Hi Noriko,
in the fix description you talk about a new keyword "dnsalias", but in
the diff I don't see any reference to it, wouldn't this require changes
in acl code as well eg. parser ?
Regards,
Ludwig
On 11/09/2012 02:57 AM, Noriko Hosoi wrote:
https://fedorahosted.org/389/ticket/311
https://fedorahosted.org/389/attachment/ticket/311/0001-Trac-Ticket-311-IP-lookup-failing-with-multiple-DNS-.patch
Bug description: DNS keyword in ACI only accepted an FQDN returned
from gethostbyaddr. If an alias hostname was set in an ACI, a request
sent from the host was treated as the one from the primary hostname
and it failed to get the expected access rights.
Fix description: This patch is advertising a keyword "dnsalias".
In addition to the primary hostname, by setting the secondary host-
names as dnsalias, clients requests would obtain the expected access
rights. When an IP address is associated with multiple hostnames
(primary: hostA, aliases: hostB and hostC), they could be listed, for
instance, in an aci as follows:
{{{
aci: (targetattr = "*") (version 3.0;acl "dnsalias example";allow (all)
dns="hostA.example.com" or dnsalias="hostB.example.com" or dnslias=
"hostC.example.com";)
}}}
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
