(reposted from the mailing list)

The FreeIPA project team is pleased to announce the availability of the Beta 1 release of freeIPA 2.0 server [1].

– Binaries are available for F-13 and F-14.
– With this beta freeIPA is feature complete.
– Please do not hesitate to share feedback, criticism or bugs with us on
our mailing list: freeipa-users@redhat.com

Main Highlights of the Beta
– This beta is the first attempt to show all planned capabilities of the upcoming release.
– For the first time the new UI is mostly operational and can be used to perform management of the system.
– Some areas are still very rough and we will appreciate your help with those.

Focus of the Beta Testing
– Please take a moment and look at the new Web UI. Any feedback about the general approaches, work flows, and usability is appreciated. It is still very rough but one can hopefully get a good understanding of how
we plan the final UI to function and look like.
– Replication management was significantly improved. Testing of multi replica configurations should be easier.
– We are looking for a feedback about the DNS integration and networking issues you find in your environment configuring and using IPA with the embedded DNS enabled.

Significant Changes Since Alpha 5
– FreeIPA has changed its license to GPLv3+
– Having IPA manage the reverse zone is optional.
– The access control subsystem was re-written to be more understandable.
For details see [2]
– Support for SUDO rules
– There is now a distinction between replicas and their replication agreements in the ipa-replica-manage command. It is now much easier to manage the replication topology.
– Renaming entries is easier with the –rename option of the mod commands.
– Fix special character handling in passwords, ensure that passwords are not logged.
– Certificates can be saved as PEM files in service-show and host-show commands.
– All IPA services are now started/stopped using the ipactl command. This gives us better control over the start/stop order during reboot/shutdown.
– Set up ntpd first so the time is sane.
– Better multi-valued value handle with –setattr and –addattr.
– Add support for both RFC2307 and RFC2307bis to migration.
– UID ranges were reduced by default from 1M to 200k.
– Add ability to add/remove DNS records when adding/removing a host entry.
– A number of i18n issues have been addressed.
– Updated a lot of man pages.

What is not Complete
– We are still using older version of the Dogtag. New version of the Dogtag Certificate System will be based on tomcat6 and is forthcoming.
– We plan to take advantage of Kerberos 1.9 that was released today but we have not finished the integration effort yet.

Known Issues
– IPV6 works in the installer but not the server itself
– Make sure you machine can properly resolve its name before installing the server. Edit /etc/hosts to remove host name from the localhost and localhost6 lines if needed.
– The UI is still rough in places Use the following query [3] to see the tickets currently open against UI.
– Dogtag does not work out-of-the-box on Fedora 14. To fix it for for the time being run:
# ln -s /usr/share/java/xalan-j2-serializer.jar
/usr/share/tomcat5/common/lib/xalan-j2-serializer.jar
– Instead of Dogtag on F14 you can also try the self-signed CA which is similar to the CA that was provided in IPA v1. This was designed for testing and development and not recommended for deployment.
– Make sure you enable updates-testing repository on your fedora machine.

Thank you,
FreeIPA development team