-
Mon May 14 2018 EL Errata <el-errata_ww@oracle.com> - 4.5.4-10.0.1.el7_5
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]
-
Tue Apr 10 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-11.el7
- Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1)
- Add a notice to restart ipa services after certs are installed
- Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode
- Fix OTP validation in FIPS mode
- Increase the default token key size
- Revert "Don't allow OTP or RADIUS in FIPS mode"
- Log errors from NSS during FIPS OTP key import
- Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type
- ipa-replica-install: make sure that certmonger picks the right master
- Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface
- replica-install: pass --ip-address to client install
-
Wed Feb 07 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7
- Resolves: #1540361 ipa-advise for smartcards is out-of-date
- ipa-advise for smartcards updated
-
Mon Jan 15 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-9.el7
- Resolves: #1458169 --force-join option is not mentioned in ipa-replica-install man page
- Add --force-join into ipa-replica-install manpage
- Resolves: #1457876 ipa-backup fails silently
- Changed ownership of ldiffile to DS_USER
- Resolves: #1409786 Second phase of --external-ca ipa-server-install setup fails when dirsrv is not running
- Checks if Dir Server is installed and running before IPA installation
- Resolves: #1452086 Pagination Size under Customization in IPA WebUI accepts negative values
- WebUI: Add positive number validator
- WebUI: change validator of page size settings
- WebUI: fix jslint error
-
Wed Jan 10 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-8.el7
- Resolves: #1477531 Incorrect attribute level rights (ipaallowedtoperform) of service object
- WebUI: make keytab tables on service and host pages writable
- Resolves: #1529444 ObjectclassViolation seen while adding idview with domain-resolution-order option
- Idviews: fix objectclass violation on idview-add
- Resolves: #1451576 ipa cert-request failed to generate certificate from csr
- Fixing the cert-request comparing whole email address case-sensitively.
-
Wed Dec 13 2017 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-7.el7
- Resolves: #1421869 Unable to re-add broken AD trust - Unexpected Information received
- adtrust: filter out subdomains when defining our topology to AD
- Resolves: #1486286 IPA failing to authenticate via password+OTP on RHEL7.4 with fips enabled
- Don't allow OTP or RADIUS in FIPS mode
- Resolves: #1494226 IPA User Details not being displayed in WebUI
- Fix cert-find for CA-less installations
- Resolves: #1498387 389-ds-base crashed as part of ipa-server-intall in ipa-uuid
- 389-ds-base crashed as part of ipa-server-intall in ipa-uuid
- Resolves: #1503022 ipa-getkeytab man page should have more details about consequences of krb5 key renewal
- ipa-getkeytab man page: add more details about the -r option
- Resolves: #1509288 IPA trust-add internal error (expected security.dom_sid got None)
- ipaserver/plugins/trust.py; fix some indenting issues
- trust: detect and error out when non-AD trust with IPA domain name exists
- ipaserver/plugins/trust.py: pep8 compliance
- Resolves: #1511019 ipa-restore broken with python2
- Fix ipa-restore (python2)
- Resolves: #1511607 ipa-backup does not backup Custodia keys and files
- Backup ipa-custodia conf and keys
- Resolves: #1512482 kra install fails after ipa cert renewed
- Don't use admin cert during KRA installation
- Prevent set_directive from clobbering other keys
- pep8: reduce line lengths in CAInstance.__enable_crl_publish
- installutils: refactor set_directive
- Add tests for installutils.set_directive
- Add safe DirectiveSetter context manager
- Old pylint doesn't support bad python3 option
- Resolves: #1514163 CA less IPA install with external certificates fails on RHEL 7 in FIPS mode
- Fix ca less IPA install on fips mode
-
Mon Dec 04 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.5.4-6.el7
- Resolves: #1520279 - rebuild against samba 4.7
-
Thu Nov 30 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.5.4-5.el7
- Resolves: #1415162 ipa-exdom-extop plugin can exhaust DS worker threads
- Resolves: #1378892 host-find slowness caused by missing host attributes in index
-
Fri Nov 03 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.4-4.el7
- Resolves: #1388135 [RFE] limit the retro changelog to dns subtree.
- ldap: limit the retro changelog to dns subtree
- Resolves: #1427798 Use X509v3 Basic Constraints "CA:TRUE" instead
of "CA:FALSE" IPA CA CSR
- Include the CA basic constraint in CSRs when renewing a CA
- Resolves: #1493145 ipa-replica-install might fail because of an already
existing entry cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
- Checks if replica-s4u2proxy.ldif should be applied
- Resolves: #1493150 [RFE] set nsslapd-ignore-time-skew: on by default
- ds: ignore time skew during initial replication step
- ipa-replica-manage: implicitly ignore initial time skew in force-sync
- Resolves: #1500218 Replica installation at domain-level 0 fails against
upgraded ipa-server
- Fix ipa-replica-conncheck when called with --principal
- Resolves: #1506188 server-del doesn't remove dns-server configuration
from ldap
-
Thu Oct 26 2017 Rob Crittenden <rcritten@redhat.com> - 4.5.4-3.el7
- Drop workaround for building on AArch64 (#1482244)
- Temporarily reduce Requires on python-netaddr to 0.7.5-7 (#1506485)