[Freeipa-devel] [PATCH 0077] Fix ACI in DNS (was Add dnssecinlinesigning attribute to ACI)
Martin Basti
mbasti at redhat.com
Wed Jun 25 16:47:09 UTC 2014
On Wed, 2014-06-25 at 12:13 +0200, Petr Viktorin wrote:
> On 06/20/2014 03:32 PM, Martin Basti wrote:
> > Required patches: mbasti-0060, mbasti-0073
> >
> > Patch attached.
> >
>
> Hi,
>
> For the raw ACI in dns.ldif, there are some more hoops to jump through.
>
> Remove the ACI from /install/share/dns.ldif entirely (except for schema,
> we're slowly replacing the .ldif content by .update files).
>
> In install/updates/40-dns.update, you'll notice the "Update DNS entries
> in a zone" ACI is already being added. You'll need to replace it, using
> a line like:
> replace:aci:'<old ACI>::<new ACI>'
> This will remove the old value that IPA 3.x users still have.
>
> I see you already changed the ACI in 7cdc417, in dns.ldif only. Be
> sureto use the original value for <old ACI>.
>
>
As we discuss personally, ACI requires more changes than add
idnssecinlinesingning only.
Updated patch attached.
--
Martin^2 Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0077-2-Fix-ACI-in-DNS.patch
Type: text/x-patch
Size: 11798 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140625/04273ea3/attachment.bin>
More information about the Freeipa-devel
mailing list