[Freeipa-interest] Announcing bind-dyndb-ldap version 4.1

Petr Spacek pspacek at redhat.com
Mon Feb 24 14:46:40 UTC 2014 

The FreeIPA team is proud to announce bind-dyndb-ldap version 4.1.

It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/

The new version has also been built for Fedora 20 and and is on its way to 
updates-testing:
https://admin.fedoraproject.org/updates/bind-dyndb-ldap-4.1-1.fc20

This release *requires an LDAP server with support for RFC 4533* (aka 
SyncRepl) and contains other significant changes.

Please read all the following text! :-)


== Changes in 4.0 and 4.1 ==
[1] Persistent search and zone refresh were replaced by RFC 4533 (SyncRepl).
     Options zone_refresh, cache_ttl and psearch were removed.
     LDAP attributes idnsZoneRefresh and idnsPersistentSearch were removed.
     https://fedorahosted.org/bind-dyndb-ldap/ticket/120

[2] Internal database was re-factored and replaced by RBT DB from BIND 9.
     As a result, read-query performance is nearly same as with plain BIND.
     Wildcard records are supported and queries for non-existing records
     do not impose additional load on LDAP server.
     https://fedorahosted.org/bind-dyndb-ldap/ticket/95
     https://fedorahosted.org/bind-dyndb-ldap/ticket/6

[3] Plug-in creates journal file for each DNS zone in LDAP. This allows us
     to support IXFR. Working directory has to be writable by named,
     please see README - configuration option "directory".
     https://fedorahosted.org/bind-dyndb-ldap/ticket/64

[4] SOA serial auto-increment feature is now mandatory. The plugin has to have
     write access to LDAP.
     (Proper SOA serial maintenance is required for journaling.)

[5] Data are not served to clients until initial synchronization with LDAP
     is finished. All queries are answered with NXDOMAIN during synchronization.

[6] Crash caused by invalid SOA record was fixed.

[7] Empty instance names (specified by "dynamic-db" directive) were disallowed.

[8] Typo in LDAP schema was fixed.
     https://fedorahosted.org/bind-dyndb-ldap/ticket/121

[9] Minor bugs in error handling found by static code analyzers were fixed.

Known problems and limitations
[1] LDAP MODRDN (rename) is not supported at the moment.

[2] Zones enabled at run-time are not loaded properly.
     You have to restart BIND after changing idnsZoneActive attribute to TRUE.

[3] Zones and records deleted when connection to LDAP is down are not
     refreshed properly after re-connection.
     You have to restart BIND to restore consistency.


== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted 
manually after the RPM installation.

*Make sure that BIND can write to working directory as described in README* 
before you restart BIND.

You will need to clean up configuration file /etc/named.conf if your 
configuration contains typos or other unsupported options.

Downgrading back to any 3.x version is supported as long as record types not 
supported by old version are not utilized.


== Feedback ==
Please provide comments, report bugs and send any other feedback via the 
freeipa-users mailing list:
http://www.redhat.com/mailman/listinfo/freeipa-users

-- 
Petr Spacek
Software engineer
Red Hat

More information about the Freeipa-interest mailing list