From 9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Thu, 4 Jun 2009 15:33:49 -0400
Subject: Basic changes to get a default principal for DNS

Also moves delagation layout installation in dsinstance.
This is needed to allow us to set default membership in
other modules like bindinstance.

Signed-off-by: Martin Nagy <mnagy@redhat.com>
---
 install/updates/40-delegation.update | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'install/updates')

diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update
index 78de12f7b..8532e5000 100644
--- a/install/updates/40-delegation.update
+++ b/install/updates/40-delegation.update
@@ -54,6 +54,18 @@ add:objectClass: groupofnames
 add:cn: netgroupadmin
 add:description: Netgroups Administrators
 
+dn: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: groupofnames
+add:cn: dnsadmin
+add:description: DNS Administrators
+
+dn: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: groupofnames
+add:cn: dnsserver
+add:description: DNS Servers
+
 # Add the taskgroups referenced by the ACIs for user administration
 
 dn: cn=taskgroups,cn=accounts,$SUFFIX
@@ -436,3 +448,11 @@ add:aci: '(targetattr = "krbPrincipalKey")(target = "ldap:///cn=*,
   allow (write) groupdn = "ldap:///cn=manage_host_keytab,cn=taskgroups,
   cn=accounts,$SUFFIX";)'
 
+# Taskgroup for updating the DNS entries
+dn: cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: groupofnames
+add:cn: manage_host_keytab
+add:description: Updates DNS
+add:member:'cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX'
+add:member:'cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX'
-- 
cgit