On Mon, Jan 10, 2011 at 09:24:40AM -0500, Simo Sorce wrote:
> On Mon, 10 Jan 2011 12:28:51 +0100
> Adam Tkac <at...@redhat.com> wrote:
> 
> > the attached patch adds new attributes, idnsAllowQuery and
> > idnsAllowTransfer, for the idnsZone. With those attributes
> > it is now possible to set ACLs for the zone directly in LDAP.
> > 
> > Example of ACL setting:
> > 
> >     idnsAllowQuery: 127.0.0.1
> >     idnsAllowQuery: ::1
> >     idnsAllowQuery: 192.168.1.0/24
> > 
> > With this setting clients with 127.0.0.1 and ::1 IP addresses and
> > clients from 192.168.1.0/24 network are allowed to obtain resource
> > records from the zone.
> > 
> > Comments are welcomed.
> 
> Patch looks good, and very useful.
> I have already reserved the 2 new OIDs you used in our internal
> registry and it is an ACK from my pov.
> 
> If I read the patch correctly, a zone missing these attributes will
> have no issues (thinking of upgrades), can you confirm ?

Right you are, patch has no effect for existing zones without those
attributes.

Regards, Adam

-- 
Adam Tkac, Red Hat, Inc.

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to