1 |
swift 06/03/25 12:14:46 |
2 |
|
3 |
Modified: metadoc.xml |
4 |
Added: ldapdns-guide.xml bootstrap.ldif.txt |
5 |
Log: |
6 |
Adding ldap dns guide, been in draft long enough without much attention |
7 |
|
8 |
Revision Changes Path |
9 |
1.147 xml/htdocs/doc/en/metadoc.xml |
10 |
|
11 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.147&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
12 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.147&content-type=text/plain&cvsroot=gentoo |
13 |
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml.diff?r1=1.146&r2=1.147&cvsroot=gentoo |
14 |
|
15 |
Index: metadoc.xml |
16 |
=================================================================== |
17 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v |
18 |
retrieving revision 1.146 |
19 |
retrieving revision 1.147 |
20 |
diff -u -r1.146 -r1.147 |
21 |
--- metadoc.xml 14 Mar 2006 12:30:33 -0000 1.146 |
22 |
+++ metadoc.xml 25 Mar 2006 12:14:46 -0000 1.147 |
23 |
@@ -1,9 +1,9 @@ |
24 |
<?xml version='1.0' encoding="UTF-8"?> |
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.146 2006/03/14 12:30:33 neysx Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.147 2006/03/25 12:14:46 swift Exp $ --> |
27 |
<!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd"> |
28 |
|
29 |
<metadoc lang="en"> |
30 |
-<version>1.74</version> |
31 |
+<version>1.75</version> |
32 |
<members> |
33 |
<lead>neysx</lead> |
34 |
<member>fox2mike</member> |
35 |
@@ -389,6 +389,7 @@ |
36 |
<file id="php-upgrade">/proj/en/php/php-upgrading.xml</file> |
37 |
<file id="jffnms">/doc/en/jffnms.xml</file> |
38 |
<file id="conky">/doc/en/conky-howto.xml</file> |
39 |
+ <file id="ldapdns">/doc/en/ldapdns-guide.xml</file> |
40 |
</files> |
41 |
<docs> |
42 |
<doc id="name-logo"> |
43 |
@@ -1254,5 +1255,9 @@ |
44 |
<memberof>desktop_config</memberof> |
45 |
<fileid>conky</fileid> |
46 |
</doc> |
47 |
+ <doc id="ldapdns"> |
48 |
+ <memberof>sysadmin_specific</memberof> |
49 |
+ <fileid>ldapdns</fileid> |
50 |
+ </doc> |
51 |
</docs> |
52 |
</metadoc> |
53 |
|
54 |
|
55 |
|
56 |
1.1 xml/htdocs/doc/en/ldapdns-guide.xml |
57 |
|
58 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldapdns-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
59 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/ldapdns-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo |
60 |
|
61 |
Index: ldapdns-guide.xml |
62 |
=================================================================== |
63 |
<?xml version='1.0' encoding="UTF-8"?> |
64 |
|
65 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/ldapdns-guide.xml,v 1.1 2006/03/25 12:14:46 swift Exp $ --> |
66 |
|
67 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
68 |
|
69 |
<guide link="/doc/en/ldapdns-guide.xml"> |
70 |
<title>Gentoo LDAP-DNS Guide</title> |
71 |
|
72 |
<author title="Author"> |
73 |
<mail link="fnjordy@×××××.com">Steve-o</mail> |
74 |
</author> |
75 |
<author title="Editor"> |
76 |
<mail link="swift@g.o">Sven Vermeulen</mail> |
77 |
</author> |
78 |
|
79 |
<abstract> |
80 |
With ldapdns, you can provide DNS services to your network easily. The DNS |
81 |
records used are stored inside an LDAP environment. This document guides you |
82 |
through the configuration of OpenLDAP and ldapdns for this purpose. |
83 |
</abstract> |
84 |
|
85 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
86 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
87 |
<license/> |
88 |
|
89 |
<version>0.2</version> |
90 |
<date>2006-03-25</date> |
91 |
|
92 |
<chapter> |
93 |
<title>Introduction</title> |
94 |
<section> |
95 |
<body> |
96 |
|
97 |
<p> |
98 |
LDAPDNS is a small server that provides DNS services to your network. With DNS |
99 |
services, you can manage your hostnames in a central manner deprecating the |
100 |
tedious <path>/etc/hosts</path> updates every time a system is added/removed or |
101 |
has changed its host name. |
102 |
</p> |
103 |
|
104 |
<p> |
105 |
The LDAPDNS package uses an LDAP service to store all DNS records (which is, |
106 |
simply explained, a line that contains the mapping between a hostname and an IP |
107 |
address). LDAP is a standard protocol to obtain information from a |
108 |
hierarchically represented knowledge base (directories). The most well-known |
109 |
LDAP service for Linux is OpenLDAP, a free LDAP implementation. |
110 |
</p> |
111 |
|
112 |
<p> |
113 |
With this small guide at hand, you should be able to set up DNS services on your |
114 |
network with as little effort as possible. |
115 |
</p> |
116 |
|
117 |
</body> |
118 |
</section> |
119 |
</chapter> |
120 |
|
121 |
<chapter> |
122 |
<title>Configuring LDAP-DNS</title> |
123 |
<section> |
124 |
<body> |
125 |
|
126 |
<p> |
127 |
First, install <c>net-dns/ldapdns</c>. |
128 |
</p> |
129 |
|
130 |
<pre caption="Installing ldapdns"> |
131 |
# <i>emerge net-dns/ldapdns</i> |
132 |
</pre> |
133 |
|
134 |
<p> |
135 |
Next, configure <c>ldapdns</c> to host the DNS records for your network. We use |
136 |
<c>ldapdns-conf</c> which uses the following syntax: |
137 |
</p> |
138 |
|
139 |
<pre caption="Syntax for ldapdns-conf"> |
140 |
ldapdns-conf acct logacct /path yourip ldaphost dn [suffix] |
141 |
</pre> |
142 |
|
143 |
<table> |
144 |
<tr> |
145 |
<th>Keyword</th> |
146 |
<th>Explanation</th> |
147 |
<th>Example</th> |
148 |
</tr> |
149 |
<tr> |
150 |
<ti>acct</ti> |
151 |
<ti>Username as which ldapdns will run</ti> |
152 |
<ti>ldapdns</ti> |
153 |
</tr> |
154 |
<tr> |
155 |
<ti>logacct</ti> |
156 |
<ti>Username as which the ldapdns logging will run</ti> |
157 |
<ti>dnslog</ti> |
158 |
</tr> |
159 |
<tr> |
160 |
<ti>/path</ti> |
161 |
<ti>Chrooted home directory for ldapdns</ti> |
162 |
<ti><path>/var/lib/ldapdns</path></ti> |
163 |
</tr> |
164 |
<tr> |
165 |
<ti>yourip</ti> |
166 |
<ti>IP address to listen to</ti> |
167 |
<ti>127.0.0.1</ti> |
168 |
</tr> |
169 |
<tr> |
170 |
<ti>ldaphost</ti> |
171 |
<ti>Address of the LDAP service</ti> |
172 |
<ti><c>ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock</c></ti> |
173 |
</tr> |
174 |
<tr> |
175 |
<ti>dn</ti> |
176 |
<ti>LDAP login credentials</ti> |
177 |
<ti>cn=Manager,dc=<c>yourdomain</c></ti> |
178 |
</tr> |
179 |
<tr> |
180 |
<ti>suffix</ti> |
181 |
<ti>Optional default ldap path to add on all queries</ti> |
182 |
<ti>ou=Machines,dc=<c>yourdomain</c></ti> |
183 |
</tr> |
184 |
</table> |
185 |
|
186 |
<p> |
187 |
You should substitute the <c>127.0.0.1</c> IP address with an IP address that |
188 |
all hosts can reach and don't forget to use the domain name you want instead of |
189 |
<c>yourdomain</c>. |
190 |
</p> |
191 |
|
192 |
<pre caption="Example ldapdns-conf run"> |
193 |
# <i>ldapdns-conf ldapdns dnslog /var/lib/ldapdns 127.0.0.1 ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain</i> |
194 |
</pre> |
195 |
|
196 |
<p> |
197 |
Now set the LDAP login password: |
198 |
</p> |
199 |
|
200 |
<pre caption="Setting the LDAP login password"> |
201 |
# <i>echo YourSecretPassword > /var/lib/ldapdns/root/password</i> |
202 |
# <i>chmod 0400 /var/lib/ldapdns/root/password</i> |
203 |
</pre> |
204 |
|
205 |
<p> |
206 |
Now configure ldapdns to use the simple authentication method and the cosine |
207 |
LDAP schemas: |
208 |
</p> |
209 |
|
210 |
<pre caption="Configuring ldapdns"> |
211 |
# <i>echo simple > /var/lib/ldapdns/env/LDAP_AUTH</i> |
212 |
# <i>echo cosine > /var/lib/ldapdns/env/SCHEMA</i> |
213 |
</pre> |
214 |
|
215 |
<p> |
216 |
You can optionally set an e-mail address for the service: |
217 |
</p> |
218 |
|
219 |
<pre caption="Setting a host master e-mail address"> |
220 |
# <i>echo YourMail@address > /var/lib/ldapdns/env/HOSTMASTER</i> |
221 |
</pre> |
222 |
|
223 |
<p> |
224 |
Add the service to the supervise scan and run the service supervisor if you |
225 |
haven't started it already: |
226 |
</p> |
227 |
|
228 |
<pre caption="Managing supervise services"> |
229 |
# <i>ln -s /var/lib/ldapdns /service</i> |
230 |
# <i>/etc/init.d/svscan start</i> |
231 |
# <i>rc-update add svscan default</i> |
232 |
</pre> |
233 |
|
234 |
</body> |
235 |
</section> |
236 |
</chapter> |
237 |
|
238 |
<chapter> |
239 |
<title>Configuring OpenLDAP</title> |
240 |
<section> |
241 |
<body> |
242 |
|
243 |
<p> |
244 |
Now we need to configure OpenLDAP with the DNS schema. Open up |
245 |
<path>/etc/openldap/sldap.conf</path> with your favorite editor and make sure |
246 |
the following three lines are listed: |
247 |
</p> |
248 |
|
249 |
<pre caption="Editing /etc/openldap/sldap.conf"> |
250 |
include /etc/openldap/schema/cosine.schema |
251 |
include /etc/openldap/schema/inetorgperson.schema |
252 |
include /etc/openldap/schema/nis.schema |
253 |
</pre> |
254 |
|
255 |
<p> |
256 |
Bootstrap LDAP with the base dn you defined previously with <c>ldapdns-conf</c>. |
257 |
To accomplish this, we first create a file called <path>bootstrap.ldif</path> |
258 |
(it is just a name) which we fill up with DNS information. |
259 |
</p> |
260 |
|
261 |
<p> |
262 |
As an example, we provide a <uri link="bootstrap.ldif.txt">bootstrap.ldif</uri> |
263 |
file for a fictuous domain <c>cherchetoujours.org</c>. |
264 |
</p> |
265 |
|
266 |
<p> |
267 |
Now bootstrap your LDAP with this information: |
268 |
</p> |
269 |
|
270 |
<pre caption="Bootstrapping LDAP"> |
271 |
# <i>ldapadd -x -D "cn=Manager,dc=yourdomain" -W -f bootstrap.ldif</i> |
272 |
</pre> |
273 |
|
274 |
</body> |
275 |
</section> |
276 |
</chapter> |
277 |
|
278 |
<chapter> |
279 |
<title>Testing the Installation</title> |
280 |
<section> |
281 |
<body> |
282 |
|
283 |
<p> |
284 |
Now you are all set. Test your setup using <c>nslookup</c> (part of |
285 |
<c>net-dns/bind-tools</c>): |
286 |
</p> |
287 |
|
288 |
<pre caption="Testing the ldapdns configuration"> |
289 |
# <i>nslookup ns1.yourdomain</i> |
290 |
Note: nslookup is deprecated and may be removed from future releases. |
291 |
Consider using the `dig' or `host' programs instead. Run nslookup with |
292 |
the `-sil[ent]' option to prevent this message from appearing. |
293 |
Server: <i>127.0.0.1</i> |
294 |
Address: <i>127.0.0.1#53</i> |
295 |
|
296 |
Name: ns1.example.com |
297 |
Address: <comment>(Your server IP address)</comment> |
298 |
</pre> |
299 |
|
300 |
</body> |
301 |
</section> |
302 |
</chapter> |
303 |
|
304 |
<chapter> |
305 |
<title>Resources</title> |
306 |
<section> |
307 |
<body> |
308 |
|
309 |
<p> |
310 |
The <uri |
311 |
link="http://cvs.lp.se/doc/ldapdns/README.configure.gz">README.configure.gz</uri> |
312 |
file for the ldapdns project. |
313 |
</p> |
314 |
|
315 |
</body> |
316 |
</section> |
317 |
</chapter> |
318 |
|
319 |
</guide> |
320 |
|
321 |
|
322 |
|
323 |
1.1 xml/htdocs/doc/en/bootstrap.ldif.txt |
324 |
|
325 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/bootstrap.ldif.txt?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
326 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/bootstrap.ldif.txt?rev=1.1&content-type=text/plain&cvsroot=gentoo |
327 |
|
328 |
Index: bootstrap.ldif.txt |
329 |
=================================================================== |
330 |
dn: dc=cherchetoujours.org,o=entropie |
331 |
dc: cherchetoujours.org |
332 |
objectClass: top |
333 |
objectClass: dcObject |
334 |
objectClass: dNSDomain |
335 |
|
336 |
dn: dc=org,dc=cherchetoujours.org,o=entropie |
337 |
dc: org |
338 |
objectClass: top |
339 |
objectClass: dcObject |
340 |
objectClass: dNSDomain |
341 |
|
342 |
dn: dc=cherchetoujours,dc=org,dc=cherchetoujours.org.nu,o=entropie |
343 |
dc: cherchetoujours |
344 |
objectClass: top |
345 |
objectClass: dcObject |
346 |
objectClass: dNSDomain |
347 |
|
348 |
dn: dc=arpa,dc=cherchetoujours.org.nu,o=entropie |
349 |
dc: arpa |
350 |
objectClass: dNSDomain |
351 |
objectClass: dcObject |
352 |
objectClass: top |
353 |
|
354 |
dn: dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie |
355 |
dc: in-addr |
356 |
objectClass: dNSDomain |
357 |
objectClass: dcObject |
358 |
objectClass: top |
359 |
|
360 |
dn: dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie |
361 |
dc: 192 |
362 |
objectClass: dNSDomain |
363 |
objectClass: dcObject |
364 |
objectClass: top |
365 |
|
366 |
dn: dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org.nu,o=entropie |
367 |
dc: 168 |
368 |
objectClass: dNSDomain |
369 |
objectClass: dcObject |
370 |
objectClass: top |
371 |
|
372 |
dn: dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie |
373 |
dc: 0 |
374 |
objectClass: dNSDomain |
375 |
objectClass: dcObject |
376 |
objectClass: top |
377 |
|
378 |
dn: dc=1,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie |
379 |
dc: 1 |
380 |
cNAMERecord: ns.cherchetoujours.org |
381 |
objectClass: dNSDomain |
382 |
objectClass: dcObject |
383 |
objectClass: top |
384 |
nSRecord: @ |
385 |
|
386 |
dn: dc=2,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,dc=cherchetoujours.org,o=entropie |
387 |
dc: 2 |
388 |
cNAMERecord: babykart.cherchetoujours.org |
389 |
objectClass: dNSDomain |
390 |
objectClass: dcObject |
391 |
objectClass: top |
392 |
nSRecord: @ |
393 |
|
394 |
dn: dc=ns,dc=cherchetoujours,dc=org,dc=cherchetoujours.org,o=entropie |
395 |
objectClass: top |
396 |
objectClass: dNSDomain |
397 |
objectClass: dcObject |
398 |
dc: ns |
399 |
aRecord: 192.168.0.1 |
400 |
nSRecord: @ |
401 |
|
402 |
dn: dc=babykart,dc=cherchetoujours,dc=org,dc=cherchetoujours.org,o=entropie |
403 |
objectClass: top |
404 |
objectClass: dNSDomain |
405 |
objectClass: dcObject |
406 |
dc: babykart |
407 |
aRecord: 192.168.0.2 |
408 |
nSRecord: @ |
409 |
|
410 |
|
411 |
|
412 |
|
413 |
-- |
414 |
gentoo-doc-cvs@g.o mailing list |