[Freeipa-devel] [PATCH] bind-dyndb-ldap: enable/disable PTR synchronization per zone
Simo Sorce
simo at redhat.com
Thu Dec 1 14:27:08 UTC 2011
On Thu, 2011-12-01 at 09:00 -0500, Jiri Kuncar wrote:
> I've added an attribute "idnsAllowSyncPTR" to "idnsZone" to enable or
> disable synchronization of PTR records. However the bind-dyndb-ldap
> plugin option "sync_ptr" has to be included in /etc/named.conf to run
> synchronization feature.
We need an update script to run on ipa server at upgrade time then.
> My quick fix of LDAP schema in /usr/share/ipa/60basev2.ldif:
The DNS schema objects are in 60ipadns.ldif
> -----
> attributeTypes: (2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowSyncPTR'
> DESC 'permit synchronization of PTR records' EQUALITY booleanMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
NACK.
5.11 is reserved by idnsAllowQuery and 5.12 by idnsAllowTransfer. The
first available OID is 5.13
> objectClasses: (2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone
> class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $
> idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $
> idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy
> $ idnsAllowSyncPTR ) )
These changes need to be committed to the right file and a .update is
also needed.
> https://fedorahosted.org/bind-dyndb-ldap/ticket/39
>
Need some more work but looks promising.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list