-
Notifications
You must be signed in to change notification settings - Fork 2
LDAP SDB for Bind9
FransUrbo/bind9-ldap
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
For changes for version 1.1.1 and newer, please see the CHANGES file.
This is an attempt at an LDAP back-end for BIND 9 using the new simplified
database interface "sdb". This is release 1.1.0 and has some new
experimental features. For production I would recommend using 1.0 unless
you really need the new features. I'm grateful though if you help test
1.1.0 and give positive or negative feedback.
1.1.1 (Not Yet Released) and later - see CHANGES file.
To add the new 'dNSView' attribute, something like this can be written
in the named.conf file (example courtesy Alex Bramley):
view "view1" {
match-clients { acl-for-one; };
zone "example.com" {
type master;
database "ldap ldap://127.0.0.1/<base>??sub?(|(dnsView=view1)(!(dnsView=*))) 86400";
}
}
To use the attribute in the LDAP object:
dn: relativeDomainName=host1/view1,zoneName=example.com,ou=dns,dc=example,dc=com
objectClass: dNSZone
relativeDomainName: host1
relativeDomainName: host1/view1
zoneName: example.com
dNSView: view1
aRecord: 192.168.1.1
dn: relativeDomainName=host1/view2,zoneName=example.com,ou=dns,dc=example,dc=com
objectClass: dNSZone
relativeDomainName: host1
relativeDomainName: host1/view2
zoneName: example.com
dNSView: view2
aRecord: 192.168.2.1
1.1.0 has support for specifying search scope and which attributes to
request in the URL. With OpenLDAP libraries it also supports URLs with
ldaps and ldapi schemes for SSL and UNIX domain sockets resp. See
INSTALL for more info on how to use these features.
1.0-beta fixes a large memory leak. An extension x-tls for enabling TLS
has been added.
1.0-alpha uses LDAPv3 by default and also supports LDAP simple bind. That
is, one can use plain text password for authentication. The bind dn and
password is coded into the URL using extensions bindname and x-bindpw
per RFC 2255.
In 0.9 the code has been cleaned up a bit and should be slightly faster
than previous versions. It also fixes an error with zone transfers (AXFR)
and entries with multiple relativeDomainName values. The problem was
that it would only use the first value in the result. There's no need
to upgrade unless you use such entries.
0.8 uses asynchronous LDAP search which should give better performance.
Thanks to Ashley Burston for providing patch. Another new feature is
allowing filters in URLs. The syntax is as in RFC 2255. Few people will
need this, but if you have say an internal and external version of the
same zone, you could stick say o=internal and o=external into different
entries, and specify for instance ldap://host/base???(o=internal)
Some error logging has also been added.
0.7 allows space and other characters to be used in URLs by use of %-quoting.
For instance space can be written as %20. It also fixes a problem with some
servers and/or APIs that do not preserve attribute casing.
0.6 fixes some memory leaks present in older versions unless compiled with
the RFC 1823 API.
The big changes in 0.5 are thread support and improved connection handling.
Multiple threads can now access the back-end simultaneously, and rather than
having one connection per zone, there is now one connection per thread per
LDAP server. This should help people with multiple CPUs and people with a
huge number of zones. One final change is support for literal IPv6 addresses
in LDAP URLs. At least OpenLDAP 2 has IPv6 support, so if you use OpenLDAP 2
libraries and server, you got all you need.
If you have bug reports, fixes, comments, questions or whatever, please
contact me. See also http://www.venaas.no/ldap/bind-sdb/ for information.
See INSTALL for how to build, install and use.
Stig Venaas <[email protected]> 2005-05-01