Ссылка на оригинал: http://www.gentoo.org/doc/en/ldapdns-guide.xml
C версии: 1.0
LDAPDNS is a small server that provides DNS services to your network. With DNS services, you can manage your hostnames in a central manner deprecating the tedious /etc/hosts updates every time a system is added/removed or has changed its host name.
The LDAPDNS package uses an LDAP service to store all DNS records (which is, simply explained, a line that contains the mapping between a hostname and an IP address). LDAP is a standard protocol to obtain information from a hierarchically represented knowledge base (directories). The most well-known LDAP service for Linux is OpenLDAP, a free LDAP implementation.
With this small guide at hand, you should be able to set up DNS services on your network with as little effort as possible.
First, install net-dns/ldapdns.
Code Listing 2.1: Installing ldapdns
# emerge net-dns/ldapdns
Next, configure ldapdns to host the DNS records for your network. We use ldapdns-conf which uses the following syntax:
Code Listing 2.2: Syntax for ldapdns-conf
ldapdns-conf acct logacct /path yourip ldaphost dn [suffix]
Keyword Explanation Example
acct Username as which ldapdns will run ldapdns
logacct Username as which the ldapdns logging will run dnslog
/path Chrooted home directory for ldapdns /var/lib/ldapdns
yourip IP address to listen to 127.0.0.1
ldaphost Address of the LDAP service ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock
dn LDAP login credentials cn=Manager,dc=yourdomain
suffix Optional default ldap path to add on all queries ou=Machines,dc=yourdomain
You should substitute the 127.0.0.1 IP address with an IP address that all hosts can reach and don't forget to use the domain name you want instead of yourdomain.
Code Listing 2.3: Example ldapdns-conf run
# ldapdns-conf ldapdns dnslog /var/lib/ldapdns 127.0.0.1 ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain
Now set the LDAP login password:
Code Listing 2.4: Setting the LDAP login password
# echo YourSecretPassword > /var/lib/ldapdns/root/password
# chmod 0400 /var/lib/ldapdns/root/password
Now configure ldapdns to use the simple authentication method and the cosine LDAP schemas:
Code Listing 2.5: Configuring ldapdns
# echo simple > /var/lib/ldapdns/env/LDAP_AUTH
# echo cosine > /var/lib/ldapdns/env/SCHEMA
You can optionally set an e-mail address for the service:
Code Listing 2.6: Setting a host master e-mail address
# echo YourMail@address > /var/lib/ldapdns/env/HOSTMASTER
Add the service to the supervise scan and run the service supervisor if you haven't started it already:
Code Listing 2.7: Managing supervise services
# ln -s /var/lib/ldapdns /service
# /etc/init.d/svscan start
# rc-update add svscan default
Now we need to configure OpenLDAP with the DNS schema. Open up /etc/openldap/sldap.conf with your favorite editor and make sure the following three lines are listed:
Code Listing 3.1: Editing /etc/openldap/sldap.conf
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
Bootstrap LDAP with the base dn you defined previously with ldapdns-conf. To accomplish this, we first create a file called bootstrap.ldif (it is just a name) which we fill up with DNS information.
As an example, we provide a bootstrap.ldif file for the fictitious domain cherchetoujours.org.
Now bootstrap your LDAP with this information:
Code Listing 3.2: Bootstrapping LDAP
# ldapadd -x -D "cn=Manager,dc=yourdomain" -W -f bootstrap.ldif
Now you are all set. Test your setup using nslookup (part of net-dns/bind-tools):
Code Listing 4.1: Testing the ldapdns configuration
# nslookup ns1.yourdomain
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ns1.example.com
Address: (Your server IP address)