On 12/01/2011 06:27 AM, Simo Sorce wrote:
On Thu, 2011-12-01 at 09:00 -0500, Jiri Kuncar wrote:
I've added an attribute "idnsAllowSyncPTR" to "idnsZone" to enable or
disable synchronization of PTR records. However the bind-dyndb-ldap
plugin option "sync_ptr" has to be included in /etc/named.conf to run
synchronization feature.
We need an update script to run on ipa server at upgrade time then.
My quick fix of LDAP schema in /usr/share/ipa/60basev2.ldif:
The DNS schema objects are in 60ipadns.ldif
-----
attributeTypes: (2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowSyncPTR'
DESC 'permit synchronization of PTR records' EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
NACK.
5.11 is reserved by idnsAllowQuery and 5.12 by idnsAllowTransfer. The
first available OID is 5.13
Do you have a page for tracking OID allocation within the FreeIPA
namespace? If so, we should be sure to consult it to choose the next
available OID and to update it once we have the final patch for this issue.
objectClasses: (2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone
class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $
idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $
idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy
$ idnsAllowSyncPTR ) )
These changes need to be committed to the right file and a .update is
also needed.
https://fedorahosted.org/bind-dyndb-ldap/ticket/39
Need some more work but looks promising.
Simo.
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
