Update schema for bind-dyndb-ldap

Add new attributes and objectclasses to support new features:
  - global bind-dyndb-ldap settings in LDAP
  - conditional per-zone forwarding
  - per-zone configuration of automatic PTR updates
  - AllowQuery and AllowTransfer ACIs

https://fedorahosted.org/freeipa/ticket/2215
https://fedorahosted.org/freeipa/ticket/2072

2 files changed, 72 insertions, 0 deletions

diff --git a/install/updates/10-bind-schema.update b/install/updates/10-bind-schema.update
new file mode 100644
index 000000000..c3398c1f2
--- /dev/null
+++ b/install/updates/10-bind-schema.update
@@ -0,0 +1,71 @@
+#
+# New schema enhancements from:
+#       https://fedorahosted.org/bind-dyndb-ldap/browser/doc/schema
+#
+dn: cn=schema
+add:attributeTypes:
+    ( 2.16.840.1.113730.3.8.5.11
+      NAME 'idnsAllowQuery'
+      DESC 'BIND9 allow-query ACL element'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+      X-ORIGIN 'IPA v2')
+add:attributeTypes:
+    ( 2.16.840.1.113730.3.8.5.12
+      NAME 'idnsAllowTransfer'
+      DESC 'BIND9 allow-transfer ACL element'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+      X-ORIGIN 'IPA v2')
+add:attributeTypes:
+    ( 2.16.840.1.113730.3.8.5.13
+      NAME 'idnsAllowSyncPTR'
+      DESC 'permit synchronization of PTR records'
+      EQUALITY booleanMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+      SINGLE-VALUE
+      X-ORIGIN 'IPA v2' )
+add:attributeTypes:
+    ( 2.16.840.1.113730.3.8.5.14
+      NAME 'idnsForwardPolicy'
+      DESC 'forward policy: only or first'
+      EQUALITY caseIgnoreIA5Match
+      SUBSTR caseIgnoreIA5SubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+      X-ORIGIN 'IPA v2' )
+add:attributeTypes:
+    ( 2.16.840.1.113730.3.8.5.15
+      NAME 'idnsForwarders'
+      DESC 'list of forwarders'
+      EQUALITY caseIgnoreIA5Match
+      SUBSTR caseIgnoreIA5SubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      X-ORIGIN 'IPA v2' )
+add:attributeTypes:
+    ( 2.16.840.1.113730.3.8.5.16
+      NAME 'idnsZoneRefresh'
+      DESC 'zone refresh interval'
+      EQUALITY integerMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+      SINGLE-VALUE
+      X-ORIGIN 'IPA v2' )
+add:attributeTypes:
+    ( 2.16.840.1.113730.3.8.5.17
+      NAME 'idnsPersistentSearch'
+      DESC 'allow persistent searches'
+      EQUALITY booleanMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+      SINGLE-VALUE
+      X-ORIGIN 'IPA v2' )
+add:objectClasses:
+    ( 2.16.840.1.113730.3.8.6.2
+      NAME 'idnsConfigObject'
+      DESC 'DNS global config options'
+      STRUCTURAL
+      MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR $$
+        idnsZoneRefresh $$ idnsPersistentSearch
+      ) )
+replace:objectClasses:( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY idnsUpdatePolicy )::( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord    STRUCTURAL MUST ( idnsName $$ idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY ( idnsUpdatePolicy $$ idnsAllowQuery $$ idnsAllowTransfer $$ idnsAllowSyncPTR $$ idnsForwardPolicy $$ idnsForwarders ) )
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index c8d4a0548..e1eb35a9e 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -10,6 +10,7 @@ app_DATA =				\
 	10-selinuxusermap.update	\
 	10-sudo.update			\
 	10-ssh.update			\
+	10-bind-schema.update		\
 	19-managed-entries.update	\
 	20-aci.update			\
 	20-dna.update			\