[Pkg-freeipa-devel] Looking for info on freeipa status

Philippe Clérié philippe at gcal.net
Fri Mar 16 02:15:15 GMT 2018

On 03/15/2018 07:59 AM, Timo Aaltonen wrote:
> On 14.03.2018 02:00, Philippe Clérié wrote:
>> Hello,
>> I just got bit by an upgrade to Ubuntu/Bionic that does not contain
>> Freeipa. Then I find out that the packages are no longer in
>> Debian/Testing but are present in Sid. In addition, there are packages
>> in bionic-proposed. So it looks like Freeipa will eventually get there
>> but I am still concerned. Could you please clarify Freeipa status please?
>> Thanks in advance.
> Hi, here's something.
> Dogtag still needs temporary tomcat8.0 and resteasy3.0 packages to work.
> Upstream is about to release 10.6 which will work with tomcat 8.5 and
> allows us to get rid of tomcat8.0. RESTEasy upstream recently released
> 3.5 which is backwards compatible with 3.0.x series, but also added a
> bunch of new dependencies which would need to be packaged.
> Even with both of these sorted out ipa-server-install needs libnsspem to
> finish (bug #855879). IPA client would need that as well, or certmonger
> wouldn't be able to refresh certificates. Getting libnsspem packaged
> needs changes to src:nss which the maintainer refuses to add. So this is
> probably something that the Debian technical committee needs to weigh in.
> For bionic, the plan was to fix all of above. That doesn't look likely
> anymore, so plan-b would be to provide freeipa-client only..
> IPA has never been in Debian testing IIRC, btw.

Thank you for a very informative reply. Even if it's rather bad news.

On the other hand, if plan-b can work, I'll be more than happy. I can 
keep the current IPA server running on Xenial. For the most part, if I 
have to, I can also hold the clients at Xenial or Artful for a while longer.

As for the desktop I upgraded, the nice thing about IPA is that I can 
easily go back to Artful without having to worry too much about local 
stuff: there isn't supposed to be any.

IPA/Testing, my bad. I do have a couple of Debian servers with 
freeipa-client, so I guess they came from Sid. So I'm now running a 
4.3.1 Ubuntu IPA server, 4.3.1 and 4.4.4 Ubuntu clients, and 4.3.2 
Debian clients. Extra points for raising that issue. I might need to be 

Many thanks and best regards


The trouble with common sense it that it is so uncommon.

More information about the Pkg-freeipa-devel mailing list