On 06/25/2014 06:49 PM, Martin Basti wrote:
On Wed, 2014-06-25 at 18:47 +0200, Martin Basti wrote:
On Wed, 2014-06-25 at 12:13 +0200, Petr Viktorin wrote:
On 06/20/2014 03:32 PM, Martin Basti wrote:
Required patches: mbasti-0060, mbasti-0073

Patch attached.


For the raw ACI in dns.ldif, there are some more hoops to jump through.

Remove the ACI from /install/share/dns.ldif entirely (except for schema,
we're slowly replacing the .ldif content by .update files).

In install/updates/40-dns.update, you'll notice the "Update DNS entries
in a zone" ACI is already being added. You'll need to replace it, using
a line like:
      replace:aci:'<old ACI>::<new ACI>'
This will remove the old value that IPA 3.x users still have.

I see you already changed the ACI in 7cdc417, in dns.ldif only. Be
sureto use the original value for <old ACI>.

As we discuss personally, ACI requires more changes than add
idnssecinlinesingning only.

Updated patch attached.

Patch freeipa-mbasti-0078-DNSSEC-add-TLSA-record-type.patch is required.

If 0078 doesn't change substantially, ACK.


Freeipa-devel mailing list

Reply via email to