1This is the INSTALL file for 1.0-beta. See 2http://www.venaas.no/ldap/bind-sdb/ for updates or other information. 3 4BUILDING 5 6You need the source for BIND 9.1.0 or newer (for zone transfers you 7will need at least 9.1.1rc3 due to a bug). Basically you need to follow 8the instructions in doc/misc/sdb, if my instructions don't make sense, 9please have a look at those as well. 10 11Copy ldapdb.c to bin/named and ldapdb.h to bin/named/include in the 12source tree. 13 14Next alter bin/named/Makefile.in. Add ldapdb.@O@ to DBDRIVER_OBJS and 15ldapdb.c to DBDRIVER_SRCS. You also need to add something like 16-I/usr/local/include to DBDRIVER_INCLUDES and 17-L/usr/local/lib -lldap -llber -lresolv to DBDRIVER_LIBS 18depending on what LDAP library you have and where you installed it. 19 20Finally you need to edit bin/named/main.c. Below where it says 21"#include "xxdb.h"", add the line "#include <ldapdb.h>". Below where 22it says "xxdb_init();" add the line "ldapdb_init();", and finally 23below where it says "xxdb_clear();", add "ldapdb_clear();". 24 25Now you should hopefully be able to build as usual; first configure 26and then make. If you get an error message about ldap_memfree() not 27being defined, you're probably using an LDAP library with the 28interface defined in RFC 1823. To build, uncomment the "#define 29LDAPDB_RFC1823API" line near the top of ldapdb.c. 30 31Also, if you're using an LDAPv2 only server, you need to change 32the line "#define LDAPDB_LDAP_VERSION 3" in ldapdb.c. Simply 33replace 3 with 2. Instead of editing the file, you may define 34LDAPDB_LDAP_VERSION yourself. 35 36If you want to use TLS, you need to uncommed the #define LDAPDB_TLS" 37line near the top of ldapdb.c. 38 39CONFIGURING 40 41Before you do any configuring of LDAP stuff, please try to configure 42and start bind as usual to see if things work. 43 44To do anything useful, you need to store a zone in some LDAP server. 45You must use a schema called dNSZone. Note that it relies on some 46attribute definitions in the Cosine schema, so that must be included 47as well. The Cosine schema probably comes with your LDAP server. You 48can find dNSZone and further details on how to store the data in your 49LDAP server at http://www.venaas.no/ldap/bind-sdb/ 50 51To make BIND use a zone stored in LDAP, you will have to put something 52like this in named.conf: 53 54zone "venaas.com" { 55 type master; 56 database "ldap ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no 172800"; 57}; 58 59When doing lookups BIND will do a sub-tree search below the base in the 60URL. The number 172800 is the TTL which will be used for all entries that 61haven't got the dNSTTL attribute. It is also possible to add a filter to 62the URL, say "ldap://host/base???(o=internal)". 63 64Version 1.0 also has support for simple LDAP bind, that is, binding to 65LDAP using plain text authentication. The bind dn and password is coded 66into the URL as extensions, according to RFC 2255. If you want simple 67bind with say dn "cn=Manager,dc=venaas,dc=no" and password "secret", the 68URL will be something like this: 69 70ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret 71 72This URL may also include a filter part if you need it. Note that in 73the bind dn, "," is hex-escaped as "%2c". This is necessary since "," 74is the separator between the extension elements. The "!" in front of 75"bindname" and "x-bindpw" can be omitted if you prefer. "x-bindpw" is 76not standardized, but it's used by several other LDAP applications. See 77RFC 2255 for details. 78 79Finally, if you enabled TLS when compiling, you can also use TLS if 80you like. To do this you use the extension "x-tls", e.g. 81ldap://158.38.160.245/dc=venaas,dc=com,o=DNS,dc=venaas,dc=no????!bindname=cn=Manager%2cdc=venaas%2cdc=no,!x-bindpw=secret,x-tls 82 83Stig Venaas <venaas@uninett.no> 2004-08-15 84