diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-02-24 09:35:12 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-24 09:40:36 +0100 |
commit | 1816643a43802ca2a353930cb2bbb2781b39c80f (patch) | |
tree | bdd5a1a949e8d4d229d459eb6971bc7f4a50b8ba | |
parent | d4a1dc5712cd2fa9e028a43e5b7146891e5012f0 (diff) | |
download | freeipa-1816643a43802ca2a353930cb2bbb2781b39c80f.tar.gz freeipa-1816643a43802ca2a353930cb2bbb2781b39c80f.tar.xz freeipa-1816643a43802ca2a353930cb2bbb2781b39c80f.zip |
Update schema for bind-dyndb-ldap
Add new attributes and objectclasses to support new features:
- global bind-dyndb-ldap settings in LDAP
- conditional per-zone forwarding
- per-zone configuration of automatic PTR updates
- AllowQuery and AllowTransfer ACIs
https://fedorahosted.org/freeipa/ticket/2215
https://fedorahosted.org/freeipa/ticket/2072
-rw-r--r-- | freeipa.spec.in | 5 | ||||
-rw-r--r-- | install/share/60ipadns.ldif | 12 | ||||
-rw-r--r-- | install/updates/10-bind-schema.update | 71 | ||||
-rw-r--r-- | install/updates/Makefile.am | 1 |
4 files changed, 86 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index ec6930e80..a61a3a14e 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -150,7 +150,7 @@ Requires(postun): python initscripts chkconfig # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions # that work for us. -Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1 +Conflicts: bind-dyndb-ldap < 1.1.0-0.8.a2 Conflicts: bind < 9.8.1-1 # mod_proxy provides a single API to communicate over SSL. If mod_ssl @@ -672,6 +672,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Fri Feb 24 2012 Martin Kosek <mkosek@redhat.com> - 2.99.0-18 +- Set min for bind-dyndb-ldap to 1.1.0-0.8.a2 to pick up new features + * Thu Feb 23 2012 Rob Crittenden <rcritten@redhat.com> - 2.99.0-17 - Add Conflicts on mod_ssl diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif index e975cdb93..6f88d05e2 100644 --- a/install/share/60ipadns.ldif +++ b/install/share/60ipadns.ldif @@ -42,5 +42,13 @@ attributeTypes: (2.16.840.1.113730.3.8.5.7 NAME 'idnsSOAretry' DESC 'SOA retry v attributeTypes: (2.16.840.1.113730.3.8.5.8 NAME 'idnsSOAexpire' DESC 'SOA expire value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.5.9 NAME 'idnsSOAminimum' DESC 'SOA minimum value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.5.10 NAME 'idnsUpdatePolicy' DESC 'DNS dynamic updates policy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) -objectClasses: (2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $ AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $ SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $ MINFORecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ LOCRecord $ NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord ) -objectClasses: (2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum) MAY idnsUpdatePolicy +attributeTypes: ( 2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowQuery' DESC 'BIND9 allow-query ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.12 NAME 'idnsAllowTransfer' DESC 'BIND9 allow-transfer ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.13 NAME 'idnsAllowSyncPTR' DESC 'permit synchronization of PTR records' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC 'forward policy: only or first' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'list of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zone refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DESC 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $ AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $ SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $ MINFORecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ LOCRecord $ NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord ) +objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) ) diff --git a/install/updates/10-bind-schema.update b/install/updates/10-bind-schema.update new file mode 100644 index 000000000..c3398c1f2 --- /dev/null +++ b/install/updates/10-bind-schema.update @@ -0,0 +1,71 @@ +# +# New schema enhancements from: +# https://fedorahosted.org/bind-dyndb-ldap/browser/doc/schema +# +dn: cn=schema +add:attributeTypes: + ( 2.16.840.1.113730.3.8.5.11 + NAME 'idnsAllowQuery' + DESC 'BIND9 allow-query ACL element' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + X-ORIGIN 'IPA v2') +add:attributeTypes: + ( 2.16.840.1.113730.3.8.5.12 + NAME 'idnsAllowTransfer' + DESC 'BIND9 allow-transfer ACL element' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + X-ORIGIN 'IPA v2') +add:attributeTypes: + ( 2.16.840.1.113730.3.8.5.13 + NAME 'idnsAllowSyncPTR' + DESC 'permit synchronization of PTR records' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE + X-ORIGIN 'IPA v2' ) +add:attributeTypes: + ( 2.16.840.1.113730.3.8.5.14 + NAME 'idnsForwardPolicy' + DESC 'forward policy: only or first' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + X-ORIGIN 'IPA v2' ) +add:attributeTypes: + ( 2.16.840.1.113730.3.8.5.15 + NAME 'idnsForwarders' + DESC 'list of forwarders' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN 'IPA v2' ) +add:attributeTypes: + ( 2.16.840.1.113730.3.8.5.16 + NAME 'idnsZoneRefresh' + DESC 'zone refresh interval' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE + X-ORIGIN 'IPA v2' ) +add:attributeTypes: + ( 2.16.840.1.113730.3.8.5.17 + NAME 'idnsPersistentSearch' + DESC 'allow persistent searches' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE + X-ORIGIN 'IPA v2' ) +add:objectClasses: + ( 2.16.840.1.113730.3.8.6.2 + NAME 'idnsConfigObject' + DESC 'DNS global config options' + STRUCTURAL + MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR $$ + idnsZoneRefresh $$ idnsPersistentSearch + ) ) +replace:objectClasses:( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY idnsUpdatePolicy )::( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsName $$ idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY ( idnsUpdatePolicy $$ idnsAllowQuery $$ idnsAllowTransfer $$ idnsAllowSyncPTR $$ idnsForwardPolicy $$ idnsForwarders ) ) diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index c8d4a0548..e1eb35a9e 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -10,6 +10,7 @@ app_DATA = \ 10-selinuxusermap.update \ 10-sudo.update \ 10-ssh.update \ + 10-bind-schema.update \ 19-managed-entries.update \ 20-aci.update \ 20-dna.update \ |