Bug 815828 - Rename DNS permissions to use mixed-case
Rename DNS permissions to use mixed-case
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.0
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Martin Kosek
Namita Soman
:
Depends On: 976382 1153292
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-24 11:40 EDT by Dmitri Pal
Modified: 2015-03-05 05:08 EST (History)
3 users (show)

See Also:
Fixed In Version: ipa-4.0.3-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 05:08:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-04-24 11:40:00 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2659

There are three DNS permissions all named with lower-case which is inconsistent with other permission names:
{{{
  Permission name: add dns entries
  Permission name: remove dns entries
  Permission name: update dns entries
}}}
Comment 2 Martin Kosek 2014-06-26 06:20:32 EDT
Fixed as part of the RFE in Bug 976382:

# ipa permission-find dns
---------------------
6 permissions matched
---------------------
  Permission name: System: Add DNS Entries
  Granted rights: add
  Bind rule type: permission
  Subtree: dc=mkosek-fedora20,dc=test
  ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test
  Granted to Privilege: DNS Servers, DNS Administrators

  Permission name: System: Read DNS Configuration
  Granted rights: read
  Effective attributes: idnsallowsyncptr, idnsforwarders, idnsforwardpolicy, idnspersistentsearch,
                        idnszonerefresh, objectclass
  Default attributes: idnsforwardpolicy, objectclass, idnsallowsyncptr, idnsforwarders,
                      idnspersistentsearch, idnszonerefresh
  Bind rule type: permission
  Subtree: dc=mkosek-fedora20,dc=test
  Extra target filter: (objectclass=idnsConfigObject)
  ACI target DN: cn=dns,dc=mkosek-fedora20,dc=test
  Granted to Privilege: DNS Servers, DNS Administrators

  Permission name: System: Read DNS Entries
  Granted rights: read, compare, search
  Effective attributes: a6record, aaaarecord, afsdbrecord, arecord, certrecord, cn, cnamerecord,
                        dlvrecord, dnamerecord, dnsclass, dnsttl, dsrecord, hinforecord,
                        idnsallowdynupdate, idnsallowquery, idnsallowsyncptr, idnsallowtransfer,
                        idnsforwarders, idnsforwardpolicy, idnsname, idnssoaexpire, idnssoaminimum,
                        idnssoamname, idnssoarefresh, idnssoaretry, idnssoarname, idnssoaserial,
                        idnsupdatepolicy, idnszoneactive, keyrecord, kxrecord, locrecord, managedby,
                        mdrecord, minforecord, mxrecord, naptrrecord, nsec3paramrecord, nsecrecord,
                        nsrecord, nxtrecord, objectclass, ptrrecord, rrsigrecord, sigrecord, srvrecord,
                        sshfprecord, txtrecord
  Default attributes: sshfprecord, cn, idnsforwardpolicy, nxtrecord, idnsallowtransfer, idnssoaretry,
                      mxrecord, idnsallowdynupdate, mdrecord, arecord, dlvrecord, kxrecord, managedby,
                      ptrrecord, idnsforwarders, nsec3paramrecord, idnsupdatepolicy, idnsallowquery,
                      idnssoarefresh, idnsname, afsdbrecord, naptrrecord, idnszoneactive, nsrecord,
                      locrecord, dnsttl, sigrecord, idnssoaminimum, aaaarecord, rrsigrecord,
                      idnssoamname, hinforecord, idnssoaexpire, dnsclass, cnamerecord, dnamerecord,
                      idnssoaserial, idnsallowsyncptr, certrecord, srvrecord, objectclass, dsrecord,
                      txtrecord, nsecrecord, a6record, keyrecord, idnssoarname, minforecord
  Bind rule type: permission
  Subtree: dc=mkosek-fedora20,dc=test
  ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test
  Granted to Privilege: DNS Servers, DNS Administrators

  Permission name: System: Remove DNS Entries
  Granted rights: delete
  Bind rule type: permission
  Subtree: dc=mkosek-fedora20,dc=test
  ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test
  Granted to Privilege: DNS Servers, DNS Administrators

  Permission name: System: Update DNS Entries
  Granted rights: write
  Effective attributes: a6record, aaaarecord, afsdbrecord, arecord, certrecord, cn, cnamerecord,
                        dlvrecord, dnamerecord, dnsclass, dnsttl, dsrecord, hinforecord,
                        idnsallowdynupdate, idnsallowquery, idnsallowsyncptr, idnsallowtransfer,
                        idnsforwarders, idnsforwardpolicy, idnsname, idnssoaexpire, idnssoaminimum,
                        idnssoamname, idnssoarefresh, idnssoaretry, idnssoarname, idnssoaserial,
                        idnsupdatepolicy, idnszoneactive, keyrecord, kxrecord, locrecord, managedby,
                        mdrecord, minforecord, mxrecord, naptrrecord, nsec3paramrecord, nsecrecord,
                        nsrecord, nxtrecord, ptrrecord, rrsigrecord, sigrecord, srvrecord, sshfprecord,
                        txtrecord
  Default attributes: sshfprecord, cn, idnsforwardpolicy, nxtrecord, idnsallowtransfer, idnssoaretry,
                      mxrecord, idnsallowdynupdate, mdrecord, arecord, dlvrecord, kxrecord, managedby,
                      ptrrecord, idnsforwarders, nsec3paramrecord, idnsupdatepolicy, idnsallowquery,
                      idnssoarefresh, idnsname, afsdbrecord, dnsttl, idnszoneactive, nsrecord,
                      locrecord, sigrecord, idnssoaminimum, aaaarecord, rrsigrecord, idnssoamname,
                      hinforecord, idnssoaexpire, dnsclass, cnamerecord, dnamerecord, idnssoaserial,
                      idnsallowsyncptr, certrecord, srvrecord, naptrrecord, dsrecord, txtrecord,
                      nsecrecord, a6record, keyrecord, idnssoarname, minforecord
  Bind rule type: permission
  Subtree: dc=mkosek-fedora20,dc=test
  ACI target DN: idnsname=*,cn=dns,dc=mkosek-fedora20,dc=test
  Granted to Privilege: DNS Servers, DNS Administrators

  Permission name: System: Write DNS Configuration
  Granted rights: write
  Effective attributes: idnsallowsyncptr, idnsforwarders, idnsforwardpolicy, idnspersistentsearch,
                        idnszonerefresh
  Default attributes: idnsallowsyncptr, idnsforwardpolicy, idnspersistentsearch, idnszonerefresh,
                      idnsforwarders
  Bind rule type: permission
  Subtree: dc=mkosek-fedora20,dc=test
  Extra target filter: (objectclass=idnsConfigObject)
  ACI target DN: cn=dns,dc=mkosek-fedora20,dc=test
  Granted to Privilege: DNS Servers, DNS Administrators
----------------------------
Number of entries returned 6
----------------------------
Comment 4 Xiyang Dong 2015-01-13 14:56:17 EST
Verified on ipa-server-4.1.0-13.el7.x86_64:

[root@hp-dl380pgen8-01 ~]# ipa permission-find dns | grep "Permission name:"
  Permission name: System: Add DNS Entries
  Permission name: System: Manage DNSSEC keys
  Permission name: System: Manage DNSSEC metadata
  Permission name: System: Modify Realm Domains
  Permission name: System: Read DNS Configuration
  Permission name: System: Read DNS Entries
  Permission name: System: Read DNSSEC metadata
  Permission name: System: Remove DNS Entries
  Permission name: System: Update DNS Entries
  Permission name: System: Write DNS Configuration
Comment 6 errata-xmlrpc 2015-03-05 05:08:20 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html

Note You need to log in before you can comment on or make changes to this bug.