On 10.11.2016 06:43, David Kupka wrote:
> On 10/11/16 01:14, Brendan Kearney wrote:
>> i am asking this for a friend who is trying to figure out how to get
>> bind-dyndb-ldap working against openldap on ubuntu. she does not have
>> replication between two or more ldap instances, and needs to figure out
>> the minimum requirements for bind-dyndb-ldap. i have been trying to
>> help her, but i am unsure about what is needed, as i have n-way multi
>> master replication working already.
>>
>> can anyone provide what the replication requirements are for
>> bind-dyndb-ldap? currently, the SyncRepl module is loaded and the
>> overlay is created and configured for the mdb. i have tried to help get
>> olcServerID and olcMirrorMode set in cn=config and
>> olcDatabase={2}mdb,cn=config respectively, but some errors were
>> encountered there. is there a best practices doc that we can review?
>>
>> the environment, as best i can tell is ubuntu, openldap 2.4.42 and bind
>> 9. exact os and bind versions are not known right now.
>>
>> thanks,
>>
>> brendan kearney
>>
>
> Hello Brendan,
> I don't have any experience with running OpenLDAP + bind-dyndb-ldap but quick
> web search showed me this:
>
> https://blogs.mindspew-age.com/2013/06/07/bind-dns-openldap-mdb-dynamic-domainsub-domain-configuration-of-dns/
>
>
> The article is about CentOS 6 and more than 3 years old but still might be
> helpful because it's mainly about Bind 9 configuration.
This article is not applicable to new versions of bind-dyndb-ldap, the new
versions require SyncRepl.
Any OpenLDAP article about setting SyncRepl provider will suffice,
bind-dyndb-ldap does not require anything special on OpenLDAP side.
You can use following command to test if SyncRepl works and access control is
correct:
$ ldapsearch -h ldap.example.com -D "uid=bind-user,cn=users,${BASE}" -w
root4lab -E sync=rp -b "cn=dns,${BASE}"
'(|(objectClass=idnsConfigObject)(objectClass=idnsZone)(objectClass=idnsForwardZone)(objectClass=idnsRecord))'
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project