Ubuntu
bind-dyndb-ldap package

Comment 17 for bug 2003586

Revision history for this message

Lena Voytek (lvoytek) wrote on 2023-04-10 (last edit on 2023-04-10):

#17

Verified for Jammy + Kinetic based on https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9
I've also started on a DEP-8 test based on my testing

# lxc launch images:ubuntu/{kinetic, jammy} test-bind-dyndb-ldap
# lxc exec test-bind-dyndb-ldap bash

# apt update && apt dist-upgrade -y

# cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

# apt update && apt upgrade -y
# apt install bind9 bind9-dyndb-ldap bind9-dnsutils slapd ldap-utils -y

> Enter new LDAP password

> Update /etc/ldap/ldap.conf to have
BASE dc=test,dc=local
URI ldap://ldap.test.local

# zcat /usr/share/doc/bind9-dyndb-ldap/schema.ldif.gz | sed 's/^attributeTypes:/olcAttributeTypes:/;
s/^objectClasses:/olcObjectClasses:/;
1,/1.3.6.1.4.1.2428.20.0.0/ {/1.3.6.1.4.1.2428.20.0.0/!s/^/#/};
1idn: cn=dns,cn=schema,cn=config\nobjectClass: olcSchemaConfig
' >> /tmp/dns.schema

# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/dns.schema

adding new entry "cn=dns,cn=schema,cn=config"

ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
EOF

modifying entry "cn=module{0},cn=config"

# ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
changeType: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 10
olcSpSessionLog: 100
EOF

adding new entry "olcOverlay=syncprov,olcDatabase={1}mdb,cn=config"

ldapadd -x -D cn=admin,dc=test,dc=local -W <<EOF
# Top container
dn: cn=dns, dc=test, dc=local
objectClass: nsContainer
objectClass: top
cn: dns

# Zone test.local
dn: idnsName=test.local, cn=dns, dc=test, dc=local
objectClass: top
objectClass: idnsZone
objectClass: idnsRecord
idnsName: test.local
idnsUpdatePolicy: grant TEST.LOCAL krb5-self * A;
idnsZoneActive: TRUE
idnsSOAmName: server.test.local
idnsSOArName: root.server.test.local
idnsSOAserial: 1
idnsSOArefresh: 10800
idnsSOAretry: 900
idnsSOAexpire: 604800
idnsSOAminimum: 86400
NSRecord: test.local.
ARecord: 127.0.0.1

# DNS records for zone test.local
dn: idnsName=server, idnsName=test.local, cn=dns, dc=test, dc=local
objectClass: idnsRecord
objectClass: top
idnsName: server
CNAMERecord: test.local.

dn: idnsName=_ldap._tcp, idnsName=test.local, cn=dns, dc=test, dc=local
objectClass: idnsRecord
objectClass: top
idnsName: _ldap._tcp
SRVRecord: 0 100 389 server
EOF

adding new entry "ou=Services,dc=test,dc=local"

adding new entry "ou=dns,ou=Services,dc=test,dc=local"

adding new entry "idnsName=test.local,ou=dns,ou=Services,dc=test,dc=local"

adding new entry "idnsName=_ldap._tcp,idnsName=test.local,ou=dns,ou=Services,dc=test,dc=local"

> Add the following to /etc/bind/named.conf.local

dyndb "test_local_ldap" "/usr/lib/bind/ldap.so" {
        uri "ldapi:///";
        base "ou=dns,ou=Services,dc=test,dc=local";
        auth_method "simple";
        bind_dn "uid=admin,dc=test,dc=local";
        password "ldappassword";
        server_id "server";
};

# systemctl restart bind9

# dig test.local. @localhost +short
127.0.0.1