Red Hat Bugzilla – Bug 815828
Rename DNS permissions to use mixed-case
Last modified: 2015-03-05 05:08:20 EST
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/2659 There are three DNS permissions all named with lower-case which is inconsistent with other permission names: {{{ Permission name: add dns entries Permission name: remove dns entries Permission name: update dns entries }}}
Fixed as part of the RFE in Bug 976382: # ipa permission-find dns --------------------- 6 permissions matched --------------------- Permission name: System: Add DNS Entries Granted rights: add Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Read DNS Configuration Granted rights: read Effective attributes: idnsallowsyncptr, idnsforwarders, idnsforwardpolicy, idnspersistentsearch, idnszonerefresh, objectclass Default attributes: idnsforwardpolicy, objectclass, idnsallowsyncptr, idnsforwarders, idnspersistentsearch, idnszonerefresh Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test Extra target filter: (objectclass=idnsConfigObject) ACI target DN: cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Read DNS Entries Granted rights: read, compare, search Effective attributes: a6record, aaaarecord, afsdbrecord, arecord, certrecord, cn, cnamerecord, dlvrecord, dnamerecord, dnsclass, dnsttl, dsrecord, hinforecord, idnsallowdynupdate, idnsallowquery, idnsallowsyncptr, idnsallowtransfer, idnsforwarders, idnsforwardpolicy, idnsname, idnssoaexpire, idnssoaminimum, idnssoamname, idnssoarefresh, idnssoaretry, idnssoarname, idnssoaserial, idnsupdatepolicy, idnszoneactive, keyrecord, kxrecord, locrecord, managedby, mdrecord, minforecord, mxrecord, naptrrecord, nsec3paramrecord, nsecrecord, nsrecord, nxtrecord, objectclass, ptrrecord, rrsigrecord, sigrecord, srvrecord, sshfprecord, txtrecord Default attributes: sshfprecord, cn, idnsforwardpolicy, nxtrecord, idnsallowtransfer, idnssoaretry, mxrecord, idnsallowdynupdate, mdrecord, arecord, dlvrecord, kxrecord, managedby, ptrrecord, idnsforwarders, nsec3paramrecord, idnsupdatepolicy, idnsallowquery, idnssoarefresh, idnsname, afsdbrecord, naptrrecord, idnszoneactive, nsrecord, locrecord, dnsttl, sigrecord, idnssoaminimum, aaaarecord, rrsigrecord, idnssoamname, hinforecord, idnssoaexpire, dnsclass, cnamerecord, dnamerecord, idnssoaserial, idnsallowsyncptr, certrecord, srvrecord, objectclass, dsrecord, txtrecord, nsecrecord, a6record, keyrecord, idnssoarname, minforecord Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Remove DNS Entries Granted rights: delete Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Update DNS Entries Granted rights: write Effective attributes: a6record, aaaarecord, afsdbrecord, arecord, certrecord, cn, cnamerecord, dlvrecord, dnamerecord, dnsclass, dnsttl, dsrecord, hinforecord, idnsallowdynupdate, idnsallowquery, idnsallowsyncptr, idnsallowtransfer, idnsforwarders, idnsforwardpolicy, idnsname, idnssoaexpire, idnssoaminimum, idnssoamname, idnssoarefresh, idnssoaretry, idnssoarname, idnssoaserial, idnsupdatepolicy, idnszoneactive, keyrecord, kxrecord, locrecord, managedby, mdrecord, minforecord, mxrecord, naptrrecord, nsec3paramrecord, nsecrecord, nsrecord, nxtrecord, ptrrecord, rrsigrecord, sigrecord, srvrecord, sshfprecord, txtrecord Default attributes: sshfprecord, cn, idnsforwardpolicy, nxtrecord, idnsallowtransfer, idnssoaretry, mxrecord, idnsallowdynupdate, mdrecord, arecord, dlvrecord, kxrecord, managedby, ptrrecord, idnsforwarders, nsec3paramrecord, idnsupdatepolicy, idnsallowquery, idnssoarefresh, idnsname, afsdbrecord, dnsttl, idnszoneactive, nsrecord, locrecord, sigrecord, idnssoaminimum, aaaarecord, rrsigrecord, idnssoamname, hinforecord, idnssoaexpire, dnsclass, cnamerecord, dnamerecord, idnssoaserial, idnsallowsyncptr, certrecord, srvrecord, naptrrecord, dsrecord, txtrecord, nsecrecord, a6record, keyrecord, idnssoarname, minforecord Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators Permission name: System: Write DNS Configuration Granted rights: write Effective attributes: idnsallowsyncptr, idnsforwarders, idnsforwardpolicy, idnspersistentsearch, idnszonerefresh Default attributes: idnsallowsyncptr, idnsforwardpolicy, idnspersistentsearch, idnszonerefresh, idnsforwarders Bind rule type: permission Subtree: dc=mkosek-fedora20,dc=test Extra target filter: (objectclass=idnsConfigObject) ACI target DN: cn=dns,dc=mkosek-fedora20,dc=test Granted to Privilege: DNS Servers, DNS Administrators ---------------------------- Number of entries returned 6 ----------------------------
Verified on ipa-server-4.1.0-13.el7.x86_64: [root@hp-dl380pgen8-01 ~]# ipa permission-find dns | grep "Permission name:" Permission name: System: Add DNS Entries Permission name: System: Manage DNSSEC keys Permission name: System: Manage DNSSEC metadata Permission name: System: Modify Realm Domains Permission name: System: Read DNS Configuration Permission name: System: Read DNS Entries Permission name: System: Read DNSSEC metadata Permission name: System: Remove DNS Entries Permission name: System: Update DNS Entries Permission name: System: Write DNS Configuration
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html