diff options
| author | Martin Basti <mbasti@redhat.com> | 2016-06-11 15:50:56 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-17 15:22:24 +0200 |
| commit | cf634a4ff8a100589f99e57c51b2c4591853e88a (patch) | |
| tree | 20ada08c047207e3b4e373511b34206111bd864d /ipaserver/plugins | |
| parent | 394b094fc22ef67742824ec03d4e851a2876fd81 (diff) | |
| download | freeipa-cf634a4ff8a100589f99e57c51b2c4591853e88a.tar.gz freeipa-cf634a4ff8a100589f99e57c51b2c4591853e88a.tar.xz freeipa-cf634a4ff8a100589f99e57c51b2c4591853e88a.zip | |
DNS Locations: add ACI for template attribute
DNS Servers and DNS Administrators must have access to
'idnsTemplateAttribute' to be able set/read template
for generating CNAME records pointing to proper location records.
Also user must be able to add objectclass for idnsTemplateAttribute
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
| -rw-r--r-- | ipaserver/plugins/dns.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ipaserver/plugins/dns.py b/ipaserver/plugins/dns.py index dea2ce9b8..8e2d402d5 100644 --- a/ipaserver/plugins/dns.py +++ b/ipaserver/plugins/dns.py @@ -2525,7 +2525,8 @@ class dnszone(DNSZoneBase): 'idnsforwarders', 'idnsforwardpolicy', 'idnsname', 'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh', 'idnssoaretry', - 'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy', + 'idnssoarname', 'idnssoaserial', 'idnsTemplateAttribute', + 'idnsupdatepolicy', 'idnszoneactive', 'ipseckeyrecord','keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord', 'minforecord', 'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord', @@ -2552,6 +2553,7 @@ class dnszone(DNSZoneBase): 'ipapermlocation': api.env.basedn, 'ipapermtarget': DN('idnsname=*', 'cn=dns', api.env.basedn), 'ipapermdefaultattr': { + 'objectclass', # needed for record templates 'a6record', 'aaaarecord', 'afsdbrecord', 'aplrecord', 'arecord', 'certrecord', 'cn', 'cnamerecord', 'dhcidrecord', 'dlvrecord', 'dnamerecord', 'dnsclass', 'dnsttl', 'dsrecord', @@ -2560,7 +2562,8 @@ class dnszone(DNSZoneBase): 'idnsforwarders', 'idnsforwardpolicy', 'idnsname', 'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh', 'idnssoaretry', - 'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy', + 'idnssoarname', 'idnssoaserial', 'idnsTemplateAttribute', + 'idnsupdatepolicy', 'idnszoneactive', 'ipseckeyrecord','keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord', 'minforecord', 'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord', |