[Freeipa-devel] [PATCH 0077] Fix ACI in DNS (was Add dnssecinlinesigning attribute to ACI)
Petr Viktorin
pviktori at redhat.com
Tue Jul 1 10:44:52 UTC 2014
On 06/30/2014 06:44 PM, Petr Viktorin wrote:
> On 06/25/2014 06:49 PM, Martin Basti wrote:
>> On Wed, 2014-06-25 at 18:47 +0200, Martin Basti wrote:
>>> On Wed, 2014-06-25 at 12:13 +0200, Petr Viktorin wrote:
>>>> On 06/20/2014 03:32 PM, Martin Basti wrote:
>>>>> Required patches: mbasti-0060, mbasti-0073
>>>>>
>>>>> Patch attached.
>>>>>
>>>>
>>>> Hi,
>>>>
>>>> For the raw ACI in dns.ldif, there are some more hoops to jump through.
>>>>
>>>> Remove the ACI from /install/share/dns.ldif entirely (except for
>>>> schema,
>>>> we're slowly replacing the .ldif content by .update files).
>>>>
>>>> In install/updates/40-dns.update, you'll notice the "Update DNS entries
>>>> in a zone" ACI is already being added. You'll need to replace it, using
>>>> a line like:
>>>> replace:aci:'<old ACI>::<new ACI>'
>>>> This will remove the old value that IPA 3.x users still have.
>>>>
>>>> I see you already changed the ACI in 7cdc417, in dns.ldif only. Be
>>>> sureto use the original value for <old ACI>.
>>>>
>>>>
>>> As we discuss personally, ACI requires more changes than add
>>> idnssecinlinesingning only.
>>>
>>> Updated patch attached.
>>>
>> Patch freeipa-mbasti-0078-DNSSEC-add-TLSA-record-type.patch is required.
>
> If 0078 doesn't change substantially, ACK.
Pushed to master: c655aa28321f3a0ef00de89dd4c726f39f62653e
--
Petr³
More information about the Freeipa-devel
mailing list