Hide Forgot
I think it may be a good idea to let bind-dyndb-ldap read global forwarding/conditional forwarding from LDAP and set named properly. Right now, we add the global forwarder to named.conf during ipa-dns-install time. Therefore, this value can now only be changed by user with a root access to IPA server. This RFE would let IPA users with DNS Administrator role fix/change forwarding from any machine.
I see the relevant upstream ticket has been pushed: https://fedorahosted.org/bind-dyndb-ldap/ticket/42 Fixed by http://git.fedorahosted.org/git?p=bind-dyndb-ldap.git;a=commit;h=de6d75dae59eeb66f71544b4c9b6a68c9dc8fb95
Verified: ipa-server-2.2.0-13.el6.x86_64 bind-9.8.2-0.9.rc1.el6.x86_64 bind-dyndb-ldap-1.1.0-0.9.b1.el6.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0837.html