From b5b040e68f571a858dfe85b65b58687ffc816649 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Wed, 13 Mar 2013 15:15:41 +0100
Subject: Configure ipa_dns DS plugin on install and upgrade

The plugin is configured unconditionally (i.e. does not check if
IPA was configured with DNS) as the plugin is needed on all
replicas to prevent objectclass violations due to missing SOA
serial in idnsZone objectclass. The violation could happen if just
one replica configured DNS and added a new zone.

https://fedorahosted.org/freeipa/ticket/3347
---
 install/updates/40-dns.update | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'install')

diff --git a/install/updates/40-dns.update b/install/updates/40-dns.update
index 3478a03c..7ad366e6 100644
--- a/install/updates/40-dns.update
+++ b/install/updates/40-dns.update
@@ -41,3 +41,19 @@ replace:aci:'(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dn
 # replace DNS tree deny rule with managedBy enhanced allow rule
 dn: cn=dns, $SUFFIX
 replace:aci:'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX");)::(targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX" or userattr = "parent[0,1].managedby#GROUPDN";)'
+
+# add DNS plugin
+dn: cn=IPA DNS,cn=plugins,cn=config
+default: objectclass: top
+default: objectclass: nsslapdPlugin
+default: objectclass: extensibleObject
+default: cn: IPA DNS
+default: nsslapd-plugindescription: IPA DNS support plugin
+default: nsslapd-pluginenabled: on
+default: nsslapd-pluginid: ipa_dns
+default: nsslapd-plugininitfunc: ipadns_init
+default: nsslapd-pluginpath: libipa_dns.so
+default: nsslapd-plugintype: preoperation
+default: nsslapd-pluginvendor: Red Hat, Inc.
+default: nsslapd-pluginversion: 1.0
+default: nsslapd-plugin-depends-on-type: database
-- 
cgit