On Wed, 2014-06-25 at 18:47 +0200, Martin Basti wrote: > On Wed, 2014-06-25 at 12:13 +0200, Petr Viktorin wrote: > > On 06/20/2014 03:32 PM, Martin Basti wrote: > > > Required patches: mbasti-0060, mbasti-0073 > > > > > > Patch attached. > > > > > > > Hi, > > > > For the raw ACI in dns.ldif, there are some more hoops to jump through. > > > > Remove the ACI from /install/share/dns.ldif entirely (except for schema, > > we're slowly replacing the .ldif content by .update files). > > > > In install/updates/40-dns.update, you'll notice the "Update DNS entries > > in a zone" ACI is already being added. You'll need to replace it, using > > a line like: > > replace:aci:'<old ACI>::<new ACI>' > > This will remove the old value that IPA 3.x users still have. > > > > I see you already changed the ACI in 7cdc417, in dns.ldif only. Be > > sureto use the original value for <old ACI>. > > > > > As we discuss personally, ACI requires more changes than add > idnssecinlinesingning only. > > Updated patch attached. > Patch freeipa-mbasti-0078-DNSSEC-add-TLSA-record-type.patch is required.
-- Martin^2 Basti _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel