[Freeipa-devel] [PATCH 0077] Fix ACI in DNS (was Add dnssecinlinesigning attribute to ACI)
Petr Viktorin
pviktori at redhat.com
Mon Jun 30 16:44:30 UTC 2014
On 06/25/2014 06:49 PM, Martin Basti wrote:
> On Wed, 2014-06-25 at 18:47 +0200, Martin Basti wrote:
>> On Wed, 2014-06-25 at 12:13 +0200, Petr Viktorin wrote:
>>> On 06/20/2014 03:32 PM, Martin Basti wrote:
>>>> Required patches: mbasti-0060, mbasti-0073
>>>>
>>>> Patch attached.
>>>>
>>>
>>> Hi,
>>>
>>> For the raw ACI in dns.ldif, there are some more hoops to jump through.
>>>
>>> Remove the ACI from /install/share/dns.ldif entirely (except for schema,
>>> we're slowly replacing the .ldif content by .update files).
>>>
>>> In install/updates/40-dns.update, you'll notice the "Update DNS entries
>>> in a zone" ACI is already being added. You'll need to replace it, using
>>> a line like:
>>> replace:aci:'<old ACI>::<new ACI>'
>>> This will remove the old value that IPA 3.x users still have.
>>>
>>> I see you already changed the ACI in 7cdc417, in dns.ldif only. Be
>>> sureto use the original value for <old ACI>.
>>>
>>>
>> As we discuss personally, ACI requires more changes than add
>> idnssecinlinesingning only.
>>
>> Updated patch attached.
>>
> Patch freeipa-mbasti-0078-DNSSEC-add-TLSA-record-type.patch is required.
If 0078 doesn't change substantially, ACK.
--
Petr³
More information about the Freeipa-devel
mailing list