mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
f5964b7157
``dnssec-enable`` is obsolete in 9.16 and raises a warning. The option defaults to ``yes`` in all supported versions of bind. The option is removed when set to ``yes`` and a warning is emitted when the value is ``no``. DNSSEC lookaside validation has been deprecated by RFC 8749 and the feature removed from Bind 9.16. The only available lookaside provider dlv.isc.org no longer provides DLV information since 2017. Fixes: https://pagure.io/freeipa/issue/8349 Fixes: https://pagure.io/freeipa/issue/8350 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> |
||
---|---|---|
.. | ||
certmonger | ||
custodia | ||
html | ||
migration | ||
oddjob | ||
restart_scripts | ||
share | ||
tools | ||
ui | ||
updates | ||
wsgi | ||
Makefile.am | ||
README.schema |
Ground rules on adding new schema Brand new schema, particularly when written specifically for IPA, should be added in share/*.ldif. Any new files need to be explicitly loaded in ipaserver/install/dsinstance.py. These simply get copied directly into the new instance schema directory. Existing schema (e.g. in an LDAP draft) may either be added as a separate ldif in share or as an update in the updates directory. The advantage of adding the schema as an update is if 389-ds ever adds the schema then the installation won't fail due to existing schema failing to load during bootstrap. If the new schema requires a new container then this should be added to install/bootstrap-template.ldif.