Blank out header-logo.png product-name.png
[4.1.0-18]
Fix ipa-pwd-extop global configuration caching (#1187342)
group-detach does not add correct objectclasses (#1187540)
[4.1.0-17]
Wrong directories created on full restore (#1186398)
ipa-restore crashes if replica is unreachable (#1186396)
idoverrideuser-add option --sshpubkey does not work (#1185410)
[4.1.0-16]
PassSync does not sync passwords due to missing ACIs (#1181093)
ipa-replica-manage list does not list synced domain (#1181010)
Do not assume certmonger is running in httpinstance (#1181767)
ipa-replica-manage disconnect fails without password (#1183279)
Put LDIF files to their original location in ipa-restore (#1175277)
DUA profile not available anonymously (#1184149)
IPA replica missing data after master upgraded (#1176995)
[4.1.0-15]
Re-add accidentally removed patches for #1170695 and #1164896
[4.1.0-14]
IPA Replicate creation fails with error ‘Update failed! Status: [10 Total
update abortedLDAP error: Referral]’ (#1166265)
running ipa-server-install --setup-dns results in a crash (#1072502)
DNS zones are not migrated into forward zones if 4.0+ replica is added
(#1175384)
gid is overridden by uid in default trust view (#1168904)
When migrating warn user if compat is enabled (#1177133)
Clean up debug log for trust-add (#1168376)
No error message thrown on restore(full kind) on replica from full backup
taken on master (#1175287)
ipa-restore proceed even IPA not configured (#1175326)
Data replication not working as expected after data restore from full backup
(#1175277)
IPA externally signed CA cert expiration warning missing from log (#1178128)
ipa-upgradeconfig fails in CA-less installs (#1181767)
IPA certs fail to autorenew simultaneouly (#1173207)
More validation required on ipa-restore’s options (#1176034)
[4.1.0-13]
Expand the token auth/sync windows (#919228)
Access is not rejected for disabled domain (#1172598)
krb5kdc crash in ldap_pvt_search (#1170695)
RHEL7.1 IPA server httpd avc denials after upgrade (#1164896)
[4.1.0-12]
RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible
(#1169591)
CLI doesn’t show SSHFP records with SHA256 added via nsupdate (regression)
(#1172578)
[4.1.0-11]
Throw zonemgr error message before installation proceeds (#1163849)
Winsync: Setup is broken due to incorrect import of certificate (#1169867)
Enable last token deletion when password auth type is configured (#919228)
ipa-otp-lasttoken loads all user’s tokens on every mod/del (#1166641)
add --hosts and --hostgroup options to allow/retrieve keytab methods
(#1007367)
Extend host-show to add the view attribute in set of default attributes
(#1168916)
Prefer TCP connections to UDP in krb5 clients (#919228)
[WebUI] Not able to unprovisioning service in IPA 4.1 (#1168214)
webui: increase notification duration (#1171089)
RHEL7.1 ipa automatic CA cert renewal stuck in submitting state (#1166931)
RHEL7.1 ipa-cacert-manage cannot change external to self-signed ca cert
(#1170003)
Improve validation of --instance and --backend options in ipa-restore
(#951581)
RHEL7.1 ipa replica unable to replicate to rhel6 master (#1167964)
Disable TLS 1.2 in nss.conf until mod_nss supports it (#1156466)
[4.1.0-10]
Use NSS protocol range API to set available TLS protocols (#1156466)
[4.1.0-9]
schema update on RHEL-6.6 using latest copy-schema-to-ca.py from RHEL-7.1
build fails (#1167196)
Investigate & fix Coverity defects in IPA DS/KDC plugins (#1160756)
'ipa trust-add … ’ cmd says : (Trust status: Established and verified)
while in the logs we see ‘WERR_ACCESS_DENIED’ during verification step.
(#1144121)
POODLE: force using safe ciphers (non-SSLv3) in IPA client and server
(#1156466)
Add support/hooks for a one-time password system like SecureID in IPA
(#919228)
Tracebacks with latest build for --zonemgr cli option (#1167270)
ID Views: Support migration from the sync solution to the trust solution
(#891984)
[4.1.0-8]
Improve otptoken help messages (#919228)
Ensure users exist when assigning tokens to them (#919228)
Enable QR code display by default in otptoken-add (#919228)
Show warning instead of error if CA did not start (#1158410)
CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges (#1165774)
Traceback when adding zone with long name (#1164859)
Backup & Restore mechanism (#951581)
ignoring user attributes in migrate-ds does not work if uppercase characters
are returned by ldap (#1159816)
Allow ipa-getkeytab to optionally fetch existing keys (#1007367)
Failure when installing on dual stacked system with external ca (#1128380)
ipa-server should keep backup of CS.cfg (#1059135)
Tracebacks with latest build for --zonemgr cli option (#1167270)
webui: use domain name instead of domain SID in idrange adder dialog
(#891984)