bind-dyndb-ldap
This is a new LDAP driver for BIND9.
It allows you to read data and also write data back (DNS Updates) to an LDAP backend.
Currently this driver uses unofficial "dynamic database" API. You will need patches for official BIND9.
Documentation and support
Lastest documentation is available inside README in Git.
More detailed information is in wiki articles:
- Version numbering and release notes - What features do I have?
- How PTR record synchronization works (aka sync_ptr feature)
- What to do when named with bind-dyndb-ldap cannot start
- LDAP schema we use
- Migration from zone files to LDAP - How to import existing zone (master) files to LDAP
This plugin is used extensively by FreeIPA project. Best place to post your questions is freeipa-users mailing list. You can also look into mailing list archive.
Did you encounter a bug? Please follow bug reporting guideline. Thank you!
TODO: information missing on this wiki
Source code
The latest release is available at https://fedorahosted.org/released/bind-dyndb-ldap
Web interface to git repository is available at http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/
Development
Notes about Fedora package release process
Design documents (please read General considerations):
- Transition to BIND's native Red-Black Tree Database
- DNSSEC in-line signing support
- Generic support for unknown DNS RR types (RFC 3597)
- Meta-database for auxiliary data like LDAP UUID<->DNS name mapping
- Per-instance configuration in LDAP
- Per-instance record generation
Debugging:
Notes about BIND internals:
Design goals and core decisions:
- bind-dyndb-ldap was developed for needs of FreeIPA project (but it can be used independently, e.g. with OpenLDAP)
- FreeIPA defines most of bind-dyndb-ldap's high-level goals
- Today, some functionality and code overlaps with existing software. The open question is if we should do something about it, and what happens if we do not do anything. For further details see article about Maintainability.
