[Freeipa-devel] [PATCH] Changed dns permission types
Jan Zelený
jzeleny at redhat.com
Wed Feb 2 07:24:13 UTC 2011
Rob Crittenden <rcritten at redhat.com> wrote:
> Jan Zelený wrote:
> > Jan Zelený<jzeleny at redhat.com> wrote:
> >> Rob Crittenden<rcritten at redhat.com> wrote:
> >>> Jan Zelený wrote:
> >>>> Rob Crittenden<rcritten at redhat.com> wrote:
> >>>>> Jan Zelený wrote:
> >>>>>> Recent change of DNS module to version caused that dns object type
> >>>>>> was replaced by dnszone and dnsrecord. This patch corrects dns types
> >>>>>> in permissions class.
> >>>>>>
> >>>>>> https://fedorahosted.org/freeipa/ticket/646
> >>>>>
> >>>>> Nack. These values need to be added as valid types to the aci plugin
> >>>>> and the _type_map needs to be updated.
> >>>>>
> >>>>> rob
> >>>>
> >>>> I'm sending an updated patch.
> >>>>
> >>>> Jan
> >>>
> >>> Since dnszone and dnsrecord point to the same kind of entry what is the
> >>> point of having two separate names for them? When we read the entry we
> >>> aren't going to be able to differentiate between the two.
> >>
> >> I didn't take a look how the type thing works, so I'm kinda guessing
> >> here (please ignore the comment if it is wrong):
> >> Sure, object with idnszone class is always also in dnsrecord class, but
> >> that's not the case backwards (idnsrecord object isn't always idnszone)
> >> - so I think it is possible to set different ACIs for these two types.
> >>
> >>> Can the type be made more specific?
> >>
> >> If the mapping doesn't distinguish object classes and it can, maybe
> >> that's the answer. Will investagate further. But if not, I still think
> >> this is the way to go considering the underline issue which we tried to
> >> solve by this change.
> >>
> > From what I found I think that making changes necessary to distinguish
> >
> > dnsrecord and dnszone are not worth it, especially that user can use
> > "filter" for that purpose. Since having both of them doesn't have any
> > additional value, I'm sending new version of the patch, which is only
> > adding dnsrecord type.
> >
> > Jan
>
> Ack but this patch needs a rebase.
>
> rob
Rebased patch in attachment
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jzeleny-freeipa-0021-4-Changed-dns-permission-types.patch
Type: text/x-patch
Size: 2479 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110202/67f713c8/attachment.bin>
More information about the Freeipa-devel
mailing list