On 02/12/2016 12:53 AM, Petr Spacek wrote:
On 11.2.2016 19:32, Chris Lajoie wrote:
On 02/11/2016 02:46 AM, Petr Spacek wrote:
What version of BIND and bind-dyndb-ldap packages are you using? $ rpm
-q bind bind-dyndb-ldap
bind-9.9.4-29.el7_2.2.x86_64 bind-dyndb-ldap-8.0-1.el7.x86_64
I'm not sure how exactly the logging magic in BIND works so I would
recommend you to to run BIND using command: $ named -g -u named and
check output in the console to see if it contains line like
'bind-dyndb-ldap version 8.0 compiled at 16:09:02 Jan 20 2016,
compiler 5.3.1 20151207 (Red Hat 5.3.1-2)'
I get nothing like that. Here is the output I get from running named:
https://gist.github.com/ctlajoie/0ed4e97e72aec3172a8d
Oh, wait, it seems that you are using views!

Generally we do not test bind-dyndb-ldap with views so there be dragons.

Could you share your named.conf with us?

If you do not want to send it to mailing list feel free to send it to me
privately. My GPG key is attached just for the case you wish to encrypt it.

Sure. I do not see anything in my named.conf besides the ldap password (which I changed) that should be kept private.
https://gist.github.com/ctlajoie/827a2ec9cfa70e3a1ebd

Not sure if it matters any more though.. I was able to get it working by commenting out the view parts and leaving only the zones. Unfortunately the plugin seems unable or unwilling to load if there are any views present at all. I also tried placing the dynamic-db section inside of one of the views. named will accept the configuration and start up, but again there are no ldap log messages.

I would really like to use ldap as the backend for my DNS configuration... its heirarchical nature seems (to me) to be a good fit for storing that type of thing. It is surprising to me that almost nobody else does it this way (from what I can tell). I suppose if I want to do it then I will need to run seperate instances of bind, either on different servers or the same server using different ports for each instance, and doing some NATing with iptables. Either method complicates things more than I would like...

Can you speculate on why there would be no log messages at all when the ldap plugin fails to load (if that is indeed what is happening)? If there was something in the log it would have saved me quite a bit of time investigating this. Thank you for helping me track down the problem.

Chris


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to