On Mon, Jan 10, 2011 at 09:24:40AM -0500, Simo Sorce wrote:
> On Mon, 10 Jan 2011 12:28:51 +0100
> Adam Tkac <at...@redhat.com> wrote:
> > the attached patch adds new attributes, idnsAllowQuery and
> > idnsAllowTransfer, for the idnsZone. With those attributes
> > it is now possible to set ACLs for the zone directly in LDAP.
> > Example of ACL setting:
> > idnsAllowQuery: 127.0.0.1
> > idnsAllowQuery: ::1
> > idnsAllowQuery: 192.168.1.0/24
> > With this setting clients with 127.0.0.1 and ::1 IP addresses and
> > clients from 192.168.1.0/24 network are allowed to obtain resource
> > records from the zone.
> > Comments are welcomed.
> Patch looks good, and very useful.
> I have already reserved the 2 new OIDs you used in our internal
> registry and it is an ACK from my pov.
> If I read the patch correctly, a zone missing these attributes will
> have no issues (thinking of upgrades), can you confirm ?
Right you are, patch has no effect for existing zones without those
Adam Tkac, Red Hat, Inc.
Freeipa-devel mailing list