9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsThis is the INSTALL file for 1.0-beta. See
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellingtonhttp://www.venaas.no/ldap/bind-sdb/ for updates or other information.
bf49a52178db60df60f2316a3977b2249f7c0edbBrian WellingtonYou need the source for BIND 9.1.0 or newer (for zone transfers you
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellingtonwill need at least 9.1.1rc3 due to a bug). Basically you need to follow
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsthe instructions in doc/misc/sdb, if my instructions don't make sense,
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsplease have a look at those as well.
bf49a52178db60df60f2316a3977b2249f7c0edbBrian WellingtonCopy ldapdb.c to bin/named and ldapdb.h to bin/named/include in the
bf49a52178db60df60f2316a3977b2249f7c0edbBrian WellingtonNext alter bin/named/Makefile.in. Add ldapdb.@O@ to DBDRIVER_OBJS and
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellingtonldapdb.c to DBDRIVER_SRCS. You also need to add something like
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellington-I/usr/local/include to DBDRIVER_INCLUDES and
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellington-L/usr/local/lib -lldap -llber -lresolv to DBDRIVER_LIBS
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellingtondepending on what LDAP library you have and where you installed it.
bf49a52178db60df60f2316a3977b2249f7c0edbBrian WellingtonFinally you need to edit bin/named/main.c. Below where it says
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellington"#include "xxdb.h"", add the line "#include <ldapdb.h>". Below where
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellingtonit says "xxdb_init();" add the line "ldapdb_init();", and finally
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellingtonbelow where it says "xxdb_clear();", add "ldapdb_clear();".
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsNow you should hopefully be able to build as usual; first configure
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsand then make. If you get an error message about ldap_memfree() not
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsbeing defined, you're probably using an LDAP library with the
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsinterface defined in RFC 1823. To build, uncomment the "#define
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsLDAPDB_RFC1823API" line near the top of ldapdb.c.
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsAlso, if you're using an LDAPv2 only server, you need to change
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsthe line "#define LDAPDB_LDAP_VERSION 3" in ldapdb.c. Simply
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsreplace 3 with 2. Instead of editing the file, you may define
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsLDAPDB_LDAP_VERSION yourself.
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsIf you want to use TLS, you need to uncommed the #define LDAPDB_TLS"
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsline near the top of ldapdb.c.
bf49a52178db60df60f2316a3977b2249f7c0edbBrian WellingtonBefore you do any configuring of LDAP stuff, please try to configure
bf49a52178db60df60f2316a3977b2249f7c0edbBrian Wellingtonand start bind as usual to see if things work.
bf49a52178db60df60f2316a3977b2249f7c0edbBrian WellingtonTo do anything useful, you need to store a zone in some LDAP server.
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsYou must use a schema called dNSZone. Note that it relies on some
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsattribute definitions in the Cosine schema, so that must be included
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsas well. The Cosine schema probably comes with your LDAP server. You
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewscan find dNSZone and further details on how to store the data in your
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsLDAP server at http://www.venaas.no/ldap/bind-sdb/
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsTo make BIND use a zone stored in LDAP, you will have to put something
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrews database "ldap ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no 172800";
adf16bbdb65f8c0845d7c7a8ebc0836ec07bbfeeBrian WellingtonWhen doing lookups BIND will do a sub-tree search below the base in the
adf16bbdb65f8c0845d7c7a8ebc0836ec07bbfeeBrian WellingtonURL. The number 172800 is the TTL which will be used for all entries that
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewshaven't got the dNSTTL attribute. It is also possible to add a filter to
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsthe URL, say "ldap://host/base???(o=internal)".
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsVersion 1.0 also has support for simple LDAP bind, that is, binding to
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsLDAP using plain text authentication. The bind dn and password is coded
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsinto the URL as extensions, according to RFC 2255. If you want simple
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsbind with say dn "cn=Manager,dc=venaas,dc=no" and password "secret", the
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsURL will be something like this:
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsThis URL may also include a filter part if you need it. Note that in
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsthe bind dn, "," is hex-escaped as "%2c". This is necessary since ","
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsis the separator between the extension elements. The "!" in front of
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrews"bindname" and "x-bindpw" can be omitted if you prefer. "x-bindpw" is
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsnot standardized, but it's used by several other LDAP applications. See
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsRFC 2255 for details.
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsFinally, if you enabled TLS when compiling, you can also use TLS if
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsyou like. To do this you use the extension "x-tls", e.g.
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark Andrewsldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret,x-tls
9cc53f2a0819301c2de7ab93197eee11e8a365e7Mark AndrewsStig Venaas <venaas@uninett.no> 2004-08-15