Gentoo LDAP-DNS Guide (Англ.)

Ссылка на оригинал:

C версии: 1.0

1. Introduction

LDAPDNS is a small server that provides DNS services to your network. With DNS services, you can manage your hostnames in a central manner deprecating the tedious /etc/hosts updates every time a system is added/removed or has changed its host name.

The LDAPDNS package uses an LDAP service to store all DNS records (which is, simply explained, a line that contains the mapping between a hostname and an IP address). LDAP is a standard protocol to obtain information from a hierarchically represented knowledge base (directories). The most well-known LDAP service for Linux is OpenLDAP, a free LDAP implementation.

With this small guide at hand, you should be able to set up DNS services on your network with as little effort as possible.

2. Configuring LDAP-DNS

First, install net-dns/ldapdns.

Code Listing 2.1: Installing ldapdns

# emerge net-dns/ldapdns

Next, configure ldapdns to host the DNS records for your network. We use ldapdns-conf which uses the following syntax:

Code Listing 2.2: Syntax for ldapdns-conf

ldapdns-conf acct logacct /path yourip ldaphost dn [suffix]

Keyword Explanation Example

acct Username as which ldapdns will run ldapdns

logacct Username as which the ldapdns logging will run dnslog

/path Chrooted home directory for ldapdns /var/lib/ldapdns

yourip IP address to listen to

ldaphost Address of the LDAP service ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock

dn LDAP login credentials cn=Manager,dc=yourdomain

suffix Optional default ldap path to add on all queries ou=Machines,dc=yourdomain

You should substitute the IP address with an IP address that all hosts can reach and don't forget to use the domain name you want instead of yourdomain.

Code Listing 2.3: Example ldapdns-conf run

# ldapdns-conf ldapdns dnslog /var/lib/ldapdns ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain

Now set the LDAP login password:

Code Listing 2.4: Setting the LDAP login password

# echo YourSecretPassword > /var/lib/ldapdns/root/password

# chmod 0400 /var/lib/ldapdns/root/password

Now configure ldapdns to use the simple authentication method and the cosine LDAP schemas:

Code Listing 2.5: Configuring ldapdns

# echo simple > /var/lib/ldapdns/env/LDAP_AUTH

# echo cosine > /var/lib/ldapdns/env/SCHEMA

You can optionally set an e-mail address for the service:

Code Listing 2.6: Setting a host master e-mail address

# echo YourMail@address > /var/lib/ldapdns/env/HOSTMASTER

Add the service to the supervise scan and run the service supervisor if you haven't started it already:

Code Listing 2.7: Managing supervise services

# ln -s /var/lib/ldapdns /service

# /etc/init.d/svscan start

# rc-update add svscan default

3. Configuring OpenLDAP

Now we need to configure OpenLDAP with the DNS schema. Open up /etc/openldap/sldap.conf with your favorite editor and make sure the following three lines are listed:

Code Listing 3.1: Editing /etc/openldap/sldap.conf

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

include /etc/openldap/schema/nis.schema

Bootstrap LDAP with the base dn you defined previously with ldapdns-conf. To accomplish this, we first create a file called bootstrap.ldif (it is just a name) which we fill up with DNS information.

As an example, we provide a bootstrap.ldif file for the fictitious domain

Now bootstrap your LDAP with this information:

Code Listing 3.2: Bootstrapping LDAP

# ldapadd -x -D "cn=Manager,dc=yourdomain" -W -f bootstrap.ldif

4. Testing the Installation

Now you are all set. Test your setup using nslookup (part of net-dns/bind-tools):

Code Listing 4.1: Testing the ldapdns configuration

# nslookup ns1.yourdomain

Note: nslookup is deprecated and may be removed from future releases.

Consider using the `dig' or `host' programs instead. Run nslookup with

the `-sil[ent]' option to prevent this message from appearing.




Address: (Your server IP address)