From Fedora Project Wiki
 
Line 127: Line 127:
== Contingency Plan ==
== Contingency Plan ==


<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "Revert the shipped configuration".  Or it might not (e.g. rebuilding a number of dependent packages). If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
* Contingency mechanism: Our contigency plan is to not include FreeIPA 4.4 to Fedora 25 in case OpenQA tests demonstrate serious errors which cannot be rectified before the Fedora 25 release. However, given the extensive testing over two months as part of RHEL 7.3 public beta preparation, we are confident any issues uncovered as part of Fedora 25 beta will be fixed timely.
* Contingency mechanism: (What to do?  Who will do it?) N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- When is the last time the contingency mechanism can be put in place?  This will typically be the beta freeze. -->
* Contingency deadline: N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Contingency deadline: N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
* Blocks release? Yes, FreeIPA is release-blocking: https://fedoraproject.org/wiki/QA:Testcase_Server_role_deploy
* Blocks release? Yes, FreeIPA is release-blocking: https://fedoraproject.org/wiki/QA:Testcase_Server_role_deploy


Our contigency plan is to not include FreeIPA 4.4 to Fedora 25 in case OpenQA tests demonstrate serious errors which cannot be rectified before the Fedora 25 release. However, given the extensive testing over two months as part of RHEL 7.3 public beta preparation, we are confident any issues uncovered as part of Fedora 25 beta will be fixed timely.


== Documentation ==
== Documentation ==
Line 154: Line 150:
* Support for external trust to an Active Directory domain
* Support for external trust to an Active Directory domain
* Ability to automatically solve DNS namespace conflicts when establishing trust to an Active Directory forest
* Ability to automatically solve DNS namespace conflicts when establishing trust to an Active Directory forest
* Self-management of attributes for Active Directory users using IPA command-line interface
* Light-weight command-line interface
* Light-weight command-line interface
* Extensibility for third-party modules
* Extensibility for third-party modules

Latest revision as of 07:57, 2 September 2016


Update to FreeIPA 4.4

Summary

Update FreeIPA in Fedora 25 to FreeIPA 4.4 series

Owner

Current status

  • Targeted release: Fedora 25
  • Last updated: 2016-09-02
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

FreeIPA 4.4 is a new upstream series. There are multiple improvements in setting and managing replication topology, managing certificates, and supporting more complex Active Directory environments.


Benefit to Fedora

FreeIPA 4.4 is part of RHEL 7.3 public beta and already got serious testing during RHEL 7.3 preparation. This was also a reason why it was not added to Fedora 25 before Alpha freeze as both FreeIPA upstream and Red Hat QE teams were busy in making sure FreeIPA 4.4 will get stable in time for RHEL deadlines.

Thus, Fedora benefits from FreeIPA 4.4 extended testing downstream in RHEL 7.3 and upstream.


Scope

  • Proposal owners: Alexander Bokovoy, Stephen Gallagher
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

Fedora OpenQA has tests for FreeIPA client and server deployment.

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

This is not a system-wide change because all affected packages required for FreeIPA 4.4 are already part of Fedora 25 before Alpha freeze.

Contingency Plan

  • Contingency mechanism: Our contigency plan is to not include FreeIPA 4.4 to Fedora 25 in case OpenQA tests demonstrate serious errors which cannot be rectified before the Fedora 25 release. However, given the extensive testing over two months as part of RHEL 7.3 public beta preparation, we are confident any issues uncovered as part of Fedora 25 beta will be fixed timely.
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? Yes, FreeIPA is release-blocking: https://fedoraproject.org/wiki/QA:Testcase_Server_role_deploy


Documentation

N/A (not a System Wide Change)

Release Notes

Release Notes might be amended to mention new features delivered in FreeIPA 4.4 series:

  • Enhanced replication topology management and replica promotion
  • Support for sub-CA and multiple certificate profiles
  • Support for external trust to an Active Directory domain
  • Ability to automatically solve DNS namespace conflicts when establishing trust to an Active Directory forest
  • Self-management of attributes for Active Directory users using IPA command-line interface
  • Light-weight command-line interface
  • Extensibility for third-party modules