1 |
swift 05/07/25 17:19:26 |
2 |
|
3 |
Added: xml/htdocs/doc/en/draft ldapdns-guide.xml |
4 |
Log: |
5 |
Draft for ldapdns configuration, see #67932 |
6 |
|
7 |
Revision Changes Path |
8 |
1.1 xml/htdocs/doc/en/draft/ldapdns-guide.xml |
9 |
|
10 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
11 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/ldapdns-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo |
12 |
|
13 |
Index: ldapdns-guide.xml |
14 |
=================================================================== |
15 |
<?xml version='1.0' encoding="UTF-8"?> |
16 |
|
17 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/ldapdns-guide.xml,v 1.1 2005/07/25 17:19:26 swift Exp $ --> |
18 |
|
19 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
20 |
|
21 |
<guide link="/doc/en/draft/ldapdns-guide.xml"> |
22 |
<title>Gentoo LDAP-DNS Guide</title> |
23 |
|
24 |
<author title="Author"> |
25 |
<mail link="fnjordy@×××××.com">Steve-o</mail> |
26 |
</author> |
27 |
<author title="Editor"> |
28 |
<mail link="swift@g.o">Sven Vermeulen</mail> |
29 |
</author> |
30 |
|
31 |
<abstract> |
32 |
With ldapdns, you can provide DNS services to your network easily. The DNS |
33 |
records used are stored inside an LDAP environment. This document guides you |
34 |
through the configuration of OpenLDAP and ldapdns for this purpose. |
35 |
</abstract> |
36 |
|
37 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
38 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
39 |
<license/> |
40 |
|
41 |
<version>0.1</version> |
42 |
<date>2005-07-25</date> |
43 |
|
44 |
<chapter> |
45 |
<title>Introduction</title> |
46 |
<section> |
47 |
<body> |
48 |
|
49 |
<p> |
50 |
LDAPDNS is a small server that provides DNS services to your network. With DNS |
51 |
services, you can manage your hostnames in a central manner deprecating the |
52 |
tedious <path>/etc/hosts</path> updates every time a system is added/removed or |
53 |
has changed its host name. |
54 |
</p> |
55 |
|
56 |
<p> |
57 |
The LDAPDNS package uses an LDAP service to store all DNS records (which is, |
58 |
simply explained, a line that contains the mapping between a hostname and an IP |
59 |
address). LDAP is a standard protocol to obtain information from a |
60 |
hierarchically represented knowledge base (directories). The most well-known |
61 |
LDAP service for Linux is OpenLDAP, a free LDAP implementation. |
62 |
</p> |
63 |
|
64 |
<p> |
65 |
With this small guide at hand, you should be able to set up DNS services on your |
66 |
network with as little effort as possible. |
67 |
</p> |
68 |
|
69 |
</body> |
70 |
</section> |
71 |
</chapter> |
72 |
|
73 |
<chapter> |
74 |
<title>Configuring LDAP-DNS</title> |
75 |
<section> |
76 |
<body> |
77 |
|
78 |
<p> |
79 |
First, install <c>net-dns/ldapdns</c>. |
80 |
</p> |
81 |
|
82 |
<pre caption="Installing ldapdns"> |
83 |
# <i>emerge net-dns/ldapdns</i> |
84 |
</pre> |
85 |
|
86 |
<p> |
87 |
Next, configure <c>ldapdns</c> to host the DNS records for your network. We use |
88 |
<c>ldapdns-conf</c> which uses the following syntax: |
89 |
</p> |
90 |
|
91 |
<pre caption="Syntax for ldapdns-conf"> |
92 |
ldapdns-conf acct logacct /path yourip ldaphost dn [suffix] |
93 |
</pre> |
94 |
|
95 |
<table> |
96 |
<tr> |
97 |
<th>Keyword</th> |
98 |
<th>Explanation</th> |
99 |
<th>Example</th> |
100 |
</tr> |
101 |
<tr> |
102 |
<ti>acct</ti> |
103 |
<ti>Username as which ldapdns will run</ti> |
104 |
<ti>ldapdns</ti> |
105 |
</tr> |
106 |
<tr> |
107 |
<ti>logacct</ti> |
108 |
<ti>Username as which the ldapdns logging will run</ti> |
109 |
<ti>dnslog</ti> |
110 |
</tr> |
111 |
<tr> |
112 |
<ti>/path</ti> |
113 |
<ti>Chrooted home directory for ldapdns</ti> |
114 |
<ti><path>/var/lib/ldapdns</path></ti> |
115 |
</tr> |
116 |
<tr> |
117 |
<ti>yourip</ti> |
118 |
<ti>IP address to listen to</ti> |
119 |
<ti>127.0.0.1</ti> |
120 |
</tr> |
121 |
<tr> |
122 |
<ti>ldaphost</ti> |
123 |
<ti>Address of the LDAP service</ti> |
124 |
<ti><c>ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock</c></ti> |
125 |
</tr> |
126 |
<tr> |
127 |
<ti>dn</ti> |
128 |
<ti>LDAP login credentials</ti> |
129 |
<ti>cn=Manager,dc=<c>yourdomain</c></ti> |
130 |
</tr> |
131 |
<tr> |
132 |
<ti>suffix</ti> |
133 |
<ti>Optional default ldap path to add on all queries</ti> |
134 |
<ti>ou=Machines,dc=<c>yourdomain</c></ti> |
135 |
</tr> |
136 |
</table> |
137 |
|
138 |
<p> |
139 |
You should substitute the <c>127.0.0.1</c> IP address with an IP address that |
140 |
all hosts can reach and don't forget to use the domain name you want instead of |
141 |
<c>yourdomain</c>. |
142 |
</p> |
143 |
|
144 |
<pre caption="Example ldapdns-conf run"> |
145 |
# <i>ldapdns-conf ldapdns dnslog /var/lib/ldapdns 127.0.0.1 ldapi://%2fvar%2frun%2fopenldap%2fsldapd.sock cn=Manager,dc=yourdomain ou=Machines,dc=yourdomain</i> |
146 |
</pre> |
147 |
|
148 |
<p> |
149 |
Now set the LDAP login password: |
150 |
</p> |
151 |
|
152 |
<pre caption="Setting the LDAP login password"> |
153 |
# <i>echo YourSecretPassword > /var/lib/ldapdns/root/password</i> |
154 |
# <i>chmod 0400 /var/lib/ldapdns/root/password</i> |
155 |
</pre> |
156 |
|
157 |
<p> |
158 |
Now configure ldapdns to use the simple authentication method and the cosine |
159 |
LDAP schemas: |
160 |
</p> |
161 |
|
162 |
<pre caption="Configuring ldapdns"> |
163 |
# <i>echo simple > /var/lib/ldapdns/env/LDAP_AUTH</i> |
164 |
# <i>echo cosine > /var/lib/ldapdns/env/SCHEMA</i> |
165 |
</pre> |
166 |
|
167 |
<p> |
168 |
You can optionally set an e-mail address for the service: |
169 |
</p> |
170 |
|
171 |
<pre caption="Setting a host master e-mail address"> |
172 |
# <i>echo YourMail@address > /var/lib/ldapdns/env/HOSTMASTER</i> |
173 |
</pre> |
174 |
|
175 |
<p> |
176 |
Add the service to the supervise scan and run the service supervisor if you |
177 |
haven't started it already: |
178 |
</p> |
179 |
|
180 |
<pre caption="Managing supervise services"> |
181 |
# <i>ln -s /var/lib/ldapdns /service</i> |
182 |
# <i>/etc/init.d/svscan start</i> |
183 |
# <i>rc-update add svscan default</i> |
184 |
</pre> |
185 |
|
186 |
</body> |
187 |
</section> |
188 |
</chapter> |
189 |
|
190 |
<chapter> |
191 |
<title>Configuring OpenLDAP</title> |
192 |
<section> |
193 |
<body> |
194 |
|
195 |
<p> |
196 |
Now we need to configure OpenLDAP with the DNS schema. Open up |
197 |
<path>/etc/openldap/sldap.conf</path> with your favorite editor and make sure |
198 |
the following three lines are listed: |
199 |
</p> |
200 |
|
201 |
<pre caption="Editing /etc/openldap/sldap.conf"> |
202 |
include /etc/openldap/schema/cosine.schema |
203 |
include /etc/openldap/schema/inetorgperson.schema |
204 |
include /etc/openldap/schema/nis.schema |
205 |
</pre> |
206 |
|
207 |
<p> |
208 |
Bootstrap LDAP with the base dn you defined previously with <c>ldapdns-conf</c>. |
209 |
To accomplish this, we first create a file called <path>bootstrap.ldif</path> |
210 |
(it is just a name) and have it contain the following information: |
211 |
</p> |
212 |
|
213 |
<pre caption="Creating bootstrap.ldif"> |
214 |
|
215 |
|
216 |
|
217 |
-- |
218 |
gentoo-doc-cvs@g.o mailing list |