Basic changes to get a default principal for DNS

Also moves delagation layout installation in dsinstance.
This is needed to allow us to set default membership in
other modules like bindinstance.

Signed-off-by: Martin Nagy <mnagy@redhat.com>

1 files changed, 20 insertions, 0 deletions

diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update
index 78de12f7b..8532e5000 100644
--- a/install/updates/40-delegation.update
+++ b/install/updates/40-delegation.update
@@ -54,6 +54,18 @@ add:objectClass: groupofnames
 add:cn: netgroupadmin
 add:description: Netgroups Administrators
 
+dn: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: groupofnames
+add:cn: dnsadmin
+add:description: DNS Administrators
+
+dn: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: groupofnames
+add:cn: dnsserver
+add:description: DNS Servers
+
 # Add the taskgroups referenced by the ACIs for user administration
 
 dn: cn=taskgroups,cn=accounts,$SUFFIX
@@ -436,3 +448,11 @@ add:aci: '(targetattr = "krbPrincipalKey")(target = "ldap:///cn=*,
   allow (write) groupdn = "ldap:///cn=manage_host_keytab,cn=taskgroups,
   cn=accounts,$SUFFIX";)'
 
+# Taskgroup for updating the DNS entries
+dn: cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: groupofnames
+add:cn: manage_host_keytab
+add:description: Updates DNS
+add:member:'cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX'
+add:member:'cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX'