[Samba] Antw: Re: bind9 dlopen/dlz problems [update]
Marcel Ritter
Marcel.Ritter at rrze.uni-erlangen.de
Wed Feb 9 01:58:18 MST 2011
>>> Andrew Bartlett <abartlet at samba.org> schrieb am 2/8/2011 um 22:15
in Nachricht
<1297199717.28365.6.camel at obed>:
> On Mon, 2011-02-07 at 08:28 +0100, Marcel Ritter wrote:
> > Hi,
> >
> > just a short update on this issue:
> >
> > By using strace and having a look at the source code, I found the
> > reason for the named error:
> >
> > Accessing samba database via ldapi requires the use of ildap.so
> > (samba ldb module, which is not located in "standard ldb modules
> > path"). Just setting LDB_MODULES_PATH to the directory containing
> > it makes named start:
> >
> > export LDB_MODULES_PATH=/usr/lib/samba/ldb/
> > named -u named
> > -> startup complete
> >
> > So it wasn't my first suspect "ldap uri":
> > ldapi:///var/lib/samba4/private/ldap_priv/ldapi
> > ldapi://%2Fvar%2Flib%2Fsamba4%2Fprivate%2Fldap_priv%2Fldapi
> >
> > This leaves me with the task to finally get some DNS entries into
the
> > samba database :-)
>
> The only way to get DNS entries in is by replicating an existing
> Microsoft DNS server.
>
> Anyway, the reason there isn't any documentation is that it's not
really
> finished. We got it to the point where we were able to show that
> BIND9.8 when released would do what we want, when we are loaded with
the
> dlopen dlz plugin. That was an important milestone, as it is more
> difficult to get a new BIND version to Samba4 users than an updated
> plugin.
>
> From here, we need to come up with a secure read/write approach over
> LDAPI, with transactions of some kind, and tidy up some other
details.
>
> Then we will publish some more docs on this. But in the meantime,
you
> seem to have cracked the setup for the less secure, unsafe (no
> transactions) but works-for-a-demo mode of operation :-).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Cisco Inc.
Hi Andrew,
thanks for giving an update on this issue.
I know it may be a little early (and insecure) to use this setup - but
I like the way it works anyway :-)
Just in case someone wanted to modify the provision tool, to create
the DNS entries in samba ldb database directly instead of creating
a named.conf - could you give some directions where to start?
(And yes, I know that Active Directory DNS data types are ugly binary
blobs, but I'll take that as a challenge :-)
Bye,
Marcel
More information about the samba
mailing list