Bug 1109759 - Rebase bind-dyndb-ldap to latest upstream version
Summary: Rebase bind-dyndb-ldap to latest upstream version
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: bind-dyndb-ldap
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Petr Spacek
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On: 1044159 1044170 1044171
Blocks: 1082754 1113520 957249 1078295 1138317 1370126
TreeView+ depends on / blocked
 
Reported: 2014-06-16 10:25 UTC by Martin Kosek
Modified: 2016-08-25 11:35 UTC (History)
2 users (show)

Fixed In Version: bind-dyndb-ldap-6.0-1.el7
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Feature: Enhancements ============ * Read-query performance is nearly same as with plain BIND and queries for non-existing records do not impose additional load on LDAP server. * Wildcard records are supported. For details please see RFC 4592. http://tools.ietf.org/html/rfc4592 * Incremental Zone Transfers (IXFR, RFC 1995) are supported. http://tools.ietf.org/html/rfc1995 * DNS root zone (".") can be stored in LDAP. * DNSSEC in-line signing is supported for master zones. Any master zone in LDAP can be signed with keys provided by user. Behavioral changes & upgrade ============================ * Forwarder semantic was changed to match BIND's semantic: - idnsZone objects always represent master zones - idnsForwardZone objects (new) always represent forward zones !!! Users are responsible for upgrading their own data in LDAP. !!! Upgrade: 1) Start with upgrading bind-dyndb-ldap package on all servers to latest version provided with RHEL 7.0. This step will help you minize downtime because bind-dyndb-ldap-3.5 supports old and new formats at the same time. 2) Retrieve zones stored in the old format: $ ldapsearch -Y GSSAPI -b 'cn=dns, dc=ipa, dc=example' '(&(objectClass=idnsZone)(idnsForwarders=*)(!(idnsForwardPolicy=none)))' objectClass idnsName idnsZoneActive idnsForwarders idnsForwardPolicy > old_zones.ldif # NOTE: parameters -Y and -b need to be tweaked according to your local configuration. # 3) Change objectClass attribute in old_zones.ldif by replacing 'idnsZone' with 'idnsForwardZone'. Resulting LDIF should have this form: dn: idnsName=example.com,cn=dns,dc=ipa,dc=example objectClass: top objectClass: idnsForwardZone idnsName: example.com idnsZoneActive: TRUE idnsForwarders: 192.0.2.1 idnsForwardPolicy: only 4) Delete old objects from LDAP. 5) Import modified objects to LDAP. http://www.freeipa.org/page/V4/Forward_zones#Updates_and_Upgrades * Persistent search and zone refresh mechanism were replaced by RFC 4533 (aka SyncRepl). ** Options zone_refresh, cache_ttl and psearch were removed and should be droped from /etc/named.conf or equivalent file. ** Also support for LDAP attributes idnsZoneRefresh and idnsPersistentSearch was removed and these attributes should be removed from LDAP. ** From now on, the bind-dyndb-ldap plugin will work only with RFC 4533-compliant LDAP servers. Please configure your LDAP sever accordingly. * SOA serial auto-increment feature is now mandatory. The plugin has to have write access to LDAP. * Data from LDAP are not served to clients until initial synchronization with LDAP is finished. All queries received during initial synchronization are processed as if bind-dyndb-ldap were not configured, i.e. can be answered with NXDOMAIN or . * Plug-in creates journal file for each DNS zone in LDAP. (This allows us to support IXFR.) Working directory has to be writable by named. Please see README if you have tweaked BIND and bind-dyndb-ldap configurations. Bug fixes ========= * Many :-) * Most important one: Kerberos ticket expiration is now handled correctly. Known problems and limitations ============================== * LDAP MODRDN (rename) is not supported at the moment: https://bugzilla.redhat.com/show_bug.cgi?id=1139776 * Zones and records deleted when connection to LDAP is down are not refreshed properly after re-connection: https://bugzilla.redhat.com/show_bug.cgi?id=1139778 Reason: We wanted to provide new features. Result: New features are available :-)
Clone Of:
Environment:
Last Closed: 2015-03-05 09:29:17 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0424 0 normal SHIPPED_LIVE bind-dyndb-ldap bug fix and enhancement update 2015-03-05 14:26:27 UTC

Description Martin Kosek 2014-06-16 10:25:03 UTC
Rebase bind-dyndb-ldap to the latest stabilization release of upstream bind-dyndb-ldap 5.x to introduce new enhancements and stabilization in RHEL.

Comment 1 Petr Spacek 2014-07-18 12:26:56 UTC
I'm adding 389 DS bugs which makes new version of bind-dyndb-ldap unusable.

Comment 3 Petr Spacek 2014-09-15 11:54:47 UTC
I'm renaming the bug to reflect latest requiements.

Comment 4 Namita Soman 2015-01-05 15:58:50 UTC
Verified version of bind-dyndb-ldap in rhel7.1

# rpm -qa bind-dyndb-ldap
bind-dyndb-ldap-6.0-2.el7.x86_64

Comment 6 errata-xmlrpc 2015-03-05 09:29:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0424.html


Note You need to log in before you can comment on or make changes to this bug.