Hi, I activated logging. I do see some slapd messages but when I do the nslookup, I don't see any slapd logs. It is not communicating to ldap?
# ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcLogLevel=*)" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (olcLogLevel=*) # requesting: ALL # # config dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: stats olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -----Original Message----- From: Roland Gruber <[email protected]> Sent: Friday, September 20, 2024 1:38 AM To: [email protected] Subject: Re: [Lam-public] LDAP DNS issue Hi Jose, please activate logging on LDAP server side to see which queries are performed on LDAP-side. Then you can check why they do not return results. Log level (olcLogLevel in /etc/ldap/slapd.d/cn=config.ldif) for OpenLDAP should be e.g. "stats". Best regards Roland Am 20.09.24 um 01:08 schrieb Jose Antonio Baduria Jr via Lam-public: > Hi, > > I have setup openldap as a dns server. I have set up a ldap backend > using bind9-dyndb-ldap. dig works but somehow nslookup fails. > > I do see the following issue on the logs: > > Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones from LDAP > instance 'ldap' loaded (0 zones defined, 0 inactive, 0 failed to load) > Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones is > suspicious number, please check access control instructions on LDAP server > > root@sdc-ops-openldap01:/etc/bind# nslookup sdc-ops-for01.bd.internal > ;; Got SERVFAIL reply from 10.32.183.11, trying next server > > ** server can't find sdc-ops-for01.bd.internal: NXDOMAIN > > root@sdc-ops-openldap01:/etc/bind# dig @10.32.183.11 sdc-ops-for01 > > ; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @10.32.183.11 sdc-ops-for01 > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27733 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ; COOKIE: 89af8b62d831e3d70100000066ecae50cc3e47461128b789 (good) > ;; QUESTION SECTION: > ;sdc-ops-for01. IN A > > ;; Query time: 324 msec > ;; SERVER: 10.32.183.11#53(10.32.183.11) (UDP) > ;; WHEN: Thu Sep 19 23:05:52 UTC 2024 > ;; MSG SIZE rcvd: 70 > > > root@sdc-ops-openldap01:/etc/bind# ldapsearch -x -H ldap://10.32.183.11 -P 3 > -LLL -b "dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=internal" > "(objectClass=dlzSOARecord)" > dn: dlzRecordID=1,dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=intern > al > objectClass: top > objectClass: dlzSOARecord > dlzRecordID: 1 > dlzHostName: @ > dlzType: SOA > dlzSerial: 1 > dlzRefresh: 2800 > dlzRetry: 7200 > dlzExpire: 604800 > dlzMinimum: 86400 > dlzAdminEmail: root.example.com. > dlzTTL: 1209600 > dlzPrimaryNS: sdc-ops-openldap01.bd.internal. > > > /etc/bind/named.conf > > dyndb "ldap" "/usr/lib/bind/ldap.so" { > uri "ldap://10.32.183.11";; > base "ou=dns,dc=bd,dc=internal"; > auth_method "simple"; > bind_dn "cn=admin,dc=bd,dc=internal"; > password "PASSWORD"; > }; > > Not sure what the issue is. Any ideas? > > Thanks, > Jose > > > > _______________________________________________ > Lam-public mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
