-
Tue Apr 10 2018 EL Errata <el-errata_ww@oracle.com> - 4.5.4-10.0.1.el7
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]
-
Wed Feb 07 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7
- Resolves: #1540361 ipa-advise for smartcards is out-of-date
- ipa-advise for smartcards updated
-
Mon Jan 15 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-9.el7
- Resolves: #1458169 --force-join option is not mentioned in ipa-replica-install man page
- Add --force-join into ipa-replica-install manpage
- Resolves: #1457876 ipa-backup fails silently
- Changed ownership of ldiffile to DS_USER
- Resolves: #1409786 Second phase of --external-ca ipa-server-install setup fails when dirsrv is not running
- Checks if Dir Server is installed and running before IPA installation
- Resolves: #1452086 Pagination Size under Customization in IPA WebUI accepts negative values
- WebUI: Add positive number validator
- WebUI: change validator of page size settings
- WebUI: fix jslint error
-
Wed Jan 10 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-8.el7
- Resolves: #1477531 Incorrect attribute level rights (ipaallowedtoperform) of service object
- WebUI: make keytab tables on service and host pages writable
- Resolves: #1529444 ObjectclassViolation seen while adding idview with domain-resolution-order option
- Idviews: fix objectclass violation on idview-add
- Resolves: #1451576 ipa cert-request failed to generate certificate from csr
- Fixing the cert-request comparing whole email address case-sensitively.
-
Wed Dec 13 2017 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-7.el7
- Resolves: #1421869 Unable to re-add broken AD trust - Unexpected Information received
- adtrust: filter out subdomains when defining our topology to AD
- Resolves: #1486286 IPA failing to authenticate via password+OTP on RHEL7.4 with fips enabled
- Don't allow OTP or RADIUS in FIPS mode
- Resolves: #1494226 IPA User Details not being displayed in WebUI
- Fix cert-find for CA-less installations
- Resolves: #1498387 389-ds-base crashed as part of ipa-server-intall in ipa-uuid
- 389-ds-base crashed as part of ipa-server-intall in ipa-uuid
- Resolves: #1503022 ipa-getkeytab man page should have more details about consequences of krb5 key renewal
- ipa-getkeytab man page: add more details about the -r option
- Resolves: #1509288 IPA trust-add internal error (expected security.dom_sid got None)
- ipaserver/plugins/trust.py; fix some indenting issues
- trust: detect and error out when non-AD trust with IPA domain name exists
- ipaserver/plugins/trust.py: pep8 compliance
- Resolves: #1511019 ipa-restore broken with python2
- Fix ipa-restore (python2)
- Resolves: #1511607 ipa-backup does not backup Custodia keys and files
- Backup ipa-custodia conf and keys
- Resolves: #1512482 kra install fails after ipa cert renewed
- Don't use admin cert during KRA installation
- Prevent set_directive from clobbering other keys
- pep8: reduce line lengths in CAInstance.__enable_crl_publish
- installutils: refactor set_directive
- Add tests for installutils.set_directive
- Add safe DirectiveSetter context manager
- Old pylint doesn't support bad python3 option
- Resolves: #1514163 CA less IPA install with external certificates fails on RHEL 7 in FIPS mode
- Fix ca less IPA install on fips mode
-
Mon Dec 04 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.5.4-6.el7
- Resolves: #1520279 - rebuild against samba 4.7
-
Thu Nov 30 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.5.4-5.el7
- Resolves: #1415162 ipa-exdom-extop plugin can exhaust DS worker threads
- Resolves: #1378892 host-find slowness caused by missing host attributes in index
-
Fri Nov 03 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.4-4.el7
- Resolves: #1388135 [RFE] limit the retro changelog to dns subtree.
- ldap: limit the retro changelog to dns subtree
- Resolves: #1427798 Use X509v3 Basic Constraints "CA:TRUE" instead
of "CA:FALSE" IPA CA CSR
- Include the CA basic constraint in CSRs when renewing a CA
- Resolves: #1493145 ipa-replica-install might fail because of an already
existing entry cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
- Checks if replica-s4u2proxy.ldif should be applied
- Resolves: #1493150 [RFE] set nsslapd-ignore-time-skew: on by default
- ds: ignore time skew during initial replication step
- ipa-replica-manage: implicitly ignore initial time skew in force-sync
- Resolves: #1500218 Replica installation at domain-level 0 fails against
upgraded ipa-server
- Fix ipa-replica-conncheck when called with --principal
- Resolves: #1506188 server-del doesn't remove dns-server configuration
from ldap
-
Thu Oct 26 2017 Rob Crittenden <rcritten@redhat.com> - 4.5.4-3.el7
- Drop workaround for building on AArch64 (#1482244)
- Temporarily reduce Requires on python-netaddr to 0.7.5-7 (#1506485)
-
Tue Oct 24 2017 Felipe Barreto <fbarreto@redhat.com> - 4.5.4-2.el7
- Resolves: #1461177 ipa-otptoken-import - XML file is missing PBKDF2
parameters!
- Resolves: #1464205 NULL LDAP context in call to ldap_search_ext_s during
search in cn=ad, cn=trusts,dc=example,dc=com
- Resolves: #1467887 iommu platform support for ipxe
- Resolves: #1477178 [ipa-replica-install] - 406 Client Error: Failed to
validate message: Incorrect number of results (0) searching forpublic key for
host
- Resolves: #1478251 IPA WebUI does not work after upgrade from IPA 4.4 to
4.5
- Resolves: #1480102 ipa-server-upgrade failes with "This entry already
exists"
- Resolves: #1482802 Unable to set ca renewal master on replica
- Resolves: #1484428 Updating from RHEL 7.3 fails with Server-Cert not found
(ipa-server-upgrade)
- Resolves: #1484826 FreeIPA/IdM installations which were upgraded from
versions with 389 DS prior to 1.3.3.0 doesn't have whomai plugin enabled and
thus startup of Web UI fails
- Resolves: #1486283 TypeError in renew_ca_cert prevents from swiching back
to self-signed CA
- Resolves: #1469246 Replica install fails to configure IPA-specific
temporary files/directories
- Resolves: #1469480 bind package is not automatically updated during
ipa-server upgrade process
- Resolves: #1475238 Use CommonNameToSANDefault in default profile (new
installs only)
- Resolves: #1477703 IPA upgrade fails for latest ipa package