mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Update schema for bind-dyndb-ldap
Add new attributes and objectclasses to support new features: - global bind-dyndb-ldap settings in LDAP - conditional per-zone forwarding - per-zone configuration of automatic PTR updates - AllowQuery and AllowTransfer ACIs https://fedorahosted.org/freeipa/ticket/2215 https://fedorahosted.org/freeipa/ticket/2072
This commit is contained in:
parent
d4a1dc5712
commit
1816643a43
@ -150,7 +150,7 @@ Requires(postun): python initscripts chkconfig
|
||||
# We have a soft-requires on bind. It is an optional part of
|
||||
# IPA but if it is configured we need a way to require versions
|
||||
# that work for us.
|
||||
Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1
|
||||
Conflicts: bind-dyndb-ldap < 1.1.0-0.8.a2
|
||||
Conflicts: bind < 9.8.1-1
|
||||
|
||||
# mod_proxy provides a single API to communicate over SSL. If mod_ssl
|
||||
@ -672,6 +672,9 @@ fi
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
|
||||
|
||||
%changelog
|
||||
* Fri Feb 24 2012 Martin Kosek <mkosek@redhat.com> - 2.99.0-18
|
||||
- Set min for bind-dyndb-ldap to 1.1.0-0.8.a2 to pick up new features
|
||||
|
||||
* Thu Feb 23 2012 Rob Crittenden <rcritten@redhat.com> - 2.99.0-17
|
||||
- Add Conflicts on mod_ssl
|
||||
|
||||
|
@ -42,5 +42,13 @@ attributeTypes: (2.16.840.1.113730.3.8.5.7 NAME 'idnsSOAretry' DESC 'SOA retry v
|
||||
attributeTypes: (2.16.840.1.113730.3.8.5.8 NAME 'idnsSOAexpire' DESC 'SOA expire value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: (2.16.840.1.113730.3.8.5.9 NAME 'idnsSOAminimum' DESC 'SOA minimum value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: (2.16.840.1.113730.3.8.5.10 NAME 'idnsUpdatePolicy' DESC 'DNS dynamic updates policy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $ AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $ SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $ MINFORecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ LOCRecord $ NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord )
|
||||
objectClasses: (2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum) MAY idnsUpdatePolicy
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowQuery' DESC 'BIND9 allow-query ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.5.12 NAME 'idnsAllowTransfer' DESC 'BIND9 allow-transfer ACL element' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.5.13 NAME 'idnsAllowSyncPTR' DESC 'permit synchronization of PTR records' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC 'forward policy: only or first' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'list of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zone refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DESC 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
|
||||
objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $ AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $ SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $ MINFORecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ LOCRecord $ NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord )
|
||||
objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders ) )
|
||||
objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) )
|
||||
|
71
install/updates/10-bind-schema.update
Normal file
71
install/updates/10-bind-schema.update
Normal file
@ -0,0 +1,71 @@
|
||||
#
|
||||
# New schema enhancements from:
|
||||
# https://fedorahosted.org/bind-dyndb-ldap/browser/doc/schema
|
||||
#
|
||||
dn: cn=schema
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.5.11
|
||||
NAME 'idnsAllowQuery'
|
||||
DESC 'BIND9 allow-query ACL element'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE
|
||||
X-ORIGIN 'IPA v2')
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.5.12
|
||||
NAME 'idnsAllowTransfer'
|
||||
DESC 'BIND9 allow-transfer ACL element'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE
|
||||
X-ORIGIN 'IPA v2')
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.5.13
|
||||
NAME 'idnsAllowSyncPTR'
|
||||
DESC 'permit synchronization of PTR records'
|
||||
EQUALITY booleanMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
||||
SINGLE-VALUE
|
||||
X-ORIGIN 'IPA v2' )
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.5.14
|
||||
NAME 'idnsForwardPolicy'
|
||||
DESC 'forward policy: only or first'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE
|
||||
X-ORIGIN 'IPA v2' )
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.5.15
|
||||
NAME 'idnsForwarders'
|
||||
DESC 'list of forwarders'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
X-ORIGIN 'IPA v2' )
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.5.16
|
||||
NAME 'idnsZoneRefresh'
|
||||
DESC 'zone refresh interval'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE
|
||||
X-ORIGIN 'IPA v2' )
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.5.17
|
||||
NAME 'idnsPersistentSearch'
|
||||
DESC 'allow persistent searches'
|
||||
EQUALITY booleanMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
||||
SINGLE-VALUE
|
||||
X-ORIGIN 'IPA v2' )
|
||||
add:objectClasses:
|
||||
( 2.16.840.1.113730.3.8.6.2
|
||||
NAME 'idnsConfigObject'
|
||||
DESC 'DNS global config options'
|
||||
STRUCTURAL
|
||||
MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR $$
|
||||
idnsZoneRefresh $$ idnsPersistentSearch
|
||||
) )
|
||||
replace:objectClasses:( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY idnsUpdatePolicy )::( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsName $$ idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY ( idnsUpdatePolicy $$ idnsAllowQuery $$ idnsAllowTransfer $$ idnsAllowSyncPTR $$ idnsForwardPolicy $$ idnsForwarders ) )
|
@ -10,6 +10,7 @@ app_DATA = \
|
||||
10-selinuxusermap.update \
|
||||
10-sudo.update \
|
||||
10-ssh.update \
|
||||
10-bind-schema.update \
|
||||
19-managed-entries.update \
|
||||
20-aci.update \
|
||||
20-dna.update \
|
||||
|
Loading…
Reference in New Issue
Block a user