[Freeipa-devel] [PATCH] bind-dyndb-ldap: enable/disable PTR synchronization per zone
Simo Sorce
simo at redhat.com
Fri Dec 2 01:28:07 UTC 2011
On Thu, 2011-12-01 at 10:50 -0800, Nathan Kinder wrote:
> On 12/01/2011 06:27 AM, Simo Sorce wrote:
> > On Thu, 2011-12-01 at 09:00 -0500, Jiri Kuncar wrote:
> >> I've added an attribute "idnsAllowSyncPTR" to "idnsZone" to enable or
> >> disable synchronization of PTR records. However the bind-dyndb-ldap
> >> plugin option "sync_ptr" has to be included in /etc/named.conf to run
> >> synchronization feature.
> > We need an update script to run on ipa server at upgrade time then.
> >
> >> My quick fix of LDAP schema in /usr/share/ipa/60basev2.ldif:
> > The DNS schema objects are in 60ipadns.ldif
> >
> >> -----
> >> attributeTypes: (2.16.840.1.113730.3.8.5.11 NAME 'idnsAllowSyncPTR'
> >> DESC 'permit synchronization of PTR records' EQUALITY booleanMatch
> >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
> > NACK.
> > 5.11 is reserved by idnsAllowQuery and 5.12 by idnsAllowTransfer. The
> > first available OID is 5.13
> Do you have a page for tracking OID allocation within the FreeIPA
> namespace? If so, we should be sure to consult it to choose the next
> available OID and to update it once we have the final patch for this issue.
We have one place within Red Hat where we also keep track of all 389ds
OIDs that's how I know there is a conflict here.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list