Re: [Lam-public] LDAP DNS issue

Jose Antonio Baduria Jr via Lam-public Mon, 23 Sep 2024 06:45:05 -0700

Hi Roland,

    Does LAM supports anonymous binding?


Jose

-----Original Message-----
From: Roland Gruber <p...@rolandgruber.de> 
Sent: Monday, September 23, 2024 1:46 AM
To: lam-public@lists.sourceforge.net
Subject: Re: [Lam-public] LDAP DNS issue

Hi Jose,

true, seems like this is the new standard LDAP module for Bind:

https://pagure.io/bind-dyndb-ldap

It is now planned for the March release: 
https://github.com/LDAPAccountManager/lam/issues/361

For PowerDNS you can simply create the records (e.g. SOA and A). There is no 
extra zone entry (you can use a OU for the structure).

Best regards
Roland


Am 21.09.24 um 21:15 schrieb Jose Antonio Baduria Jr via Lam-public:
> Hi,
> 
>     I just found out that that bind9 in ubuntu dropped support for DLZ. Could 
> be the same thing with redhat. It now uses dyndb. Would LDAP manager support 
> it? I tried power dns but I am facing the same issue. The documentation for 
> powerdns for LAM is very scant? How can I create a zone for powerdns? I can 
> do it with Bind DNS with New Zone.
> 
> Thanks,
> Jose
> 
> -----Original Message-----
> From: Roland Gruber <p...@rolandgruber.de>
> Sent: Friday, September 20, 2024 1:35 PM
> To: lam-public@lists.sourceforge.net
> Subject: Re: [Lam-public] LDAP DNS issue
> 
> Hi Jose,
> 
> is nslookup contacting your server at all? You should see its IP address in 
> the output.
> I suggest to continue investigation on the Bind user mailinglist as this goes 
> more into direction of configuring Bind itself. Here you will find more 
> experts for this topic:
> 
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> Best regards
> Roland
> 
> 
> Am 20.09.24 um 14:43 schrieb Jose Antonio Baduria Jr via Lam-public:
>> Hi,
>>
>>      I activated logging. I do see some slapd messages but when I do the 
>> nslookup, I don't see any slapd logs. It is not communicating to ldap?
>>
>> # ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcLogLevel=*)"
>> SASL/EXTERNAL authentication started
>> SASL username: 
>> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>> SASL SSF: 0
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree # filter: (olcLogLevel=*) # 
>> requesting: ALL #
>>
>> # config
>> dn: cn=config
>> objectClass: olcGlobal
>> cn: config
>> olcArgsFile: /var/run/slapd/slapd.args
>> olcLogLevel: stats
>> olcPidFile: /var/run/slapd/slapd.pid
>> olcToolThreads: 1
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> -----Original Message-----
>> From: Roland Gruber <p...@rolandgruber.de>
>> Sent: Friday, September 20, 2024 1:38 AM
>> To: lam-public@lists.sourceforge.net
>> Subject: Re: [Lam-public] LDAP DNS issue
>>
>> Hi Jose,
>>
>> please activate logging on LDAP server side to see which queries are 
>> performed on LDAP-side. Then you can check why they do not return results.
>>
>> Log level (olcLogLevel in /etc/ldap/slapd.d/cn=config.ldif) for OpenLDAP 
>> should be e.g. "stats".
>>
>>
>> Best regards
>> Roland
>>
>>
>>
>> Am 20.09.24 um 01:08 schrieb Jose Antonio Baduria Jr via Lam-public:
>>> Hi,
>>>
>>>        I have setup openldap as a dns server. I have set up a ldap backend 
>>> using bind9-dyndb-ldap. dig works but somehow nslookup fails.
>>>
>>> I do see the following issue on the logs:
>>>
>>> Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones 
>>> from LDAP instance 'ldap' loaded (0 zones defined, 0 inactive, 0 
>>> failed to
>>> load) Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master 
>>> zones is suspicious number, please check access control instructions 
>>> on LDAP server
>>>
>>> root@sdc-ops-openldap01:/etc/bind# nslookup 
>>> sdc-ops-for01.bd.internal ;; Got SERVFAIL reply from 10.32.183.11, 
>>> trying next server
>>>
>>> ** server can't find sdc-ops-for01.bd.internal: NXDOMAIN
>>>
>>> root@sdc-ops-openldap01:/etc/bind# dig @10.32.183.11 sdc-ops-for01
>>>
>>> ; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @10.32.183.11
>>> sdc-ops-for01 ; (1 server found) ;; global options: +cmd ;; Got
>>> answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27733 ;; flags:
>>> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE:
>>> 89af8b62d831e3d70100000066ecae50cc3e47461128b789 (good) ;; QUESTION
>>> SECTION:
>>> ;sdc-ops-for01.                 IN      A
>>>
>>> ;; Query time: 324 msec
>>> ;; SERVER: 10.32.183.11#53(10.32.183.11) (UDP) ;; WHEN: Thu Sep 19
>>> 23:05:52 UTC 2024 ;; MSG SIZE  rcvd: 70
>>>
>>>
>>> root@sdc-ops-openldap01:/etc/bind# ldapsearch -x -H ldap://10.32.183.11 -P 
>>> 3 -LLL -b "dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=internal" 
>>> "(objectClass=dlzSOARecord)"
>>> dn:
>>> dlzRecordID=1,dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=
>>> i
>>> ntern
>>> al
>>> objectClass: top
>>> objectClass: dlzSOARecord
>>> dlzRecordID: 1
>>> dlzHostName: @
>>> dlzType: SOA
>>> dlzSerial: 1
>>> dlzRefresh: 2800
>>> dlzRetry: 7200
>>> dlzExpire: 604800
>>> dlzMinimum: 86400
>>> dlzAdminEmail: root.example.com.
>>> dlzTTL: 1209600
>>> dlzPrimaryNS: sdc-ops-openldap01.bd.internal.
>>>
>>>
>>> /etc/bind/named.conf
>>>
>>> dyndb "ldap" "/usr/lib/bind/ldap.so" {
>>>           uri "ldap://10.32.183.11";;
>>>           base "ou=dns,dc=bd,dc=internal";
>>>           auth_method "simple";
>>>           bind_dn "cn=admin,dc=bd,dc=internal";
>>>           password "PASSWORD";
>>>       };
>>>
>>> Not sure what the issue is. Any ideas?
>>>
>>> Thanks,
>>> Jose
>>>
>>>
>>>
>>> _______________________________________________
>>> Lam-public mailing list
>>> Lam-public@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/lam-public
>>
>>
>> _______________________________________________
>> Lam-public mailing list
>> Lam-public@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lam-public
>>
>>
>> _______________________________________________
>> Lam-public mailing list
>> Lam-public@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lam-public
> 
> 
> _______________________________________________
> Lam-public mailing list
> Lam-public@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lam-public
> 
> 
> _______________________________________________
> Lam-public mailing list
> Lam-public@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lam-public


_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public


_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public

Re: [Lam-public] LDAP DNS issue

Reply via email to