From Fedora Project Wiki


Update to FreeIPA 4.4

Summary

Update FreeIPA in Fedora 25 to FreeIPA 4.4 series

Owner

Current status

  • Targeted release: Fedora 25
  • Last updated: 2016-09-02
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

FreeIPA 4.4 is a new upstream series. There are multiple improvements in setting and managing replication topology, managing certificates, and supporting more complex Active Directory environments.


Benefit to Fedora

FreeIPA 4.4 is part of RHEL 7.3 public beta and already got serious testing during RHEL 7.3 preparation. This was also a reason why it was not added to Fedora 25 before Alpha freeze as both FreeIPA upstream and Red Hat QE teams were busy in making sure FreeIPA 4.4 will get stable in time for RHEL deadlines.

Thus, Fedora benefits from FreeIPA 4.4 extended testing downstream in RHEL 7.3 and upstream.


Scope

  • Proposal owners: Alexander Bokovoy, Stephen Gallagher
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

Fedora OpenQA has tests for FreeIPA client and server deployment.

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

This is not a system-wide change because all affected packages required for FreeIPA 4.4 are already part of Fedora 25 before Alpha freeze.

Contingency Plan

  • Contingency mechanism: Our contigency plan is to not include FreeIPA 4.4 to Fedora 25 in case OpenQA tests demonstrate serious errors which cannot be rectified before the Fedora 25 release. However, given the extensive testing over two months as part of RHEL 7.3 public beta preparation, we are confident any issues uncovered as part of Fedora 25 beta will be fixed timely.
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? Yes, FreeIPA is release-blocking: https://fedoraproject.org/wiki/QA:Testcase_Server_role_deploy


Documentation

N/A (not a System Wide Change)

Release Notes

Release Notes might be amended to mention new features delivered in FreeIPA 4.4 series:

  • Enhanced replication topology management and replica promotion
  • Support for sub-CA and multiple certificate profiles
  • Support for external trust to an Active Directory domain
  • Ability to automatically solve DNS namespace conflicts when establishing trust to an Active Directory forest
  • Self-management of attributes for Active Directory users using IPA command-line interface
  • Light-weight command-line interface
  • Extensibility for third-party modules