[Freeipa-users] Announcing FreeIPA 4.4.2

Martin Kosek mkosek at redhat.com
Fri Oct 14 07:58:11 UTC 2016 

On 10/13/2016 09:17 PM, Petr Vobornik wrote:
> The FreeIPA team would like to announce FreeIPA 4.4.2 release!
> 
> It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
> for Fedora 24 will be available in the official COPR repository
> <https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-4/>.
> 
> This announcement is also available on
> http://www.freeipa.org/page/Releases/4.4.2
> 
> Fedora 25 update:
> https://bodhi.fedoraproject.org/updates/freeipa-4.4.2-1.fc25

Please note that the FreeIPA Public demo was also upgraded to the version
4.4.2, if you want to try it out!

Demo location: https://ipa.demo1.freeipa.org/ipa/ui/

The selected new features that may be best exhibited in the FreeIPA Web UI:

* Improved Topology Management:
  - IPA Server -> Topology -> Graph
  - https://ipa.demo1.freeipa.org/ipa/ui/#/p/topology-graph

* Added Overview of IPA server roles:
  - IPA Server -> Topology -> Server Roles
  - https://ipa.demo1.freeipa.org/ipa/ui/#/e/server_role/search
  - You can click on a role

  - You can also see roles of a server:
  - https://ipa.demo1.freeipa.org/ipa/ui/#/e/server/details/ipa.demo1.freeipa.org

* Added DNS Location Mechanism:
  - IPA Server -> Topology -> IPA Locations
  - You can add a location
  - In the location details, you can add the servers to it (you can only test
UI as changing a location of IPA server requires DNS server restart)

* Added support for Sub-CAs
  - Open Authentication -> Certificate Authorities
  - Add new CA Authority, with subject like "CN=Certificate
Authority,O=VPN,O=DEMO1.FREEIPA.ORG"
  - Set ACL for authority in "CA ACLs" so that Admin can use this CA
  - Generate new certificate:
     - Open for example a test Service
     - Click Options -> New Certificate
     - Follow the steps (and use the new Sub-CA). I typed these options to get
the CSR:
       - cd /tmp/
       - mkdir test
       - cd test/
       - certutil -N -d .
       - certutil -R -d . -a -g 2048 -s
'CN=ipa.demo1.freeipa.org,O=VPN,O=DEMO1.FREEIPA.ORG' -8 'ipa.demo1.freeipa.org'
     - Paste the CSR blob to FreeIPA, it should pass
     - It will show that Issuer is "CN = Certificate Authority,O = VPN,O =
DEMO1.FREEIPA.ORG", i.e. our new Sub-CA

Enjoy!
Martin

More information about the Freeipa-users mailing list