Re: [Lam-public] LDAP DNS issue

Fri, 20 Sep 2024 10:36:29 -0700 

Hi Jose,
is nslookup contacting your server at all? You should see its IP address in the output. I suggest to continue investigation on the Bind user mailinglist as this goes more into direction of configuring Bind itself. Here you will find more experts for this topic: 

https://lists.isc.org/mailman/listinfo/bind-users


Best regards
Roland


Am 20.09.24 um 14:43 schrieb Jose Antonio Baduria Jr via Lam-public:

Hi,

    I activated logging. I do see some slapd messages but when I do the 
nslookup, I don't see any slapd logs. It is not communicating to ldap?

# ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcLogLevel=*)"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (olcLogLevel=*)
# requesting: ALL
#

# config
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: stats
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

-----Original Message-----
From: Roland Gruber <p...@rolandgruber.de>
Sent: Friday, September 20, 2024 1:38 AM
To: lam-public@lists.sourceforge.net
Subject: Re: [Lam-public] LDAP DNS issue

Hi Jose,

please activate logging on LDAP server side to see which queries are performed 
on LDAP-side. Then you can check why they do not return results.

Log level (olcLogLevel in /etc/ldap/slapd.d/cn=config.ldif) for OpenLDAP should be e.g. 
"stats".


Best regards
Roland



Am 20.09.24 um 01:08 schrieb Jose Antonio Baduria Jr via Lam-public:

Hi,

      I have setup openldap as a dns server. I have set up a ldap backend using 
bind9-dyndb-ldap. dig works but somehow nslookup fails.

I do see the following issue on the logs:

Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones from LDAP 
instance 'ldap' loaded (0 zones defined, 0 inactive, 0 failed to load)
Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones is suspicious 
number, please check access control instructions on LDAP server

root@sdc-ops-openldap01:/etc/bind# nslookup sdc-ops-for01.bd.internal
;; Got SERVFAIL reply from 10.32.183.11, trying next server

** server can't find sdc-ops-for01.bd.internal: NXDOMAIN

root@sdc-ops-openldap01:/etc/bind# dig @10.32.183.11 sdc-ops-for01

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @10.32.183.11 sdc-ops-for01
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27733
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 89af8b62d831e3d70100000066ecae50cc3e47461128b789 (good)
;; QUESTION SECTION:
;sdc-ops-for01.                 IN      A

;; Query time: 324 msec
;; SERVER: 10.32.183.11#53(10.32.183.11) (UDP)
;; WHEN: Thu Sep 19 23:05:52 UTC 2024
;; MSG SIZE  rcvd: 70


root@sdc-ops-openldap01:/etc/bind# ldapsearch -x -H ldap://10.32.183.11 -P 3 -LLL -b 
"dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=internal" 
"(objectClass=dlzSOARecord)"
dn: dlzRecordID=1,dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=intern
al
objectClass: top
objectClass: dlzSOARecord
dlzRecordID: 1
dlzHostName: @
dlzType: SOA
dlzSerial: 1
dlzRefresh: 2800
dlzRetry: 7200
dlzExpire: 604800
dlzMinimum: 86400
dlzAdminEmail: root.example.com.
dlzTTL: 1209600
dlzPrimaryNS: sdc-ops-openldap01.bd.internal.


/etc/bind/named.conf

dyndb "ldap" "/usr/lib/bind/ldap.so" {
         uri "ldap://10.32.183.11";;
         base "ou=dns,dc=bd,dc=internal";
         auth_method "simple";
         bind_dn "cn=admin,dc=bd,dc=internal";
         password "PASSWORD";
     };

Not sure what the issue is. Any ideas?

Thanks,
Jose



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public


_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public






















					Reply via email to