mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-16 11:21:56 -06:00
2cf5893761
Implement API for DNS global options supported in bind-dyndb-ldap. Currently, global DNS option overrides any relevant option in named.conf. Thus they are not filled by default they are left as a possibility for a user. Bool encoding had to be fixed so that Bool LDAP attribute can also be deleted and not just set to True or False. https://fedorahosted.org/freeipa/ticket/2216
26 lines
1.0 KiB
Plaintext
26 lines
1.0 KiB
Plaintext
# Add missing member values to attach permissions to their respective
|
|
# privileges and run a memberOf task.
|
|
dn: cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX
|
|
addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX'
|
|
addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX'
|
|
|
|
dn: cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX
|
|
addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX'
|
|
addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX'
|
|
|
|
dn: cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX
|
|
addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX'
|
|
addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX'
|
|
|
|
dn: cn=Update PBAC memberOf $TIME, cn=memberof task, cn=tasks, cn=config
|
|
add: objectClass: top
|
|
add: objectClass: extensibleObject
|
|
add: cn: IPA PBAC memberOf $TIME
|
|
add: basedn: 'cn=privileges,cn=pbac,$SUFFIX'
|
|
add: filter: (objectclass=*)
|
|
add: ttl: 10
|
|
|
|
# add idnsConfigObject if it is not there already
|
|
dn: cn=dns, $SUFFIX
|
|
addifexist: objectClass: idnsConfigObject
|