[Freeipa-users] BIND apparently not loading ldap.so
Chris Lajoie
chris at etriptrader.com
Fri Feb 12 19:49:31 UTC 2016
On 02/12/2016 12:53 AM, Petr Spacek wrote:
> On 11.2.2016 19:32, Chris Lajoie wrote:
>> On 02/11/2016 02:46 AM, Petr Spacek wrote:
>>> What version of BIND and bind-dyndb-ldap packages are you using? $ rpm
>>> -q bind bind-dyndb-ldap
>> bind-9.9.4-29.el7_2.2.x86_64 bind-dyndb-ldap-8.0-1.el7.x86_64
>>> I'm not sure how exactly the logging magic in BIND works so I would
>>> recommend you to to run BIND using command: $ named -g -u named and
>>> check output in the console to see if it contains line like
>>> 'bind-dyndb-ldap version 8.0 compiled at 16:09:02 Jan 20 2016,
>>> compiler 5.3.1 20151207 (Red Hat 5.3.1-2)'
>> I get nothing like that. Here is the output I get from running named:
>> https://gist.github.com/ctlajoie/0ed4e97e72aec3172a8d
> Oh, wait, it seems that you are using views!
>
> Generally we do not test bind-dyndb-ldap with views so there be dragons.
>
> Could you share your named.conf with us?
>
> If you do not want to send it to mailing list feel free to send it to me
> privately. My GPG key is attached just for the case you wish to encrypt it.
Sure. I do not see anything in my named.conf besides the ldap password
(which I changed) that should be kept private.
https://gist.github.com/ctlajoie/827a2ec9cfa70e3a1ebd
Not sure if it matters any more though.. I was able to get it working by
commenting out the view parts and leaving only the zones. Unfortunately
the plugin seems unable or unwilling to load if there are any views
present at all. I also tried placing the dynamic-db section inside of
one of the views. named will accept the configuration and start up, but
again there are no ldap log messages.
I would really like to use ldap as the backend for my DNS
configuration... its heirarchical nature seems (to me) to be a good fit
for storing that type of thing. It is surprising to me that almost
nobody else does it this way (from what I can tell). I suppose if I want
to do it then I will need to run seperate instances of bind, either on
different servers or the same server using different ports for each
instance, and doing some NATing with iptables. Either method complicates
things more than I would like...
Can you speculate on why there would be no log messages at all when the
ldap plugin fails to load (if that is indeed what is happening)?
If there was something in the log it would have saved me quite a bit of
time investigating this. Thank you for helping me track down the problem.
Chris
More information about the Freeipa-users
mailing list