[Freeipa-devel] [PATCH] bind-dyndb-ldap: New idnsAllowQuery and idnsAllowTransfer zone attributes
Adam Tkac
atkac at redhat.com
Mon Jan 10 14:32:52 UTC 2011
On Mon, Jan 10, 2011 at 09:24:40AM -0500, Simo Sorce wrote:
> On Mon, 10 Jan 2011 12:28:51 +0100
> Adam Tkac <atkac at redhat.com> wrote:
>
> > the attached patch adds new attributes, idnsAllowQuery and
> > idnsAllowTransfer, for the idnsZone. With those attributes
> > it is now possible to set ACLs for the zone directly in LDAP.
> >
> > Example of ACL setting:
> >
> > idnsAllowQuery: 127.0.0.1
> > idnsAllowQuery: ::1
> > idnsAllowQuery: 192.168.1.0/24
> >
> > With this setting clients with 127.0.0.1 and ::1 IP addresses and
> > clients from 192.168.1.0/24 network are allowed to obtain resource
> > records from the zone.
> >
> > Comments are welcomed.
>
> Patch looks good, and very useful.
> I have already reserved the 2 new OIDs you used in our internal
> registry and it is an ACK from my pov.
>
> If I read the patch correctly, a zone missing these attributes will
> have no issues (thinking of upgrades), can you confirm ?
Right you are, patch has no effect for existing zones without those
attributes.
Regards, Adam
--
Adam Tkac, Red Hat, Inc.
More information about the Freeipa-devel
mailing list