Skip to navigation

Bug Fix Advisory ipa bug fix and enhancement update

Advisory: RHBA-2012:0819-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-06-20
Last updated on: 2012-06-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated ipa packages that fix several bugs and add various enhancements are now
available for Red Hat Enterprise Linux 6.

Red Hat Identity Management is a centralized authentication, identity management
and authorization solution for both traditional and cloud-based enterprise
environments. It integrates components of the Red Hat Directory Server, MIT
Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and
command-line interfaces. Its administration tools allow an administrator to
quickly install, set up, and administer a group of domain controllers to meet
the authentication and identity management requirements of large-scale Linux and
UNIX deployments.

These updated ipa packages include numerous bug fixes and enhancements. Space
precludes documenting all of these changes in this advisory. Users are directed
to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most
significant of these changes:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/ipa.html#RHBA-2012-0819

Users are advised to upgrade to these updated ipa packages, which fix these bugs
and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
ipa-2.2.0-16.el6.src.rpm
File outdated by:  RHBA-2013:1651
    MD5: 0492d7a17d180f8c0c06c561f070894f
SHA-256: 5e0cc0bddc59e88d297a71eaefa6cc81ecb36908476a90fa623646775e96e906
 
IA-32:
ipa-admintools-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 58261aa4f217d88ce504fb926ca7003f
SHA-256: be6807f8534cf1cfa1b45d13ce9d94df38e8f121a1166af87b38aec98b2b1493
ipa-client-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: c787b6cc6f4ad193dbb527cb202e5b80
SHA-256: 7313487a3e72acc2a4f392a1319c03ac31de154ef14c93cf8ad157a59ba772e8
ipa-debuginfo-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 647277551fc832145eb3a4b88fed27a5
SHA-256: da7a4da416442fc14866a45184313307fd668d4fb56bd48fc660df2000dedc5f
ipa-python-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: bac1d17146532a23e77d320dc6e76368
SHA-256: 94e068e47a8c49478bf53e6ada7f7714f88101aba147c738f676360a7501a7a9
ipa-server-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 28469ca2415f61b786f561ff34a5f710
SHA-256: f9569d8ffa8f011a3fe319468b07bcdc870464f427de0ffd308ef1b2dfff0185
ipa-server-selinux-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 4da8183ce695dac5bcba3d92b2056fa6
SHA-256: 38c1af78496cd62a976a5794d13cd7bbebaaf2afffc9151f53a15b6262986439
 
x86_64:
ipa-admintools-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: a95acb5f2214871794c0bf361174476b
SHA-256: f0b9e85d40c79cadde87545fd898abc97679f2c8160c1ba3ed0d439acbbaa03c
ipa-client-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 6d1edf0fd305cfba7fe2084f3e92fdf7
SHA-256: 6a6bd72e16c4158723526ca666832370f29b39f896c885a7116b61b1ab35acc1
ipa-debuginfo-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 068a2593d43d3d2abc9a9c13b69da53e
SHA-256: 6c4c1da0e6b40f1d0c0bb92015e7a29d56407fcdf5011e02b6b77279b80a73cb
ipa-python-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: ebcc986e8d5aee77264fa71e4fb5593e
SHA-256: a82dce88773ba1687b3a5500611fbad3d523ae36d97d4cc4535657546492bfe4
ipa-server-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 3c69bd525a69ae07ee625cb57a6ab238
SHA-256: 3ad0df695b2a8a481c551ba1d91cca6b16b5c5b286017e28b33a5d61426c45f2
ipa-server-selinux-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: d9af4e30baf0380fdb151d24e7efdffb
SHA-256: eef4ba84e974595ad35471ef58aa8e49bbf670bb7a9d57c058601763828369f9
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
ipa-2.2.0-16.el6.src.rpm
File outdated by:  RHBA-2013:1651
    MD5: 0492d7a17d180f8c0c06c561f070894f
SHA-256: 5e0cc0bddc59e88d297a71eaefa6cc81ecb36908476a90fa623646775e96e906
 
x86_64:
ipa-admintools-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: a95acb5f2214871794c0bf361174476b
SHA-256: f0b9e85d40c79cadde87545fd898abc97679f2c8160c1ba3ed0d439acbbaa03c
ipa-client-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 6d1edf0fd305cfba7fe2084f3e92fdf7
SHA-256: 6a6bd72e16c4158723526ca666832370f29b39f896c885a7116b61b1ab35acc1
ipa-debuginfo-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 068a2593d43d3d2abc9a9c13b69da53e
SHA-256: 6c4c1da0e6b40f1d0c0bb92015e7a29d56407fcdf5011e02b6b77279b80a73cb
ipa-python-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: ebcc986e8d5aee77264fa71e4fb5593e
SHA-256: a82dce88773ba1687b3a5500611fbad3d523ae36d97d4cc4535657546492bfe4
ipa-server-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 3c69bd525a69ae07ee625cb57a6ab238
SHA-256: 3ad0df695b2a8a481c551ba1d91cca6b16b5c5b286017e28b33a5d61426c45f2
ipa-server-selinux-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: d9af4e30baf0380fdb151d24e7efdffb
SHA-256: eef4ba84e974595ad35471ef58aa8e49bbf670bb7a9d57c058601763828369f9
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
ipa-2.2.0-16.el6.src.rpm
File outdated by:  RHBA-2013:1651
    MD5: 0492d7a17d180f8c0c06c561f070894f
SHA-256: 5e0cc0bddc59e88d297a71eaefa6cc81ecb36908476a90fa623646775e96e906
 
IA-32:
ipa-admintools-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 58261aa4f217d88ce504fb926ca7003f
SHA-256: be6807f8534cf1cfa1b45d13ce9d94df38e8f121a1166af87b38aec98b2b1493
ipa-client-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: c787b6cc6f4ad193dbb527cb202e5b80
SHA-256: 7313487a3e72acc2a4f392a1319c03ac31de154ef14c93cf8ad157a59ba772e8
ipa-debuginfo-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 647277551fc832145eb3a4b88fed27a5
SHA-256: da7a4da416442fc14866a45184313307fd668d4fb56bd48fc660df2000dedc5f
ipa-python-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: bac1d17146532a23e77d320dc6e76368
SHA-256: 94e068e47a8c49478bf53e6ada7f7714f88101aba147c738f676360a7501a7a9
ipa-server-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 28469ca2415f61b786f561ff34a5f710
SHA-256: f9569d8ffa8f011a3fe319468b07bcdc870464f427de0ffd308ef1b2dfff0185
ipa-server-selinux-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 4da8183ce695dac5bcba3d92b2056fa6
SHA-256: 38c1af78496cd62a976a5794d13cd7bbebaaf2afffc9151f53a15b6262986439
 
PPC:
ipa-admintools-2.2.0-16.el6.ppc64.rpm
File outdated by:  RHBA-2013:1651
    MD5: b394374773d10c7c58cb96c8e44be1ee
SHA-256: 120c22458d4c6606314b9dca78f2dee3f317f042781c5f0c1c688dac3cb2e5e3
ipa-client-2.2.0-16.el6.ppc64.rpm
File outdated by:  RHBA-2013:1651
    MD5: b52ba2fba56c50f2d14dc61b99b55748
SHA-256: 7ae5b20fab09c7e994c78ab13353e8d67d9db5666720fface9e757f1c4f670f4
ipa-debuginfo-2.2.0-16.el6.ppc64.rpm
File outdated by:  RHBA-2013:1651
    MD5: bd7155fbe66ca34adc9a33ca40609594
SHA-256: d6820d7be5e03a0f78e8f2dfbbbdac8a4ca546d0d21cc2d10144ec910c509b23
ipa-python-2.2.0-16.el6.ppc64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 9a81c00fcbf884352d6d223e5cf37a4a
SHA-256: 38a75bd90afdcf4075641217a8ad8edb372c6fa179e502752632f38adcce85b5
 
s390x:
ipa-admintools-2.2.0-16.el6.s390x.rpm
File outdated by:  RHBA-2013:1651
    MD5: c7f0d5ea931be99584fcbd427f67b060
SHA-256: 7059020528842a31458dd693818ac1b6108db131a385799a6c3870714434d562
ipa-client-2.2.0-16.el6.s390x.rpm
File outdated by:  RHBA-2013:1651
    MD5: c6d83d7189f40071aa5b8650d545b62e
SHA-256: f71f3650134cafd33410740c053ad607aa688efefe9b21f9b199d23b86e30d7c
ipa-debuginfo-2.2.0-16.el6.s390x.rpm
File outdated by:  RHBA-2013:1651
    MD5: 8c91ea72b5afb7db379e185e3fe78e56
SHA-256: 3d2786b57a6f305c66a39b66758e3583a1542cddd0a7b17268cf853e3e67251a
ipa-python-2.2.0-16.el6.s390x.rpm
File outdated by:  RHBA-2013:1651
    MD5: ce6a2159d094e8f5b09876248f0fffcf
SHA-256: 443aedb5fea0cfc554cffb551a81089e67aae78dcaf972cec47e3256aedd89cd
 
x86_64:
ipa-admintools-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: a95acb5f2214871794c0bf361174476b
SHA-256: f0b9e85d40c79cadde87545fd898abc97679f2c8160c1ba3ed0d439acbbaa03c
ipa-client-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 6d1edf0fd305cfba7fe2084f3e92fdf7
SHA-256: 6a6bd72e16c4158723526ca666832370f29b39f896c885a7116b61b1ab35acc1
ipa-debuginfo-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 068a2593d43d3d2abc9a9c13b69da53e
SHA-256: 6c4c1da0e6b40f1d0c0bb92015e7a29d56407fcdf5011e02b6b77279b80a73cb
ipa-python-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: ebcc986e8d5aee77264fa71e4fb5593e
SHA-256: a82dce88773ba1687b3a5500611fbad3d523ae36d97d4cc4535657546492bfe4
ipa-server-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 3c69bd525a69ae07ee625cb57a6ab238
SHA-256: 3ad0df695b2a8a481c551ba1d91cca6b16b5c5b286017e28b33a5d61426c45f2
ipa-server-selinux-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: d9af4e30baf0380fdb151d24e7efdffb
SHA-256: eef4ba84e974595ad35471ef58aa8e49bbf670bb7a9d57c058601763828369f9
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
ipa-2.2.0-16.el6.src.rpm
File outdated by:  RHBA-2013:1651
    MD5: 0492d7a17d180f8c0c06c561f070894f
SHA-256: 5e0cc0bddc59e88d297a71eaefa6cc81ecb36908476a90fa623646775e96e906
 
IA-32:
ipa-admintools-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 58261aa4f217d88ce504fb926ca7003f
SHA-256: be6807f8534cf1cfa1b45d13ce9d94df38e8f121a1166af87b38aec98b2b1493
ipa-client-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: c787b6cc6f4ad193dbb527cb202e5b80
SHA-256: 7313487a3e72acc2a4f392a1319c03ac31de154ef14c93cf8ad157a59ba772e8
ipa-debuginfo-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 647277551fc832145eb3a4b88fed27a5
SHA-256: da7a4da416442fc14866a45184313307fd668d4fb56bd48fc660df2000dedc5f
ipa-python-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: bac1d17146532a23e77d320dc6e76368
SHA-256: 94e068e47a8c49478bf53e6ada7f7714f88101aba147c738f676360a7501a7a9
ipa-server-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 28469ca2415f61b786f561ff34a5f710
SHA-256: f9569d8ffa8f011a3fe319468b07bcdc870464f427de0ffd308ef1b2dfff0185
ipa-server-selinux-2.2.0-16.el6.i686.rpm
File outdated by:  RHBA-2013:1651
    MD5: 4da8183ce695dac5bcba3d92b2056fa6
SHA-256: 38c1af78496cd62a976a5794d13cd7bbebaaf2afffc9151f53a15b6262986439
 
x86_64:
ipa-admintools-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: a95acb5f2214871794c0bf361174476b
SHA-256: f0b9e85d40c79cadde87545fd898abc97679f2c8160c1ba3ed0d439acbbaa03c
ipa-client-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 6d1edf0fd305cfba7fe2084f3e92fdf7
SHA-256: 6a6bd72e16c4158723526ca666832370f29b39f896c885a7116b61b1ab35acc1
ipa-debuginfo-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 068a2593d43d3d2abc9a9c13b69da53e
SHA-256: 6c4c1da0e6b40f1d0c0bb92015e7a29d56407fcdf5011e02b6b77279b80a73cb
ipa-python-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: ebcc986e8d5aee77264fa71e4fb5593e
SHA-256: a82dce88773ba1687b3a5500611fbad3d523ae36d97d4cc4535657546492bfe4
ipa-server-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: 3c69bd525a69ae07ee625cb57a6ab238
SHA-256: 3ad0df695b2a8a481c551ba1d91cca6b16b5c5b286017e28b33a5d61426c45f2
ipa-server-selinux-2.2.0-16.el6.x86_64.rpm
File outdated by:  RHBA-2013:1651
    MD5: d9af4e30baf0380fdb151d24e7efdffb
SHA-256: eef4ba84e974595ad35471ef58aa8e49bbf670bb7a9d57c058601763828369f9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

688765 - [RFE] afsdb records to not seem to be resolvable.
701677 - Allow specifying query and transfer policy settings for a zone
718015 - ipa pwpolicy inconsistency in error messages
738049 - [ipa webui] Remove Rule type info from HBAC page
738788 - ipa dnsrecord-add allows invalid kx records
741604 - misleading error when adding duplicate external members to sudo rule
741746 - [ipa webui] long rule names are not displayed nicely
742361 - ping CLI has no help or documentation
742601 - ipa config-mod: update description for --emaildomain
742973 - ipa-managed-entries traceback
742978 - ipa-managed-entries: --password option invalid
744205 - [ipa webui] Config - User search fields - if blank, throws error - an internal error has occurred
745705 - --zonemgr option of ipa-dns-install accepts email addresses without "@".
745788 - Help for ipa user-find does not include information about CRITERIA
745801 - [ipa webui] When user logs in for self service, enroll buttons are enabled
745962 - [ipa webui] RFE: The tabs when editing objects should be coloured to indicate the grouped tabs clearly
745968 - [ipa webui] RFE: Add a link is DNS Record for a host to navigate to its reverse zone
745972 - [ipa webui] RFE: Dropdown to select password policy priority from
746044 - [RFE] Option to generate random password for a new user
746060 - RFE: Certificate Serial Number is normally in hex, but not so in ipa ui
746078 - ipa-server-install does not clean after itself
746589 - automember functionality not available for upgraded IPA server
746805 - RFE: Make deactivated items visible as deactivated
747693 - ipa selfservice-find --raw returns "internal error"
747720 - ipa selfservice-find --permission="" returns internal error
747722 - ipa selfservice-find --attrs="" returns internal error
747730 - command: ipa selfservice-mod "edit address" --permissions="" delete a selfservice permission
747741 - command: ipa selfservice-mod : provide wrong attr for --attrs delete a selfservice permission
748110 - At times setting password fails with "Confidentiality required: Operation requires a secure connection." errro.
749275 - ipa-csreplica-manage list is incorrect when setting agreement between 2 replicas
750524 - Better error message needed to indicate if there is no CS replication agreement with another server
750806 - dnszone-mod and dnszone-add does not format administrator's email properly
750828 - named configuration error when installed with --external-ca option.
750850 - ipa-client-install with --no-sssd option should check for nss_ldap package or config availability
750947 - Adding loc records to a ipa-dns server breaks name resolution for some other records.
750984 - Inconsistency in error message while adding a duplicate netgroup.
751018 - Default HBAC Administration Role - Permissions missing
751020 - Default Sudo Administration Role - Permissions missing
751028 - Default Password Policy Administrator Role - Permissions missing
751029 - Default Modify Group membership Role - Permissions missing
751046 - HTTP server ports displayed multiple times in ipa-replica-conncheck.
751063 - ipa-replica-conncheck --master shows "Kerberos Kpasswd: UDP" to be OK even though it is not.
751173 - Misleading error message when changing password
751529 - [ipa webui] Add Host: Unable to select dns zone when there exists only one.
751597 - ipa-server-install --hostname fails at step configuring certificate server instance
751769 - ipa-server-install --uninstall errors out even when the newly created 389-ds instance is successfully removed.
751968 - Warning messages related to entitlements are displayed during installation with --ip-address option.
752686 - Negative test case for defaultgroup in ipa config-mod causes internal error.
752874 - IPA needs a check to ensure hostnames 'underscore' is not allowed when installing a replica
753483 - [RFE] support bind forward zones, aka DNS conditional forwarding
753484 - [RFE] Kerberos sign in should fall back to landing page username + password login form
753526 - IPA allows clients named localhost.localdomain, they should be refused
753966 - unable to delete migrated groups containing spaces
754524 - ipa-replica-manage - better error reporting when doing a del
754539 - Connect after del using ipa-replica-manage fails
754635 - Traceback message displayed while replica install is terminated before entering admin password.
754973 - "force-sync, re-initialize and del" options for ipa-replica-manage fail against AD.
755094 - ipa-replica-manage list doesn't always match cn=mapping tree
755450 - Better message for error diagnosis while adding an existing winsync agreement.
757644 - --no-reverse option in ipa-replica-install is not honored.
757681 - ipa-replica-install fails when --no-host-dns option is provided.
759100 - Unable to install ipa-server on a specified interface in dual nic machines.
759501 - [RFE] Login failed attempts counter or locked out status are not displayed in WebUI or "ipa user-show" command
761080 - CLI : ipa migration help is incomplete
766070 - [RFE] Allow forms based kerberos authentication for the IPA UI
766073 - [RFE] DNS Enhancements :: Implement new API for DNS records
766075 - DNS zone dynamic update is changed to false if --allow-dynupdate not specified
766077 - Enhance ipa-replica-conncheck to report DNS failures
766096 - Handle schema upgrades from IPA v2 to v3 - Tracker bug for upgrade from 6.2
766181 - [RFE] Provide option to disable Automatic Private Group creation for users
767725 - GSS-TSIG DNS updates should update reverse entries as well
768164 - [RFE] Use Services4User to replace ticket forwarding/delegation
768257 - Man Page : Document client IP addressing / FQDN requirements
769491 - Unable to add certain sudo commands to groups
772043 - Adding a netgroup with a "+" in the name that overlaps hostgroup causes crash
772044 - [RFE] Add ethers (mac address) information to the host object
772106 - ipa selfservice-add --raw returns "internal error" message
772150 - ipa-replica-manage re-initialize causes ALL Severs to rerun memberof fixup
772301 - [RFE] Reverse DNS rec not created upon creation of fwd DNS rec
772359 - [RFE] Need tool to update exclusive list in replication agreements
772675 - ipa selfservice-mod --raw returns "internal error" message
772852 - "Unresolved rules in --rules" error message is displayed even if the hbacrule is specified using the --rules option.
773488 - Make ipausers a non-posix group on new installs
773759 - Administrative Roles given the permission to change a user password should not be able to change user's passwords that are in the Administrators Group
782460 - Typo in example description for automember-default-group-remove
782566 - Unable to unset permission memberof
782873 - [RFE] Add --delattr option to complement --setattr/--addattr
782885 - [RFE] allow setting password when adding user
782894 - [RFE] Create a managment plugin for HBAC testing and troubleshooting (UI portion)
782896 - [RFE] Confirmation when adding multiple entries
782918 - Provide man page for ipa-upgradeconfig
782921 - [RFE] Add central configuration for size and look through limits
782925 - ipa-client-install fails when not run as root
782927 - [RFE] Add --sizelimit option to hbactest.
782974 - Exception why removing all values in config plugin
782976 - [RFE] SUDO: --users and --groups should detect values such as "ALL" and error appropriately
782979 - Replication Failure: Allocation of a new value for range cn=posix ids
783270 - When migrating warn user if compat is enabled
783271 - single-component domain no longer allowed
783272 - Confusing error message when adding a record to non-existent zone
783276 - host-add does not accept IPv6 addresses
783285 - [RFE] Missing "managing hosts" options.
783286 - Setting HBAC/SUDO category to Anyone doesn't remove users/groups
783289 - Provide guidance generate Certificate request
783291 - [RFE] add kerberos policy data to the user details page.
783307 - ipa delegation-add is not failing when membergroup does not exist
783500 - [ipa webui] Permission has checkbox selected against no attribute
783502 - ipa permission-add does not fail if using invalid attribute
783536 - [ipa webui] permission with filter or subtree does not allow attr to be specified
784329 - ipa permission-add is not failing when memberof group does not exist
784468 - ipa help delegation example has group and membergroup backwards?
784696 - Don't set nsds5replicaupdateschedule in replication agreements
785756 - config-mod :: --homedirectory new value not being honored
785864 - Users Failed Login attempts are not iterating the counter
786185 - Allow basedn to be passed into migrate-ds
786223 - Make ipa-client depend on oddjob-mkhomedir (ipa-client-install --mkhomedir sets wrong selinux contexts on user home drives)
788625 - IPA nested netgroups not seen from ypcat
788656 - ^D on password input returns traceback
789413 - Need option for ipa-client-install to not call authconfig
789459 - Error not reported correctly when logging into WebUI
789919 - IP address with just 3 octets are accepted as valid addresses in --a-rec option.
789980 - Adding some of the RR type from the "allowed values" results in an error message.
789987 - Correction in error message while deleting a invalid record.
790017 - RFE: Resource Record type options should be more descriptive.
790295 - RFE: Prompt for the missing options if not provided in command line during record add.
790318 - dnsrecord-add does not validate the record names with space in between.
790931 - unable to remove ipa if another ds instance is setup
791373 - Invalid error message attempting to delete config attributes
794474 - Can not add new user objectclass to ipa configuration
794746 - Internal error : ipa config-mod addattr on user and group search fields
794750 - ipa config-mod allowed to add additional certificate subjects bases
796347 - man page for ipa-replica-manage has typos in examples.
796401 - ipa migrate-ds :: Internal Server Error
797237 - ipa netgroup-add and netgroup-mod --nisdomain should not allow commas
797256 - ipa netgroup-add-member --hosts should not allow invalid characters
797561 - Bool attributes used in setattr/addattr/delattr options are not encoded properly
797562 - Invalid host-add when hostname contains trailing dot
797563 - Don't allow host-del on active replicas
797564 - Remove Requires on krb5-server-ldap
797565 - escaping commas is not working
797566 - Don't remove dirsrv user on uninstall
797567 - ipa-client-install does not handle exception from certutil call
797569 - embedded carriage returns in a CSV not handled
798352 - winsync now does not fill gidnumber
798361 - Missing anonymous limits in IPA
798792 - ipa netgroup-find options set to space return internal errors
799335 - ipa host-add fails when DNS records already exist
800119 - Should not be allowed to run host-disable on an IPA Server or service-disable on an IPA Server service
800363 - Unchecked return value and resource leak in ipa.
800483 - Unable to delete records interactively.
800537 - Sudo commands with special characters cannot be removed from command groups
801376 - ipa-server-install --uninstall errors out when trying to start dirsrv.
801380 - Reverse zone is removed while deleting replica agreement.
802786 - FreeIPA WebUI displays "Insufficient access: invalid credentials" when a password doesn't meet policy requirements
802832 - IPA Server Install Failing : java.lang.NoClassDefFoundError: 'ConfigureCA'
802860 - Fix UDP port check during ipa-ca-install
802864 - Fill global DNS configuration during installation
802912 - Error submitting certificate signing request
803050 - Recreate facet content after error
803822 - Tech Preview: Add support for central management of the SSH keys
803836 - IPA needs to set the nsslapd-minssf-exclude-rootdse option by default
804096 - Password Policy Failure Interval Reset is not working.
804562 - --ns-hostname option does not check A/AAAA record of the provided hostname.
804572 - Irrelevant error message when per-part modification mode is used during dnsrecord-mod operation without specifying the record.
804609 - Issues with DS migrated Users
804807 - DS Migration :: Internal Server Error specifying invalid RDN for container
805427 - idnssoaserial does not honour the recommended syntax in rfc1912.
805478 - Unable to use permission-mod to rename permission object
805546 - when adding a user with --noprivate option gidNumber should be required
806330 - warning when installing ipaserver - at step - configuring SELinux for httpd
807230 - Unable to delete all sshfp records interactively.
807304 - ipa permission-add throws internal server error when name contains '<' or '>'
807361 - DNS records in LDAP are publicly accessible
807362 - Lack of dependency on freeipa-client rpm --> python-krbV
807366 - Can't specify netgroup host, user category to all in Web UI
807371 - migration: don't append basedn to container if it is included
807417 - user-mod --rename is successful for more than 32 characters
807755 - [ipa webui] When adding permissions for a type, attributes that are not allowed are listed
808042 - "host group not found" error message is displayed while removing a member host from the hostgroup with huge members.
808099 - Unhelpful error message is displayed when no value is given in --revocation-reason optional argument with "ipa cert-revoke"
808201 - IPA Master Upgrade failed with argument of type 'NoneType' is not iterable
809190 - ipa-server-install fails when domain name is not resolvable
809262 - IPA Upgrade Web UI failure with internal server error
809560 - Do not create private groups for migrated users
810350 - [ipa webui] Privilege page should not have choice to list permissions by "indirect membership"
810948 - Unable to disable or enable hbacrule with --setattr [regression]
811296 - Notify user that password needs to be reset in forms-based login
811748 - Incorrect error message when user-mod --rename with an empty string
812110 - [ipa webui] Delegation UI does not allow to specify permission
812391 - IPA uninstall after upgrade returns some sysrestore.state errors
813389 - Improve migration plugin error when 2 groups have identical GID
815799 - Internal server error when Web UI calls pwpolicy_find with pkey_only option
818868 - [Web UI] Host detail page is not filled with data
822429 - Failed login count is stuck at 1
825321 - SSH Tech Preview feature enabled by default in ipa-client


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/