DNS Locations: add ACI for template attribute

DNS Servers and DNS Administrators must have access to 'idnsTemplateAttribute' to be able set/read template for generating CNAME records pointing to proper location records. Also user must be able to add objectclass for idnsTemplateAttribute https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-06-11 15:50:56 +02:00
parent 394b094fc2
commit cf634a4ff8
2 changed files with 7 additions and 4 deletions
--- a/ipaserver/plugins/dns.py
+++ b/ipaserver/plugins/dns.py
@@ -2525,7 +2525,8 @@ class dnszone(DNSZoneBase):
                'idnsforwarders', 'idnsforwardpolicy', 'idnsname',
                'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum',
                'idnssoamname', 'idnssoarefresh', 'idnssoaretry',
-                'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy',
+                'idnssoarname', 'idnssoaserial', 'idnsTemplateAttribute',
+                'idnsupdatepolicy',
                'idnszoneactive', 'ipseckeyrecord','keyrecord', 'kxrecord',
                'locrecord', 'managedby', 'mdrecord', 'minforecord',
                'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',
@@ -2552,6 +2553,7 @@ class dnszone(DNSZoneBase):
            'ipapermlocation': api.env.basedn,
            'ipapermtarget': DN('idnsname=*', 'cn=dns', api.env.basedn),
            'ipapermdefaultattr': {
+                'objectclass',  # needed for record templates
                'a6record', 'aaaarecord', 'afsdbrecord', 'aplrecord', 'arecord',
                'certrecord', 'cn', 'cnamerecord', 'dhcidrecord', 'dlvrecord',
                'dnamerecord', 'dnsclass', 'dnsttl', 'dsrecord',
@@ -2560,7 +2562,8 @@ class dnszone(DNSZoneBase):
                'idnsforwarders', 'idnsforwardpolicy', 'idnsname',
                'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum',
                'idnssoamname', 'idnssoarefresh', 'idnssoaretry',
-                'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy',
+                'idnssoarname', 'idnssoaserial', 'idnsTemplateAttribute',
+                'idnsupdatepolicy',
                'idnszoneactive', 'ipseckeyrecord','keyrecord', 'kxrecord',
                'locrecord', 'managedby', 'mdrecord', 'minforecord',
                'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',