Comment 15 for bug 2003586

Hi all,

what's the test plan for bind-dyndb-ldap? It's not in the bug description. From a few comments, I see that it was just an install test? That's a bit superficial, specially given the amount of patches that it got. There are also no DEP8 tests, nor build-time tests.

I think we need a test run to show that bind can actually start with this plugin loaded. Not just a simple installation test, which is just about dependencies. Just installing the bind9-dyndb-ldap package doesn't cause bind9 to load the module. There could be unresolved symbols or even crashes at load time which we wouldn't know about if we just install the package.

I suggest to follow this guide: https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9

It relies on the schema and example ldif files shipped with the package, which, incidentally, don't work out of the box with openldap. This being a Redhat project, these files are customized for their LDAP server (389, purchased years ago from Netscape). That debian wiki has some "sed"s to adjust the config for openldap.

It still needs some tiny changes for ubuntu, though:
- admin dn is cn=admin,dc=example,dc=com (and not uid=admin,...)
- the named apparmor profile needs to allow connecting to the ldapi:/// (or just switch to ldap://)
- I'd suggest to use example.fake instead of example.com, because there is a real example.com, but that's minor

This can even become a DEP8 test (hint!)