diff options
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-dns/Makefile.am | 6 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-dns/ipa-dns-conf.ldif | 15 | ||||
| -rw-r--r-- | install/updates/40-dns.update | 16 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 6 |
4 files changed, 43 insertions, 0 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-dns/Makefile.am b/daemons/ipa-slapi-plugins/ipa-dns/Makefile.am index 319c6676..1b9f649b 100644 --- a/daemons/ipa-slapi-plugins/ipa-dns/Makefile.am +++ b/daemons/ipa-slapi-plugins/ipa-dns/Makefile.am @@ -32,7 +32,13 @@ libipa_dns_la_LIBADD = \ $(LDAP_LIBS) \ $(NULL) +appdir = $(IPA_DATA_DIR) +app_DATA = \ + ipa-dns-conf.ldif \ + $(NULL) + EXTRA_DIST = \ + $(app_DATA) \ $(NULL) MAINTAINERCLEANFILES = \ diff --git a/daemons/ipa-slapi-plugins/ipa-dns/ipa-dns-conf.ldif b/daemons/ipa-slapi-plugins/ipa-dns/ipa-dns-conf.ldif new file mode 100644 index 00000000..808cc966 --- /dev/null +++ b/daemons/ipa-slapi-plugins/ipa-dns/ipa-dns-conf.ldif @@ -0,0 +1,15 @@ +dn: cn=IPA DNS,cn=plugins,cn=config +changetype: add +objectclass: top +objectclass: nsslapdPlugin +objectclass: extensibleObject +cn: IPA DNS +nsslapd-plugindescription: IPA DNS support plugin +nsslapd-pluginenabled: on +nsslapd-pluginid: ipa_dns +nsslapd-plugininitfunc: ipadns_init +nsslapd-pluginpath: libipa_dns.so +nsslapd-plugintype: preoperation +nsslapd-pluginvendor: Red Hat, Inc. +nsslapd-pluginversion: 1.0 +nsslapd-plugin-depends-on-type: database diff --git a/install/updates/40-dns.update b/install/updates/40-dns.update index 3478a03c..7ad366e6 100644 --- a/install/updates/40-dns.update +++ b/install/updates/40-dns.update @@ -41,3 +41,19 @@ replace:aci:'(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dn # replace DNS tree deny rule with managedBy enhanced allow rule dn: cn=dns, $SUFFIX replace:aci:'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX");)::(targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX" or userattr = "parent[0,1].managedby#GROUPDN";)' + +# add DNS plugin +dn: cn=IPA DNS,cn=plugins,cn=config +default: objectclass: top +default: objectclass: nsslapdPlugin +default: objectclass: extensibleObject +default: cn: IPA DNS +default: nsslapd-plugindescription: IPA DNS support plugin +default: nsslapd-pluginenabled: on +default: nsslapd-pluginid: ipa_dns +default: nsslapd-plugininitfunc: ipadns_init +default: nsslapd-pluginpath: libipa_dns.so +default: nsslapd-plugintype: preoperation +default: nsslapd-pluginvendor: Red Hat, Inc. +default: nsslapd-pluginversion: 1.0 +default: nsslapd-plugin-depends-on-type: database diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index bb8a8019..264c6143 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -209,6 +209,7 @@ class DsInstance(service.Service): self.step("configuring uniqueness plugin", self.__set_unique_attrs) self.step("configuring uuid plugin", self.__config_uuid_module) self.step("configuring modrdn plugin", self.__config_modrdn_module) + self.step("configuring DNS plugin", self.__config_dns_module) self.step("enabling entryUSN plugin", self.__enable_entryusn) self.step("configuring lockout plugin", self.__config_lockout_module) self.step("creating indices", self.__create_indices) @@ -508,6 +509,11 @@ class DsInstance(service.Service): self._ldap_mod("modrdn-conf.ldif") self._ldap_mod("modrdn-krbprinc.ldif", self.sub_dict) + def __config_dns_module(self): + # Configure DNS plugin unconditionally as we would otherwise have + # troubles if other replica just configured DNS with ipa-dns-install + self._ldap_mod("ipa-dns-conf.ldif") + def __config_lockout_module(self): self._ldap_mod("lockout-conf.ldif") |