WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

XFR

This commit is contained in:
Roland Gruber 2019-02-27 20:05:25 +01:00
parent 1eac04648a
commit ab12d24703
6 changed files with 294 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lam/HISTORY
View File

@ -3,7 +3,7 @@ March 2019
- Support logging to remote syslog server - Support logging to remote syslog server
- LAM Pro: - LAM Pro:
-> New self service fields: Mail routing (Local address) and Windows (Proxy-Addresses) -> New self service fields: Mail routing (Local address) and Windows (Proxy-Addresses)
-> Bind DLZ: support DNAME records and descriptions in records (requires latest LDAP schema) -> Bind DLZ: support DNAME+XFR records and descriptions in records (requires latest LDAP schema)
- Fixed bugs: - Fixed bugs:
-> Allow tree-only configurations without any other tab -> Allow tree-only configurations without any other tab

543
lam/docs/manual-sources/chapter-modules.xml
View File

@ -4103,373 +4103,416 @@ Run slapindex to rebuild the index.
url="https://gitlab.isc.org/isc-projects/bind9/blob/master/contrib/dlz/modules/ldap/testing/dlz.schema">git url="https://gitlab.isc.org/isc-projects/bind9/blob/master/contrib/dlz/modules/ldap/testing/dlz.schema">git
repository</ulink>.</para> repository</ulink>.</para>
<para><emphasis role="bold">Configuration</emphasis></para> <section>
<title>Configuration</title>
<para>First, you need to add the Bind DNS account type and the Bind DLZ <para>First, you need to add the Bind DNS account type and the Bind DLZ
module:</para> module:</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind1.png"/> <imagedata fileref="images/mod_bind1.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<para>Please set the LDAP suffix either to an existing DNS zone (dlzZone) <para>Please set the LDAP suffix either to an existing DNS zone
or an organizational unit that should include your DNS zones.</para> (dlzZone) or an organizational unit that should include your DNS
zones.</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind2.png"/> <imagedata fileref="images/mod_bind2.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<screenshot> <para>For regular entry management use "DNS entry (bindDLZ)(*)"
<mediaobject> module.</para>
<imageobject>
<imagedata fileref="images/mod_bind3.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Automatic PTR management</emphasis></para> <screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_bind3.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para>LAM can automatically create/delete PTR entries for the entered <para><emphasis role="bold">XFR</emphasis></para>
IPv4/6 records. You can enable this feature on the module settings
tab.</para>
<para>PTR records will get the same TTL as IP records. Please note that <para>If you want to edit XFR entries please add a second account type
you need to have matching reverse zones (".in-addr.arpa"/".ip6.arpa") for XFR. Recommended list attributes are
under the same suffix as your other DNS entries.</para> "#dlzipaddr;#dlzrecordid".</para>
<screenshot> <screenshot>
<mediaobject> <graphic fileref="images/mod_bind13.png"/>
<imageobject> </screenshot>
<imagedata fileref="images/mod_bind12.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Zone management</emphasis></para> <para>Now use the "XFR (bindDLZXfr)(*)" module for this account
type.</para>
<para>If you do not yet have a DNS zone then LAM can create one for you. <screenshot>
In list view switch the suffix to an organizational unit DN. Now you will <graphic fileref="images/mod_bind14.png"/>
see a button "New zone".</para> </screenshot>
<para>This will create the zone container entry and a default DNS entry <para><emphasis role="bold">Automatic PTR management</emphasis></para>
"@" for authoritative information. Now switch the suffix to your new zone
and start adding DNS entries.</para>
<screenshot> <para>LAM can automatically create/delete PTR entries for the entered
<mediaobject> IPv4/6 records. You can enable this feature on the module settings
<imageobject> tab.</para>
<imagedata fileref="images/mod_bind4.png"/>
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">DNS entries</emphasis></para> <para>PTR records will get the same TTL as IP records. Please note that
you need to have matching reverse zones (".in-addr.arpa"/".ip6.arpa")
under the same suffix as your other DNS entries.</para>
<para>LAM supports the following DNS record types:</para> <screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/mod_bind12.png"/>
</imageobject>
</mediaobject>
</screenshot>
<itemizedlist> <para><emphasis role="bold">Zone management</emphasis></para>
<listitem>
<para>SOA: authoritative information</para>
</listitem>
<listitem> <para>If you do not yet have a DNS zone then LAM can create one for you.
<para>NS: name servers</para> In list view switch the suffix to an organizational unit DN. Now you
</listitem> will see a button "New zone".</para>
<listitem> <para>This will create the zone container entry and a default DNS entry
<para>A/AAAA: IP addresses</para> "@" for authoritative information. Now switch the suffix to your new
</listitem> zone and start adding DNS entries.</para>
<listitem> <screenshot>
<para>PTR: reverse DNS entries</para> <mediaobject>
</listitem> <imageobject>
<imagedata fileref="images/mod_bind4.png"/>
</imageobject>
</mediaobject>
</screenshot>
</section>
<listitem> <section>
<para>CNAME: alias names</para> <title>DNS entries</title>
</listitem>
<listitem> <para>LAM supports the following DNS record types:</para>
<para>MX: mail servers</para>
</listitem>
<listitem> <itemizedlist>
<para>TXT: text records</para> <listitem>
</listitem> <para>SOA: authoritative information</para>
</listitem>
<listitem> <listitem>
<para>SRV: service entries</para> <para>NS: name servers</para>
</listitem> </listitem>
</itemizedlist>
<literallayout> <listitem>
<para>A/AAAA: IP addresses</para>
</listitem>
<listitem>
<para>PTR: reverse DNS entries</para>
</listitem>
<listitem>
<para>CNAME: alias names</para>
</listitem>
<listitem>
<para>MX: mail servers</para>
</listitem>
<listitem>
<para>TXT: text records</para>
</listitem>
<listitem>
<para>SRV: service entries</para>
</listitem>
</itemizedlist>
<literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">Authoritative (SOA) and name server (NS) <para><emphasis role="bold">Authoritative (SOA) and name server (NS)
records</emphasis></para> records</emphasis></para>
<para>Here you can manage general information about the zone like timeouts <para>Here you can manage general information about the zone like
and name servers. Please note that name servers must be inserted in a timeouts and name servers. Please note that name servers must be
special format (dot at the end).</para> inserted in a special format (dot at the end).</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind5.png"/> <imagedata fileref="images/mod_bind5.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">IP addresses (A/AAAA)</emphasis></para> <para><emphasis role="bold">IP addresses (A/AAAA)</emphasis></para>
<para>LAM will automatically set the correct type (A/AAAA) depending if <para>LAM will automatically set the correct type (A/AAAA) depending if
you enter an IPv4 or IPv6 address.</para> you enter an IPv4 or IPv6 address.</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind6.png"/> <imagedata fileref="images/mod_bind6.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">Reverse DNS entries</emphasis></para> <para><emphasis role="bold">Reverse DNS entries</emphasis></para>
<para>Reverse DNS entries are important when you need to find the DNS name <para>Reverse DNS entries are important when you need to find the DNS
that is associated with a given IP address. Reverse DNS entries are stored name that is associated with a given IP address. Reverse DNS entries are
in a separate DNS zone.</para> stored in a separate DNS zone.</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind7.png"/> <imagedata fileref="images/mod_bind7.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">Alias names (CNAME)</emphasis></para> <para><emphasis role="bold">Alias names (CNAME)</emphasis></para>
<para>Sometimes a DNS entry should simply point to a different DNS entry <para>Sometimes a DNS entry should simply point to a different DNS entry
(e.g. for migrations). This can be done by adding an alias name.</para> (e.g. for migrations). This can be done by adding an alias name.</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind8.png"/> <imagedata fileref="images/mod_bind8.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">Mail servers (MX)</emphasis></para> <para><emphasis role="bold">Mail servers (MX)</emphasis></para>
<para>The mail server entries define where mails to a domain should be <para>The mail server entries define where mails to a domain should be
delivered. The server with the lowest preference has the highest delivered. The server with the lowest preference has the highest
priority.</para> priority.</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind9.png"/> <imagedata fileref="images/mod_bind9.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">Text records (TXT)</emphasis></para> <para><emphasis role="bold">Text records (TXT)</emphasis></para>
<para>Text records can be added to store a description or other data (e.g. <para>Text records can be added to store a description or other data
SPF information).</para> (e.g. SPF information).</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind10.png"/> <imagedata fileref="images/mod_bind10.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">Services (SRV)</emphasis></para> <para><emphasis role="bold">Services (SRV)</emphasis></para>
<para>Service records can be used to specify which servers provide common <para>Service records can be used to specify which servers provide
services such as LDAP. Please note that the host name must be common services such as LDAP. Please note that the host name must be
_SERVICE._PROTOCOL (e.g. _ldap._tcp).</para> _SERVICE._PROTOCOL (e.g. _ldap._tcp).</para>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para>Priority: The priority of the target host, lower value means more <para>Priority: The priority of the target host, lower value means more
preferred.</para> preferred.</para>
<para>Weight: A relative weight for records with the same priority. E.g. <para>Weight: A relative weight for records with the same priority. E.g.
weights 20 and 80 for a service will result in 20% queries to the one weights 20 and 80 for a service will result in 20% queries to the one
server and 80% to the other.</para> server and 80% to the other.</para>
<para>Port: The port number that is used for your service.</para> <para>Port: The port number that is used for your service.</para>
<para>Server: DNS name where service can be reached (with dot at the <para>Server: DNS name where service can be reached (with dot at the
end).</para> end).</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="images/mod_bind11.png"/> <imagedata fileref="images/mod_bind11.png"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para><emphasis role="bold">File upload</emphasis></para> <para><emphasis role="bold">File upload</emphasis></para>
<para>You can upload complete DNS zones via LAM's file upload. Here is an <para>You can upload complete DNS zones via LAM's file upload. Here is
example for a zone file and the corresponding CSV file.</para> an example for a zone file and the corresponding CSV file.</para>
<table> <table>
<title>Zone file</title> <title>Zone file</title>
<tgroup cols="4"> <tgroup cols="4">
<tbody> <tbody>
<row> <row>
<entry>@</entry> <entry>@</entry>
<entry>IN</entry> <entry>IN</entry>
<entry>SOA</entry> <entry>SOA</entry>
<entry>ns1.example.com admin.ns1.example.com (1 360000 3600 <entry>ns1.example.com admin.ns1.example.com (1 360000 3600
3600000 370000)</entry> 3600000 370000)</entry>
</row> </row>
<row> <row>
<entry/> <entry/>
<entry>IN</entry> <entry>IN</entry>
<entry>NS</entry> <entry>NS</entry>
<entry>ns1.example.com.</entry> <entry>ns1.example.com.</entry>
</row> </row>
<row> <row>
<entry/> <entry/>
<entry>IN</entry> <entry>IN</entry>
<entry>NS</entry> <entry>NS</entry>
<entry>ns2.example.com.</entry> <entry>ns2.example.com.</entry>
</row> </row>
<row> <row>
<entry/> <entry/>
<entry>IN</entry> <entry>IN</entry>
<entry>MX</entry> <entry>MX</entry>
<entry>10 mail1.example.com</entry> <entry>10 mail1.example.com</entry>
</row> </row>
<row> <row>
<entry/> <entry/>
<entry>IN</entry> <entry>IN</entry>
<entry>MX</entry> <entry>MX</entry>
<entry>20 mail2.example.com</entry> <entry>20 mail2.example.com</entry>
</row> </row>
<row> <row>
<entry>foo</entry> <entry>foo</entry>
<entry>IN</entry> <entry>IN</entry>
<entry>A</entry> <entry>A</entry>
<entry>123.123.123.100</entry> <entry>123.123.123.100</entry>
</row> </row>
<row> <row>
<entry>foo2</entry> <entry>foo2</entry>
<entry>IN</entry> <entry>IN</entry>
<entry>CNAME</entry> <entry>CNAME</entry>
<entry>foo.example.com</entry> <entry>foo.example.com</entry>
</row> </row>
<row> <row>
<entry>bar</entry> <entry>bar</entry>
<entry>IN</entry> <entry>IN</entry>
<entry>A</entry> <entry>A</entry>
<entry>123.123.123.101</entry> <entry>123.123.123.101</entry>
</row> </row>
<row> <row>
<entry/> <entry/>
<entry>IN</entry> <entry>IN</entry>
<entry>AAAA</entry> <entry>AAAA</entry>
<entry>1:2:3:4:5</entry> <entry>1:2:3:4:5</entry>
</row> </row>
</tbody> </tbody>
</tgroup> </tgroup>
</table> </table>
<para>Please check that you have an existing zone entry that can be used <para>Please check that you have an existing zone entry that can be used
for the file upload. See above to create a new zone.</para> for the file upload. See above to create a new zone.</para>
<para>Hint: If you use the function above to create a new zone then please <para>Hint: If you use the function above to create a new zone then
skip the "@" entry in the CSV file below. LAM creates this entry with please skip the "@" entry in the CSV file below. LAM creates this entry
sample data.</para> with sample data.</para>
<para>In this example we assume that the following zone extry <para>In this example we assume that the following zone extry
exists:</para> exists:</para>
<literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com <literallayout>dn: dlzZoneName=example.com,ou=bind,dc=example,dc=com
dlzzonename: example.com dlzzonename: example.com
objectclass: dlzZone objectclass: dlzZone
objectclass: top objectclass: top
</literallayout> </literallayout>
<para>Here is the corresponding CSV file: <ulink <para>Here is the corresponding CSV file: <ulink
url="resources/bindUpload.csv">bindUpload.csv</ulink></para> url="resources/bindUpload.csv">bindUpload.csv</ulink></para>
</section>
<section>
<title>XFR entries</title>
<para>You can manage the XFR entries in the second tab that you
configured before.</para>
<screenshot>
<graphic fileref="images/mod_bind16.png"/>
</screenshot>
<para>For each XFR entry you can set a record ID and the IP
address.</para>
<screenshot>
<graphic fileref="images/mod_bind15.png"/>
</screenshot>
</section>
</section> </section>
<section> <section>

BIN
lam/docs/manual-sources/images/mod_bind13.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
lam/docs/manual-sources/images/mod_bind14.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
lam/docs/manual-sources/images/mod_bind15.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
lam/docs/manual-sources/images/mod_bind16.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB