diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-04-27 14:44:17 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-05-30 20:14:32 +0200 |
commit | f750d42b6f2d7f792ce56b6832d2bd1ae1f333a0 (patch) | |
tree | c855b12fafd771cefb1ac91fb60a5f4ed8809bcf /install/share | |
parent | c978ad5b425a564b6bd3b97fb7a5e25219000e52 (diff) | |
download | freeipa-f750d42b6f2d7f792ce56b6832d2bd1ae1f333a0.tar.gz freeipa-f750d42b6f2d7f792ce56b6832d2bd1ae1f333a0.tar.xz freeipa-f750d42b6f2d7f792ce56b6832d2bd1ae1f333a0.zip |
DNS upgrade: change forwarding policy to = only for conflicting forward zones
This change is necessary to override automatic empty zone configuration
in latest BIND and bind-dyndb-ldap 9.0+.
This procedure is still not complete because we need to handle global
forwarders too (in LDAP and in named.conf on each server).
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/dns.ldif | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/install/share/dns.ldif b/install/share/dns.ldif index d71e2ad7d..bd5cc57f9 100644 --- a/install/share/dns.ldif +++ b/install/share/dns.ldif @@ -2,10 +2,12 @@ dn: cn=dns,$SUFFIX changetype: add objectClass: idnsConfigObject objectClass: nsContainer +objectClass: ipaConfigObject objectClass: ipaDNSContainer objectClass: top cn: dns -ipaDNSVersion: 1 +ipaConfigString: DNSVersion 1 +ipaDNSVersion: 2 aci: (targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX" or userattr = "parent[0,1].managedby#GROUPDN";) aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";) aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";) |