Bug 815828
Summary: | Rename DNS permissions to use mixed-case | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | mkosek, nsoman, xdong |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.0.3-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 10:08:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 976382, 1153292 | ||
Bug Blocks: |
Description
Dmitri Pal
2012-04-24 15:40:00 UTC
Fixed as part of the RFE in Bug 976382: # ipa permission-find dns --------------------- 6 permissions matched --------------------- Permission name: System: Add DNS Entries Granted rights: add Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Read DNS Configuration Granted rights: read Effective attributes: idnsallowsyncptr, idnsforwarders, idnsforwardpolicy, idnspersistentsearch, idnszonerefresh, objectclass Default attributes: idnsforwardpolicy, objectclass, idnsallowsyncptr, idnsforwarders, idnspersistentsearch, idnszonerefresh Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test Extra target filter: (objectclass=idnsConfigObject) ACI target DN: cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Read DNS Entries Granted rights: read, compare, search Effective attributes: a6record, aaaarecord, afsdbrecord, arecord, certrecord, cn, cnamerecord, dlvrecord, dnamerecord, dnsclass, dnsttl, dsrecord, hinforecord, idnsallowdynupdate, idnsallowquery, idnsallowsyncptr, idnsallowtransfer, idnsforwarders, idnsforwardpolicy, idnsname, idnssoaexpire, idnssoaminimum, idnssoamname, idnssoarefresh, idnssoaretry, idnssoarname, idnssoaserial, idnsupdatepolicy, idnszoneactive, keyrecord, kxrecord, locrecord, managedby, mdrecord, minforecord, mxrecord, naptrrecord, nsec3paramrecord, nsecrecord, nsrecord, nxtrecord, objectclass, ptrrecord, rrsigrecord, sigrecord, srvrecord, sshfprecord, txtrecord Default attributes: sshfprecord, cn, idnsforwardpolicy, nxtrecord, idnsallowtransfer, idnssoaretry, mxrecord, idnsallowdynupdate, mdrecord, arecord, dlvrecord, kxrecord, managedby, ptrrecord, idnsforwarders, nsec3paramrecord, idnsupdatepolicy, idnsallowquery, idnssoarefresh, idnsname, afsdbrecord, naptrrecord, idnszoneactive, nsrecord, locrecord, dnsttl, sigrecord, idnssoaminimum, aaaarecord, rrsigrecord, idnssoamname, hinforecord, idnssoaexpire, dnsclass, cnamerecord, dnamerecord, idnssoaserial, idnsallowsyncptr, certrecord, srvrecord, objectclass, dsrecord, txtrecord, nsecrecord, a6record, keyrecord, idnssoarname, minforecord Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Remove DNS Entries Granted rights: delete Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Update DNS Entries Granted rights: write Effective attributes: a6record, aaaarecord, afsdbrecord, arecord, certrecord, cn, cnamerecord, dlvrecord, dnamerecord, dnsclass, dnsttl, dsrecord, hinforecord, idnsallowdynupdate, idnsallowquery, idnsallowsyncptr, idnsallowtransfer, idnsforwarders, idnsforwardpolicy, idnsname, idnssoaexpire, idnssoaminimum, idnssoamname, idnssoarefresh, idnssoaretry, idnssoarname, idnssoaserial, idnsupdatepolicy, idnszoneactive, keyrecord, kxrecord, locrecord, managedby, mdrecord, minforecord, mxrecord, naptrrecord, nsec3paramrecord, nsecrecord, nsrecord, nxtrecord, ptrrecord, rrsigrecord, sigrecord, srvrecord, sshfprecord, txtrecord Default attributes: sshfprecord, cn, idnsforwardpolicy, nxtrecord, idnsallowtransfer, idnssoaretry, mxrecord, idnsallowdynupdate, mdrecord, arecord, dlvrecord, kxrecord, managedby, ptrrecord, idnsforwarders, nsec3paramrecord, idnsupdatepolicy, idnsallowquery, idnssoarefresh, idnsname, afsdbrecord, dnsttl, idnszoneactive, nsrecord, locrecord, sigrecord, idnssoaminimum, aaaarecord, rrsigrecord, idnssoamname, hinforecord, idnssoaexpire, dnsclass, cnamerecord, dnamerecord, idnssoaserial, idnsallowsyncptr, certrecord, srvrecord, naptrrecord, dsrecord, txtrecord, nsecrecord, a6record, keyrecord, idnssoarname, minforecord Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Write DNS Configuration Granted rights: write Effective attributes: idnsallowsyncptr, idnsforwarders, idnsforwardpolicy, idnspersistentsearch, idnszonerefresh Default attributes: idnsallowsyncptr, idnsforwardpolicy, idnspersistentsearch, idnszonerefresh, idnsforwarders Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test Extra target filter: (objectclass=idnsConfigObject) ACI target DN: cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators ---------------------------- Number of entries returned 6 ---------------------------- Verified on ipa-server-4.1.0-13.el7.x86_64: [root@hp-dl380pgen8-01 ~]# ipa permission-find dns | grep "Permission name:" Permission name: System: Add DNS Entries Permission name: System: Manage DNSSEC keys Permission name: System: Manage DNSSEC metadata Permission name: System: Modify Realm Domains Permission name: System: Read DNS Configuration Permission name: System: Read DNS Entries Permission name: System: Read DNSSEC metadata Permission name: System: Remove DNS Entries Permission name: System: Update DNS Entries Permission name: System: Write DNS Configuration Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |