[Freeipa-devel] [PATCH] Changed dns permission types

Jan Zelený jzeleny at redhat.com
Thu Jan 27 10:46:00 UTC 2011 

Jan Zelený <jzeleny at redhat.com> wrote:
> Jan Zelený <jzeleny at redhat.com> wrote:
> > Rob Crittenden <rcritten at redhat.com> wrote:
> > > Jan Zelený wrote:
> > > > Rob Crittenden<rcritten at redhat.com>  wrote:
> > > >> Jan Zelený wrote:
> > > >>> Recent change of DNS module to version caused that dns object type
> > > >>> was replaced by dnszone and dnsrecord. This patch corrects dns
> > > >>> types in permissions class.
> > > >>> 
> > > >>> https://fedorahosted.org/freeipa/ticket/646
> > > >> 
> > > >> Nack. These values need to be added as valid types to the aci plugin
> > > >> and the _type_map needs to be updated.
> > > >> 
> > > >> rob
> > > > 
> > > > I'm sending an updated patch.
> > > > 
> > > > Jan
> > > 
> > > Since dnszone and dnsrecord point to the same kind of entry what is the
> > > point of having two separate names for them? When we read the entry we
> > > aren't going to be able to differentiate between the two.
> > 
> > I didn't take a look how the type thing works, so I'm kinda guessing here
> > (please ignore the comment if it is wrong):
> > Sure, object with idnszone class is always also in dnsrecord class, but
> > that's not the case backwards (idnsrecord object isn't always idnszone) -
> > so I think it is possible to set different ACIs for these two types.
> > 
> > > Can the type be made more specific?
> > 
> > If the mapping doesn't distinguish object classes and it can, maybe
> > that's the answer. Will investagate further. But if not, I still think
> > this is the way to go considering the underline issue which we tried to
> > solve by this change.
> 
> From what I found I think that making changes necessary to distinguish
> dnsrecord and dnszone are not worth it, especially that user can use
> "filter" for that purpose. Since having both of them doesn't have any
> additional value, I'm sending new version of the patch, which is only
> adding dnsrecord type.
> 
> Jan

Just a small reminder that this patch is ready to be re-reviewed.

Thanks
Jan

More information about the Freeipa-devel mailing list