On 3.5.2013 15:19, Tomas Hozza wrote:
----- Original Message -----
On 3.5.2013 14:35, Tomas Babej wrote:
On 04/30/2013 03:45 PM, Petr Spacek wrote:
Hello,

Replace TTL values > 2^31-1 with 0.

The rule comes from RFC 2181 section 8.

https://fedorahosted.org/bind-dyndb-ldap/ticket/117



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK, works fine.

Just one question though, the patch as it is leaves the invalid TTL value
in
the tree,
even though it is never interpreted as one (thanks to this patch).

$ ipa dnsrecord-show ipa.example.com skuska --all
    dn:
    idnsname=skuska,idnsname=ipa.example.com,cn=dns,dc=ipa,dc=example,dc=com
    Record name: skuska
    Time to live: 2147483648
    A record: 192.168.0.1
    objectclass: top, idnsrecord

from /var/log/messages:
named[18275]: entry
'idnsname=skuska,idnsname=ipa.example.com,cn=dns,dc=ipa,dc=example,dc=com':
entry TTL 2147483648 > MAXTTL, setting TTL to 0

Wouldn't that be confusing to the user? Shouldn't we fix the TTL value set
in
the entry as well?

It is exactly what "original" BIND does. I would like to imitate the same
behaviour if you are not against it strongly.

I think that:
1) Somebody could use bind-dyndb-ldap with read-only access to LDAP.
2) It will unnecessarily complicate the code.

--
Petr^2 Spacek

Review ACK.

The patch looks good. I also agree with Peter's reasoning. There is also
an error logged when the TTL has MSB set, so one can notice there is a bad
TTL value set in LDAP.

Pushed to master: ccc439e5a5d8d2e0e6dbcb85351f48c501fdad03

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to