Bind and OpenLDAP

Arjan Hulshoff arjan.m.hulshoff at zonnet.nl
Tue May 6 23:34:41 UTC 2008 

Thanks for your reply.
I understand how to build an ldap string, however I don't understand the 
last part of this string. I think it is something specific for Bind. I 
am not sure though.
When I look at the following part of the string 
o=DNS,dc=example,dc=com,dc=no 10800. Actually I already know what 'dc=no 
10800' means, it is the $TTL part of a zone file. 'o=DNS' would mean to 
me, from ldap point of view, the organization. Probably it means 
something different.  What puzzles me the most is the 
'dc=example,dc=com' part. I think it is the ldap representation of the 
domain name, however I am not sure of that. What I don't know either, is 
the way I defined the 56.168.192.in-addr.arpa zone in the correct way 
(o=DNS,dc=56,dc=168,dc=192,dc=in-addr,dc=arpa,dc=no 10800).
So is the syntax in my named.conf correct and are my assumptions 
regarding the meaning of the ldap string correct.

TIA,
Arjan.


Kevin Darcy wrote:
> What part are you having trouble with?
>
> The representation of DNS FQDNs as "dc=" components in LDAP 
> distinguished names? RFC 2247.
>
> The composition/format of an "ldap://" URL? RFC 4516.
>
> The only part I truly don't understand is the "dc=no 10800", but then 
> I've never tried to integrate BIND with OpenLDAP...
>
>                                                                          
> - Kevin
>
> Arjan Hulshoff wrote:
>   
>> Hi all,
>> I need some explanation and someone who can check if my named.conf is 
>> correct.
>> What needs to be explained is the database line, of course. The part 
>> after ldap://localhost/ou=DNS,ou=Computers,dc=example,dc=com is a bit 
>> strange to me. As far as I know this isn't standard LDAP, so what does 
>> it mean and is what I have created correct?
>>
>> TIA,
>> Arjan.
>>
>>
>> options {
>>         directory "/usr/local/var/state/bind";
>>         pid-file "/usr/local/var/run/named.pid";
>>         check-names master fail;
>>         check-names slave warn;
>>         check-names response ignore;
>> };
>>
>> zone "example.com" in {
>>         type master;
>>     database "ldap 
>> ldap://localhost/ou=DNS,ou=Computers,dc=example,dc=com,o=DNS,dc=example,dc=com,dc=no 
>> 10800";
>> };
>>
>> zone "56.168.192.in-addr.arpa" in {
>>         type master;
>>     database "ldap 
>> ldap://localhost/ou=DNS,ou=Computers,dc=example,dc=com,o=DNS,dc=56,dc=168,dc=192,dc=in-addr,dc=arpa,dc=no 
>> 10800";
>> };
>>
>> zone "0.0.127.in-addr.arpa" in {
>>         type master;
>>     database "ldap 
>> ldap://localhost/ou=DNS,ou=Computers,dc=example,dc=com,o=DNS,dc=0,dc=0,dc=127,dc=in-addr,dc=arpa,dc=no 
>> 10800";
>> };
>>
>> zone "." in {
>>         type hint;
>>     database "ldap 
>> ldap://localhost/ou=DNS,ou=Computers,dc=example,dc=com,o=DNS,dc=no 10800";
>> };
>>
>>
>>
>>
>>
>>   
>>     
>
>
>
>

More information about the bind-users mailing list