Difference between revisions of "PowerDNS LDAP Backend/Migration"

Revision as of 22:21, 6 April 2008

BIND zone files

There is a small utility in the PowerDNS distribution available called "zone2ldap", which can convert zone files used by BIND to the ldif format. Ldif is a text file format containing information about LDAP objects and can be read by every standard compliant LDAP server. Zone2ldap needs the BIND named.conf (usually located in /etc) as input and writes the dns record entries in ldif format to stdout:

Usage:

zone2ldap
   --basedn=<your-basedn>
   --named-conf=<file>
   --resume
   > zones.ldif

Alternatively zone2ldap can be used to convert only single zone files instead all zones:

Usage:

zone2ldap
   --basedn=<your-basedn>
   --zone-file=<file>
   --zone-name=<file>
   --resume
   > zone.ldif

Here is a complete list of all options:

--help: Provides a short description of all options

--basedn=...: Node below the new objects should be created. All nodes mentioned in the basedn must exist before you can add the ldif file to your LDAP DNS tree

--layout=...: How the entries will be arranged in the LDAP directory. Currently "tree" (e.g. dc=host,dc=subdomain,dc=linuxnetworks,dc=de) and "list" (e.g. dc=host,dc=subdomain.linuxnetworks.de) are supported.

--named-conf=...: Location of the BIND named.conf file

--resume: Resume processing the zone files if an error occurs. An error message is written to stderr in this case and one or more objects may be missing but the rest of the zones are converted to ldif format

--verbose: Outputs additional information about the operations to stderr

--zone-file=...: Instead of a complete named.conf file you can also parse only a single zone file. If you pass a single dash ("-") as parameter, input is read from stdin.

--zone-name=...: Name of the zone like it is mentioned in the named.conf or in the zone file, e.g. linuxnetworks.de. Necessary if you only want to parse single zone files

Bind LDAP backend

If you are using the LDAP sdb backend for the Bind DNS server, you can use the records in the LDAP tree also for the PowerDNS LDAP backend. The schemas both backends utilize is almost the same exept for one important thing: Domains for PowerDNS are stored in the attibute "associatedDomain" whereas Bind stores them split in "relativeDomainName" and "zoneName".

There is a migration script which creates a file in LDIF format with the necessary LDAP updates including the "associatedDomain" and "dc" attributes. The utility is executed by:

./bind2pdns-ldap \
 --host=<host anme or IP> \
 --basedn=<subtree dn> \
 --binddn=<admin dn> \
 > update.ldif

The parameter "host" and "basedn" are mandatory, "binddn" is optional. If "binddn" is given, you will be asked for a password, otherwise an anonymous bind is executed. The updates in LDIF format are written to stdout and can be redirected to a file.

The script requires Perl and the Perl Net::LDAP module and is available at /pdnsldap/bind2pdns-ldap

Other name server

The easiest way for migrating DNS records is to use the output of a zone transfer (AXFR). Save the output of the "dig" program provided by bind into a file and call zone2ldap with the file name as option to the --zone-file parameter. This will generate you an appropriate ldif file, which you can import into your LDAP tree. The bash script except below automates this for you.

DNSSERVER=127.0.0.1
DOMAINS="linuxnetworks.de 10.10.in-addr.arpa"

for DOMAIN in $DOMAINS; do
   dig @$DNSSERVER $DOMAIN AXFR> $DOMAIN.zone;
   zone2ldap --zone-name=$DOMAIN --zone-file=$DOMAIN.zone> $DOMAIN.ldif;
done

Back to Overview

@@ Line 1: / Line 1: @@
 __TOC__
-== BIND ==
+== BIND zone files ==
 There is a small utility in the PowerDNS distribution available called "zone2ldap", which can convert zone files used by BIND to the ldif format. Ldif is a text file format containing information about LDAP objects and can be read by every standard compliant LDAP server. Zone2ldap needs the BIND named.conf (usually located in /etc) as input and writes the dns record entries in ldif format to stdout:
@@ Line 39: / Line 39: @@
 ; --zone-name=... : Name of the zone like it is mentioned in the named.conf or in the zone file, e.g. linuxnetworks.de. Necessary if you only want to parse single zone files
+== Bind LDAP backend ==
+If you are using the LDAP sdb backend for the Bind DNS server, you can use the records in the LDAP tree also for the PowerDNS LDAP backend. The schemas both backends utilize is almost the same exept for one important thing: Domains for PowerDNS are stored in the attibute "associatedDomain" whereas Bind stores them split in "relativeDomainName" and "zoneName".
+There is a [http://www.linuxnetworks.de/pdnsldap/bind2pdns-ldap migration script] which creates a file in LDIF format with the necessary LDAP updates including the "associatedDomain" and "dc" attributes. The utility is executed by:
+ ./bind2pdns-ldap \
+  --host=<host anme or IP> \
+  --basedn=<subtree dn> \
+  --binddn=<admin dn> \
+  > update.ldif
+The parameter "host" and "basedn" are mandatory, "binddn" is optional. If "binddn" is given, you will be asked for a password, otherwise an anonymous bind is executed. The updates in LDIF format are written to stdout and can be redirected to a file.
+The script requires Perl and the Perl Net::LDAP module and is available at [http://www.linuxnetworks.de/pdnsldap/bind2pdns-ldap /pdnsldap/bind2pdns-ldap]
 == Other name server ==

Difference between revisions of "PowerDNS LDAP Backend/Migration"

Revision as of 22:21, 6 April 2008

Contents

BIND zone files

Bind LDAP backend

Other name server

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Projects

Toolbox