FEDORA-2019-d95d1971b2 created by abbra 4 years ago for Fedora 30

FreeIPA 4.8.1

Full upstream release notes:

Highlights in 4.8.1

  • 5608: [RFE] Add Dogtag configuration extensions

It is now possible to tune Dogtag configuration when creating a CA by passing an overlay configuration file with --pki-config-override option. Not all options are supported yet and documentation is being worked on.

  • Release tarball corrections

FreeIPA 4.8.0 release tarball did lack two update files. This release adds them back. The files existed in git but weren't installed when building distribution packages.

  • 8040: ipa migrade-ds regression

FreeIPA 4.8.0 tightened access to LDAP connections to disallow passing plainttext credentials over an insecure connection. This broke 'ipa migrate-ds' functionality where in order to migrate to FreeIPA one often needs to connect to a legacy LDAP server which might not be using TLS certificates.

FreeIPA 4.8.1 restores ability to use insecure LDAP connections in 'ipa migrate-ds' for migration purposes only.


  • 7932 and 7933: index certmap attributes and allow altSecurityIdentities in schema

For certificate mapping operations it is possible to specify altSecurityIdentities in the certification mapping filters. The filter is applied by SSSD at both FreeIPA and Active Directory LDAP servers. While nothing is using altSecurityIdentities in FreeIPA now, the schema allows to optimize queries better at LDAP server side. Additionally, other certificate mapping attributes are now indexed to allow faster operations for environments with a large set of mapping rules.

  • 7991: Profile-based renewal of system certificates

FreeIPA-specific certificates tracked by certmonger can now be renewed with preservation of a certificate profile used to issue them. It is also possible to change the certificate profile during update. This is required to allow updating certain profile-specific attributes of the system certificates in future.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-d95d1971b2

This update has been submitted for testing by abbra.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update has been pushed to testing.

4 years ago

This update can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
7 days
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1732524 repeated uninstallation of ipa-client-samba crashes
BZ#1732528 ipa-client-samba can not install samba after uninstallation

Automated Test Results