Re: [Lam-public] LDAP DNS issue

Roland Gruber Mon, 23 Sep 2024 07:59:41 -0700

Hi Jose,

for which use-case? You can use anonymous binding to search the username during LAM login. But you cannot login to LAM itself without anyuser and password.


Best regards
Roland


Am 23.09.24 um 15:44 schrieb Jose Antonio Baduria Jr via Lam-public:

Hi Roland,

     Does LAM supports anonymous binding?

Jose

-----Original Message-----
From: Roland Gruber <p...@rolandgruber.de>
Sent: Monday, September 23, 2024 1:46 AM
To: lam-public@lists.sourceforge.net
Subject: Re: [Lam-public] LDAP DNS issue

Hi Jose,

true, seems like this is the new standard LDAP module for Bind:

https://pagure.io/bind-dyndb-ldap

It is now planned for the March release:
https://github.com/LDAPAccountManager/lam/issues/361

For PowerDNS you can simply create the records (e.g. SOA and A). There is no 
extra zone entry (you can use a OU for the structure).

Best regards
Roland

Am 21.09.24 um 21:15 schrieb Jose Antonio Baduria Jr via Lam-public:

Hi,

     I just found out that that bind9 in ubuntu dropped support for DLZ. Could 
be the same thing with redhat. It now uses dyndb. Would LDAP manager support 
it? I tried power dns but I am facing the same issue. The documentation for 
powerdns for LAM is very scant? How can I create a zone for powerdns? I can do 
it with Bind DNS with New Zone.

Thanks,
Jose

-----Original Message-----
From: Roland Gruber <p...@rolandgruber.de>
Sent: Friday, September 20, 2024 1:35 PM
To: lam-public@lists.sourceforge.net
Subject: Re: [Lam-public] LDAP DNS issue

Hi Jose,

is nslookup contacting your server at all? You should see its IP address in the 
output.
I suggest to continue investigation on the Bind user mailinglist as this goes 
more into direction of configuring Bind itself. Here you will find more experts 
for this topic:

https://lists.isc.org/mailman/listinfo/bind-users


Best regards
Roland


Am 20.09.24 um 14:43 schrieb Jose Antonio Baduria Jr via Lam-public:

Hi,

      I activated logging. I do see some slapd messages but when I do the 
nslookup, I don't see any slapd logs. It is not communicating to ldap?

# ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcLogLevel=*)"
SASL/EXTERNAL authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree # filter: (olcLogLevel=*) #
requesting: ALL #

# config
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: stats
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

-----Original Message-----
From: Roland Gruber <p...@rolandgruber.de>
Sent: Friday, September 20, 2024 1:38 AM
To: lam-public@lists.sourceforge.net
Subject: Re: [Lam-public] LDAP DNS issue

Hi Jose,

please activate logging on LDAP server side to see which queries are performed 
on LDAP-side. Then you can check why they do not return results.

Log level (olcLogLevel in /etc/ldap/slapd.d/cn=config.ldif) for OpenLDAP should be e.g. 
"stats".


Best regards
Roland



Am 20.09.24 um 01:08 schrieb Jose Antonio Baduria Jr via Lam-public:

Hi,

        I have setup openldap as a dns server. I have set up a ldap backend 
using bind9-dyndb-ldap. dig works but somehow nslookup fails.

I do see the following issue on the logs:

Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones
from LDAP instance 'ldap' loaded (0 zones defined, 0 inactive, 0
failed to
load) Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master
zones is suspicious number, please check access control instructions
on LDAP server

root@sdc-ops-openldap01:/etc/bind# nslookup
sdc-ops-for01.bd.internal ;; Got SERVFAIL reply from 10.32.183.11,
trying next server

** server can't find sdc-ops-for01.bd.internal: NXDOMAIN

root@sdc-ops-openldap01:/etc/bind# dig @10.32.183.11 sdc-ops-for01

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @10.32.183.11
sdc-ops-for01 ; (1 server found) ;; global options: +cmd ;; Got
answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27733 ;; flags:
qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232 ; COOKIE:
89af8b62d831e3d70100000066ecae50cc3e47461128b789 (good) ;; QUESTION
SECTION:
;sdc-ops-for01.                 IN      A

;; Query time: 324 msec
;; SERVER: 10.32.183.11#53(10.32.183.11) (UDP) ;; WHEN: Thu Sep 19
23:05:52 UTC 2024 ;; MSG SIZE  rcvd: 70


root@sdc-ops-openldap01:/etc/bind# ldapsearch -x -H ldap://10.32.183.11 -P 3 -LLL -b 
"dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=internal" 
"(objectClass=dlzSOARecord)"
dn:
dlzRecordID=1,dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=
i
ntern
al
objectClass: top
objectClass: dlzSOARecord
dlzRecordID: 1
dlzHostName: @
dlzType: SOA
dlzSerial: 1
dlzRefresh: 2800
dlzRetry: 7200
dlzExpire: 604800
dlzMinimum: 86400
dlzAdminEmail: root.example.com.
dlzTTL: 1209600
dlzPrimaryNS: sdc-ops-openldap01.bd.internal.


/etc/bind/named.conf

dyndb "ldap" "/usr/lib/bind/ldap.so" {
           uri "ldap://10.32.183.11";;
           base "ou=dns,dc=bd,dc=internal";
           auth_method "simple";
           bind_dn "cn=admin,dc=bd,dc=internal";
           password "PASSWORD";
       };

Not sure what the issue is. Any ideas?

Thanks,
Jose



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public


_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public


_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public


_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public

Re: [Lam-public] LDAP DNS issue

Reply via email to