diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-04-25 14:07:16 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-05-30 20:14:32 +0200 |
commit | 321a2ba9185e4a21d5b2f9949cd3bec32a1fd60a (patch) | |
tree | 1d826eb5b4b21e9562d49536b556d037dbb64ee7 /install/updates | |
parent | 70794c7b1d001ce331d4a64c77d23abcc02c541e (diff) | |
download | freeipa-321a2ba9185e4a21d5b2f9949cd3bec32a1fd60a.tar.gz freeipa-321a2ba9185e4a21d5b2f9949cd3bec32a1fd60a.tar.xz freeipa-321a2ba9185e4a21d5b2f9949cd3bec32a1fd60a.zip |
Add ipaDNSVersion option to dnsconfig* commands and use new attribute
Ad-hoc LDAP calls in DNS upgrade code were hard to maintain and
ipaConfigString was bad idea from the very beginning as it was hard to
manipulate the number in it.
To avoid problems in future we are introducing new ipaDNSVersion
attribute which is used on cn=dns instead of ipaConfigString.
Original value of ipaConfigString is kept in the tree for now
so older upgraders see it and do not execute the upgrade procedure again.
The attribute can be changed only by installer/upgrade so it is not
exposed in dnsconfig_mod API.
Command dnsconfig_show displays it only if --all option was used.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'install/updates')
-rw-r--r-- | install/updates/40-dns.update | 1 | ||||
-rw-r--r-- | install/updates/90-post_upgrade_plugins.update | 1 |
2 files changed, 1 insertions, 1 deletions
diff --git a/install/updates/40-dns.update b/install/updates/40-dns.update index 9f64a2f70..4c0824b83 100644 --- a/install/updates/40-dns.update +++ b/install/updates/40-dns.update @@ -2,7 +2,6 @@ # update DNS container dn: cn=dns, $SUFFIX addifexist: objectClass: idnsConfigObject -addifexist: objectClass: ipaConfigObject addifexist: aci:(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";) addifexist: aci:(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";) addifexist: aci:(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";) diff --git a/install/updates/90-post_upgrade_plugins.update b/install/updates/90-post_upgrade_plugins.update index 9c9ee160f..d8498edd4 100644 --- a/install/updates/90-post_upgrade_plugins.update +++ b/install/updates/90-post_upgrade_plugins.update @@ -3,6 +3,7 @@ # middle plugin: update_ca_topology +plugin: update_ipaconfigstring_dnsversion_to_ipadnsversion plugin: update_dnszones plugin: update_dns_limits plugin: update_sigden_extdom_broken_config |