diff --git a/0001-Bugfix-Improve-LDAP-schema-to-be-loadable-by-OpenLDA.patch b/0001-Bugfix-Improve-LDAP-schema-to-be-loadable-by-OpenLDA.patch new file mode 100644 index 0000000..c7e3b20 --- /dev/null +++ b/0001-Bugfix-Improve-LDAP-schema-to-be-loadable-by-OpenLDA.patch @@ -0,0 +1,338 @@ +From d7a0d0544385376fb31d9f59860dc80b3c61e244 Mon Sep 17 00:00:00 2001 +From: Adam Tkac +Date: Wed, 15 Dec 2010 14:59:16 +0100 +Subject: [PATCH 1/4] [Bugfix] Improve LDAP schema to be loadable by OpenLDAP. + +OpenLDAP's slapd daemon doesn't like entry's closing parenthesis on the new +line. It has to be on the end of the last line of the entry. + +Signed-off-by: Adam Tkac +--- + doc/schema | 105 ++++++++++++++++++++---------------------------------------- + 1 files changed, 35 insertions(+), 70 deletions(-) + +diff --git a/doc/schema b/doc/schema +index ef18952..a5dacb4 100644 +--- a/doc/schema ++++ b/doc/schema +@@ -2,175 +2,153 @@ attributetype ( 1.3.6.1.4.1.2428.20.0.0 + NAME 'dNSTTL' + DESC 'An integer denoting time to live' + EQUALITY integerMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + + attributetype ( 1.3.6.1.4.1.2428.20.0.1 + NAME 'dNSClass' + DESC 'The class of a resource record' + EQUALITY caseIgnoreIA5Match +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.12 + NAME 'pTRRecord' + DESC 'domain name pointer, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.13 + NAME 'hInfoRecord' + DESC 'host information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.14 + NAME 'mInfoRecord' + DESC 'mailbox or mail list information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.16 + NAME 'tXTRecord' + DESC 'text string, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.18 + NAME 'aFSDBRecord' + DESC 'for AFS Data Base location, RFC 1183' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.24 + NAME 'SigRecord' + DESC 'Signature, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.25 + NAME 'KeyRecord' + DESC 'Key, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.28 + NAME 'aAAARecord' + DESC 'IPv6 address, RFC 1886' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.29 + NAME 'LocRecord' + DESC 'Location, RFC 1876' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.30 + NAME 'nXTRecord' + DESC 'non-existant, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.33 + NAME 'sRVRecord' + DESC 'service location, RFC 2782' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.35 + NAME 'nAPTRRecord' + DESC 'Naming Authority Pointer, RFC 2915' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.36 + NAME 'kXRecord' + DESC 'Key Exchange Delegation, RFC 2230' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.37 + NAME 'certRecord' + DESC 'certificate, RFC 2538' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.38 + NAME 'a6Record' + DESC 'A6 Record Type, RFC 2874' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.39 + NAME 'dNameRecord' + DESC 'Non-Terminal DNS Name Redirection, RFC 2672' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.43 + NAME 'dSRecord' + DESC 'Delegation Signer, RFC 3658' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.44 + NAME 'sSHFPRecord' + DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.46 + NAME 'rRSIGRecord' + DESC 'RRSIG, RFC 3755' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.2428.20.1.47 + NAME 'nSECRecord' + DESC 'NSEC, RFC 3755' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +-) ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 2.16.840.1.113730.3.8.5.0 + NAME 'idnsName' +@@ -178,24 +156,21 @@ attributetype ( 2.16.840.1.113730.3.8.5.0 + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.1 + NAME 'idnsAllowDynUpdate' + DESC 'permit dynamic updates on this zone' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.2 + NAME 'idnsZoneActive' + DESC 'define if the zone is considered in use' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.3 + NAME 'idnsSOAmName' +@@ -203,8 +178,7 @@ attributetype ( 2.16.840.1.113730.3.8.5.3 + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.4 + NAME 'idnsSOArName' +@@ -212,48 +186,42 @@ attributetype ( 2.16.840.1.113730.3.8.5.4 + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.5 + NAME 'idnsSOAserial' + DESC 'SOA serial number' + EQUALITY numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.6 + NAME 'idnsSOArefresh' + DESC 'SOA refresh value' + EQUALITY numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.7 + NAME 'idnsSOAretry' + DESC 'SOA retry value' + EQUALITY numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.8 + NAME 'idnsSOAexpire' + DESC 'SOA expire value' + EQUALITY numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.9 + NAME 'idnsSOAminimum' + DESC 'SOA minimum value' + EQUALITY numericStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + attributetype ( 2.16.840.1.113730.3.8.5.10 + NAME 'idnsUpdatePolicy' +@@ -261,8 +229,7 @@ attributetype ( 2.16.840.1.113730.3.8.5.10 + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +- SINGLE-VALUE +-) ++ SINGLE-VALUE ) + + objectclass ( 2.16.840.1.113730.3.8.6.0 + NAME 'idnsRecord' +@@ -276,8 +243,7 @@ objectclass ( 2.16.840.1.113730.3.8.6.0 + MINFORecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ LOCRecord $ + NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $ + DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord +- ) +-) ++ ) ) + + objectclass ( 2.16.840.1.113730.3.8.6.1 + NAME 'idnsZone' +@@ -288,5 +254,4 @@ objectclass ( 2.16.840.1.113730.3.8.6.1 + idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ + idnsSOAminimum + ) +- MAY idnsUpdatePolicy +-) ++ MAY idnsUpdatePolicy ) +-- +1.7.3.3 + diff --git a/0004-Bugfix-Fix-loading-of-child-zones-from-LDAP.patch b/0004-Bugfix-Fix-loading-of-child-zones-from-LDAP.patch new file mode 100644 index 0000000..99e741c --- /dev/null +++ b/0004-Bugfix-Fix-loading-of-child-zones-from-LDAP.patch @@ -0,0 +1,34 @@ +From d3057f37d4dc163af58b63424a835f95fa74141d Mon Sep 17 00:00:00 2001 +From: Adam Tkac +Date: Wed, 15 Dec 2010 17:49:15 +0100 +Subject: [PATCH 4/4] [Bugfix] Fix loading of child zones from LDAP. + +This commit fixes https://bugzilla.redhat.com/show_bug.cgi?id=622617. + +Signed-off-by: Adam Tkac +--- + src/zone_register.c | 7 +++++-- + 1 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/zone_register.c b/src/zone_register.c +index 7fb9924..ca51875 100644 +--- a/src/zone_register.c ++++ b/src/zone_register.c +@@ -180,9 +180,12 @@ zr_add_zone(zone_register_t *zr, dns_zone_t *zone, const char *dn) + + RWLOCK(&zr->rwlock, isc_rwlocktype_write); + +- /* First make sure the node doesn't exist. */ ++ /* ++ * First make sure the node doesn't exist. Partial matches mean ++ * there are also child zones in the LDAP database which is allowed. ++ */ + result = dns_rbt_findname(zr->rbt, name, 0, NULL, &dummy); +- if (result != ISC_R_NOTFOUND) { ++ if (result != ISC_R_NOTFOUND && result != DNS_R_PARTIALMATCH) { + if (result == ISC_R_SUCCESS) + result = ISC_R_EXISTS; + log_error_r("failed to add zone to the zone register"); +-- +1.7.3.3 + diff --git a/bind-dyndb-ldap.spec b/bind-dyndb-ldap.spec index 4538765..55ebb8f 100644 --- a/bind-dyndb-ldap.spec +++ b/bind-dyndb-ldap.spec @@ -1,6 +1,6 @@ Name: bind-dyndb-ldap Version: 0.1.0 -Release: 0.16.b%{?dist} +Release: 0.17.b%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries @@ -9,6 +9,9 @@ URL: https://fedorahosted.org/bind-dyndb-ldap Source0: https://fedorahosted.org/released/%{name}/%{name}-%{version}b.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Patch0: 0001-Bugfix-Improve-LDAP-schema-to-be-loadable-by-OpenLDA.patch +Patch1: 0004-Bugfix-Fix-loading-of-child-zones-from-LDAP.patch + BuildRequires: bind-devel >= 32:9.6.1-0.3.b1 BuildRequires: krb5-devel BuildRequires: openldap-devel @@ -24,6 +27,8 @@ off of your LDAP server. %prep %setup -q -n %{name}-%{version}b +%patch0 -p1 -b .rh622604 +%patch1 -p1 -b .rh622617 %build export CFLAGS="`isc-config.sh --cflags dns` $RPM_OPT_FLAGS" @@ -51,6 +56,10 @@ rm -rf %{buildroot} %changelog +* Wed Dec 15 2010 Adam Tkac - 0.1.0-0.17.b +- fix LDAP schema (#622604) +- load child zones from LDAP correctly (#622617) + * Fri Oct 22 2010 Adam Tkac - 0.1.0-0.16.b - build with correct RPM_OPT_FLAGS (#645529)