Hi, some additional comments are in the patch. Martin
>From 003b8ee61673216243fe872297d069cb476e5600 Mon Sep 17 00:00:00 2001 From: Martin Nagy <mn...@redhat.com> Date: Wed, 25 Nov 2009 01:00:26 +0100 Subject: [PATCH] Set BIND to use ldapi and use fake mname
The fake_mname for now doesn't exists but is a feature that will be added in the near future. Since any unknown arguments to bind-dyndb-ldap are ignored, we are safe to use it now. --- install/share/bind.named.conf.template | 3 ++- ipaserver/install/bindinstance.py | 2 ++ 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template index 8b5fac2..d733d61 100644 --- a/install/share/bind.named.conf.template +++ b/install/share/bind.named.conf.template @@ -32,8 +32,9 @@ include "/etc/named.rfc1912.zones"; dynamic-db "ipa" { library "ldap.so"; - arg "uri ldap://$FQDN"; + arg "uri ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket"; arg "base cn=dns, $SUFFIX"; + arg "fake_mname $FQDN"; arg "auth_method sasl"; arg "sasl_mech GSSAPI"; arg "sasl_user DNS/$FQDN"; diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 8ee46d4..13e9e16 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -26,6 +26,7 @@ import installutils import ldap import service from ipaserver import ipaldap +from ipaserver.install.dsinstance import realm_to_serverid from ipapython import sysrestore from ipapython import ipautil @@ -222,6 +223,7 @@ class BindInstance(service.Service): DOMAIN=self.domain, HOST=self.host, REALM=self.realm, + SERVER_ID=realm_to_serverid(self.realm), FORWARDERS=fwds, SUFFIX=self.suffix, OPTIONAL_NTP=optional_ntp) -- 1.6.2.5
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel