Description of problem:
Currently we don't provide any way to specify a query or transfer acl. For now, we should at least allow query by default. We might later add a new idns attribute that would be used to specify the policy.
Version-Release number of selected component (if applicable):
no way to set zone's ACL
Adam: Can you please add steps to reproduce this issue? Thanks!
It is more enhancement than issue - see README file - http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=blobdiff;f=README;h=6848afcd7368a008e18c7521e20722f6541fe901;hp=4e5e9a47790d170e8109afaf3b2cad026a1e4a81;hb=9ead145742b386ed595e1a37446f7367cc1e4522;hpb=c38022a703b205656fd4c4d0ac6cc6ceb389cea7 ... idnsAllowQuery and idnsAllowTransfer zone (idnsZone) attributes should be allowed after update.
Although fix in bind-dyndb-ldap is complete and works fine, LDAP schema shipped in freeipa needs to be fixed as well. After that QE can verify freeipa suite is able to set query/transfer ACLs for DNS zone. Opened bug #701677, this feature will be reverified in 6.2.
This does not work for FreeIPA as we discussed with Adam earlier. I created a BZ ticket to improve our tracking of the bug:
Marking as verified for now.
Note that a complete fix depends on
bug #733371 and bug #701677
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.