Bug 667729

Summary: Allow specifying query and transfer policy settings for a zone
Product: Red Hat Enterprise Linux 6 Reporter: Adam Tkac <atkac>
Component: bind-dyndb-ldapAssignee: Adam Tkac <atkac>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: benl, jgalipea, lucas.yamanishi, mgregg, mkosek, ovasik, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 701677 (view as bug list) Environment:
Last Closed: 2011-12-06 17:57:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 733371    
Bug Blocks: 667704, 701677    

Description Adam Tkac 2011-01-06 16:03:17 UTC
Description of problem:
Currently we don't provide any way to specify a query or transfer acl. For now, we should at least allow query by default. We might later add a new idns attribute that would be used to specify the policy.

Version-Release number of selected component (if applicable):
bind-dyndb-ldap-0.1.0-0.9.b.el6

How reproducible:
always
  
Actual results:
no way to set zone's ACL

Comment 5 Jenny Severance 2011-04-06 18:21:09 UTC
Adam: Can you please add steps to reproduce this issue?  Thanks!

Comment 6 Ondrej Vasik 2011-04-06 18:40:47 UTC
It is more enhancement than issue - see README file - http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=blobdiff;f=README;h=6848afcd7368a008e18c7521e20722f6541fe901;hp=4e5e9a47790d170e8109afaf3b2cad026a1e4a81;hb=9ead145742b386ed595e1a37446f7367cc1e4522;hpb=c38022a703b205656fd4c4d0ac6cc6ceb389cea7 ... idnsAllowQuery and idnsAllowTransfer zone (idnsZone) attributes should be allowed after update.

Comment 14 Adam Tkac 2011-05-03 14:32:32 UTC
Although fix in bind-dyndb-ldap is complete and works fine, LDAP schema shipped in freeipa needs to be fixed as well. After that QE can verify freeipa suite is able to set query/transfer ACLs for DNS zone. Opened bug #701677, this feature will be reverified in 6.2.

Comment 17 Martin Kosek 2011-08-26 07:36:21 UTC
This does not work for FreeIPA as we discussed with Adam earlier. I created a BZ ticket to improve our tracking of the bug:

https://bugzilla.redhat.com/show_bug.cgi?id=733371

Comment 18 Michael Gregg 2011-11-08 18:54:50 UTC
Marking as verified for now. 

Note that a complete fix depends on 

bug #733371 and bug #701677

Verified against:
bind-dyndb-ldap-0.2.0-7.el6.x86_64
ipa-server-2.1.3-8.el6.x86_64

Comment 19 errata-xmlrpc 2011-12-06 17:57:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1715.html