[gentoo-doc-cvs] cvs commit: ldapdns-guide.xml - gentoo-doc-cvs

From:	Sven Vermeulen <swift@×××××××××××.org>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] cvs commit: ldapdns-guide.xml
Date:	Mon, 25 Jul 2005 17:19:48
Message-Id:	`200507251718.j6PHIe1A025922@robin.gentoo.org`

1

swift       05/07/25 17:19:26

2

3

  Added:       xml/htdocs/doc/en/draft ldapdns-guide.xml

4

  Log:

5

  Draft for ldapdns configuration, see #67932

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/doc/en/draft/ldapdns-guide.xml

9

10

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo

11

plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo

12

13

Index: ldapdns-guide.xml

14

===================================================================

15

<?xml version='1.0' encoding="UTF-8"?>

16

17

<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/ldapdns-guide.xml,v 1.1 2005/07/25 17:19:26 swift Exp $ -->

18

19

<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

20

21

<guide link="/doc/en/draft/ldapdns-guide.xml">

22

<title>Gentoo LDAP-DNS Guide</title>

23

24

<author title="Author">

25

  <mail link="fnjordy@×××××.com">Steve-o</mail>

26

</author>

27

<author title="Editor">

28

  <mail link="swift@g.o">Sven Vermeulen</mail>

29

</author>

30

31

<abstract>

32

With ldapdns, you can provide DNS services to your network easily. The DNS

33

records used are stored inside an LDAP environment. This document guides you

34

through the configuration of OpenLDAP and ldapdns for this purpose.

35

</abstract>

36

37

<!-- The content of this document is licensed under the CC-BY-SA license -->

38

<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->

39

<license/>

40

41

<version>0.1</version>

42

<date>2005-07-25</date>

43

44

<chapter>

45

<title>Introduction</title>

46

<section>

47

<body>

48

49

<p>

50

LDAPDNS is a small server that provides DNS services to your network. With DNS

51

services, you can manage your hostnames in a central manner deprecating the

52

tedious <path>/etc/hosts</path> updates every time a system is added/removed or

53

has changed its host name.

54

</p>

55

56

<p>

57

The LDAPDNS package uses an LDAP service to store all DNS records (which is,

58

simply explained, a line that contains the mapping between a hostname and an IP

59

address). LDAP is a standard protocol to obtain information from a

60

hierarchically represented knowledge base (directories). The most well-known

61

LDAP service for Linux is OpenLDAP, a free LDAP implementation. 

62

</p>

63

64

<p>

65

With this small guide at hand, you should be able to set up DNS services on your

66

network with as little effort as possible.

67

</p>

68

69

</body>

70

</section>

71

</chapter>

72

73

<chapter>

74

<title>Configuring LDAP-DNS</title>

75

<section>

76

<body>

77

78

<p>

79

First, install <c>net-dns/ldapdns</c>. 

80

</p>

81

82

<pre caption="Installing ldapdns">

83

# <i>emerge net-dns/ldapdns</i>

84

</pre>

85

86

<p>

87

Next, configure <c>ldapdns</c> to host the DNS records for your network. We use

88

<c>ldapdns-conf</c> which uses the following syntax:

89

</p>

90

91

<pre caption="Syntax for ldapdns-conf">

92

ldapdns-conf acct logacct /path yourip ldaphost dn [suffix]

93

</pre>

94

95

<table>

96

<tr>

97

  <th>Keyword</th>

98

  <th>Explanation</th>

99

  <th>Example</th>

100

</tr>

101

<tr>

102

  <ti>acct</ti>

103

  <ti>Username as which ldapdns will run</ti>

104

  <ti>ldapdns</ti>

105

</tr>

106

<tr>

107

  <ti>logacct</ti>

108

  <ti>Username as which the ldapdns logging will run</ti>

109

  <ti>dnslog</ti>

110

</tr>

111

<tr>

112

  <ti>/path</ti>

113

  <ti>Chrooted home directory for ldapdns</ti>

114

  <ti><path>/var/lib/ldapdns</path></ti>

115

</tr>

116

<tr>

117

  <ti>yourip</ti>

118

  <ti>IP address to listen to</ti>

119

  <ti>127.0.0.1</ti>

120

</tr>

121

<tr>

122

  <ti>ldaphost</ti>

123

  <ti>Address of the LDAP service</ti>

124

  <ti><c>ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock</c></ti>

125

</tr>

126

<tr>

127

  <ti>dn</ti>

128

  <ti>LDAP login credentials</ti>

129

  <ti>cn=Manager,dc=<c>yourdomain</c></ti>

130

</tr>

131

<tr>

132

  <ti>suffix</ti>

133

  <ti>Optional default ldap path to add on all queries</ti>

134

  <ti>ou=Machines,dc=<c>yourdomain</c></ti>

135

</tr>

136

</table>

137

138

<p>

139

You should substitute the <c>127.0.0.1</c> IP address with an IP address that 

140

all hosts can reach and don't forget to use the domain name you want instead of

141

<c>yourdomain</c>.

142

</p>

143

144

<pre caption="Example ldapdns-conf run">

145

# <i>ldapdns-conf ldapdns dnslog /var/lib/ldapdns 127.0.0.1 ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain</i>

146

</pre>

147

148

<p>

149

Now set the LDAP login password:

150

</p>

151

152

<pre caption="Setting the LDAP login password">

153

# <i>echo YourSecretPassword &gt; /var/lib/ldapdns/root/password</i>

154

# <i>chmod 0400 /var/lib/ldapdns/root/password</i>

155

</pre>

156

157

<p>

158

Now configure ldapdns to use the simple authentication method and the cosine

159

LDAP schemas:

160

</p>

161

162

<pre caption="Configuring ldapdns">

163

# <i>echo simple &gt; /var/lib/ldapdns/env/LDAP_AUTH</i>

164

# <i>echo cosine &gt; /var/lib/ldapdns/env/SCHEMA</i>

165

</pre>

166

167

<p>

168

You can optionally set an e-mail address for the service:

169

</p>

170

171

<pre caption="Setting a host master e-mail address">

172

# <i>echo YourMail@address &gt; /var/lib/ldapdns/env/HOSTMASTER</i>

173

</pre>

174

175

<p>

176

Add the service to the supervise scan and run the service supervisor if you

177

haven't started it already:

178

</p>

179

180

<pre caption="Managing supervise services">

181

# <i>ln -s /var/lib/ldapdns /service</i>

182

# <i>/etc/init.d/svscan start</i>

183

# <i>rc-update add svscan default</i>

184

</pre>

185

186

</body>

187

</section>

188

</chapter>

189

190

<chapter>

191

<title>Configuring OpenLDAP</title>

192

<section>

193

<body>

194

195

<p>

196

Now we need to configure OpenLDAP with the DNS schema. Open up

197

<path>/etc/openldap/sldap.conf</path> with your favorite editor and make sure

198

the following three lines are listed:

199

</p>

200

201

<pre caption="Editing /etc/openldap/sldap.conf">

202

include         /etc/openldap/schema/cosine.schema

203

include         /etc/openldap/schema/inetorgperson.schema

204

include         /etc/openldap/schema/nis.schema

205

</pre>

206

207

<p>

208

Bootstrap LDAP with the base dn you defined previously with <c>ldapdns-conf</c>.

209

To accomplish this, we first create a file called <path>bootstrap.ldif</path>

210

(it is just a name) and have it contain the following information:

211

</p>

212

213

<pre caption="Creating bootstrap.ldif">

--

218

gentoo-doc-cvs@g.o mailing list

1	swift 05/07/25 17:19:26
2
3	Added: xml/htdocs/doc/en/draft ldapdns-guide.xml
4	Log:
5	Draft for ldapdns configuration, see #67932
6
7	Revision Changes Path
8	1.1 xml/htdocs/doc/en/draft/ldapdns-guide.xml
9
10	file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo
11	plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo
12
13	Index: ldapdns-guide.xml
14	===================================================================
15	<?xml version='1.0' encoding="UTF-8"?>
16
17	<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/ldapdns-guide.xml,v 1.1 2005/07/25 17:19:26 swift Exp $ -->
18
19	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
20
21	<guide link="/doc/en/draft/ldapdns-guide.xml">
22	<title>Gentoo LDAP-DNS Guide</title>
23
24	<author title="Author">
25	<mail link="fnjordy@×××××.com">Steve-o</mail>
26	</author>
27	<author title="Editor">
28	<mail link="swift@g.o">Sven Vermeulen</mail>
29	</author>
30
31	<abstract>
32	With ldapdns, you can provide DNS services to your network easily. The DNS
33	records used are stored inside an LDAP environment. This document guides you
34	through the configuration of OpenLDAP and ldapdns for this purpose.
35	</abstract>
36
37	<!-- The content of this document is licensed under the CC-BY-SA license -->
38	<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
39	<license/>
40
41	<version>0.1</version>
42	<date>2005-07-25</date>
43
44	<chapter>
45	<title>Introduction</title>
46	<section>
47	<body>
48
49	<p>
50	LDAPDNS is a small server that provides DNS services to your network. With DNS
51	services, you can manage your hostnames in a central manner deprecating the
52	tedious <path>/etc/hosts</path> updates every time a system is added/removed or
53	has changed its host name.
54	</p>
55
56	<p>
57	The LDAPDNS package uses an LDAP service to store all DNS records (which is,
58	simply explained, a line that contains the mapping between a hostname and an IP
59	address). LDAP is a standard protocol to obtain information from a
60	hierarchically represented knowledge base (directories). The most well-known
61	LDAP service for Linux is OpenLDAP, a free LDAP implementation.
62	</p>
63
64	<p>
65	With this small guide at hand, you should be able to set up DNS services on your
66	network with as little effort as possible.
67	</p>
68
69	</body>
70	</section>
71	</chapter>
72
73	<chapter>
74	<title>Configuring LDAP-DNS</title>
75	<section>
76	<body>
77
78	<p>
79	First, install <c>net-dns/ldapdns</c>.
80	</p>
81
82	<pre caption="Installing ldapdns">
83	# <i>emerge net-dns/ldapdns</i>
84	</pre>
85
86	<p>
87	Next, configure <c>ldapdns</c> to host the DNS records for your network. We use
88	<c>ldapdns-conf</c> which uses the following syntax:
89	</p>
90
91	<pre caption="Syntax for ldapdns-conf">
92	ldapdns-conf acct logacct /path yourip ldaphost dn [suffix]
93	</pre>
94
95	<table>
96	<tr>
97	<th>Keyword</th>
98	<th>Explanation</th>
99	<th>Example</th>
100	</tr>
101	<tr>
102	<ti>acct</ti>
103	<ti>Username as which ldapdns will run</ti>
104	<ti>ldapdns</ti>
105	</tr>
106	<tr>
107	<ti>logacct</ti>
108	<ti>Username as which the ldapdns logging will run</ti>
109	<ti>dnslog</ti>
110	</tr>
111	<tr>
112	<ti>/path</ti>
113	<ti>Chrooted home directory for ldapdns</ti>
114	<ti><path>/var/lib/ldapdns</path></ti>
115	</tr>
116	<tr>
117	<ti>yourip</ti>
118	<ti>IP address to listen to</ti>
119	<ti>127.0.0.1</ti>
120	</tr>
121	<tr>
122	<ti>ldaphost</ti>
123	<ti>Address of the LDAP service</ti>
124	<ti><c>ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock</c></ti>
125	</tr>
126	<tr>
127	<ti>dn</ti>
128	<ti>LDAP login credentials</ti>
129	<ti>cn=Manager,dc=<c>yourdomain</c></ti>
130	</tr>
131	<tr>
132	<ti>suffix</ti>
133	<ti>Optional default ldap path to add on all queries</ti>
134	<ti>ou=Machines,dc=<c>yourdomain</c></ti>
135	</tr>
136	</table>
137
138	<p>
139	You should substitute the <c>127.0.0.1</c> IP address with an IP address that
140	all hosts can reach and don't forget to use the domain name you want instead of
141	<c>yourdomain</c>.
142	</p>
143
144	<pre caption="Example ldapdns-conf run">
145	# <i>ldapdns-conf ldapdns dnslog /var/lib/ldapdns 127.0.0.1 ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain</i>
146	</pre>
147
148	<p>
149	Now set the LDAP login password:
150	</p>
151
152	<pre caption="Setting the LDAP login password">
153	# <i>echo YourSecretPassword > /var/lib/ldapdns/root/password</i>
154	# <i>chmod 0400 /var/lib/ldapdns/root/password</i>
155	</pre>
156
157	<p>
158	Now configure ldapdns to use the simple authentication method and the cosine
159	LDAP schemas:
160	</p>
161
162	<pre caption="Configuring ldapdns">
163	# <i>echo simple > /var/lib/ldapdns/env/LDAP_AUTH</i>
164	# <i>echo cosine > /var/lib/ldapdns/env/SCHEMA</i>
165	</pre>
166
167	<p>
168	You can optionally set an e-mail address for the service:
169	</p>
170
171	<pre caption="Setting a host master e-mail address">
172	# <i>echo YourMail@address > /var/lib/ldapdns/env/HOSTMASTER</i>
173	</pre>
174
175	<p>
176	Add the service to the supervise scan and run the service supervisor if you
177	haven't started it already:
178	</p>
179
180	<pre caption="Managing supervise services">
181	# <i>ln -s /var/lib/ldapdns /service</i>
182	# <i>/etc/init.d/svscan start</i>
183	# <i>rc-update add svscan default</i>
184	</pre>
185
186	</body>
187	</section>
188	</chapter>
189
190	<chapter>
191	<title>Configuring OpenLDAP</title>
192	<section>
193	<body>
194
195	<p>
196	Now we need to configure OpenLDAP with the DNS schema. Open up
197	<path>/etc/openldap/sldap.conf</path> with your favorite editor and make sure
198	the following three lines are listed:
199	</p>
200
201	<pre caption="Editing /etc/openldap/sldap.conf">
202	include /etc/openldap/schema/cosine.schema
203	include /etc/openldap/schema/inetorgperson.schema
204	include /etc/openldap/schema/nis.schema
205	</pre>
206
207	<p>
208	Bootstrap LDAP with the base dn you defined previously with <c>ldapdns-conf</c>.
209	To accomplish this, we first create a file called <path>bootstrap.ldif</path>
210	(it is just a name) and have it contain the following information:
211	</p>
212
213	<pre caption="Creating bootstrap.ldif">
214
215
216
217	--
218	gentoo-doc-cvs@g.o mailing list

Gentoo Archives: gentoo-doc-cvs