[Freeipa-devel] [PATCH 0077] Add dnssecinlinesigning attribute to ACI
Petr Viktorin
pviktori at redhat.com
Wed Jun 25 10:13:27 UTC 2014
On 06/20/2014 03:32 PM, Martin Basti wrote:
> Required patches: mbasti-0060, mbasti-0073
>
> Patch attached.
>
Hi,
For the raw ACI in dns.ldif, there are some more hoops to jump through.
Remove the ACI from /install/share/dns.ldif entirely (except for schema,
we're slowly replacing the .ldif content by .update files).
In install/updates/40-dns.update, you'll notice the "Update DNS entries
in a zone" ACI is already being added. You'll need to replace it, using
a line like:
replace:aci:'<old ACI>::<new ACI>'
This will remove the old value that IPA 3.x users still have.
I see you already changed the ACI in 7cdc417, in dns.ldif only. Be
sureto use the original value for <old ACI>.
--
Petr³
More information about the Freeipa-devel
mailing list