[Freeipa-interest] Announcing FreeIPA v2 Server Beta 1 Release

Dmitri Pal dpal at redhat.com
Thu Dec 23 08:06:58 UTC 2010

To all freeipa-interest, freeipa-users and freeipa-devel list members,

The FreeIPA project team is pleased to announce the availability of the
Beta 1 release of freeIPA 2.0 server [1].
- Binaries are available for F-13 and F-14.
- With this beta freeIPA is feature complete.
- Please do not hesitate to share feedback, criticism or bugs with us on
our mailing list: freeipa-users at redhat.com

Main Highlights of the Beta
- This beta is the first attempt to show all planned capabilities of the
upcoming release.
- For the first time the new UI is mostly operational and can be used to
perform management of the system.
- Some areas are still very rough and we will appreciate your help with

Focus of the Beta Testing
- Please take a moment and look at the new Web UI. Any feedback about
the general approaches, work flows, and usability is appreciated. It is
still very rough but one can hopefully get a good understanding of how
we plan the final UI to function and look like.
- Replication management was significantly improved. Testing of multi
replica configurations should be easier.
- We are looking for a feedback about the DNS integration and networking
issues you find in your environment configuring and using IPA with the
embedded DNS enabled.

Significant Changes Since Alpha 5
- FreeIPA has changed its license to GPLv3+
- Having IPA manage the reverse zone is optional.
- The access control subsystem was re-written to be more understandable.
For details see [2]
- Support for SUDO rules
- There is now a distinction between replicas and their replication
agreements in the ipa-replica-manage command. It is now much easier to
manage the replication topology.
- Renaming entries is easier with the --rename option of the mod commands.
- Fix special character handling in passwords, ensure that passwords are
not logged.
- Certificates can be saved as PEM files in service-show and host-show
- All IPA services are now started/stopped using the ipactl command.
This gives us better control over the start/stop order during
- Set up ntpd first so the time is sane.
- Better multi-valued value handle with --setattr and --addattr.
- Add support for both RFC2307 and RFC2307bis to migration.
- UID ranges were reduced by default from 1M to 200k.
- Add ability to add/remove DNS records when adding/removing a host entry.
- A number of i18n issues have been addressed.
- Updated a lot of man pages.

What is not Complete
- We are still using older version of the Dogtag. New version of the
Dogtag Certificate System will be based on tomcat6 and is forthcoming.
- We plan to take advantage of Kerberos 1.9 that was released today but
we have not finished the integration effort yet.

Known Issues
- IPV6 works in the installer but not the server itself
- Make sure you machine can properly resolve its name before installing
the server. Edit /etc/hosts to remove host name from the localhost and
localhost6 lines if needed.
- The UI is still rough in places<br>Use the following query [3] to see
the tickets currently open against UI.
- Dogtag does not work out-of-the-box on Fedora 14. To fix it for for
the time being run:
  # ln -s /usr/share/java/xalan-j2-serializer.jar
- Instead of Dogtag on F14 you can also try the self-signed CA which is
similar to the CA that was provided in IPA v1. This was designed for
testing and development and not recommended for deployment.
- Make sure you enable updates-testing repository on your fedora machine.

Thank you,
FreeIPA development team

[1] http://www.freeipa.org/page/Downloads
[2] http://freeipa.org/page/Permissions
[3] https://fedorahosted.org/freeipa/report/12

More information about the Freeipa-interest mailing list