PowerDNS LDAP Backend/Installation

From Linuxnetworks
Jump to: navigation, search

Installation

Compilation

Before performing the steps to compile the PowerDNS server and the LDAP backend you have to install a ldap development package, which includes all necessary headers. The openldap-devel package is provided by most distributions. Apply these steps to the source .tar.gz file, if you don't want to use a precompiled package: 

* Extract the tar file
* Change into the newly created pdns directory
* Type ./configure --help for the available options
* For dynamic modules:
  ./configure
     --with-modules=""
     --with-dynmodules="ldap"
     --enable-recursor
* For a static binary:
  ./configure
     --with-modules="ldap"
     --with-dynmodules=""
     --enable-recursor
* make && make install

Configuration options

There are a few options through the LDAP backend can be configured for your environment. Add them to the pdns.conf file located in /etc/powerdns or /usr/local/etc/ (depends on your configuration while compiling):

  • ldap-host (default: 127.0.0.1:389)

Host name or ip address and port of the LDAP server

  • ldap-starttls (default: no)

Use TLS encrypted connections to the LDAP server

  • ldap-basedn (default: none)

The PowerDNS LDAP backend searches below this path for objects containing the specified DNS information. The retrieval of attributes is limited to this subtree. This option must be set to the path according to the layout of your LDAP tree, e.g. ou=hosts,o=linuxnetworks,c=de is the DN to my objects containing the DNS information.

  • ldap-binddn (default: none)

Path to the object to authenticate against. Should only be used, if the LDAP server doesn't support anonymous binds.

  • ldap-secret (default: none)

Password for authentication against the object specified by ldap-binddn

  • ldap-method (default: simple)
    • simple

Search the requested domain by comparing the associatedDomain attributes with the domain string in the question.

    • tree

Search entires by translating the domain string into a LDAP dn. Your LDAP tree must be designed in the same way as your DNS tree. The question for "myhost.linuxnetworks.de" would translate into "dc=myhost,dc=linuxnetworks,dc=de,ou=hosts=..." and the entry where this dn points to would be evaluated for dns records.

    • strict

Like simple, but generates PTR records from aRecords or aAAARecords. Using "strict", you won't be able to do zone transfers for reverse zones.

Retrieved from "https://www.linuxnetworks.de/doc/index.php?title=PowerDNS_LDAP_Backend/Installation&oldid=16"