INSTALL.ldap revision 9cc53f2a0819301c2de7ab93197eee11e8a365e7
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffThis is the INSTALL file for 1.0-beta. See
7d32c065c7bb56f281651ae3dd2888f32ce4f1d9Bob Halleyhttp://www.venaas.no/ldap/bind-sdb/ for updates or other information.
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffYou need the source for BIND 9.1.0 or newer (for zone transfers you
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffwill need at least 9.1.1rc3 due to a bug). Basically you need to follow
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffthe instructions in doc/misc/sdb, if my instructions don't make sense,
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffplease have a look at those as well.
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffCopy ldapdb.c to bin/named and ldapdb.h to bin/named/include in the
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffNext alter bin/named/Makefile.in. Add ldapdb.@O@ to DBDRIVER_OBJS and
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffldapdb.c to DBDRIVER_SRCS. You also need to add something like
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graff-I/usr/local/include to DBDRIVER_INCLUDES and
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graff-L/usr/local/lib -lldap -llber -lresolv to DBDRIVER_LIBS
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffdepending on what LDAP library you have and where you installed it.
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffFinally you need to edit bin/named/main.c. Below where it says
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graff"#include "xxdb.h"", add the line "#include <ldapdb.h>". Below where
0a9fedafec59fd3ec2eeadc3f123db163e71c0fbMichael Graffit says "xxdb_init();" add the line "ldapdb_init();", and finally
a8dcebd0419f27234664e89b9cd48bc54cad08a7Michael Graffbelow where it says "xxdb_clear();", add "ldapdb_clear();".
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid LawrenceNow you should hopefully be able to build as usual; first configure
3d181bc9f12154a56bfbb536198a6c481cbcd525David Lawrenceand then make. If you get an error message about ldap_memfree() not
32eddfc189108fa93e31761e13150594c7a79d2bDavid Lawrencebeing defined, you're probably using an LDAP library with the
440be4c866f6935ac069db79a414304507a664c2Michael Graffinterface defined in RFC 1823. To build, uncomment the "#define
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffLDAPDB_RFC1823API" line near the top of ldapdb.c.
20c266cbc999c724e03e6edd437fb4181b92f095Michael GraffAlso, if you're using an LDAPv2 only server, you need to change
20c266cbc999c724e03e6edd437fb4181b92f095Michael Graffthe line "#define LDAPDB_LDAP_VERSION 3" in ldapdb.c. Simply
8d1943e8ffa991d54c5406342e44d7134762e7eaMichael Graffreplace 3 with 2. Instead of editing the file, you may define
c6066a8e67f40c7c12925c5634485f55713c06d6Michael GraffLDAPDB_LDAP_VERSION yourself.
ca9739800f045cd4d39014f98b920d4354b5bd14Michael GraffIf you want to use TLS, you need to uncommed the #define LDAPDB_TLS"
ca9739800f045cd4d39014f98b920d4354b5bd14Michael Graffline near the top of ldapdb.c.
ca9739800f045cd4d39014f98b920d4354b5bd14Michael GraffBefore you do any configuring of LDAP stuff, please try to configure
ca9739800f045cd4d39014f98b920d4354b5bd14Michael Graffand start bind as usual to see if things work.
ca9739800f045cd4d39014f98b920d4354b5bd14Michael GraffTo do anything useful, you need to store a zone in some LDAP server.
ca9739800f045cd4d39014f98b920d4354b5bd14Michael GraffYou must use a schema called dNSZone. Note that it relies on some
ca9739800f045cd4d39014f98b920d4354b5bd14Michael Graffattribute definitions in the Cosine schema, so that must be included
ca9739800f045cd4d39014f98b920d4354b5bd14Michael Graffas well. The Cosine schema probably comes with your LDAP server. You
ca9739800f045cd4d39014f98b920d4354b5bd14Michael Graffcan find dNSZone and further details on how to store the data in your
ca9739800f045cd4d39014f98b920d4354b5bd14Michael GraffLDAP server at http://www.venaas.no/ldap/bind-sdb/
ca9739800f045cd4d39014f98b920d4354b5bd14Michael GraffTo make BIND use a zone stored in LDAP, you will have to put something
a8dcebd0419f27234664e89b9cd48bc54cad08a7Michael Graff database "ldap ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no 172800";
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffWhen doing lookups BIND will do a sub-tree search below the base in the
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffURL. The number 172800 is the TTL which will be used for all entries that
1ec39fc7a8b6ad92de3363d4c50b75e24fcd6accMichael Graffhaven't got the dNSTTL attribute. It is also possible to add a filter to
ab0e5066083abcbec62513a3cc041d1f1eb9098aMichael Graffthe URL, say "ldap://host/base???(o=internal)".
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffVersion 1.0 also has support for simple LDAP bind, that is, binding to
ab0e5066083abcbec62513a3cc041d1f1eb9098aMichael GraffLDAP using plain text authentication. The bind dn and password is coded
607dc8013a8cb34cd03b59292aa1ac01e008c9c1Michael Graffinto the URL as extensions, according to RFC 2255. If you want simple
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffbind with say dn "cn=Manager,dc=venaas,dc=no" and password "secret", the
d1ba6e9180c7d7458656a6e53e52fde056fd244cMichael GraffURL will be something like this:
b9c8f4378ae98056ca4244b6d454baff85f4bc2aMichael Graffldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffThis URL may also include a filter part if you need it. Note that in
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffthe bind dn, "," is hex-escaped as "%2c". This is necessary since ","
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffis the separator between the extension elements. The "!" in front of
ca9739800f045cd4d39014f98b920d4354b5bd14Michael Graff"bindname" and "x-bindpw" can be omitted if you prefer. "x-bindpw" is
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffnot standardized, but it's used by several other LDAP applications. See
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffRFC 2255 for details.
b9c8f4378ae98056ca4244b6d454baff85f4bc2aMichael GraffFinally, if you enabled TLS when compiling, you can also use TLS if
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael Graffyou like. To do this you use the extension "x-tls", e.g.
6fe411037dafd168a9f65e6b254c50f3db616688Michael Graffldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret,x-tls
83f8c56f43852bf9a9c6964eae285284b23f9d8dMichael GraffStig Venaas <venaas@uninett.no> 2004-08-15