Show Table of Contents
Appendix F. Notable Changes in IdM
Certain IdM versions introduce new commands or replace existing ones. Additionally, sometimes configuration or installation procedures change extensively. This appendix describes the most important changes.
For a more detailed list of changes, see the Red Hat Enterprise Linux (RHEL) 7 Release Notes for the individual versions.
IdM 4.6 running on RHEL 7.7
- The
ipa-cert-fixutility has been added to renew system certificates when IdM is offline. For details, see Section 26.2.3, “Renewing Expired System Certificates When IdM is Offline”. - For further changes in this release, see the following sections in the Red Hat Enterprise Linux 7.7 Release Notes:
IdM 4.6 running on RHEL 7.6
- For changes in this release, see the following sections in the Red Hat Enterprise Linux 7.6 Release Notes:
IdM 4.5 running on RHEL 7.5
- For changes in this release, see the following sections in the Red Hat Enterprise Linux 7.5 Release Notes:
IdM 4.5 running on RHEL 7.4
- This version changed the SSL back end for client HTTPS connections from Network Security Services (NSS) to OpenSSL. As a consequence, the Registration Authority (RA) stores now its certificate in the
/var/lib/ipa/directory instead of an NSS database. - For further changes in this release, see the following sections in the Red Hat Enterprise Linux 7.4 Release Notes:
IdM 4.4 running on RHEL 7.3
- The new
ipa replica-manage clean-dangling-ruvcommand enables administrators to remove all relative update vectors (RUV) from an uninstalled replica. - The new
ipa server-delcommand enables administrators to uninstall an IdM server. - The following commands introduced in this version enable administrators to manage IdM Certificate Authorities (CA):
ipa ca-addipd ca-delipa ca-enableipa ca-disbleipa ca-findipa ca-modipa ca-show
- The following commands introduced in this version replace the
ipa-replica managecommand to manage replication agreements:ipa topology-configureipa topologysegment-modipa topologysegment-delipa topologysuffix-addipa topologysuffix-showipa topologysuffix-verify
- The following commands introduced in this version enable administrators to display a list of IdM servers stored in the
cn=masters,cn=ipa,cn=etc,domain_suffixentry:ipa server-findipa server-show
- The certmonger helper scripts have been moved from the
/usr/lib64/ipa/certmonger/to the/usr/libexec/ipa/certmonger/directory. - This version introduced domain levels and the following commands to display and set the domain level:
ipa domainlevel-setipa domainlevel-show
- For further changes in this release, see the following sections in the Red Hat Enterprise Linux 7.3 Release Notes:
IdM 4.2 running on RHEL 7.2
- For changes in this release, see the New Features - Authentication and Interoperability section in the Red Hat Enterprise Linux 7.2 Release Notes.
IdM 4.1 running on RHEL 7.1
- The following commands introduced in this version replace the
ipa-getkeytab -rcommand to retrieve keytabs and set retrieval permissions:ipa-host-allow-retrieve-keytabipa-host-disallow-retrieve-keytabipa-host-allow-create-keytabipa-host-disallow-create-keytabipa-service-allow-retrieve-keytabipa-service-disallow-retrieve-keytabipa-service-allow-create-keytabipa-service-disallow-create-keytab
- For further changes in this release, see the New Features - Authentication and Interoperability section in the Red Hat Enterprise Linux 7.1 Release Notes.
IdM 3.3 running on RHEL 7.0
- For changes in this release, see the New Features - Authentication and Interoperability section in the Red Hat Enterprise Linux 7.0 Release Notes.