PowerDNS LDAP Backend/Migration

From Linuxnetworks
Jump to: navigation, search

Migration

BIND

There is a small utility in the PowerDNS distribution available called "zone2ldap", which can convert zone files used by BIND to the ldif format. Ldif is a text file format containing information about LDAP objects and can be read by every standard compliant LDAP server. Zone2ldap needs the BIND named.conf (usually located in /etc) as input and writes the dns record entries in ldif format to stdout:

Usage: 

zone2ldap
   --basedn=<your-basedn>
   --named-conf=<file>
   --resume
   > zones.ldif

Alternatively zone2ldap can be used to convert only single zone files instead all zones:

Usage: 

zone2ldap
   --basedn=<your-basedn>
   --zone-file=<file>
   --zone-name=<file>
   --resume
   > zone.ldif

Here is a complete list of all options:

--help 
Provides a short description of all options
--basedn=... 
Node below the new objects should be created. All nodes mentioned in the basedn must exist before you can add the ldif file to your LDAP tree
--layout=... 
How the entries will be arranged in the ldap directory. Currently "tree" (e.g. dc=host,dc=subdomain,dc=linuxnetworks,dc=de) and "list" (e.g. dc=host,dc=subdomain.linuxnetworks.de) are supported.
--named-conf=... 
Location of the BIND named.conf file
--resume 
Resume processing the zone files if an error occurs. An error message is written to stderr in this case and one or more objects may be missing but the rest of the zones are converted to ldif format
--verbose 
Outputs additional information about the operations to stderr
--zone-file=... 
Instead of a complete named.conf file you can also parse only a single zone file. If you pass a single dash ("-") as parameter, input is read from stdin.
--zone-name=... 
Name of the zone like it is mentioned in the named.conf or in the zone file, e.g. linuxnetworks.de. Necessary if you only want to parse single zone files

Other name server

The easiest way for migrating dns records is to use the output of a zone transfer (AXFR). Save the output of the "dig" program provided by bind into a file and call zone2ldap with the file name as option to the --zone-file parameter. This will generate you an appropriate ldif file, which you can import into your ldap tree. The bash script except below automates this for you. 

DNSSERVER=127.0.0.1
DOMAINS="linuxnetworks.de 10.10.in-addr.arpa"

for DOMAIN in $DOMAINS; do
   dig @$DNSSERVER $DOMAIN AXFR> $DOMAIN.zone;
   zone2ldap --zone-name=$DOMAIN --zone-file=$DOMAIN.zone> $DOMAIN.ldif;
done


Back to Overview

Retrieved from "https://www.linuxnetworks.de/doc/index.php?title=PowerDNS_LDAP_Backend/Migration&oldid=928"