[Freeipa-interest] FreeIPA 4.9.6 released

Alexander Bokovoy abokovoy at redhat.com
Tue Jun 29 15:44:03 UTC 2021 

The FreeIPA team would like to announce FreeIPA 4.9.6 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.

== Highlights in 4.9.6

* 8402: [RFE] ipa-client-install forces nsupdate to bind with gssapi

     Invoke nsupdate without authentication if the GSS-TSIG attempt fails
     at install time ; configure SSSD to use nsupdate without GSS-TSIG in
     this case.


=== Enhancements

=== Known Issues

* FreeIPA 4.9.4 contains a new LDAP caching layer that might incorrectly
return data in certain cases. This is known to affect ansible-freeipa
operations with automember rules. FreeIPA 4.9.6 addresses this issue.

=== Bug fixes

FreeIPA 4.9.6 is a stabilization release for the features delivered as a
part of 4.9.0 version series.

There are more than 10 bug-fixes since FreeIPA 4.9.5 release. Details of
the bug-fixes can be seen in the list of resolved tickets below.

== Upgrading

Upgrade instructions are available on Upgrade page.

== Feedback

Please provide comments, bugs and other feedback via the freeipa-users
mailing list
(https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.

== Resolved tickets

* https://pagure.io/freeipa/issue/7752[#7752] ipa client throws http.client.ResponseNotReady error

* https://pagure.io/freeipa/issue/8402[#8402] (https://bugzilla.redhat.com/show_bug.cgi?id=1854557[rhbz#1854557])
   [RFE] ipa-client-install forces nsupdate to bind with gssapi

* https://pagure.io/freeipa/issue/8532[#8532] (https://bugzilla.redhat.com/show_bug.cgi?id=1886837[rhbz#1886837])
   Revise PKINIT upgrade code

* https://pagure.io/freeipa/issue/8726[#8726] Provide a better error message with updatedns and FQDN Is not provided

* https://pagure.io/freeipa/issue/8754[#8754] (https://bugzilla.redhat.com/show_bug.cgi?id=1919384[rhbz#1919384])
   Certificate Serial Number issue

* https://pagure.io/freeipa/issue/8817[#8817] Running ipa-server-certinstall with v1 certificate fails with Attempted "__iter__" operation on ASN.1 schema object

* https://pagure.io/freeipa/issue/8880[#8880] (https://bugzilla.redhat.com/show_bug.cgi?id=1973023[rhbz#1973023])
   CA_less ipa-server-install fails if CA cert subject contains non ascii chars

* https://pagure.io/freeipa/issue/8882[#8882] Directly integrate custodia

* https://pagure.io/freeipa/issue/8884[#8884] (https://bugzilla.redhat.com/show_bug.cgi?id=1967325[rhbz#1967325])
   API returns the misleading error "Insufficient Access" if run as non-admin

* https://pagure.io/freeipa/issue/8885[#8885] (https://bugzilla.redhat.com/show_bug.cgi?id=1975139[rhbz#1975139])
   Upgrade error: Add failure missing required attribute "objectclass"

* https://pagure.io/freeipa/issue/8889[#8889] [tests] healthcheck 0.9

* https://pagure.io/freeipa/issue/8897[#8897] (https://bugzilla.redhat.com/show_bug.cgi?id=1976286[rhbz#1976286])
   ansible-freeipa automember test fails with `automember_add_condition: testgroup: 'objectclass'` due to ldap cache

* https://pagure.io/freeipa/issue/8898[#8898] plugin `plugins` doesn't work


-- 
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland

More information about the Freeipa-interest mailing list