On Mon, Jan 10, 2011 at 09:24:40AM -0500, Simo Sorce wrote: > On Mon, 10 Jan 2011 12:28:51 +0100 > Adam Tkac <at...@redhat.com> wrote: > > > the attached patch adds new attributes, idnsAllowQuery and > > idnsAllowTransfer, for the idnsZone. With those attributes > > it is now possible to set ACLs for the zone directly in LDAP. > > > > Example of ACL setting: > > > > idnsAllowQuery: 127.0.0.1 > > idnsAllowQuery: ::1 > > idnsAllowQuery: 192.168.1.0/24 > > > > With this setting clients with 127.0.0.1 and ::1 IP addresses and > > clients from 192.168.1.0/24 network are allowed to obtain resource > > records from the zone. > > > > Comments are welcomed. > > Patch looks good, and very useful. > I have already reserved the 2 new OIDs you used in our internal > registry and it is an ACK from my pov. > > If I read the patch correctly, a zone missing these attributes will > have no issues (thinking of upgrades), can you confirm ?
Right you are, patch has no effect for existing zones without those attributes. Regards, Adam -- Adam Tkac, Red Hat, Inc. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
