swift 06/03/25 12:14:46 Modified: metadoc.xml Added: ldapdns-guide.xml bootstrap.ldif.txt Log: Adding ldap dns guide, been in draft long enough without much attention
Revision Changes Path 1.147 xml/htdocs/doc/en/metadoc.xml file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.147&content-type=text/x-cvsweb-markup&cvsroot=gentoo plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.147&content-type=text/plain&cvsroot=gentoo diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml.diff?r1=1.146&r2=1.147&cvsroot=gentoo Index: metadoc.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v retrieving revision 1.146 retrieving revision 1.147 diff -u -r1.146 -r1.147 --- metadoc.xml 14 Mar 2006 12:30:33 -0000 1.146 +++ metadoc.xml 25 Mar 2006 12:14:46 -0000 1.147 @@ -1,9 +1,9 @@ <?xml version='1.0' encoding="UTF-8"?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.146 2006/03/14 12:30:33 neysx Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.147 2006/03/25 12:14:46 swift Exp $ --> <!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd"> <metadoc lang="en"> -<version>1.74</version> +<version>1.75</version> <members> <lead>neysx</lead> <member>fox2mike</member> @@ -389,6 +389,7 @@ <file id="php-upgrade">/proj/en/php/php-upgrading.xml</file> <file id="jffnms">/doc/en/jffnms.xml</file> <file id="conky">/doc/en/conky-howto.xml</file> + <file id="ldapdns">/doc/en/ldapdns-guide.xml</file> </files> <docs> <doc id="name-logo"> @@ -1254,5 +1255,9 @@ <memberof>desktop_config</memberof> <fileid>conky</fileid> </doc> + <doc id="ldapdns"> + <memberof>sysadmin_specific</memberof> + <fileid>ldapdns</fileid> + </doc> </docs> </metadoc> 1.1 xml/htdocs/doc/en/ldapdns-guide.xml file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldapdns-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldapdns-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo Index: ldapdns-guide.xml =================================================================== <?xml version='1.0' encoding="UTF-8"?> <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldapdns-guide.xml,v 1.1 2006/03/25 12:14:46 swift Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> <guide link="/doc/en/ldapdns-guide.xml"> <title>Gentoo LDAP-DNS Guide</title> <author title="Author"> <mail link="[EMAIL PROTECTED]">Steve-o</mail> </author> <author title="Editor"> <mail link="[EMAIL PROTECTED]">Sven Vermeulen</mail> </author> <abstract> With ldapdns, you can provide DNS services to your network easily. The DNS records used are stored inside an LDAP environment. This document guides you through the configuration of OpenLDAP and ldapdns for this purpose. </abstract> <!-- The content of this document is licensed under the CC-BY-SA license --> <!-- See http://creativecommons.org/licenses/by-sa/2.5 --> <license/> <version>0.2</version> <date>2006-03-25</date> <chapter> <title>Introduction</title> <section> <body> <p> LDAPDNS is a small server that provides DNS services to your network. With DNS services, you can manage your hostnames in a central manner deprecating the tedious <path>/etc/hosts</path> updates every time a system is added/removed or has changed its host name. </p> <p> The LDAPDNS package uses an LDAP service to store all DNS records (which is, simply explained, a line that contains the mapping between a hostname and an IP address). LDAP is a standard protocol to obtain information from a hierarchically represented knowledge base (directories). The most well-known LDAP service for Linux is OpenLDAP, a free LDAP implementation. </p> <p> With this small guide at hand, you should be able to set up DNS services on your network with as little effort as possible. </p> </body> </section> </chapter> <chapter> <title>Configuring LDAP-DNS</title> <section> <body> <p> First, install <c>net-dns/ldapdns</c>. </p> <pre caption="Installing ldapdns"> # <i>emerge net-dns/ldapdns</i> </pre> <p> Next, configure <c>ldapdns</c> to host the DNS records for your network. We use <c>ldapdns-conf</c> which uses the following syntax: </p> <pre caption="Syntax for ldapdns-conf"> ldapdns-conf acct logacct /path yourip ldaphost dn [suffix] </pre> <table> <tr> <th>Keyword</th> <th>Explanation</th> <th>Example</th> </tr> <tr> <ti>acct</ti> <ti>Username as which ldapdns will run</ti> <ti>ldapdns</ti> </tr> <tr> <ti>logacct</ti> <ti>Username as which the ldapdns logging will run</ti> <ti>dnslog</ti> </tr> <tr> <ti>/path</ti> <ti>Chrooted home directory for ldapdns</ti> <ti><path>/var/lib/ldapdns</path></ti> </tr> <tr> <ti>yourip</ti> <ti>IP address to listen to</ti> <ti>127.0.0.1</ti> </tr> <tr> <ti>ldaphost</ti> <ti>Address of the LDAP service</ti> <ti><c>ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock</c></ti> </tr> <tr> <ti>dn</ti> <ti>LDAP login credentials</ti> <ti>cn=Manager,dc=<c>yourdomain</c></ti> </tr> <tr> <ti>suffix</ti> <ti>Optional default ldap path to add on all queries</ti> <ti>ou=Machines,dc=<c>yourdomain</c></ti> </tr> </table> <p> You should substitute the <c>127.0.0.1</c> IP address with an IP address that all hosts can reach and don't forget to use the domain name you want instead of <c>yourdomain</c>. </p> <pre caption="Example ldapdns-conf run"> # <i>ldapdns-conf ldapdns dnslog /var/lib/ldapdns 127.0.0.1 ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain</i> </pre> <p> Now set the LDAP login password: </p> <pre caption="Setting the LDAP login password"> # <i>echo YourSecretPassword > /var/lib/ldapdns/root/password</i> # <i>chmod 0400 /var/lib/ldapdns/root/password</i> </pre> <p> Now configure ldapdns to use the simple authentication method and the cosine LDAP schemas: </p> <pre caption="Configuring ldapdns"> # <i>echo simple > /var/lib/ldapdns/env/LDAP_AUTH</i> # <i>echo cosine > /var/lib/ldapdns/env/SCHEMA</i> </pre> <p> You can optionally set an e-mail address for the service: </p> <pre caption="Setting a host master e-mail address"> # <i>echo [EMAIL PROTECTED] > /var/lib/ldapdns/env/HOSTMASTER</i> </pre> <p> Add the service to the supervise scan and run the service supervisor if you haven't started it already: </p> <pre caption="Managing supervise services"> # <i>ln -s /var/lib/ldapdns /service</i> # <i>/etc/init.d/svscan start</i> # <i>rc-update add svscan default</i> </pre> </body> </section> </chapter> <chapter> <title>Configuring OpenLDAP</title> <section> <body> <p> Now we need to configure OpenLDAP with the DNS schema. Open up <path>/etc/openldap/sldap.conf</path> with your favorite editor and make sure the following three lines are listed: </p> <pre caption="Editing /etc/openldap/sldap.conf"> include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema </pre> <p> Bootstrap LDAP with the base dn you defined previously with <c>ldapdns-conf</c>. To accomplish this, we first create a file called <path>bootstrap.ldif</path> (it is just a name) which we fill up with DNS information. </p> <p> As an example, we provide a <uri link="bootstrap.ldif.txt">bootstrap.ldif</uri> file for a fictuous domain <c>cherchetoujours.org</c>. </p> <p> Now bootstrap your LDAP with this information: </p> <pre caption="Bootstrapping LDAP"> # <i>ldapadd -x -D "cn=Manager,dc=yourdomain" -W -f bootstrap.ldif</i> </pre> </body> </section> </chapter> <chapter> <title>Testing the Installation</title> <section> <body> <p> Now you are all set. Test your setup using <c>nslookup</c> (part of <c>net-dns/bind-tools</c>): </p> <pre caption="Testing the ldapdns configuration"> # <i>nslookup ns1.yourdomain</i> Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: <i>127.0.0.1</i> Address: <i>127.0.0.1#53</i> Name: ns1.example.com Address: <comment>(Your server IP address)</comment> </pre> </body> </section> </chapter> <chapter> <title>Resources</title> <section> <body> <p> The <uri link="http://cvs.lp.se/doc/ldapdns/README.configure.gz";>README.configure.gz</uri> file for the ldapdns project. </p> </body> </section> </chapter> </guide> 1.1 xml/htdocs/doc/en/bootstrap.ldif.txt file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/bootstrap.ldif.txt?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/bootstrap.ldif.txt?rev=1.1&content-type=text/plain&cvsroot=gentoo Index: bootstrap.ldif.txt =================================================================== dn: dc=cherchetoujours.org,o=entropie dc: cherchetoujours.org objectClass: top objectClass: dcObject objectClass: dNSDomain dn: dc=org,dc=cherchetoujours.org,o=entropie dc: org objectClass: top objectClass: dcObject objectClass: dNSDomain dn: dc=cherchetoujours,dc=org,dc=cherchetoujours.org.nu,o=entropie dc: cherchetoujours objectClass: top objectClass: dcObject objectClass: dNSDomain dn: dc=arpa,dc=cherchetoujours.org.nu,o=entropie dc: arpa objectClass: dNSDomain objectClass: dcObject objectClass: top dn: dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie dc: in-addr objectClass: dNSDomain objectClass: dcObject objectClass: top dn: dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie dc: 192 objectClass: dNSDomain objectClass: dcObject objectClass: top dn: dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org.nu,o=entropie dc: 168 objectClass: dNSDomain objectClass: dcObject objectClass: top dn: dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie dc: 0 objectClass: dNSDomain objectClass: dcObject objectClass: top dn: dc=1,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie dc: 1 cNAMERecord: ns.cherchetoujours.org objectClass: dNSDomain objectClass: dcObject objectClass: top nSRecord: @ dn: dc=2,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie dc: 2 cNAMERecord: babykart.cherchetoujours.org objectClass: dNSDomain objectClass: dcObject objectClass: top nSRecord: @ dn: dc=ns,dc=cherchetoujours,dc=org,dc=cherchetoujours.org,o=entropie objectClass: top objectClass: dNSDomain objectClass: dcObject dc: ns aRecord: 192.168.0.1 nSRecord: @ dn: dc=babykart,dc=cherchetoujours,dc=org,dc=cherchetoujours.org,o=entropie objectClass: top objectClass: dNSDomain objectClass: dcObject dc: babykart aRecord: 192.168.0.2 nSRecord: @ -- [email protected] mailing list
