swift 05/07/25 17:19:26 Added: xml/htdocs/doc/en/draft ldapdns-guide.xml Log: Draft for ldapdns configuration, see #67932
Revision Changes Path 1.1 xml/htdocs/doc/en/draft/ldapdns-guide.xml file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo Index: ldapdns-guide.xml =================================================================== <?xml version='1.0' encoding="UTF-8"?> <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/ldapdns-guide.xml,v 1.1 2005/07/25 17:19:26 swift Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> <guide link="/doc/en/draft/ldapdns-guide.xml"> <title>Gentoo LDAP-DNS Guide</title> <author title="Author"> <mail link="[EMAIL PROTECTED]">Steve-o</mail> </author> <author title="Editor"> <mail link="[EMAIL PROTECTED]">Sven Vermeulen</mail> </author> <abstract> With ldapdns, you can provide DNS services to your network easily. The DNS records used are stored inside an LDAP environment. This document guides you through the configuration of OpenLDAP and ldapdns for this purpose. </abstract> <!-- The content of this document is licensed under the CC-BY-SA license --> <!-- See http://creativecommons.org/licenses/by-sa/2.5 --> <license/> <version>0.1</version> <date>2005-07-25</date> <chapter> <title>Introduction</title> <section> <body> <p> LDAPDNS is a small server that provides DNS services to your network. With DNS services, you can manage your hostnames in a central manner deprecating the tedious <path>/etc/hosts</path> updates every time a system is added/removed or has changed its host name. </p> <p> The LDAPDNS package uses an LDAP service to store all DNS records (which is, simply explained, a line that contains the mapping between a hostname and an IP address). LDAP is a standard protocol to obtain information from a hierarchically represented knowledge base (directories). The most well-known LDAP service for Linux is OpenLDAP, a free LDAP implementation. </p> <p> With this small guide at hand, you should be able to set up DNS services on your network with as little effort as possible. </p> </body> </section> </chapter> <chapter> <title>Configuring LDAP-DNS</title> <section> <body> <p> First, install <c>net-dns/ldapdns</c>. </p> <pre caption="Installing ldapdns"> # <i>emerge net-dns/ldapdns</i> </pre> <p> Next, configure <c>ldapdns</c> to host the DNS records for your network. We use <c>ldapdns-conf</c> which uses the following syntax: </p> <pre caption="Syntax for ldapdns-conf"> ldapdns-conf acct logacct /path yourip ldaphost dn [suffix] </pre> <table> <tr> <th>Keyword</th> <th>Explanation</th> <th>Example</th> </tr> <tr> <ti>acct</ti> <ti>Username as which ldapdns will run</ti> <ti>ldapdns</ti> </tr> <tr> <ti>logacct</ti> <ti>Username as which the ldapdns logging will run</ti> <ti>dnslog</ti> </tr> <tr> <ti>/path</ti> <ti>Chrooted home directory for ldapdns</ti> <ti><path>/var/lib/ldapdns</path></ti> </tr> <tr> <ti>yourip</ti> <ti>IP address to listen to</ti> <ti>127.0.0.1</ti> </tr> <tr> <ti>ldaphost</ti> <ti>Address of the LDAP service</ti> <ti><c>ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock</c></ti> </tr> <tr> <ti>dn</ti> <ti>LDAP login credentials</ti> <ti>cn=Manager,dc=<c>yourdomain</c></ti> </tr> <tr> <ti>suffix</ti> <ti>Optional default ldap path to add on all queries</ti> <ti>ou=Machines,dc=<c>yourdomain</c></ti> </tr> </table> <p> You should substitute the <c>127.0.0.1</c> IP address with an IP address that all hosts can reach and don't forget to use the domain name you want instead of <c>yourdomain</c>. </p> <pre caption="Example ldapdns-conf run"> # <i>ldapdns-conf ldapdns dnslog /var/lib/ldapdns 127.0.0.1 ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain</i> </pre> <p> Now set the LDAP login password: </p> <pre caption="Setting the LDAP login password"> # <i>echo YourSecretPassword > /var/lib/ldapdns/root/password</i> # <i>chmod 0400 /var/lib/ldapdns/root/password</i> </pre> <p> Now configure ldapdns to use the simple authentication method and the cosine LDAP schemas: </p> <pre caption="Configuring ldapdns"> # <i>echo simple > /var/lib/ldapdns/env/LDAP_AUTH</i> # <i>echo cosine > /var/lib/ldapdns/env/SCHEMA</i> </pre> <p> You can optionally set an e-mail address for the service: </p> <pre caption="Setting a host master e-mail address"> # <i>echo [EMAIL PROTECTED] > /var/lib/ldapdns/env/HOSTMASTER</i> </pre> <p> Add the service to the supervise scan and run the service supervisor if you haven't started it already: </p> <pre caption="Managing supervise services"> # <i>ln -s /var/lib/ldapdns /service</i> # <i>/etc/init.d/svscan start</i> # <i>rc-update add svscan default</i> </pre> </body> </section> </chapter> <chapter> <title>Configuring OpenLDAP</title> <section> <body> <p> Now we need to configure OpenLDAP with the DNS schema. Open up <path>/etc/openldap/sldap.conf</path> with your favorite editor and make sure the following three lines are listed: </p> <pre caption="Editing /etc/openldap/sldap.conf"> include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema </pre> <p> Bootstrap LDAP with the base dn you defined previously with <c>ldapdns-conf</c>. To accomplish this, we first create a file called <path>bootstrap.ldif</path> (it is just a name) and have it contain the following information: </p> <pre caption="Creating bootstrap.ldif"> -- [email protected] mailing list
