[Freeipa-devel] [PATCH] Changed dns permission types
Jan Zelený
jzeleny at redhat.com
Tue Jan 25 12:35:13 UTC 2011
Jan Zelený <jzeleny at redhat.com> wrote:
> Rob Crittenden <rcritten at redhat.com> wrote:
> > Jan Zelený wrote:
> > > Rob Crittenden<rcritten at redhat.com> wrote:
> > >> Jan Zelený wrote:
> > >>> Recent change of DNS module to version caused that dns object type
> > >>> was replaced by dnszone and dnsrecord. This patch corrects dns types
> > >>> in permissions class.
> > >>>
> > >>> https://fedorahosted.org/freeipa/ticket/646
> > >>
> > >> Nack. These values need to be added as valid types to the aci plugin
> > >> and the _type_map needs to be updated.
> > >>
> > >> rob
> > >
> > > I'm sending an updated patch.
> > >
> > > Jan
> >
> > Since dnszone and dnsrecord point to the same kind of entry what is the
> > point of having two separate names for them? When we read the entry we
> > aren't going to be able to differentiate between the two.
>
> I didn't take a look how the type thing works, so I'm kinda guessing here
> (please ignore the comment if it is wrong):
> Sure, object with idnszone class is always also in dnsrecord class, but
> that's not the case backwards (idnsrecord object isn't always idnszone) -
> so I think it is possible to set different ACIs for these two types.
>
> > Can the type be made more specific?
>
> If the mapping doesn't distinguish object classes and it can, maybe that's
> the answer. Will investagate further. But if not, I still think this is
> the way to go considering the underline issue which we tried to solve by
> this change.
From what I found I think that making changes necessary to distinguish
dnsrecord and dnszone are not worth it, especially that user can use "filter"
for that purpose. Since having both of them doesn't have any additional value,
I'm sending new version of the patch, which is only adding dnsrecord type.
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jzeleny-freeipa-0021-3-Changed-dns-permission-types.patch
Type: text/x-patch
Size: 2464 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110125/d60b04d6/attachment.bin>
More information about the Freeipa-devel
mailing list