[Pdns-users] Status of the LDAP backend in 3.0 release
Christopher Wood
christopher_wood at pobox.com
Tue May 17 19:13:56 UTC 2011
On Tue, May 17, 2011 at 08:47:01PM +0200, Sten Spans wrote:
> On Tue, 17 May 2011, Christopher Wood wrote:
>
> >On Sat, May 14, 2011 at 09:12:25PM +0200, bert hubert wrote:
> >
> >(SNIP)
> >
> >>If you make a script that sets up LDAP so that I can test, I'll see. But I'm
> >>not going to delve into anything, you need to get me something that after
> >>I've apt-get installed the ldap server it sets up a working powerdns
> >>environment.
> >>
> >> Ber
> >
> >The attached script works for me on Debian Squeeze to set up a quick test ldap directory, without stepping on anything you already have (it will turn off your current slapd). I've confirmed that I can point a PowerDNS (pdns-3.0-rc2.20110514.2193) installation at this directory and retrieve results with dig.
> >
> >This was my pdns.conf:
> >
> >#----------
> >launch=ldap
> >ldap-host=ldap://localhost:389/
> >ldap-basedn=dc=dns
> >ldap-binddn=cn=Manager,dc=dns
> >ldap-secret=password
> >ldap-method=tree
> >webserver
> >#----------
>
> Running slapd with a 1024+ port should allow tests without
> stopping slapd or root privileges....
>
> --
> Sten Spans
The idea was that I would minimize the changes to my system, changing only
the ldap daemon and nothing else. Continued functionality demonstrates
that the auto-setup ldap daemon works with the pre-existing pdns 3.0. Any
problems would be because of how I set up the ldap service, not pdns.
If anybody wants to run ldap on an unprivileged port, they'd use different
parameters in the auto-setup script (attached). Their pdns.conf would have
one simple change, looking like this:
#----------
launch=ldap
ldap-host=ldap://localhost:1389/
ldap-basedn=dc=dns
ldap-binddn=cn=Manager,dc=dns
ldap-secret=password
ldap-method=tree
webserver
#----------
> "There is a crack in everything, that's how the light gets in."
> Leonard Cohen - Anthem
>
-------------- next part --------------
#!/bin/bash
DIR=/opt/ldap-data
DIRDNS=$DIR/dns
SLAPD=$DIR/slapd.conf
INITLDIF=$DIR/init.ldif
apt-get -y install pdns-backend-ldap slapd
/etc/init.d/pdns stop
/etc/init.d/slapd stop
mkdir -p $DIRDNS
cat <<XX >$SLAPD
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/dnsdomain2.schema
modulepath /usr/lib/ldap
moduleload back_hdb.la
pidfile /opt/ldap-data/slapd.pid
database hdb
suffix "dc=dns"
rootdn "cn=Manager,dc=dns"
rootpw "password"
directory "/opt/ldap-data/dns"
index cn,objectClass eq
XX
cat <<YY >$INITLDIF
dn: dc=dns
changetype: add
objectclass: top
objectclass: domain
dc: dns
dn: dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: tld
associateddomain: tld
dn: dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: test1
associateddomain: test1.tld
SOARecord: ns.test1.tld. hostmaster.test1.tld. 2004112204 86400 7200 1209600 7200
dn: dc=test1,dc=tld,dc=dns
changetype: modify
add: NSRecord
NSRecord: ns1.test1.tld
dn: dc=test1,dc=tld,dc=dns
changetype: modify
add: NSRecord
NSRecord: ns2.test1.tld
dn: dc=test1,dc=tld,dc=dns
changetype: modify
add: MXRecord
MXRecord: 100 mail5.test1.tld
dn: dc=test1,dc=tld,dc=dns
changetype: modify
add: MXRecord
MXRecord: 200 mail6.test1.tld
dn: dc=smtp,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: smtp
associateddomain: smtp.test1.tld
ARecord: 192.168.10.182
dn: dc=smtp-backup,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: smtp-backup
associateddomain: smtp-backup.test1.tld
ARecord: 192.168.10.182
dn: dc=mail,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: mail
associateddomain: mail.test1.tld
ARecord: 192.168.10.182
dn: dc=mail,dc=test1,dc=tld,dc=dns
changetype: modify
add: MXRecord
MXRecord: 0 smtp.test1.tld
dn: dc=www,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: www
associateddomain: www.test1.tld
ARecord: 192.168.15.10
dn: dc=test1,dc=tld,dc=dns
changetype: modify
add: ARecord
ARecord: 192.168.15.10
dn: dc=home,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: home
associateddomain: home.test1.tld
dn: dc=www,dc=home,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: www
associateddomain: www.home.test1.tld
ARecord: 192.168.15.10
dn: dc=home,dc=test1,dc=tld,dc=dns
changetype: modify
add: ARecord
ARecord: 192.168.15.10
dn: dc=pop,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: pop
associateddomain: pop.test1.tld
ARecord: 192.168.10.182
dn: dc=imap,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: imap
associateddomain: imap.test1.tld
ARecord: 192.168.10.182
dn: dc=cache,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: cache
associateddomain: cache.test1.tld
ARecord: 192.168.30.11
dn: dc=news,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: news
associateddomain: news.test1.tld
CNAMERecord: news.test1.tld
dn: dc=pac,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: pac
associateddomain: pac.test1.tld
ARecord: 192.168.15.10
dn: dc=support,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: support
associateddomain: support.test1.tld
ARecord: 192.168.15.10
dn: dc=allinone,dc=support,dc=test1,dc=tld,dc=dns
changetype: add
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: allinone
associateddomain: allinone.support.test1.tld
ARecord: 192.168.15.10
YY
chown -R openldap:openldap $DIR
chmod -R go-rwx $DIR
/usr/sbin/slapd -h ldap://0.0.0.0:1389/ ldapi:/// -g openldap -u openldap -f $SLAPD
ldapmodify -p 1389 -h localhost -x -D 'cn=Manager,dc=dns' -w password -c -f $INITLDIF
More information about the Pdns-users
mailing list