On 08/09/2013 12:02 PM, Tomas Babej wrote: > On 08/08/2013 06:20 PM, Martin Kosek wrote: >> On 08/07/2013 04:52 PM, Tomas Babej wrote: >>> On 08/05/2013 05:59 PM, Martin Kosek wrote: >>>> On 07/17/2013 01:47 PM, Tomas Babej wrote: >>>>>> I will release version 3.5 before end of this week. I have some small >>>>>> fixes >>>>>> ready so it is worth to release it now. >>>>>> >>>>>> To summarize the discussion - please remove following options from >>>>>> configuration file and LDAP schema: >>>>>> cache_ttl >>>>>> psearch (attribute idnsPersistentSearch in idnsConfigObject) >>>>>> zone_refresh (attribute idnsZoneRefresh in idnsConfigObject) >>>>>> >>>>>> -- >>>>>> Petr^2 Spacek >>>>> I have a patch ready, but it can't be tested until 3.5 is out. >>>>> >>>>> Tomas >>>>> >>>> I did not test the patch yet, I just want to comment on one thing I just >>>> noticed. >>>> >>>> I is it a good idea to remove idnsZoneRefresh and idnsPersistentSearch >>>> attribute types and modify idnsConfigObject objectclass? >>>> >>>> This will affect not only new instances, but also the old ones (i.e. >>>> RHEL-6.4) >>>> which may still use these attributes. DNS config object would suddenly >>>> become >>>> unusable because DS would refuse to operate the entry as it does not follow >>>> the >>>> schema. The same applies for ACIs. >>>> >>>> I would personally not do these changes yet, I think just hiding and >>>> marking as >>>> DeprecatedParam is enough for now. Alexander, what do you think? >>>> >>>> Martin >>> We discussed this with Martin. I agreed it would be less cumbersome to >>> keep the attributes in schema for now. >>> >>> I retested the patches, updated versions attached. >>> >>> Petr, can bind-dyndb-ldap handle idnsConfigObject containing >>> idnsPersistentSearch >>> and idnsZoneRefresh attributes? >>> >> I still see some schema and aci changes: >> >> --- a/install/updates/10-bind-schema.update >> +++ b/install/updates/10-bind-schema.update >> @@ -44,7 +44,7 @@ add:attributeTypes: >> SUBSTR caseIgnoreIA5SubstringsMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 >> X-ORIGIN 'IPA v2' ) >> -add:attributeTypes: >> +remove:attributeTypes: >> ( 2.16.840.1.113730.3.8.5.16 >> NAME 'idnsZoneRefresh' >> DESC 'zone refresh interval' >> @@ -52,7 +52,7 @@ add:attributeTypes: >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 >> SINGLE-VALUE >> X-ORIGIN 'IPA v2' ) >> -add:attributeTypes: >> +remove:attributeTypes: >> ( 2.16.840.1.113730.3.8.5.17 >> NAME 'idnsPersistentSearch' >> DESC 'allow persistent searches' >> @@ -65,8 +65,7 @@ add:objectClasses: >> NAME 'idnsConfigObject' >> DESC 'DNS global config options' >> STRUCTURAL >> - MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR $$ >> - idnsZoneRefresh $$ idnsPersistentSearch >> + MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR >> ) ) >> add:objectClasses: >> ( 2.16.840.1.113730.3.8.12.18 >> >> AND >> >> - _write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || >> idnsforwarders || idnsallowsyncptr || idnszonerefresh || >> idnspersistentsearch")(target = "ldap:///cn=dns,%(realm)s")(version 3.0;acl >> "permission:Write DNS Configuration";allow (write) groupdn = >> "ldap:///cn=Write >> DNS Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % >> dict(realm=api.env.basedn)] >> + _write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || >> idnsforwarders || idnsallowsyncptr")(target = >> "ldap:///cn=dns,%(realm)s")(version 3.0;acl "permission:Write DNS >> Configuration";allow (write) groupdn = "ldap:///cn=Write DNS >> Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % >> dict(realm=api.env.basedn)] >> >> Besides these, patch worked fine on both upgrade and new installation. So >> when >> you remove these chunks, it will be ack. >> >> Martin > Updated patch attached. > > Tomas >
ACK! Pushed to master. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel