testing and deploying FreeIPA 
in their environments. A very simple installation procedure is provided 
and is part of the effort of making these complex technologies simple to 
use and friendly to administrators. We encourage people to experiment 
and evaluate the current release, we welcome feedback on the overall 
experience and bug reports [2].

We also would like to encourage interested users and developers to join 
our mailing list and discuss features and development directions [3].

The complete source code[4] is available for download here:
http://www.freeipa.org/page/Downloads

See our git repository at http://git.fedorahosted.org/git/freeipa.git/ 
for a complete changelog.

FreeIPA 2.0 is available in Fedora 15, see Known Issues below. You will 
need to enable the updates-testing repository, e.g.

  # yum install freeipa-server --enablerepo=updates-testing

Have Fun!

The FreeIPA Project Team.

---

[1] https://fedorahosted.org/sssd/
[2] https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora (component 
is ipa)
[3] http://freeipa.org/page/Contribute

Known Issues

  * The latest tomcat6 package has not been pushed to updates-testing. 
You need tomcat6-6-0.30-5 or higher. The packages can be retrieved from 
koji at http://koji.fedoraproject.org/koji/buildinfo?buildID=231410 . 
The installation will fail restarting the CA with the current tomcat6 
package in Fedora 15.
  * If the domain and realm do not match you may need to use the --force 
flag with ipa-client-install.
  * Dogtag replication is done separately from IPA replication. The 
ipa-replica-manage tool does not currently operate on dogtag replication 
agreements.
  * The OCSP URL encoded in dogtag certificates is by default the CA 
machine that issued the certificate.

Detailed Changlog since FreeIPA v2.0.0 rc3

Adam Young (1):
  * pwpolicy priority Priority is now a required field in order to add a 
new password policy.  Thus, not having the field present means we cannot 
create one.

Endi S. Dewata (1):
  * Removed nested role from UI.

Martin Kosek (2):
  * Wait for Directory Server ports to open
  * Prevent stacktrace when DNS AAAA record is added

Pavel Zuna (1):
  * Update translation file (ipa.pot).

Rob Crittenden (4):
  * Always consider domain and server when doing DNS discovery in client.
  * Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
  * Ensure that the system hostname is lower-case.
  * Automatically update IPA LDAP on rpm upgrades

Simo Sorce (1):
  * Domain to Realm Explicitly use the realm specified on the command 
line. Many places were assuming that the domain and realm were the same.
  * Fix uninitialized variable.