Appendix F. Notable Changes in IdM

Certain IdM versions introduce new commands or replace existing ones. Additionally, sometimes configuration or installation procedures change extensively. This appendix describes the most important changes.
For a more detailed list of changes, see the Red Hat Enterprise Linux (RHEL) 7 Release Notes for the individual versions.

IdM 4.6 running on RHEL 7.7

IdM 4.6 running on RHEL 7.6

IdM 4.5 running on RHEL 7.5

IdM 4.5 running on RHEL 7.4

IdM 4.4 running on RHEL 7.3

  • The new ipa replica-manage clean-dangling-ruv command enables administrators to remove all relative update vectors (RUV) from an uninstalled replica.
  • The new ipa server-del command enables administrators to uninstall an IdM server.
  • The following commands introduced in this version enable administrators to manage IdM Certificate Authorities (CA):
    • ipa ca-add
    • ipd ca-del
    • ipa ca-enable
    • ipa ca-disble
    • ipa ca-find
    • ipa ca-mod
    • ipa ca-show
  • The following commands introduced in this version replace the ipa-replica manage command to manage replication agreements:
    • ipa topology-configure
    • ipa topologysegment-mod
    • ipa topologysegment-del
    • ipa topologysuffix-add
    • ipa topologysuffix-show
    • ipa topologysuffix-verify
  • The following commands introduced in this version enable administrators to display a list of IdM servers stored in the cn=masters,cn=ipa,cn=etc,domain_suffix entry:
    • ipa server-find
    • ipa server-show
  • The certmonger helper scripts have been moved from the /usr/lib64/ipa/certmonger/ to the /usr/libexec/ipa/certmonger/ directory.
  • This version introduced domain levels and the following commands to display and set the domain level:
    • ipa domainlevel-set
    • ipa domainlevel-show
  • For further changes in this release, see the following sections in the Red Hat Enterprise Linux 7.3 Release Notes:

IdM 4.2 running on RHEL 7.2

IdM 4.1 running on RHEL 7.1

  • The following commands introduced in this version replace the ipa-getkeytab -r command to retrieve keytabs and set retrieval permissions:
    • ipa-host-allow-retrieve-keytab
    • ipa-host-disallow-retrieve-keytab
    • ipa-host-allow-create-keytab
    • ipa-host-disallow-create-keytab
    • ipa-service-allow-retrieve-keytab
    • ipa-service-disallow-retrieve-keytab
    • ipa-service-allow-create-keytab
    • ipa-service-disallow-create-keytab
  • For further changes in this release, see the New Features - Authentication and Interoperability section in the Red Hat Enterprise Linux 7.1 Release Notes.

IdM 3.3 running on RHEL 7.0