This plugin allows to store in a LDAP directory:
- DNS zones declarations and related DNS records as needed for a standard LAN;
- DHCP server configuration with DHCP subnet, dynamic pool and static host declarations.
The MMC web interface allows to easily manage the DNS and DHCP services.
The network plugin relies on patched version of ISC DHCP 3 and ISC BIND 9:
- ISC BIND: a patch featuring a LDAP sdb backend must be applied to your BIND installation. With this patch BIND will be able to read DNS zone declarations from a LDAP directory. This patch is available there. The stable release of this patch (version 1.0) works fine.
- ISC DHCP: the patch on this page allows
to store into a LDAP the DHCP service configuration (instead of
Install the packages
Debian packages for patched versions of BIND¶
We provide Debian Lenny packages for the LDAP patched version of BIND. This packages work on Squeeze too.
Configure your APT repository as in the Debian packages section. And add in /etc/apt/preferences.d/pining :
Package: * Pin: origin mds.mandriva.org Pin-Priority: 1001
Then install the packages :
# apt-get update # apt-get install bind9 isc-dhcp-server-ldap
DNS service configuration (ISC BIND)¶
When managing the DNS zones, the MMC agent will create files into the BIND
configuration directory (located in
/etc/bind/). These files must be
included in the main BIND configuration file so that the corresponding zones
are loaded from the LDAP directory.
All the DNS zones are defined in the file
named.conf.ldap. This file
must be included in the main BIND configuration file
Adding this line at the end of BIND
named.conf should be sufficient:
An example of
named.conf filename for Debian based system is available
BIND and OpenLDAP services startup order
On most distributions, BIND is started before OpenLDAP during the boot sequence. If BIND/LDAP is used, BIND won’t be able to connect to the LDAP directory, and won’t start. So you may need to tweak your system boot scripts to fix this. The following command line should work on Debian based systems:
# update-rc.d -f slapd remove && update-rc.d slapd start 14 2 3 4 5 . stop 86 0 1 6 .
DHCP service configuration (ISC DHCP)¶
The DHCP server needs to know how to load its configuration from LDAP.
Here is a typical
ldap-server "localhost"; ldap-port 389; ldap-username "cn=admin, dc=mandriva, dc=com"; ldap-password "secret"; ldap-base-dn "dc=mandriva, dc=com"; ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log";
The dhcpd service will try to find an LDAP entry for the machine hostname. If the entry name is different, you can set in
An example of
dhcpd.conf filename is available in the directory
Two new LDAP schemas must be imported into your LDAP directory: dnszone.schema and dhcp.schema.
Both are available in the directory
To speed up LDAP search, you can index these attributes: zoneName, relativeDomainName, dhcpHWAddress, dhcpClassData.
slapd.conf configuration file, you will add:
index zoneName,relativeDomainName eq index dhcpHWAddress,dhcpClassData eq
MMC « network » plugin configuration¶
For a full description of the MMC network plugin configuration file see MMC network plugin configuration file.
You should verify that the paths to directories and init scripts are right.
MMC « network » plugin initialization¶
For the DHCP service only, the MMC network plugin needs to create into the LDAP directory two objects:
- the container called “DHCP config” (objectClass dhcpService), where all the DHCP service configuration will be stored
- the primary server (objectClass dhcpServer) that links to the DHCP service configuration. The hostname of the machine running the MMC network plugin will be use to name this entry.
The first start of the MMC network plugin should look like:
... Created OU ou=DHCP,dc=mandriva,dc=com Created DHCP config object The server 'your_server_hostname' has been set as the primary DHCP server Plugin network loaded ... ...
DHCP failover configuration¶
The DHCP failover can be done directly from the MMC interface on the page “Network -> Network services management”.
The primary DHCP server name is by default the hostname of the server where
the mmc-agent is running. You can override this by setting the “hostname” option in
To configure DHCP failover you need at least the name of your secondary DHCP server and the IP addresses of the two DHCP servers. In expert mode you can set any parameter of the failover configuration.
The secondary ISC dhcpd configuration is almost the same as the primary DHCP:
ldap-server "LDAP_SERVER_IP"; ldap-port 389; ldap-username "cn=admin, dc=mandriva, dc=com"; ldap-password "secret"; ldap-base-dn "dc=mandriva, dc=com"; ldap-dhcp-server-cn "SECONDARY_DHCP_SERVER_NAME"; ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log";