I've just spent two days trying to upgrade our school's Fedora 27
FreeIPA servers to Fedora 28 and kept hitting multiple roadblocks. I
finally found this post on the freeipa-users mailing list:
It basically says (and I've spent two days attesting to the fact) that
FreeIPA isn't actually ready for production use on Fedora 28.
I would like to suggest that, for something as central to the Fedora
Server story as FreeIPA is, we should have done at least one of the
1. Posted the above message to at least one of the Fedora
users/devel/server mailing lists.
2. Put something like the above message in the Fedora 28 release notes.
3. Modularized FreeIPA, putting the current 4.6.90-pre series in a
development module, and putting Fedora 27's 4.6.x series in a stable
It seems that we knew that FreeIPA wasn't ready well before Fedora 28
was released, so I think we really dropped the ball by not releasing
this information sooner and not distributing it more widely.
P.S. For those who care, VM snapshots are wonderful. I restored our
FreeIPA servers from snapshots, so any users who changed their password
in the last 24 hours or so will have to change it again.