|
 |
590d18 |
From eeec6dd88ea1e6f2c24ee87d70a8d6aa98cbd0e4 Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
590d18 |
Date: Wed, 15 Jul 2015 09:44:07 +0200
|
|
|
590d18 |
Subject: [PATCH] DNS: Consolidate DNS RR types in API and schema
|
|
|
590d18 |
|
|
|
590d18 |
* Remove NSEC3, DNSKEY, TSIG, TKEY, TA records from API:
|
|
|
590d18 |
These records never worked, they dont have attributes in schema.
|
|
|
590d18 |
TSIG and TKEY are meta-RR should not be in LDAP
|
|
|
590d18 |
TA is not supported by BIND
|
|
|
590d18 |
NSEC3, DNSKEY are DNSSEC records generated by BIND, should not be
|
|
|
590d18 |
in LDAP.
|
|
|
590d18 |
*! SIG, NSEC are already defined in schema, must stay in API.
|
|
|
590d18 |
|
|
|
590d18 |
* Add HINFO, MINFO, MD, NXT records to API as unsupported records
|
|
|
590d18 |
These records are already defined in LDAP schema
|
|
|
590d18 |
|
|
|
590d18 |
* Add schema for RP, APL, IPSEC, DHCID, HIP, SPF records
|
|
|
590d18 |
These records were defined in IPA API as unsupported, but schema definition was
|
|
|
590d18 |
missing. This causes that ACI cannot be created for these records
|
|
|
590d18 |
and dnszone-find failed. (#5055)
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/4934
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5055
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
590d18 |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ACI.txt | 4 +-
|
|
|
590d18 |
API.txt | 28 ++----------
|
|
|
590d18 |
VERSION | 4 +-
|
|
|
590d18 |
install/share/60ipadns.ldif | 8 +++-
|
|
|
590d18 |
install/share/dns.ldif | 2 +-
|
|
|
590d18 |
install/updates/40-dns.update | 4 +-
|
|
|
590d18 |
ipalib/plugins/dns.py | 101 ++++++++++++++++++++++--------------------
|
|
|
590d18 |
7 files changed, 71 insertions(+), 80 deletions(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ACI.txt b/ACI.txt
|
|
|
590d18 |
index 76a7ff70e27c032bdd8fa26e076271e02b23d3b3..60607b98deb74d0b7f45d24ee9359b0cf8162b0d 100644
|
|
|
590d18 |
--- a/ACI.txt
|
|
|
590d18 |
+++ b/ACI.txt
|
|
|
590d18 |
@@ -61,13 +61,13 @@ aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretke
|
|
|
590d18 |
dn: dc=ipa,dc=example
|
|
|
590d18 |
aci: (targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
dn: dc=ipa,dc=example
|
|
|
590d18 |
-aci: (targetattr = "a6record || aaaarecord || afsdbrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || entryusn || hinforecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rrsigrecord || sigrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
+aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
dn: dc=ipa,dc=example
|
|
|
590d18 |
aci: (targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
dn: dc=ipa,dc=example
|
|
|
590d18 |
aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Remove DNS Entries";allow (delete) groupdn = "ldap:///cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
dn: dc=ipa,dc=example
|
|
|
590d18 |
-aci: (targetattr = "a6record || aaaarecord || afsdbrecord || arecord || certrecord || cn || cnamerecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || ptrrecord || rrsigrecord || sigrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
+aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
dn: cn=groups,cn=accounts,dc=ipa,dc=example
|
|
|
590d18 |
aci: (targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Add Groups";allow (add) groupdn = "ldap:///cn=System: Add Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
|
|
590d18 |
dn: cn=groups,cn=accounts,dc=ipa,dc=example
|
|
|
590d18 |
diff --git a/API.txt b/API.txt
|
|
|
590d18 |
index c68bee94e3a9ed6182f6bd2152070222e32c7532..6ab30ddab41715fdbccb4f37aa1852621bca62b4 100644
|
|
|
590d18 |
--- a/API.txt
|
|
|
590d18 |
+++ b/API.txt
|
|
|
590d18 |
@@ -1054,7 +1054,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
|
|
|
590d18 |
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
|
|
590d18 |
output: PrimaryKey('value', None, None)
|
|
|
590d18 |
command: dnsrecord_add
|
|
|
590d18 |
-args: 2,100,3
|
|
|
590d18 |
+args: 2,95,3
|
|
|
590d18 |
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
|
|
|
590d18 |
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
|
|
|
590d18 |
option: Str('a6_part_data', attribute=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False)
|
|
|
590d18 |
@@ -1087,7 +1087,6 @@ option: DLVRecord('dlvrecord', attribute=True, cli_name='dlv_rec', csv=True, mul
|
|
|
590d18 |
option: DNSNameParam('dname_part_target', attribute=False, cli_name='dname_target', multivalue=False, option_group=u'DNAME Record', required=False)
|
|
|
590d18 |
option: DNAMERecord('dnamerecord', attribute=True, cli_name='dname_rec', csv=True, multivalue=True, option_group=u'DNAME Record', required=False)
|
|
|
590d18 |
option: StrEnum('dnsclass', attribute=True, cli_name='class', multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
|
|
|
590d18 |
-option: DNSKEYRecord('dnskeyrecord', attribute=True, cli_name='dnskey_rec', csv=True, multivalue=True, option_group=u'DNSKEY Record', required=False)
|
|
|
590d18 |
option: Int('dnsttl', attribute=True, cli_name='ttl', multivalue=False, required=False)
|
|
|
590d18 |
option: Int('ds_part_algorithm', attribute=False, cli_name='ds_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'DS Record', required=False)
|
|
|
590d18 |
option: Str('ds_part_digest', attribute=False, cli_name='ds_digest', multivalue=False, option_group=u'DS Record', pattern='^[0-9a-fA-F]+$', required=False)
|
|
|
590d18 |
@@ -1125,7 +1124,6 @@ option: Str('naptr_part_replacement', attribute=False, cli_name='naptr_replaceme
|
|
|
590d18 |
option: Str('naptr_part_service', attribute=False, cli_name='naptr_service', multivalue=False, option_group=u'NAPTR Record', required=False)
|
|
|
590d18 |
option: NAPTRRecord('naptrrecord', attribute=True, cli_name='naptr_rec', csv=True, multivalue=True, option_group=u'NAPTR Record', required=False)
|
|
|
590d18 |
option: DNSNameParam('ns_part_hostname', attribute=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False)
|
|
|
590d18 |
-option: NSEC3Record('nsec3record', attribute=True, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False)
|
|
|
590d18 |
option: NSECRecord('nsecrecord', attribute=True, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False)
|
|
|
590d18 |
option: NSRecord('nsrecord', attribute=True, cli_name='ns_rec', csv=True, multivalue=True, option_group=u'NS Record', required=False)
|
|
|
590d18 |
option: DNSNameParam('ptr_part_hostname', attribute=False, cli_name='ptr_hostname', multivalue=False, option_group=u'PTR Record', required=False)
|
|
|
590d18 |
@@ -1146,14 +1144,11 @@ option: Str('sshfp_part_fingerprint', attribute=False, cli_name='sshfp_fingerpri
|
|
|
590d18 |
option: Int('sshfp_part_fp_type', attribute=False, cli_name='sshfp_fp_type', maxvalue=255, minvalue=0, multivalue=False, option_group=u'SSHFP Record', required=False)
|
|
|
590d18 |
option: SSHFPRecord('sshfprecord', attribute=True, cli_name='sshfp_rec', csv=True, multivalue=True, option_group=u'SSHFP Record', required=False)
|
|
|
590d18 |
option: Flag('structured', autofill=True, default=False)
|
|
|
590d18 |
-option: TARecord('tarecord', attribute=True, cli_name='ta_rec', csv=True, multivalue=True, option_group=u'TA Record', required=False)
|
|
|
590d18 |
-option: TKEYRecord('tkeyrecord', attribute=True, cli_name='tkey_rec', csv=True, multivalue=True, option_group=u'TKEY Record', required=False)
|
|
|
590d18 |
option: Str('tlsa_part_cert_association_data', attribute=False, cli_name='tlsa_cert_association_data', multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: Int('tlsa_part_cert_usage', attribute=False, cli_name='tlsa_cert_usage', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: Int('tlsa_part_matching_type', attribute=False, cli_name='tlsa_matching_type', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: Int('tlsa_part_selector', attribute=False, cli_name='tlsa_selector', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: TLSARecord('tlsarecord', attribute=True, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
-option: TSIGRecord('tsigrecord', attribute=True, cli_name='tsig_rec', csv=True, multivalue=True, option_group=u'TSIG Record', required=False)
|
|
|
590d18 |
option: Str('txt_part_data', attribute=False, cli_name='txt_data', multivalue=False, option_group=u'TXT Record', required=False)
|
|
|
590d18 |
option: TXTRecord('txtrecord', attribute=True, cli_name='txt_rec', csv=True, multivalue=True, option_group=u'TXT Record', required=False)
|
|
|
590d18 |
option: Str('version?', exclude='webui')
|
|
|
590d18 |
@@ -1161,7 +1156,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
|
|
|
590d18 |
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
|
|
590d18 |
output: PrimaryKey('value', None, None)
|
|
|
590d18 |
command: dnsrecord_del
|
|
|
590d18 |
-args: 2,39,3
|
|
|
590d18 |
+args: 2,34,3
|
|
|
590d18 |
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
|
|
|
590d18 |
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
|
|
|
590d18 |
option: A6Record('a6record', attribute=True, autofill=False, cli_name='a6_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
@@ -1176,7 +1171,6 @@ option: DHCIDRecord('dhcidrecord', attribute=True, autofill=False, cli_name='dhc
|
|
|
590d18 |
option: DLVRecord('dlvrecord', attribute=True, autofill=False, cli_name='dlv_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: DNAMERecord('dnamerecord', attribute=True, autofill=False, cli_name='dname_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
|
|
|
590d18 |
-option: DNSKEYRecord('dnskeyrecord', attribute=True, autofill=False, cli_name='dnskey_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', multivalue=False, required=False)
|
|
|
590d18 |
option: DSRecord('dsrecord', attribute=True, autofill=False, cli_name='ds_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: HIPRecord('hiprecord', attribute=True, autofill=False, cli_name='hip_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
@@ -1186,7 +1180,6 @@ option: KXRecord('kxrecord', attribute=True, autofill=False, cli_name='kx_rec',
|
|
|
590d18 |
option: LOCRecord('locrecord', attribute=True, autofill=False, cli_name='loc_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: MXRecord('mxrecord', attribute=True, autofill=False, cli_name='mx_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: NAPTRRecord('naptrrecord', attribute=True, autofill=False, cli_name='naptr_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
-option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: NSRecord('nsrecord', attribute=True, autofill=False, cli_name='ns_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: PTRRecord('ptrrecord', attribute=True, autofill=False, cli_name='ptr_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
@@ -1197,10 +1190,7 @@ option: SPFRecord('spfrecord', attribute=True, autofill=False, cli_name='spf_rec
|
|
|
590d18 |
option: SRVRecord('srvrecord', attribute=True, autofill=False, cli_name='srv_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: SSHFPRecord('sshfprecord', attribute=True, autofill=False, cli_name='sshfp_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: Flag('structured', autofill=True, default=False)
|
|
|
590d18 |
-option: TARecord('tarecord', attribute=True, autofill=False, cli_name='ta_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
-option: TKEYRecord('tkeyrecord', attribute=True, autofill=False, cli_name='tkey_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: TLSARecord('tlsarecord', attribute=True, autofill=False, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
-option: TSIGRecord('tsigrecord', attribute=True, autofill=False, cli_name='tsig_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: TXTRecord('txtrecord', attribute=True, autofill=False, cli_name='txt_rec', csv=True, multivalue=True, option_group=None, required=False)
|
|
|
590d18 |
option: Str('version?', exclude='webui')
|
|
|
590d18 |
output: Output('result', <type 'dict'>, None)
|
|
|
590d18 |
@@ -1216,7 +1206,7 @@ output: Output('result', <type 'dict'>, None)
|
|
|
590d18 |
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
|
|
590d18 |
output: ListOfPrimaryKeys('value', None, None)
|
|
|
590d18 |
command: dnsrecord_find
|
|
|
590d18 |
-args: 2,44,4
|
|
|
590d18 |
+args: 2,39,4
|
|
|
590d18 |
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
|
|
|
590d18 |
arg: Str('criteria?', noextrawhitespace=False)
|
|
|
590d18 |
option: A6Record('a6record', attribute=True, autofill=False, cli_name='a6_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
@@ -1231,7 +1221,6 @@ option: DHCIDRecord('dhcidrecord', attribute=True, autofill=False, cli_name='dhc
|
|
|
590d18 |
option: DLVRecord('dlvrecord', attribute=True, autofill=False, cli_name='dlv_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: DNAMERecord('dnamerecord', attribute=True, autofill=False, cli_name='dname_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, query=True, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
|
|
|
590d18 |
-option: DNSKEYRecord('dnskeyrecord', attribute=True, autofill=False, cli_name='dnskey_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', multivalue=False, query=True, required=False)
|
|
|
590d18 |
option: DSRecord('dsrecord', attribute=True, autofill=False, cli_name='ds_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: HIPRecord('hiprecord', attribute=True, autofill=False, cli_name='hip_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
@@ -1242,7 +1231,6 @@ option: KXRecord('kxrecord', attribute=True, autofill=False, cli_name='kx_rec',
|
|
|
590d18 |
option: LOCRecord('locrecord', attribute=True, autofill=False, cli_name='loc_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: MXRecord('mxrecord', attribute=True, autofill=False, cli_name='mx_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: NAPTRRecord('naptrrecord', attribute=True, autofill=False, cli_name='naptr_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
-option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: NSRecord('nsrecord', attribute=True, autofill=False, cli_name='ns_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: Flag('pkey_only?', autofill=True, default=False)
|
|
|
590d18 |
@@ -1256,11 +1244,8 @@ option: SPFRecord('spfrecord', attribute=True, autofill=False, cli_name='spf_rec
|
|
|
590d18 |
option: SRVRecord('srvrecord', attribute=True, autofill=False, cli_name='srv_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: SSHFPRecord('sshfprecord', attribute=True, autofill=False, cli_name='sshfp_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: Flag('structured', autofill=True, default=False)
|
|
|
590d18 |
-option: TARecord('tarecord', attribute=True, autofill=False, cli_name='ta_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: Int('timelimit?', autofill=False, minvalue=0)
|
|
|
590d18 |
-option: TKEYRecord('tkeyrecord', attribute=True, autofill=False, cli_name='tkey_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: TLSARecord('tlsarecord', attribute=True, autofill=False, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
-option: TSIGRecord('tsigrecord', attribute=True, autofill=False, cli_name='tsig_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: TXTRecord('txtrecord', attribute=True, autofill=False, cli_name='txt_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
|
|
|
590d18 |
option: Str('version?', exclude='webui')
|
|
|
590d18 |
output: Output('count', <type 'int'>, None)
|
|
|
590d18 |
@@ -1268,7 +1253,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
|
|
|
590d18 |
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
|
|
590d18 |
output: Output('truncated', <type 'bool'>, None)
|
|
|
590d18 |
command: dnsrecord_mod
|
|
|
590d18 |
-args: 2,100,3
|
|
|
590d18 |
+args: 2,95,3
|
|
|
590d18 |
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
|
|
|
590d18 |
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
|
|
|
590d18 |
option: Str('a6_part_data', attribute=False, autofill=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False)
|
|
|
590d18 |
@@ -1300,7 +1285,6 @@ option: DLVRecord('dlvrecord', attribute=True, autofill=False, cli_name='dlv_rec
|
|
|
590d18 |
option: DNSNameParam('dname_part_target', attribute=False, autofill=False, cli_name='dname_target', multivalue=False, option_group=u'DNAME Record', required=False)
|
|
|
590d18 |
option: DNAMERecord('dnamerecord', attribute=True, autofill=False, cli_name='dname_rec', csv=True, multivalue=True, option_group=u'DNAME Record', required=False)
|
|
|
590d18 |
option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
|
|
|
590d18 |
-option: DNSKEYRecord('dnskeyrecord', attribute=True, autofill=False, cli_name='dnskey_rec', csv=True, multivalue=True, option_group=u'DNSKEY Record', required=False)
|
|
|
590d18 |
option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', multivalue=False, required=False)
|
|
|
590d18 |
option: Int('ds_part_algorithm', attribute=False, autofill=False, cli_name='ds_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'DS Record', required=False)
|
|
|
590d18 |
option: Str('ds_part_digest', attribute=False, autofill=False, cli_name='ds_digest', multivalue=False, option_group=u'DS Record', pattern='^[0-9a-fA-F]+$', required=False)
|
|
|
590d18 |
@@ -1337,7 +1321,6 @@ option: Str('naptr_part_replacement', attribute=False, autofill=False, cli_name=
|
|
|
590d18 |
option: Str('naptr_part_service', attribute=False, autofill=False, cli_name='naptr_service', multivalue=False, option_group=u'NAPTR Record', required=False)
|
|
|
590d18 |
option: NAPTRRecord('naptrrecord', attribute=True, autofill=False, cli_name='naptr_rec', csv=True, multivalue=True, option_group=u'NAPTR Record', required=False)
|
|
|
590d18 |
option: DNSNameParam('ns_part_hostname', attribute=False, autofill=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False)
|
|
|
590d18 |
-option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False)
|
|
|
590d18 |
option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False)
|
|
|
590d18 |
option: NSRecord('nsrecord', attribute=True, autofill=False, cli_name='ns_rec', csv=True, multivalue=True, option_group=u'NS Record', required=False)
|
|
|
590d18 |
option: DNSNameParam('ptr_part_hostname', attribute=False, autofill=False, cli_name='ptr_hostname', multivalue=False, option_group=u'PTR Record', required=False)
|
|
|
590d18 |
@@ -1360,14 +1343,11 @@ option: Str('sshfp_part_fingerprint', attribute=False, autofill=False, cli_name=
|
|
|
590d18 |
option: Int('sshfp_part_fp_type', attribute=False, autofill=False, cli_name='sshfp_fp_type', maxvalue=255, minvalue=0, multivalue=False, option_group=u'SSHFP Record', required=False)
|
|
|
590d18 |
option: SSHFPRecord('sshfprecord', attribute=True, autofill=False, cli_name='sshfp_rec', csv=True, multivalue=True, option_group=u'SSHFP Record', required=False)
|
|
|
590d18 |
option: Flag('structured', autofill=True, default=False)
|
|
|
590d18 |
-option: TARecord('tarecord', attribute=True, autofill=False, cli_name='ta_rec', csv=True, multivalue=True, option_group=u'TA Record', required=False)
|
|
|
590d18 |
-option: TKEYRecord('tkeyrecord', attribute=True, autofill=False, cli_name='tkey_rec', csv=True, multivalue=True, option_group=u'TKEY Record', required=False)
|
|
|
590d18 |
option: Str('tlsa_part_cert_association_data', attribute=False, autofill=False, cli_name='tlsa_cert_association_data', multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: Int('tlsa_part_cert_usage', attribute=False, autofill=False, cli_name='tlsa_cert_usage', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: Int('tlsa_part_matching_type', attribute=False, autofill=False, cli_name='tlsa_matching_type', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: Int('tlsa_part_selector', attribute=False, autofill=False, cli_name='tlsa_selector', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
option: TLSARecord('tlsarecord', attribute=True, autofill=False, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=u'TLSA Record', required=False)
|
|
|
590d18 |
-option: TSIGRecord('tsigrecord', attribute=True, autofill=False, cli_name='tsig_rec', csv=True, multivalue=True, option_group=u'TSIG Record', required=False)
|
|
|
590d18 |
option: Str('txt_part_data', attribute=False, autofill=False, cli_name='txt_data', multivalue=False, option_group=u'TXT Record', required=False)
|
|
|
590d18 |
option: TXTRecord('txtrecord', attribute=True, autofill=False, cli_name='txt_rec', csv=True, multivalue=True, option_group=u'TXT Record', required=False)
|
|
|
590d18 |
option: Str('version?', exclude='webui')
|
|
|
590d18 |
diff --git a/VERSION b/VERSION
|
|
|
590d18 |
index b2f7a9a3e73b5f38741f7266054e3429803d7036..678d1f8a7e588d480b16441e12e4d527d9c1cd98 100644
|
|
|
590d18 |
--- a/VERSION
|
|
|
590d18 |
+++ b/VERSION
|
|
|
590d18 |
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
|
|
|
590d18 |
# #
|
|
|
590d18 |
########################################################
|
|
|
590d18 |
IPA_API_VERSION_MAJOR=2
|
|
|
590d18 |
-IPA_API_VERSION_MINOR=146
|
|
|
590d18 |
-# Last change: pvoborni - move session_logout to ipalib/plugins
|
|
|
590d18 |
+IPA_API_VERSION_MINOR=147
|
|
|
590d18 |
+# Last change: mbasti - Consolidate DNS RR in API and schema
|
|
|
590d18 |
diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif
|
|
|
590d18 |
index 9e5b7feb2ee1809fb67b23cb2017a536d1bacb0a..e0ed0ab869cea0478d9640bb509c6267abed1a01 100644
|
|
|
590d18 |
--- a/install/share/60ipadns.ldif
|
|
|
590d18 |
+++ b/install/share/60ipadns.ldif
|
|
|
590d18 |
@@ -10,6 +10,7 @@ attributeTypes: (1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name poi
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text string, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
+attributeTypes: (1.3.6.1.4.1.2428.20.1.17 NAME 'RPRecord' DESC 'Responsible Person, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
@@ -22,12 +23,17 @@ attributeTypes: (1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchange Del
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
|
|
590d18 |
+attributeTypes: (1.3.6.1.4.1.2428.20.1.42 NAME 'APLRecord' DESC 'Lists of Address Prefixes, RFC 3132' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
+attributeTypes: (1.3.6.1.4.1.2428.20.1.45 NAME 'IPSECKEYRecord' DESC 'IPSECKEY, RFC 4025' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
+attributeTypes: (1.3.6.1.4.1.2428.20.1.49 NAME 'DHCIDRecord' DESC 'Dynamic Host Configuration Protocol (DHCP) Information, RFC 4701' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.51 NAME 'nSEC3PARAMRecord' DESC 'RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
+attributeTypes: (1.3.6.1.4.1.2428.20.1.55 NAME 'HIPRecord' DESC 'Host Identity Protocol (HIP) Domain Name System (DNS) Extension, RFC 5205' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
+attributeTypes: (1.3.6.1.4.1.2428.20.1.99 NAME 'SPFRecord' DESC 'Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, RFC 7208' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'DNSSEC Lookaside Validation, RFC 4431' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
attributeTypes: (1.3.6.1.4.1.2428.20.4 NAME 'UnknownRecord' DESC 'unknown DNS record, RFC 3597' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch )
|
|
|
590d18 |
attributeTypes: (0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
590d18 |
@@ -64,7 +70,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.25 NAME 'idnsSecKeyRevoke' DESC 'DNSKE
|
|
|
590d18 |
attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME 'idnsSecKeySep' DESC 'DNSKEY SEP flag (equivalent to bit 15): RFC 4035' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
|
|
|
590d18 |
attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME 'idnsSecAlgorithm' DESC 'DNSKEY algorithm: string used as mnemonic' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
|
|
|
590d18 |
attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef' DESC 'PKCS#11 URI of the key' EQUALITY caseExactMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.1' )
|
|
|
590d18 |
-objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRecord ) )
|
|
|
590d18 |
+objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRecord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord $ HIPRecord $ SPFRecord ) )
|
|
|
590d18 |
objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning $ nSEC3PARAMRecord ) )
|
|
|
590d18 |
objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) )
|
|
|
590d18 |
objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXILIARY MUST idnsName MAY managedBy X-ORIGIN 'IPA v3' )
|
|
|
590d18 |
diff --git a/install/share/dns.ldif b/install/share/dns.ldif
|
|
|
590d18 |
index c9e368677006b55d0e748f54d297d83bdd69e205..42b41a8d706a8a3fd826320aff6c9333264128fc 100644
|
|
|
590d18 |
--- a/install/share/dns.ldif
|
|
|
590d18 |
+++ b/install/share/dns.ldif
|
|
|
590d18 |
@@ -9,7 +9,7 @@ ipaConfigString: DNSVersion 1
|
|
|
590d18 |
aci: (targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX" or userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";)
|
|
|
590d18 |
aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";)
|
|
|
590d18 |
-aci: (targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
+aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
|
|
|
590d18 |
dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
|
590d18 |
changetype: add
|
|
|
590d18 |
diff --git a/install/updates/40-dns.update b/install/updates/40-dns.update
|
|
|
590d18 |
index c06d8158d85fd811be0253ac0f1146a623fae2b2..9f64a2f707db5cb0e3503259a0e64d9831ae92f2 100644
|
|
|
590d18 |
--- a/install/updates/40-dns.update
|
|
|
590d18 |
+++ b/install/updates/40-dns.update
|
|
|
590d18 |
@@ -5,7 +5,8 @@ addifexist: objectClass: idnsConfigObject
|
|
|
590d18 |
addifexist: objectClass: ipaConfigObject
|
|
|
590d18 |
addifexist: aci:(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";)
|
|
|
590d18 |
addifexist: aci:(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";)
|
|
|
590d18 |
-addifexist: aci:(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
+addifexist: aci:(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
+
|
|
|
590d18 |
|
|
|
590d18 |
# replace DNS tree deny rule with managedBy enhanced allow rule
|
|
|
590d18 |
dn: cn=dns, $SUFFIX
|
|
|
590d18 |
@@ -16,6 +17,7 @@ replace:aci:(targetattr = "*")(version 3.0; acl "Allow read access"; allow (read
|
|
|
590d18 |
dn: cn=dns, $SUFFIX
|
|
|
590d18 |
remove:aci:(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
remove:aci:(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
+remove:aci:(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
|
|
|
590d18 |
|
|
|
590d18 |
# add DNS plugin
|
|
|
590d18 |
dn: cn=IPA DNS,cn=plugins,cn=config
|
|
|
590d18 |
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
|
|
|
590d18 |
index a7a4100db6de1956b8d0468e03214abc227386d5..512a653c3cc8ee641debec0d20f58e17eff08266 100644
|
|
|
590d18 |
--- a/ipalib/plugins/dns.py
|
|
|
590d18 |
+++ b/ipalib/plugins/dns.py
|
|
|
590d18 |
@@ -281,10 +281,9 @@ register = Registry()
|
|
|
590d18 |
# supported resource record types
|
|
|
590d18 |
_record_types = (
|
|
|
590d18 |
u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV',
|
|
|
590d18 |
- u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC',
|
|
|
590d18 |
- u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'PTR',
|
|
|
590d18 |
- u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY',
|
|
|
590d18 |
- u'TLSA', u'TSIG', u'TXT',
|
|
|
590d18 |
+ u'DNAME', u'DS', u'HIP', u'HINFO', u'IPSECKEY', u'KEY', u'KX', u'LOC',
|
|
|
590d18 |
+ u'MD', u'MINFO', u'MX', u'NAPTR', u'NS', u'NSEC', u'NXT', u'PTR', u'RRSIG',
|
|
|
590d18 |
+ u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TLSA', u'TXT',
|
|
|
590d18 |
)
|
|
|
590d18 |
|
|
|
590d18 |
# DNS zone record identificator
|
|
|
590d18 |
@@ -1092,9 +1091,6 @@ class DNAMERecord(DNSRecord):
|
|
|
590d18 |
),
|
|
|
590d18 |
)
|
|
|
590d18 |
|
|
|
590d18 |
-class DNSKEYRecord(UnsupportedDNSRecord):
|
|
|
590d18 |
- rrtype = 'DNSKEY'
|
|
|
590d18 |
- rfc = 4034
|
|
|
590d18 |
|
|
|
590d18 |
class DSRecord(DNSRecord):
|
|
|
590d18 |
rrtype = 'DS'
|
|
|
590d18 |
@@ -1129,6 +1125,11 @@ class DLVRecord(DSRecord):
|
|
|
590d18 |
rfc = 4431
|
|
|
590d18 |
|
|
|
590d18 |
|
|
|
590d18 |
+class HINFORecord(UnsupportedDNSRecord):
|
|
|
590d18 |
+ rrtype = 'HINFO'
|
|
|
590d18 |
+ rfc = 1035
|
|
|
590d18 |
+
|
|
|
590d18 |
+
|
|
|
590d18 |
class HIPRecord(UnsupportedDNSRecord):
|
|
|
590d18 |
rrtype = 'HIP'
|
|
|
590d18 |
rfc = 5205
|
|
|
590d18 |
@@ -1287,6 +1288,18 @@ class LOCRecord(DNSRecord):
|
|
|
590d18 |
name=target_cli_name)
|
|
|
590d18 |
raise errors.ValidationError(name=self.name, error=error)
|
|
|
590d18 |
|
|
|
590d18 |
+
|
|
|
590d18 |
+class MDRecord(UnsupportedDNSRecord):
|
|
|
590d18 |
+ # obsoleted, use MX instead
|
|
|
590d18 |
+ rrtype = 'MD'
|
|
|
590d18 |
+ rfc = 1035
|
|
|
590d18 |
+
|
|
|
590d18 |
+
|
|
|
590d18 |
+class MINFORecord(UnsupportedDNSRecord):
|
|
|
590d18 |
+ rrtype = 'MINFO'
|
|
|
590d18 |
+ rfc = 1035
|
|
|
590d18 |
+
|
|
|
590d18 |
+
|
|
|
590d18 |
class MXRecord(DNSRecord):
|
|
|
590d18 |
rrtype = 'MX'
|
|
|
590d18 |
rfc = 1035
|
|
|
590d18 |
@@ -1318,9 +1331,6 @@ class NSECRecord(UnsupportedDNSRecord):
|
|
|
590d18 |
rrtype = 'NSEC'
|
|
|
590d18 |
rfc = 4034
|
|
|
590d18 |
|
|
|
590d18 |
-class NSEC3Record(UnsupportedDNSRecord):
|
|
|
590d18 |
- rrtype = 'NSEC3'
|
|
|
590d18 |
- rfc = 5155
|
|
|
590d18 |
|
|
|
590d18 |
def _validate_naptr_flags(ugettext, flags):
|
|
|
590d18 |
allowed_flags = u'SAUP'
|
|
|
590d18 |
@@ -1361,6 +1371,12 @@ class NAPTRRecord(DNSRecord):
|
|
|
590d18 |
),
|
|
|
590d18 |
)
|
|
|
590d18 |
|
|
|
590d18 |
+
|
|
|
590d18 |
+class NXTRecord(UnsupportedDNSRecord):
|
|
|
590d18 |
+ rrtype = 'NXT'
|
|
|
590d18 |
+ rfc = 2535
|
|
|
590d18 |
+
|
|
|
590d18 |
+
|
|
|
590d18 |
class PTRRecord(DNSRecord):
|
|
|
590d18 |
rrtype = 'PTR'
|
|
|
590d18 |
rfc = 1035
|
|
|
590d18 |
@@ -1450,10 +1466,6 @@ class SSHFPRecord(DNSRecord):
|
|
|
590d18 |
return tuple(values)
|
|
|
590d18 |
|
|
|
590d18 |
|
|
|
590d18 |
-class TARecord(UnsupportedDNSRecord):
|
|
|
590d18 |
- rrtype = 'TA'
|
|
|
590d18 |
-
|
|
|
590d18 |
-
|
|
|
590d18 |
class TLSARecord(DNSRecord):
|
|
|
590d18 |
rrtype = 'TLSA'
|
|
|
590d18 |
rfc = 6698
|
|
|
590d18 |
@@ -1479,12 +1491,6 @@ class TLSARecord(DNSRecord):
|
|
|
590d18 |
)
|
|
|
590d18 |
|
|
|
590d18 |
|
|
|
590d18 |
-class TKEYRecord(UnsupportedDNSRecord):
|
|
|
590d18 |
- rrtype = 'TKEY'
|
|
|
590d18 |
-
|
|
|
590d18 |
-class TSIGRecord(UnsupportedDNSRecord):
|
|
|
590d18 |
- rrtype = 'TSIG'
|
|
|
590d18 |
-
|
|
|
590d18 |
class TXTRecord(DNSRecord):
|
|
|
590d18 |
rrtype = 'TXT'
|
|
|
590d18 |
rfc = 1035
|
|
|
590d18 |
@@ -1509,7 +1515,6 @@ _dns_records = (
|
|
|
590d18 |
DHCIDRecord(),
|
|
|
590d18 |
DLVRecord(),
|
|
|
590d18 |
DNAMERecord(),
|
|
|
590d18 |
- DNSKEYRecord(),
|
|
|
590d18 |
DSRecord(),
|
|
|
590d18 |
HIPRecord(),
|
|
|
590d18 |
IPSECKEYRecord(),
|
|
|
590d18 |
@@ -1520,7 +1525,6 @@ _dns_records = (
|
|
|
590d18 |
NAPTRRecord(),
|
|
|
590d18 |
NSRecord(),
|
|
|
590d18 |
NSECRecord(),
|
|
|
590d18 |
- NSEC3Record(),
|
|
|
590d18 |
PTRRecord(),
|
|
|
590d18 |
RRSIGRecord(),
|
|
|
590d18 |
RPRecord(),
|
|
|
590d18 |
@@ -1528,10 +1532,7 @@ _dns_records = (
|
|
|
590d18 |
SPFRecord(),
|
|
|
590d18 |
SRVRecord(),
|
|
|
590d18 |
SSHFPRecord(),
|
|
|
590d18 |
- TARecord(),
|
|
|
590d18 |
TLSARecord(),
|
|
|
590d18 |
- TKEYRecord(),
|
|
|
590d18 |
- TSIGRecord(),
|
|
|
590d18 |
TXTRecord(),
|
|
|
590d18 |
)
|
|
|
590d18 |
|
|
|
590d18 |
@@ -2500,20 +2501,21 @@ class dnszone(DNSZoneBase):
|
|
|
590d18 |
'ipapermtarget': DN('idnsname=*', 'cn=dns', api.env.basedn),
|
|
|
590d18 |
'ipapermdefaultattr': {
|
|
|
590d18 |
'objectclass',
|
|
|
590d18 |
- 'a6record', 'aaaarecord', 'afsdbrecord', 'arecord',
|
|
|
590d18 |
- 'certrecord', 'cn', 'cnamerecord', 'dlvrecord', 'dnamerecord',
|
|
|
590d18 |
- 'dnsclass', 'dnsttl', 'dsrecord', 'hinforecord',
|
|
|
590d18 |
- 'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr',
|
|
|
590d18 |
- 'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy',
|
|
|
590d18 |
- 'idnsname', 'idnssecinlinesigning', 'idnssoaexpire',
|
|
|
590d18 |
- 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh',
|
|
|
590d18 |
- 'idnssoaretry', 'idnssoarname', 'idnssoaserial',
|
|
|
590d18 |
- 'idnsupdatepolicy', 'idnszoneactive', 'keyrecord', 'kxrecord',
|
|
|
590d18 |
+ 'a6record', 'aaaarecord', 'afsdbrecord', 'aplrecord', 'arecord',
|
|
|
590d18 |
+ 'certrecord', 'cn', 'cnamerecord', 'dhcidrecord', 'dlvrecord',
|
|
|
590d18 |
+ 'dnamerecord', 'dnsclass', 'dnsttl', 'dsrecord',
|
|
|
590d18 |
+ 'hinforecord', 'hiprecord', 'idnsallowdynupdate',
|
|
|
590d18 |
+ 'idnsallowquery', 'idnsallowsyncptr', 'idnsallowtransfer',
|
|
|
590d18 |
+ 'idnsforwarders', 'idnsforwardpolicy', 'idnsname',
|
|
|
590d18 |
+ 'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum',
|
|
|
590d18 |
+ 'idnssoamname', 'idnssoarefresh', 'idnssoaretry',
|
|
|
590d18 |
+ 'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy',
|
|
|
590d18 |
+ 'idnszoneactive', 'ipseckeyrecord','keyrecord', 'kxrecord',
|
|
|
590d18 |
'locrecord', 'managedby', 'mdrecord', 'minforecord',
|
|
|
590d18 |
'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',
|
|
|
590d18 |
- 'nsrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord',
|
|
|
590d18 |
- 'sigrecord', 'srvrecord', 'sshfprecord', 'tlsarecord',
|
|
|
590d18 |
- 'txtrecord', 'unknownrecord',
|
|
|
590d18 |
+ 'nsrecord', 'nxtrecord', 'ptrrecord', 'rprecord', 'rrsigrecord',
|
|
|
590d18 |
+ 'sigrecord', 'spfrecord', 'srvrecord', 'sshfprecord',
|
|
|
590d18 |
+ 'tlsarecord', 'txtrecord', 'unknownrecord',
|
|
|
590d18 |
},
|
|
|
590d18 |
'replaces_system': ['Read DNS Entries'],
|
|
|
590d18 |
'default_privileges': {'DNS Administrators', 'DNS Servers'},
|
|
|
590d18 |
@@ -2534,20 +2536,21 @@ class dnszone(DNSZoneBase):
|
|
|
590d18 |
'ipapermlocation': api.env.basedn,
|
|
|
590d18 |
'ipapermtarget': DN('idnsname=*', 'cn=dns', api.env.basedn),
|
|
|
590d18 |
'ipapermdefaultattr': {
|
|
|
590d18 |
- 'a6record', 'aaaarecord', 'afsdbrecord', 'arecord',
|
|
|
590d18 |
- 'certrecord', 'cn', 'cnamerecord', 'dlvrecord', 'dnamerecord',
|
|
|
590d18 |
- 'dnsclass', 'dnsttl', 'dsrecord', 'hinforecord',
|
|
|
590d18 |
- 'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr',
|
|
|
590d18 |
- 'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy',
|
|
|
590d18 |
- 'idnsname', 'idnssecinlinesigning', 'idnssoaexpire',
|
|
|
590d18 |
- 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh',
|
|
|
590d18 |
- 'idnssoaretry', 'idnssoarname', 'idnssoaserial',
|
|
|
590d18 |
- 'idnsupdatepolicy', 'idnszoneactive', 'keyrecord', 'kxrecord',
|
|
|
590d18 |
+ 'a6record', 'aaaarecord', 'afsdbrecord', 'aplrecord', 'arecord',
|
|
|
590d18 |
+ 'certrecord', 'cn', 'cnamerecord', 'dhcidrecord', 'dlvrecord',
|
|
|
590d18 |
+ 'dnamerecord', 'dnsclass', 'dnsttl', 'dsrecord',
|
|
|
590d18 |
+ 'hinforecord', 'hiprecord', 'idnsallowdynupdate',
|
|
|
590d18 |
+ 'idnsallowquery', 'idnsallowsyncptr', 'idnsallowtransfer',
|
|
|
590d18 |
+ 'idnsforwarders', 'idnsforwardpolicy', 'idnsname',
|
|
|
590d18 |
+ 'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum',
|
|
|
590d18 |
+ 'idnssoamname', 'idnssoarefresh', 'idnssoaretry',
|
|
|
590d18 |
+ 'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy',
|
|
|
590d18 |
+ 'idnszoneactive', 'ipseckeyrecord','keyrecord', 'kxrecord',
|
|
|
590d18 |
'locrecord', 'managedby', 'mdrecord', 'minforecord',
|
|
|
590d18 |
'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',
|
|
|
590d18 |
- 'nsrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord',
|
|
|
590d18 |
- 'sigrecord', 'srvrecord', 'sshfprecord', 'tlsarecord',
|
|
|
590d18 |
- 'txtrecord', 'unknownrecord',
|
|
|
590d18 |
+ 'nsrecord', 'nxtrecord', 'ptrrecord', 'rprecord', 'rrsigrecord',
|
|
|
590d18 |
+ 'sigrecord', 'spfrecord', 'srvrecord', 'sshfprecord',
|
|
|
590d18 |
+ 'tlsarecord', 'txtrecord', 'unknownrecord',
|
|
|
590d18 |
},
|
|
|
590d18 |
'replaces': [
|
|
|
590d18 |
'(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)',
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|