[Freeipa-devel] [PATCH] bind-dyndb-ldap: enable/disable PTR synchronization per zone
Nathan Kinder
nkinder at redhat.com
Thu Dec 1 18:50:47 UTC 2011
On 12/01/2011 06:27 AM, Simo Sorce wrote:
> On Thu, 2011-12-01 at 09:00 -0500, Jiri Kuncar wrote:
>> I've added an attribute "idnsAllowSyncPTR" to "idnsZone" to enable or
>> disable synchronization of PTR records. However the bind-dyndb-ldap
>> plugin option "sync_ptr" has to be included in /etc/named.conf to run
>> synchronization feature.
> We need an update script to run on ipa server at upgrade time then.
>
>> My quick fix of LDAP schema in /usr/share/ipa/60basev2.ldif:
> The DNS schema objects are in 60ipadns.ldif
>
>> -----
>> attributeTypes: (2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowSyncPTR'
>> DESC 'permit synchronization of PTR records' EQUALITY booleanMatch
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
> NACK.
> 5.11 is reserved by idnsAllowQuery and 5.12 by idnsAllowTransfer. The
> first available OID is 5.13
Do you have a page for tracking OID allocation within the FreeIPA
namespace? If so, we should be sure to consult it to choose the next
available OID and to update it once we have the final patch for this issue.
>
>> objectClasses: (2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone
>> class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $
>> idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $
>> idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy
>> $ idnsAllowSyncPTR ) )
> These changes need to be committed to the right file and a .update is
> also needed.
>
>> https://fedorahosted.org/bind-dyndb-ldap/ticket/39
>>
> Need some more work but looks promising.
> Simo.
>
More information about the Freeipa-devel
mailing list