Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 12. Updating and downgrading IdM

12.1. Updating IdM packages

You can use the yum utility to update the Identity Management (IdM) packages on the system.

  • To update all IdM packages that are relevant for your profile and that have updates available:

    # yum upgrade ipa-*

    Before installing an update, make sure you have applied all previously released errata relevant to the RHEL system.

  • Alternatively, to install or update packages to match the latest version available for your profile from any enabled repository:

    # yum distro-sync ipa-*

After you update the IdM packages on at least one server, all other servers in the topology receive the updated schema, even if you do not update their packages. This ensures that any new entries which use the new schema can be replicated among the other servers.


When updating multiple IdM servers, wait at least 10 minutes after updating one server before updating another server. However, the actual time required for a server’s successful update depends on the topology deployed, the latency of the connections, and the number of changes generated by the update.

When two or more servers are updated simultaneously or with only short intervals between the upgrades, there is not enough time to replicate the post-upgrade data changes throughout the topology, which can result in conflicting replication events.

12.2. Downgrading IdM packages

Downgrading IdM packages manually is not supported. Use yum distro-sync to update and downgrade packages in modules.


Do not run the yum downgrade command on any of the ipa-* packages.

Additional resources

  • yum(8) man page