Howto:Bind9 dlz ldap
From Wiki
| This article is in work. You can add/edit content. |
|
| ||
|---|---|---|
|
L2TP/IPSEC Linux-iPhone • Gentoo LVM LUKS • User level Firewalling (PF, iptables) • build a custom DragonFlyBSD-RELEASE kernel • Virtual Networking in FreeBSD Jail (bridge + nat) • Roadwarrior IPSec on FreeBSD • Bind9 DLZ with LDAP driver |
Contents |
Install openldap
cd /usr/ports/net/openldap24-server/ make config # make sure that SASL and BDB option are enable make all intall clean
fetch http://mesh.dl.sourceforge.net/project/bind-dlz/Bind%20DLZ/DLZ-0.7.0/DLZ-0.7.0.tar.gz tar xzf DLZ-0.7.0.tar.gz cp dlz.schema /usr/local/etc/openldap/schema/dlz.schema
File: /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/dlz.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/local/libexec/openldap
moduleload back_bdb
database bdb
suffix "dc=polymorf,dc=fr"
rootdn "cn=root,dc=polymorf,dc=fr"
rootpw XXXXXXXXXXXXX
directory /var/db/openldap-data
index objectClass eq
access to attrs=userPassword
by dn="cn=root,dc=polymorf,dc=fr" write
by anonymous auth
by self write
by * none
File: /var/db/openldap-data/DB_CONFIG
set_cachesize 0 268435456 1 set_lg_regionmax 262144 set_lg_bsize 2097152
mkdir /var/log/db
Install Bind9 with DLZ
cd /usr/ports/dns/bind97/ mkdir /usr/ports/dns/bind97/files # patch ldap dlz backend for RFC3986 (http://article.gmane.org/gmane.network.dns.bind9.dlz/2066) # this patch is for the 9.7.0.2 version of bind9 fetch -o /usr/ports/dns/bind97/files/patch-dlz-ldap.patch http://polymorf.fr/files/FreeBSD/patch-dlz-ldap.patch make all install clean
Import data in LDAP
root DN
File: root_dn.txt
dn: dc=polymorf,dc=fr objectclass: dcObject objectclass: organization o: polymorf's LDAP directory dc: polymorf dn: cn=root,dc=polymorf,dc=fr objectclass: organizationalRole cn: root
slapadd < root_dn.txtDNS unit
File: dns_ou.txt
dn: ou=dns,dc=polymorf,dc=fr objectClass: top objectClass: organizationalUnit ou: dns
slapadd < dns_ou.txtStart LDAP
echo 'slapd_enable="YES"' >> /etc/rc.conf /usr/local/etc/rc.d/slapd start
Create the first zone
File: polymorf.eu.txt
dn: dlzZoneName=polymorf.eu,ou=dns,dc=polymorf,dc=fr objectClass: dlzZone objectClass: top dlzZoneName: polymorf.eu dn: dlzHostName=@,dlzZoneName=polymorf.eu,ou=dns,dc=polymorf,dc=fr objectClass: dlzHost objectClass: top dlzHostName: @ dn: dlzRecordID=1,dlzHostName=@,dlzZoneName=polymorf.eu,ou=dns,dc=polymorf,dc=fr dlzTTL: 10 dlzExpire: 604800 dlzRefresh: 2800 dlzMinimum: 86400 dlzAdminEmail: david.polymorf.fr. dlzPrimaryNS: ns1.polymorf.fr. objectClass: dlzSOARecord objectClass: dlzAbstractRecord objectClass: top dlzRecordID: 1 dlzSerial: 2010061316 dlzType: soa dlzHostName: @ dlzRetry: 7200 dn: dlzRecordID=2,dlzHostName=@,dlzZoneName=polymorf.eu,ou=dns,dc=polymorf,dc=fr dlzRecordID: 2 objectClass: dlzNSRecord objectClass: dlzGenericRecord objectClass: dlzAbstractRecord objectClass: top dlzTTL: 10 dlzType: ns dlzHostName: @ dlzData: ns1.polymorf.fr. dn: dlzHostName=www,dlzZoneName=polymorf.eu,ou=dns,dc=polymorf,dc=fr objectClass: dlzHost objectClass: top dlzHostName: www dn: dlzRecordID=1,dlzHostName=www,dlzZoneName=polymorf.eu,ou=dns,dc=polymorf,dc=fr dlzIPAddr: 192.168.1.1 dlzRecordID: 1 objectClass: dlzARecord objectClass: dlzAbstractRecord objectClass: top dlzTTL: 3600 dlzType: A dlzHostName: www
ldapadd -c -Z -x -D "cn=root,dc=polymorf,dc=fr" -w XXXXXXXXXXXXX -f polymorf.eu.txt
Configure bind
File: /etc/namedb/named.conf
options {
version "G0 AWAY";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on {
127.0.0.1;
192.168.55.4;
};
// listen-on-v6 { ::1; };
forwarders {
8.8.8.8;
8.8.4.4;
80.247.227.1;
80.247.229.1;
};
allow-recursion{
127.0.0.1; //ME
};
allow-query {
any;
};
};
dlz "ldap zone" {
database "ldap 1
v3 simple {cn=root,dc=polymorf,dc=fr} {XXXXXXXXXXXXX} 127.0.0.1
ldap:///dlzZoneName=$zone$,ou=dns,dc=polymorf,dc=fr???objectclass=dlzZone
ldap:///dlzHostName=$record$,dlzZoneName=$zone$,ou=dns,dc=polymorf,dc=fr?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?objectclass=dlzAbstractRecord
{}
ldap:///dlzZoneName=$zone$,ou=dns,dc=polymorf,dc=fr?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?objectclass=dlzAbstractRecord
ldap:///dlzZoneName=$zone$,ou=dns,dc=polymorf,dc=fr??sub?(&(objectclass=dlzXFR)(dlzIPAddr=$client$))";
};Start bind
echo '# bind named_enable="YES" named_program="/usr/local/sbin/named" named_flags="-u bind -c /etc/namedb/named.conf" named_pidfile="/var/run/named/pid" named_chrootdir="/var/named" named_chroot_autoupdate="YES" named_symlink_enable="YES" ' >> /etc/rc.conf /etc/rc.d/named start
Check result
dig +short SOA polymorf.eu @localhost #ns1.polymorf.fr. david.polymorf.fr. 2010061316 2800 7200 604800 86400 dig +short A www.polymorf.eu @localhost #192.168.1.1
