IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.
Provides
Requires
License
GPL-3.0-or-later
Changelog
* Fri Jan 16 2026 Florence Blanc-Renaud <flo@redhat.com> - 4.13.1-1
- Resolves: RHEL-141446 [RFE] Command that retrieve and install new CA certificates
- Resolves: RHEL-140584 Support replaceable WebUI artwork for RHEL and CentOS
- Resolves: RHEL-141297 Memory leaks in IPA plugins
- Resolves: RHEL-141054 IPA fails to sign zone
- Resolves: RHEL-138570 AddressSanitizer: SEGV ipa-pwd-extop/common.c:584 in ipapwd_gen_checks
- Resolves: RHEL-138473 Include latest fixes in python3-ipatests package
- Resolves: RHEL-137585 ipa-server-upgrade succeeds but ipactl restart fails due to ipa-dnskeysyncd service failure caused by SELinux AVC denial on RHEL 9.8
* Tue Dec 09 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.13.0-1
- Resolves: RHEL-134542 Add modern WebUI as submodule and enable routing in Apache
- Resolves: RHEL-134540 Switch IPA to use the PKI python API directly rather than RPC calls
- Resolves: RHEL-134196 After upgrade from 9.7 to 9.8 ipactl restart fails to restart winbind service
- Resolves: RHEL-132334 Include latest fixes in python3-ipatests package
- Resolves: RHEL-129224 Fix ipatests for kdcproxy after CVE-2025-59088 fix
- Resolves: RHEL-126974 Minor typo in ipa_idrange_fix.py
- Resolves: RHEL-120954 Rebase ipa to latest 4.13.x version for RHEL 9.8
* Wed Nov 19 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-25
- Resolves: RHEL-128238 [RFE] Support storing LWCA private keys on an HSM [rhel-9]
- Resolves: RHEL-126515 RFE: Enable external password reset agents to use ipa_pwd_extop in RHEL IdM [rhel-9]
- Resolves: RHEL-73399 RFE: Update IdM password policy configurations to meet M-22-09 by restricting spaces and require number character class
- Resolves: RHEL-128241 ATTR_NAME_BY_OID is missing OID 2.5.4.97, organizationIdentifier [rhel-9]
- Resolves: RHEL-126514 [RFE] ipa-client-automount should have an option to include domain of the machine. [rhel-9]
- Resolves: RHEL-124171 Include latest fixes in python3-ipatests package
- Resolves: RHEL-120514 Include fixes in python3-ipatests [rhel-9.8]
- Resolves: RHEL-118609 test_cacert_manage fails due to expired Let's Encrypt R3 certificate
* Tue Sep 30 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-24
- Resolves: RHEL-118448 CVE-2025-7493 ipa: Privilege escalation from host to domain admin in FreeIPA
* Thu Sep 18 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-23
- Related: RHEL-114548 Rebase Samba to the latest 4.23.x release
* Mon Aug 25 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-22
- Resolves: RHEL-107483 ipa-ca-install fails on CA-less replica due to inadequate key usage in master certificate
* Mon Aug 18 2025 Rafael Jeffman <rjeffman@redhat.com> - 4.12.2-21
- Resolves: RHEL-109768 Revert allow update of Kerberos master key
* Wed Jul 30 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-20
- Resolves: RHEL-106285 Incorrect use of external IdP GitHub trademark
- Resolves: RHEL-106026 Include fixes in python3-ipatests package
- Resolves: RHEL-105512 kdb: prevent double crash in RBCD ACL free
- Resolves: RHEL-101707 ipatests: use "sos report" instead of "sosreport" command
- Resolves: RHEL-101544 ipa-client-encrypted-dns does not ensure bind-utils >= 9.18 for DoT-compatible nsupdate
- Resolves: RHEL-100450 eDNS: multiple issues during encrypted DNS setup
* Thu Jun 26 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-19
- Resolves: RHEL-100450 eDNS: multiple issues during encrypted DNS setup
- Resolves: RHEL-89907 Privilege escalation from host to domain admin in FreeIPA
- Resolves: RHEL-99315 Include latest fixes in python3-ipatests package
- Resolves: RHEL-98565 ipa-idrange-fix: 'Env' object has no attribute 'basedn'
- Resolves: RHEL-96920 Nightly test failure (rawhide) in test_trust.py::TestTrust::test_server_option_with_unreachable_ad
- Resolves: RHEL-31907 kdb: support storing and retrieving multiple master keys
* Wed Jun 11 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-18
- Related: RHEL-89873
* Wed Jun 04 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-17
- Resolves: RHEL-95010 [RFE] Give warning when adding user with UID out of any ID range
- Resolves: RHEL-93890 Include latest fixes in python3-ipatests package
- Resolves: RHEL-93887 ipa idrange-add --help should be more clear about required options
- Resolves: RHEL-93483 Unable to modify IPA config; --ipaconfigstring="" causes internal error
- Resolves: RHEL-88834 kdb: ipadb_get_connection() succeeds but returns null LDAP context
- Resolves: RHEL-68800 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change'
* Tue Apr 29 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-16
- Resolves: RHEL-88900 [RFE] Add check on CA cert expiry for ipa-cert-fix
- Resolves: RHEL-88037 Server installation: dot-forwarder not added as a forwarder
- Resolves: RHEL-86483 Include latest fixes in python3-ipatests package
- Resolves: RHEL-41178 ipa-sidgen: fix memory leak in ipa_sidgen_add_post_op()
* Tue Mar 25 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-