Hi, I just found out that that bind9 in ubuntu dropped support for DLZ. Could be the same thing with redhat. It now uses dyndb. Would LDAP manager support it? I tried power dns but I am facing the same issue. The documentation for powerdns for LAM is very scant? How can I create a zone for powerdns? I can do it with Bind DNS with New Zone.
Thanks, Jose -----Original Message----- From: Roland Gruber <p...@rolandgruber.de> Sent: Friday, September 20, 2024 1:35 PM To: lam-public@lists.sourceforge.net Subject: Re: [Lam-public] LDAP DNS issue Hi Jose, is nslookup contacting your server at all? You should see its IP address in the output. I suggest to continue investigation on the Bind user mailinglist as this goes more into direction of configuring Bind itself. Here you will find more experts for this topic: https://lists.isc.org/mailman/listinfo/bind-users Best regards Roland Am 20.09.24 um 14:43 schrieb Jose Antonio Baduria Jr via Lam-public: > Hi, > > I activated logging. I do see some slapd messages but when I do the > nslookup, I don't see any slapd logs. It is not communicating to ldap? > > # ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcLogLevel=*)" > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > # extended LDIF > # > # LDAPv3 > # base <cn=config> with scope subtree > # filter: (olcLogLevel=*) > # requesting: ALL > # > > # config > dn: cn=config > objectClass: olcGlobal > cn: config > olcArgsFile: /var/run/slapd/slapd.args > olcLogLevel: stats > olcPidFile: /var/run/slapd/slapd.pid > olcToolThreads: 1 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > -----Original Message----- > From: Roland Gruber <p...@rolandgruber.de> > Sent: Friday, September 20, 2024 1:38 AM > To: lam-public@lists.sourceforge.net > Subject: Re: [Lam-public] LDAP DNS issue > > Hi Jose, > > please activate logging on LDAP server side to see which queries are > performed on LDAP-side. Then you can check why they do not return results. > > Log level (olcLogLevel in /etc/ldap/slapd.d/cn=config.ldif) for OpenLDAP > should be e.g. "stats". > > > Best regards > Roland > > > > Am 20.09.24 um 01:08 schrieb Jose Antonio Baduria Jr via Lam-public: >> Hi, >> >> I have setup openldap as a dns server. I have set up a ldap backend >> using bind9-dyndb-ldap. dig works but somehow nslookup fails. >> >> I do see the following issue on the logs: >> >> Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones from >> LDAP instance 'ldap' loaded (0 zones defined, 0 inactive, 0 failed to >> load) Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master >> zones is suspicious number, please check access control instructions >> on LDAP server >> >> root@sdc-ops-openldap01:/etc/bind# nslookup sdc-ops-for01.bd.internal >> ;; Got SERVFAIL reply from 10.32.183.11, trying next server >> >> ** server can't find sdc-ops-for01.bd.internal: NXDOMAIN >> >> root@sdc-ops-openldap01:/etc/bind# dig @10.32.183.11 sdc-ops-for01 >> >> ; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @10.32.183.11 >> sdc-ops-for01 ; (1 server found) ;; global options: +cmd ;; Got >> answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27733 ;; flags: >> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: >> 89af8b62d831e3d70100000066ecae50cc3e47461128b789 (good) ;; QUESTION >> SECTION: >> ;sdc-ops-for01. IN A >> >> ;; Query time: 324 msec >> ;; SERVER: 10.32.183.11#53(10.32.183.11) (UDP) ;; WHEN: Thu Sep 19 >> 23:05:52 UTC 2024 ;; MSG SIZE rcvd: 70 >> >> >> root@sdc-ops-openldap01:/etc/bind# ldapsearch -x -H ldap://10.32.183.11 -P 3 >> -LLL -b "dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=internal" >> "(objectClass=dlzSOARecord)" >> dn: >> dlzRecordID=1,dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=i >> ntern >> al >> objectClass: top >> objectClass: dlzSOARecord >> dlzRecordID: 1 >> dlzHostName: @ >> dlzType: SOA >> dlzSerial: 1 >> dlzRefresh: 2800 >> dlzRetry: 7200 >> dlzExpire: 604800 >> dlzMinimum: 86400 >> dlzAdminEmail: root.example.com. >> dlzTTL: 1209600 >> dlzPrimaryNS: sdc-ops-openldap01.bd.internal. >> >> >> /etc/bind/named.conf >> >> dyndb "ldap" "/usr/lib/bind/ldap.so" { >> uri "ldap://10.32.183.11";; >> base "ou=dns,dc=bd,dc=internal"; >> auth_method "simple"; >> bind_dn "cn=admin,dc=bd,dc=internal"; >> password "PASSWORD"; >> }; >> >> Not sure what the issue is. Any ideas? >> >> Thanks, >> Jose >> >> >> >> _______________________________________________ >> Lam-public mailing list >> Lam-public@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lam-public > > > _______________________________________________ > Lam-public mailing list > Lam-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lam-public > > > _______________________________________________ > Lam-public mailing list > Lam-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public
