Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone
On 21.06.2016 11:55, Petr Spacek wrote: On 21.6.2016 10:00, Petr Spacek wrote: On 20.6.2016 19:15, Martin Basti wrote: On 20.06.2016 18:32, Petr Spacek wrote: On 20.6.2016 18:05, Martin Basti wrote: On 20.06.2016 16:57, Petr Spacek wrote: Hello, DNS: Warn about restart when default TTL setting DNS is changed bind-dyndb-ldap 10.0 has to be restarted after each change to default TTL. https://fedorahosted.org/freeipa/ticket/2956 DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 Thank you for patches, but I have a few comments TTL patch: 1) VERSION - please put short note why API was incremented 2) 60ipadns.ldif - please keep ordered attr definitions by OID 3) You missed ACI for updating Warning patch: LGTM Thank you very much for review! Here is revised version. I cannot apply patches on current master, even with git am -3 I do not what could be problem, there was only "standard" conflict on VERSION. Anyway, there are patches rebased to current master. ... and now with results from makeaci :-) ACK master: * eefdcc6b076e4305a14f231865636d46e4f16cf5 DNS: Support default TTL setting for master DNS zones * f2974b8d965c14247d8a9d03e0df3b5183e20d76 DNS: Warn about restart when default TTL setting DNS is changed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone
On 21.6.2016 10:00, Petr Spacek wrote: > On 20.6.2016 19:15, Martin Basti wrote: >> >> >> On 20.06.2016 18:32, Petr Spacek wrote: >>> On 20.6.2016 18:05, Martin Basti wrote: On 20.06.2016 16:57, Petr Spacek wrote: > Hello, > > DNS: Warn about restart when default TTL setting DNS is changed > > bind-dyndb-ldap 10.0 has to be restarted after each change to default > TTL. > > https://fedorahosted.org/freeipa/ticket/2956 > > DNS: Support default TTL setting for master DNS zones > > https://fedorahosted.org/freeipa/ticket/2956 > > > Thank you for patches, but I have a few comments TTL patch: 1) VERSION - please put short note why API was incremented 2) 60ipadns.ldif - please keep ordered attr definitions by OID 3) You missed ACI for updating Warning patch: LGTM >>> Thank you very much for review! >>> >>> Here is revised version. >>> >> >> I cannot apply patches on current master, even with git am -3 > > I do not what could be problem, there was only "standard" conflict on VERSION. > > Anyway, there are patches rebased to current master. ... and now with results from makeaci :-) -- Petr^2 Spacek From a033905194f9f355e6be1f4aecc5affe6174a603 Mon Sep 17 00:00:00 2001 From: Petr SpacekDate: Mon, 20 Jun 2016 14:38:56 +0200 Subject: [PATCH] DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 --- ACI.txt | 4 ++-- API.txt | 9 ++--- VERSION | 4 ++-- install/share/60ipadns.ldif | 3 ++- ipaserver/plugins/dns.py| 15 +++ 5 files changed, 23 insertions(+), 12 deletions(-) diff --git a/ACI.txt b/ACI.txt index 0646d0d24d0e8a427eabf5aca04566f269e96cd2..98566de35e6ce79633dc4968b3063f6fd1336378 100644 --- a/ACI.txt +++ b/ACI.txt @@ -73,13 +73,13 @@ aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretke dn: dc=ipa,dc=example aci: (targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example;)(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example -aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) +aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn ||
Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone
On 20.6.2016 19:15, Martin Basti wrote: > > > On 20.06.2016 18:32, Petr Spacek wrote: >> On 20.6.2016 18:05, Martin Basti wrote: >>> >>> On 20.06.2016 16:57, Petr Spacek wrote: Hello, DNS: Warn about restart when default TTL setting DNS is changed bind-dyndb-ldap 10.0 has to be restarted after each change to default TTL. https://fedorahosted.org/freeipa/ticket/2956 DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 >>> Thank you for patches, but I have a few comments >>> >>> TTL patch: >>> 1) >>> VERSION - please put short note why API was incremented >>> >>> 2) >>> 60ipadns.ldif - please keep ordered attr definitions by OID >>> >>> 3) >>> You missed ACI for updating >>> >>> Warning patch: LGTM >> Thank you very much for review! >> >> Here is revised version. >> > > I cannot apply patches on current master, even with git am -3 I do not what could be problem, there was only "standard" conflict on VERSION. Anyway, there are patches rebased to current master. -- Petr^2 Spacek From d4a1ea7565862409039c6ea476ec3cedd079e451 Mon Sep 17 00:00:00 2001 From: Petr SpacekDate: Mon, 20 Jun 2016 14:38:56 +0200 Subject: [PATCH] DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 --- ACI.txt | 2 +- API.txt | 9 ++--- VERSION | 4 ++-- install/share/60ipadns.ldif | 3 ++- ipaserver/plugins/dns.py| 15 +++ 5 files changed, 22 insertions(+), 11 deletions(-) diff --git a/ACI.txt b/ACI.txt index 0646d0d24d0e8a427eabf5aca04566f269e96cd2..9dd7f8d5d9df09e11b740f247a4afe3f68328002 100644 --- a/ACI.txt +++ b/ACI.txt @@ -73,7 +73,7 @@ aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretke dn: dc=ipa,dc=example aci: (targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example;)(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example -aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) +aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive ||
Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone
On 20.06.2016 18:32, Petr Spacek wrote: On 20.6.2016 18:05, Martin Basti wrote: On 20.06.2016 16:57, Petr Spacek wrote: Hello, DNS: Warn about restart when default TTL setting DNS is changed bind-dyndb-ldap 10.0 has to be restarted after each change to default TTL. https://fedorahosted.org/freeipa/ticket/2956 DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 Thank you for patches, but I have a few comments TTL patch: 1) VERSION - please put short note why API was incremented 2) 60ipadns.ldif - please keep ordered attr definitions by OID 3) You missed ACI for updating Warning patch: LGTM Thank you very much for review! Here is revised version. I cannot apply patches on current master, even with git am -3 Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone
On 20.6.2016 18:05, Martin Basti wrote: > > > On 20.06.2016 16:57, Petr Spacek wrote: >> Hello, >> >> DNS: Warn about restart when default TTL setting DNS is changed >> >> bind-dyndb-ldap 10.0 has to be restarted after each change to default >> TTL. >> >> https://fedorahosted.org/freeipa/ticket/2956 >> >> DNS: Support default TTL setting for master DNS zones >> >> https://fedorahosted.org/freeipa/ticket/2956 >> >> >> > Thank you for patches, but I have a few comments > > TTL patch: > 1) > VERSION - please put short note why API was incremented > > 2) > 60ipadns.ldif - please keep ordered attr definitions by OID > > 3) > You missed ACI for updating > > Warning patch: LGTM Thank you very much for review! Here is revised version. -- Petr^2 Spacek From c05f83896a124004935f578bddbbb881fb892197 Mon Sep 17 00:00:00 2001 From: Petr SpacekDate: Mon, 20 Jun 2016 14:38:56 +0200 Subject: [PATCH] DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 --- ACI.txt | 2 +- API.txt | 9 ++--- VERSION | 4 ++-- install/share/60ipadns.ldif | 3 ++- ipaserver/plugins/dns.py| 15 +++ 5 files changed, 22 insertions(+), 11 deletions(-) diff --git a/ACI.txt b/ACI.txt index 0646d0d24d0e8a427eabf5aca04566f269e96cd2..9dd7f8d5d9df09e11b740f247a4afe3f68328002 100644 --- a/ACI.txt +++ b/ACI.txt @@ -73,7 +73,7 @@ aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretke dn: dc=ipa,dc=example aci: (targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example;)(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example -aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) +aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example;)(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC
Re: [Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone
On 20.06.2016 16:57, Petr Spacek wrote: Hello, DNS: Warn about restart when default TTL setting DNS is changed bind-dyndb-ldap 10.0 has to be restarted after each change to default TTL. https://fedorahosted.org/freeipa/ticket/2956 DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 Thank you for patches, but I have a few comments TTL patch: 1) VERSION - please put short note why API was incremented 2) 60ipadns.ldif - please keep ordered attr definitions by OID 3) You missed ACI for updating Warning patch: LGTM -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0135-0136] DNS: Warn about restart when default TTL setting DNS is change DNS: Support default TTL setting for master DNS zone
Hello, DNS: Warn about restart when default TTL setting DNS is changed bind-dyndb-ldap 10.0 has to be restarted after each change to default TTL. https://fedorahosted.org/freeipa/ticket/2956 DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 -- Petr^2 Spacek From 66af2a2f96fef7e4dff5ae8c35fc03c6f4701194 Mon Sep 17 00:00:00 2001 From: Petr SpacekDate: Mon, 20 Jun 2016 14:38:56 +0200 Subject: [PATCH] DNS: Support default TTL setting for master DNS zones https://fedorahosted.org/freeipa/ticket/2956 --- ACI.txt | 2 +- API.txt | 9 ++--- VERSION | 2 +- install/share/60ipadns.ldif | 3 ++- ipaserver/plugins/dns.py| 11 +-- 5 files changed, 19 insertions(+), 8 deletions(-) diff --git a/ACI.txt b/ACI.txt index 0646d0d24d0e8a427eabf5aca04566f269e96cd2..9dd7f8d5d9df09e11b740f247a4afe3f68328002 100644 --- a/ACI.txt +++ b/ACI.txt @@ -73,7 +73,7 @@ aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretke dn: dc=ipa,dc=example aci: (targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example;)(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example -aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) +aci: (targetattr = "a6record || record || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example;)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example;)(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example diff --git a/API.txt b/API.txt index eb14d44eedfdca44043e808d3ef31d6300281cd6..eb5ace6001f1fe8833341d0cd638a007b8187275 100644 --- a/API.txt +++ b/API.txt @@ -1565,11 +1565,12 @@ output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnszone_add -args: 1,28,3 +args: 1,29,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('addattr*',