ldapdns-users Mailing List for LDAPDNS (Page 3)
Brought to you by:
nimh
Menu
▾
▴
ldapdns-users — Users of LDAPDNS
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(8) |
Jul
(2) |
Aug
(4) |
Sep
(4) |
Oct
(1) |
Nov
(7) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
(8) |
Dec
(2) |
| 2005 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
(6) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
(3) |
| 2006 |
Jan
(6) |
Feb
(4) |
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(3) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <fde...@ub...> - 2004-09-14 13:54:14
|
Hi everybody, I'm new to the list as you can figure out. My english is not very good but I'll do what I can. Let's see, I've read some books and documentation about LDAP and DNS and now that I'm trying to build my zone on ldif format I have many doubts. I'm running a Gentoo box with ldapdns-2.0.5. My goal is to manage a dns zone called ere.ub.edu. The net is type C. Besides that, in the directory I'll put samba and unix accounts and more data, so I wonder if I can have dns information in an ou like ou=dns,dc=ere,dc=ub,dc=edu to have a tidy directory (suggestions are welcome). The LDAP server is in the same machine and let's suppose its IP is a.b.c.d. The ldapdns-conf command will look like this?: #ldapdns-conf root fernando /var/ldapdns a.b.c.d 127.0.0.1 ere.ub.edu 'ou=dns,dc=ere,dc=ub,dc=edu' I don't know what "acct" and "logacct" mean exactly, can you explain it or tell me where to search about it? (I've read all the ldapdns documentation, I'm serious). Well, let's suppose all the daemontools stuff is done, I'll manage. If I'm not wrong ldapdns relies on the cosine schema, more accurately it expects to find dNSDomain object classes but... where do I put the reverse zones and root servers addresses? With the current configuration I think the ere.ub.edu zone's hosts will map to the ou=dns,dc=ere,dc=ub,dc=edu container's entries being the name the dc attribute and the ip address the ARecord. NSRecords I suppose have to be the the same way but I've read something like you don't need SOA records with ldapdns. I don't understand that. I'm not sure if I'm right with all these but if someone could post a sample of a ldif dump of his zone and reverse zone I think I could figure it out better. I'm sorry if I ask a lot but I was about setting up a BIND server and Openldap server at the same time when I discovered ldapdns, I'd like to run it to make profit of the directory. Thanks a lot. |
|
From: Mrs. B. <mrs...@ni...> - 2004-06-26 01:40:36
|
On Fri, 2004-06-25 at 21:09, Dennis Willson wrote: > One of my projects is a spammer blacklist that's DNS based and I have > built Spam honey pot that picks up Spam, tests the source if it's an > open relay then enters the results into an SQL database. Every hour a > cron job runs, scans the database and builds BIND zone files, > transfers them to the master server and then performs an rndc against > the master. The public quiries a set of slave servers which are > updated when the master sends out its notification about the zone > updates. It would be great if I could use this system to do "realtime" > updates to the master LDAP server and stop a Spam spew as it happens! This is one of the motivations for building LDAPDNS. Btw, why bother testing the source? Surely if it's a good honeypot it should only be found by robots anyway.... > Is this something that would be possible with this system? How much > load can the system take compared to BIND? My slave servers that the > public quiries are dual 2.8Ghz P4 Xeon systems with 1GB RAM. Each name > server is using about 500Kb/s of bandwidth. Poop on a stick is faster than BIND. That out of my system, the BIGGEST BOTTLENECK is OpenLDAP. Under high load, I've noticed OpenLDAP perform poorly with Berkley's DB. Using older versions (!) seems to help. I have reports of Microsoft's Active Directory kicking OpenLDAP's ass, although I suspect this has more to do with Berkley than any genius Microsoft might have. Anyway, EVEN WITH OpenLDAP at it's worst, ldapdns happily reports 2-3 times faster than BIND. I have absolutely no idea why BIND is so slow, and I'll likely never find out. Is BIND "fast enough"? If it is, LDAPDNS is too. Note: Because of the round-trip time with OpenLDAP, LDAPDNS has turnaround. When OpenLDAP's doing good, I've seen round trip time over a 1mbit/sec connection be as low as 19msec (see list archives for some woo-hoos). It gets better when using multiple OpenLDAP servers in parallel. Compare to BIND which seems to want to take 50-60 msec to answer the same (albeit loaded) query when memory is tight. HOWEVER: I would not be fair if I didn't suggest that your best bet is something like rbldnsd or rbldns... > Also is this project still currently active and will it stay active > for at least a while? That depends on interest :) LDAPDNS3 started out of contempt for OpenLDAP. I'm looking to solve the bottleneck described earlier in a more permanent way (and fix bugs) before I do any new features/releases. |
|
From: Dennis W. <ta...@ta...> - 2004-06-26 01:09:34
|
One of my projects is a spammer blacklist that's DNS based and I have built Spam honey pot that picks up Spam, tests the source if it's an open relay then enters the results into an SQL database. Every hour a cron job runs, scans the database and builds BIND zone files, transfers them to the master server and then performs an rndc against the master. The public quiries a set of slave servers which are updated when the master sends out its notification about the zone updates. It would be great if I could use this system to do "realtime" updates to the master LDAP server and stop a Spam spew as it happens! Is this something that would be possible with this system? How much load can the system take compared to BIND? My slave servers that the public quiries are dual 2.8Ghz P4 Xeon systems with 1GB RAM. Each name server is using about 500Kb/s of bandwidth. Also is this project still currently active and will it stay active for at least a while? Thanks -------------------------------------------------- Dennis Willson ta...@ta... http://www.taz-mania.com Ham: ka6lsw Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, Gas Blender |
|
From: Mrs. B. <mrs...@ni...> - 2004-02-12 00:10:50
|
On Wed, 2004-02-11 at 08:32, Ace Suares wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Mrs. Brisby, > > me again. I still can't see it clearly. I downloaded the ldapdns v3 snapshot, > read the schema but there is only info on ldapdns2 and 1. Is 3 using the 2 > schema ? Yes. With a minor change; see below. > > > service=ldapdns3,domain=example.com,[suffix] > > > It really doesn't matter if you but an "associatedDomain" attribute on > > every level and have an index for it. > > so let's say I give this 'service' some attributes, could I then put ALL > information in there (also for www, intra, ftp) ? Not without some idea of how to differentiate individual hosts. > Or should I make entries > user=www > user=ftp > user=intra entries. Although I recommend "dc" > Or can I make entries > > user=randomstring > with attribute > associatedDomain: www.example.com You can do this. > in other words, ldapdns is not looking in the dn at all, just the > associcatedDomain attribute ? That would be good... It does to find out where it needs to supply an SOA/NS records. It will attempt to attach "other" DNS portions after that. > - - is ldapdns running as root ? or under udpserver/ tcpserver als a normal > user? ldapdns runs using a dgserver module. It will drop privs on startup, and chroot. There should be no root security risk whatsoever, as only the environment variables UID and GID are read on startup. This may cause issues with FreeBSD- other issues will be cleaned up (esp. Solaris) before release. > - - is there a sample ldif file that show how you'd make it work ? Search the mailing list archives... This comes up every now and then. dn: dc=example.com,ou=zones,ou=bind,ou=System,dc=yes,dc=nu objectClass: top objectClass: domain objectClass: dNSDomain objectClass: domainRelatedObject associatedDomain: example.com aRecord: 10.0.0.1 dc: example.com mXRecord: 10 mail.example.com dn: dc=www,dc=example.com,ou=zones,ou=bind,ou=System,dc=yes,dc=nu objectClass: top objectClass: domain objectClass: dNSDomain dc: www aRecord: 10.0.0.2 |
|
From: Ace S. <ac...@su...> - 2004-02-11 13:28:04
|
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mrs. Brisby, me again. I still can't see it clearly. I downloaded the ldapdns v3 snapsho= t,=20 read the schema but there is only info on ldapdns2 and 1. Is 3 using the 2= =20 schema ? > > service=3Dldapdns3,domain=3Dexample.com,[suffix] > It really doesn't matter if you but an "associatedDomain" attribute on > every level and have an index for it. so let's say I give this 'service' some attributes, could I then put ALL=20 information in there (also for www, intra, ftp) ? Or should I make entries=20 user=3Dwww user=3Dftp user=3Dintra Or can I make entries user=3Drandomstring with attribute associatedDomain: www.example.com in other words, ldapdns is not looking in the dn at all, just the=20 associcatedDomain attribute ? That would be good... =2D - is ldapdns running as root ? or under udpserver/ tcpserver als a norm= al=20 user? =2D - is there a sample ldif file that show how you'd make it work ? Thanks again.=20 website: http://www.suares.nl * http://www.qwikzite.nl =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQFAKi7Ty7boE8xtIjURArmpAJ4hSepI5ASzLcjTmdYRpHFgoXdYTwCeP8ge dyV/MLnsanuxRqL+OlI2/h4=3D =3DOKxB =2D----END PGP SIGNATURE----- |
|
From: Mrs. B. <mrs...@ni...> - 2004-02-11 04:21:00
|
On Tue, 2004-02-10 at 21:01, Ace Suares wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Hi, > > I am alomost ready to try out ldapdns on a production server. > > - - Should I use ldapdns2 or ldapdns3 ? I haven't seen much discussion on this > list (reading archives) so is it 'stable' ? I'm using LDAPDNS3 and LDAPDNS1 in a production environment. I don't use LDAPDNS2 anymore.. > - - I can't find a good description of what schema is used and how it's used. > My ldap tree is based on 'domainnames', more or less like this: > > domain=example.com,[suffix] > service=qmail,domain=example.com,[suffix] > user=ace,service=qmail,domain=example.com,[suffix] > user=ace2,service=qmail,domain=example.com,[suffix] > service=proftpd,domain=example.com,[suffix] > user=ace,service=proftpd,domain=example.com,[suffix] > user=ace2,service=proftpd,domain=example.com,[suffix] > > now i'd like to add ldapdns3 like this: > > service=ldapdns3,domain=example.com,[suffix] Sounds fine. Only works with ldapdns3 however. > but I am in the dark what should go in that branch. Should I create a 'user' > for www, intra, ftp to make www.example.com, intra.example.com, > ftp.example.com ? where would the soa go then ? It really doesn't matter if you but an "associatedDomain" attribute on every level and have an index for it. That said, after LDAPDNS3 searches for the "longest associateddomain" that matches, it tries to attach any "unused" entries-- this is to simplify LDAPDNS2 support-- by attaching dc=DOMAINSEG,SUFFIX -- where SUFFIX was discovered during the sub-search. > > can this be done ? Do I need to change the way ldapdns3 works ? Yes. No. > the [suffix] is actually somethin like 'isp=isp001,[restsuffix]' > > so, I am setting up one dns server for isp001, another for isp002 etc. > - From the docs, that can be handled in the .conf file, so that looks okay. No .conf file. Never was (except in certain binary distributions). > - - will ldapdns3 handle something like 'accountStatus disabled' or some other > way of temporary disabling certain records ? Put an ASTERISK at the beginning of sOARecord. |
|
From: Ace S. <ac...@su...> - 2004-02-11 01:56:56
|
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am alomost ready to try out ldapdns on a production server. =2D - Should I use ldapdns2 or ldapdns3 ? I haven't seen much discussion on= this list (reading archives) so is it 'stable' ? =2D - I can't find a good description of what schema is used and how it's u= sed. My ldap tree is based on 'domainnames', more or less like this: domain=3Dexample.com,[suffix] service=3Dqmail,domain=3Dexample.com,[suffix] user=3Dace,service=3Dqmail,domain=3Dexample.com,[suffix] user=3Dace2,service=3Dqmail,domain=3Dexample.com,[suffix] service=3Dproftpd,domain=3Dexample.com,[suffix] user=3Dace,service=3Dproftpd,domain=3Dexample.com,[suffix] user=3Dace2,service=3Dproftpd,domain=3Dexample.com,[suffix] now i'd like to add ldapdns3 like this: service=3Dldapdns3,domain=3Dexample.com,[suffix] but I am in the dark what should go in that branch. Should I create a 'use= r' for www, intra, ftp to make www.example.com, intra.example.com, ftp.example.com ? where would the soa go then ? can this be done ? Do I need to change the way ldapdns3 works ? the [suffix] is actually somethin like 'isp=3Disp001,[restsuffix]' so, I am setting up one dns server for isp001, another for isp002 etc. =2D From the docs, that can be handled in the .conf file, so that looks oka= y. =2D - will ldapdns3 handle something like 'accountStatus disabled' or some = other way of temporary disabling certain records ? TIA for any answers... _Ace =2D -- Ace Suares' Internet Consultancy NIEUW ADRES: Postbus 2599, 4800 CN Breda telefoon: 06-244 33 608 fax en voicemail: 0848-707 705 website: http://www.suares.nl * http://www.qwikzite.nl =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQFAKYzmy7boE8xtIjURAsHDAJ9rJG56nlzm+t5uWowq77RHuBUsnwCgn3D7 U7zDQsjihvmWaGfHQJcAHCc=3D =3DMDrI =2D----END PGP SIGNATURE----- |
|
From: Mrs. B. <mrs...@ni...> - 2003-11-29 16:18:01
|
"Have you stopped beating your wife yet?" (Note, J.deB has some really good pages about how to ask questions :) The behavior that J.deB describes is not a bug or does it violate RFC 1034- that section is describing an ALGORITHM-- a particular one that only makes sense to BIND/derivatives. It wouldn't even make sense to BIND if it's cache were disabled. The algorithm _suggested_ in the particular section J.deB is interested in is ridiculous for content-only nameservers. It is only possible if you have a cache. Using J.deB's patches will cause you to be unable to answer certain kinds of queries. That said, LDAPDNS 3 (or LDAPDNS 2 with some scary patches, IIRC) _will_ follow cNAMES efficiently in an effort to save wan traffic IF it's not a hard question to answer- and besides the user will probably be asking it soon anyway. Caches may inspect the additional section to see the answer to the "next question" and perhaps save a trip. It may look an awful lot like the algorithm suggested- but it differs if it doesn't know about that new host- AND it always uses the original question name. But then, LDAPDNS 3 doesn't allow you to make retarded CNAMEs anyway (cname host1.example to host2.example-- it simply answers questions about host1 with host2's data)- so it could be said that by using LDAPDNS you can't answer certain kinds of questions. Fortunately, if you really want to give retarded answers and you are one of the four people on planet earth that actually know what CNAMEs are/do, you have the ability with LDAPDNS to get behavior much more similar to tinydns. On Sat, 2003-11-29 at 09:42, Petr Okurek wrote: > Hello Mrs. Brisby, > I have a question. Does the ldapdns 2.05 have a truncation of alias chains > or > it's behaviour is according to the alogorithm in RFC 1034? > More details on > http://homepages.tesco.net/~J.deBoynePollard/FGA/djbdns-problems.html#tinydn > s-alias-chain-truncation |
|
From: Petr O. <po...@re...> - 2003-11-29 14:44:58
|
Hello Mrs. Brisby, I have a question. Does the ldapdns 2.05 have a truncation of alias chains or it's behaviour is according to the alogorithm in RFC 1034? More details on http://homepages.tesco.net/~J.deBoynePollard/FGA/djbdns-problems.html#tinydn s-alias-chain-truncation Thanks for your time, Petr Okurek |
|
From: Chris H. <ch...@am...> - 2003-11-23 23:28:03
|
Quoting "Mrs. Brisby" <mrs...@ni...>: > On Sun, 2003-11-23 at 14:50, Chris Hamilton wrote: > > Thank you for replying. > > > > Quoting "Mrs. Brisby" <mrs...@ni...>: > > > > > A couple things: > > > > > > 1. Instead of using sudo, set UID and GID to the uid and gid of the > > > ldapdns user and let ldapdns-dg setuid/setgid itself. This way, when > > > ready, you can set PORT to 53. > > Hmm, -bash: UID: readonly variable. I can set it from ksh. > > Set it temporarily to another name; I use REAL_UID and REAL_GID then use > ENV to rewrite: > > env UID=$REAL_UID GID=$REAL_GID ldapdns-dg OK, I can set UID this way thanks. ... > > > 4. Your dig statement doesn't list a fully qualified domain name. > > > Perhaps you meant: > > > dig @localhost -p 5300 -t any ns.ambigc.com.sg > > Yes, sorry. it doesnt work fully qualified either. > > What does ldapdns output when you do that? # dig @localhost -p 5300 -t any ns.ambigc.com.sg ; <<>> DiG 9.2.2 <<>> @localhost -p 5300 -t any ns.ambigc.com.sg ;; global options: printcmd ;; connection timed out; no servers could be reached This is all I have ever gotten before. See below. > > > > >... > Read that text (requested protocol version not allowed)-- bind with > protocol 2 is apparently not allowed- at least for your cn=root user. > Try using no "dn" or "password" settings and allow LDAPDNS to connect > anonymously. No, I found the problem. It is strange because I could use simple bind in ldapsearch, yet slapd.conf wasn't configured correctly for it. I had an second allow call line after the 'allow bind_v2' and it appears slapd.conf only permits one allow call. So I combined them to one line and everything worked. Sorry to trouble you and thanks for your help. -Chris Hamilton ---------------------------------------------------------------- Mail by Ambiguous Computer Computer Ltd. an open source company. http://www.ambigc.com |
|
From: Mrs. B. <mrs...@ni...> - 2003-11-23 21:22:10
|
On Sun, 2003-11-23 at 14:50, Chris Hamilton wrote: > Thank you for replying. > > Quoting "Mrs. Brisby" <mrs...@ni...>: > > > A couple things: > > > > 1. Instead of using sudo, set UID and GID to the uid and gid of the > > ldapdns user and let ldapdns-dg setuid/setgid itself. This way, when > > ready, you can set PORT to 53. > Hmm, -bash: UID: readonly variable. I can set it from ksh. Set it temporarily to another name; I use REAL_UID and REAL_GID then use ENV to rewrite: env UID=$REAL_UID GID=$REAL_GID ldapdns-dg > > 2. Make sure you can run ldapdns and _see_ that it starts up. This means > > essentially running your /usr/sbin/ldapdns script and seeing what output > > it provides. Send us that output. > Outside of sudo, it just complains about GID and UID not set. > It does execute 3 ldapdns-dg when launched by sudo. > #tail /var/log/ldapdns.log > LDAPDNS starting thread 1 > LDAPDNS starting thread 2 That's because it doesn't like running as root. See above. > > 4. Your dig statement doesn't list a fully qualified domain name. > > Perhaps you meant: > > dig @localhost -p 5300 -t any ns.ambigc.com.sg > Yes, sorry. it doesnt work fully qualified either. What does ldapdns output when you do that? > > 6. the $SELFNS and $REPLICAS environment variables are NECESSARY for > > creating NS and SOA RRs. > OK I set both to ns.ambigc.com.sg as I have only one server. Is this OK? This is fine. > It is still not responding. > Further testing shows the ldapdns-dg seems to be spawning lots of open > connections to the ldap server (flooding netstat output). > Debugging from slapd -d256 shows: > conn=1674 op=0 BIND dn="" method=128 > conn=1674 op=0 RESULT tag=97 err=2 text=requested protocol version not allowed > conn=1676 fd=12 ACCEPT from IP=127.0.0.1:59060 (IP=:: 389) > conn=1673 fd=13 closed ... > I dont have any slapd security settings and I have 'allow bind_v2' in slapd.conf > and can get the whole tree by 'ldapsearch -x'. It also reports this (except > different dn) when I try to make ldapdns login as the admin. Read that text (requested protocol version not allowed)-- bind with protocol 2 is apparently not allowed- at least for your cn=root user. Try using no "dn" or "password" settings and allow LDAPDNS to connect anonymously. |
|
From: Chris H. <ch...@am...> - 2003-11-23 19:50:04
|
Thank you for replying. Quoting "Mrs. Brisby" <mrs...@ni...>: > A couple things: > > 1. Instead of using sudo, set UID and GID to the uid and gid of the > ldapdns user and let ldapdns-dg setuid/setgid itself. This way, when > ready, you can set PORT to 53. Hmm, -bash: UID: readonly variable. I can set it from ksh. > > 2. Make sure you can run ldapdns and _see_ that it starts up. This means > essentially running your /usr/sbin/ldapdns script and seeing what output > it provides. Send us that output. Outside of sudo, it just complains about GID and UID not set. It does execute 3 ldapdns-dg when launched by sudo. #tail /var/log/ldapdns.log LDAPDNS starting thread 1 LDAPDNS starting thread 2 > > 3. That setting for /proc/cpuinfo won't work on anything but linux... This is a linux setup and it comes back with 2 which is correct. > > 4. Your dig statement doesn't list a fully qualified domain name. > Perhaps you meant: > dig @localhost -p 5300 -t any ns.ambigc.com.sg Yes, sorry. it doesnt work fully qualified either. > > 5. Your LDAP server needs to have an equality (exact) index for > associatedDomain - OR your tree needs to be extremely small. From my slapd.conf: (and I ran slapindex) index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenName,associatedDomain eq,subinitial > > 6. the $SELFNS and $REPLICAS environment variables are NECESSARY for > creating NS and SOA RRs. OK I set both to ns.ambigc.com.sg as I have only one server. Is this OK? It is still not responding. Further testing shows the ldapdns-dg seems to be spawning lots of open connections to the ldap server (flooding netstat output). Debugging from slapd -d256 shows: conn=1674 op=0 BIND dn="" method=128 conn=1674 op=0 RESULT tag=97 err=2 text=requested protocol version not allowed conn=1676 fd=12 ACCEPT from IP=127.0.0.1:59060 (IP=:: 389) conn=1673 fd=13 closed I dont have any slapd security settings and I have 'allow bind_v2' in slapd.conf and can get the whole tree by 'ldapsearch -x'. It also reports this (except different dn) when I try to make ldapdns login as the admin. -Chris > > > On Sat, 2003-11-22 at 13:57, Chris Hamilton wrote: > > I do not know what I am doing wrong. I have tried to get ldapdns 3 up > > with the following: > > > > From my rc: > > start) > > title "Starting ldapdns." > > touch $logfile;chown ldapdns $logfile || error=$? > > sudo -u ldapdns -b "/usr/sbin/ldapdns" >$logfile 2>$logfile || > > error=$? > > status > > ;; > > > > > > /usr/sbin/ldapdns: > > #!/bin/sh > > source /etc/profile > > cd /var/ldapdns > > > > rm -f root/ldap.tmp root/ldap > > /usr/sbin/ldapdns-hosts hosts root/ldap root/ldap.tmp > > > > CPU=`cat /proc/cpuinfo | grep processor | wc -l` > > ROOT=/var/ldapdns/root > > source /etc/ldapdns.conf > > > > pre=$1 > > shift > > $pre /usr/sbin/ldapdns-dg "$@" > > > > /etc/ldapdns.conf: > > SCHEMA=LDAPDNS > > LISTEN=0:5300 > > HOSTMASTER=hostmaster@localhost > > #SELFNS=a.ns.myhostname > > #REPLICAS=b.ns.myhostname:c.ns.myhostname > > export ROOT CPU LISTEN SCHEMA HOSTMASTER SELFNS REPLICAS > > > > /var/ldapdns/hosts/ns: > > base o=top > > address 127.0.0.1 > > dn cn=admin,o=top > > password **** > > method simple > > is root > > > > And: > > dn: dc=ns,ou=Hosts,ou=Network,o=top > > objectClass: top > > objectClass: dnsdomain > > objectClass: domainRelatedObject > > dc: ns > > aRecord: 10.0.0.2 > > mXRecord: mail.ambigc.com > > associatedDomain: ns.ambigc.com.sg > > > > But: > > # dig @localhost -p 5300 -t any ns > > > > ; <<>> DiG 9.2.2 <<>> @localhost -p 5300 -t any ns > > ;; global options: printcmd > > ;; connection timed out; no servers could be reached > > > > Any ideas on what to try would be appreciated. > > > > Thanks, > > Chris Hamilton > > > ---------------------------------------------------------------- Mail by Ambiguous Computer Computer Ltd. an open source company. http://www.ambigc.com |
|
From: Mrs. B. <mrs...@ni...> - 2003-11-23 19:04:01
|
A couple things: 1. Instead of using sudo, set UID and GID to the uid and gid of the ldapdns user and let ldapdns-dg setuid/setgid itself. This way, when ready, you can set PORT to 53. 2. Make sure you can run ldapdns and _see_ that it starts up. This means essentially running your /usr/sbin/ldapdns script and seeing what output it provides. Send us that output. 3. That setting for /proc/cpuinfo won't work on anything but linux... 4. Your dig statement doesn't list a fully qualified domain name. Perhaps you meant: dig @localhost -p 5300 -t any ns.ambigc.com.sg 5. Your LDAP server needs to have an equality (exact) index for associatedDomain - OR your tree needs to be extremely small. 6. the $SELFNS and $REPLICAS environment variables are NECESSARY for creating NS and SOA RRs. On Sat, 2003-11-22 at 13:57, Chris Hamilton wrote: > I do not know what I am doing wrong. I have tried to get ldapdns 3 up > with the following: > > From my rc: > start) > title "Starting ldapdns." > touch $logfile;chown ldapdns $logfile || error=$? > sudo -u ldapdns -b "/usr/sbin/ldapdns" >$logfile 2>$logfile || > error=$? > status > ;; > > > /usr/sbin/ldapdns: > #!/bin/sh > source /etc/profile > cd /var/ldapdns > > rm -f root/ldap.tmp root/ldap > /usr/sbin/ldapdns-hosts hosts root/ldap root/ldap.tmp > > CPU=`cat /proc/cpuinfo | grep processor | wc -l` > ROOT=/var/ldapdns/root > source /etc/ldapdns.conf > > pre=$1 > shift > $pre /usr/sbin/ldapdns-dg "$@" > > /etc/ldapdns.conf: > SCHEMA=LDAPDNS > LISTEN=0:5300 > HOSTMASTER=hostmaster@localhost > #SELFNS=a.ns.myhostname > #REPLICAS=b.ns.myhostname:c.ns.myhostname > export ROOT CPU LISTEN SCHEMA HOSTMASTER SELFNS REPLICAS > > /var/ldapdns/hosts/ns: > base o=top > address 127.0.0.1 > dn cn=admin,o=top > password **** > method simple > is root > > And: > dn: dc=ns,ou=Hosts,ou=Network,o=top > objectClass: top > objectClass: dnsdomain > objectClass: domainRelatedObject > dc: ns > aRecord: 10.0.0.2 > mXRecord: mail.ambigc.com > associatedDomain: ns.ambigc.com.sg > > But: > # dig @localhost -p 5300 -t any ns > > ; <<>> DiG 9.2.2 <<>> @localhost -p 5300 -t any ns > ;; global options: printcmd > ;; connection timed out; no servers could be reached > > Any ideas on what to try would be appreciated. > > Thanks, > Chris Hamilton |
|
From: Chris H. <ch...@am...> - 2003-11-22 18:58:23
|
I do not know what I am doing wrong. I have tried to get ldapdns 3 up
with the following:
From my rc:
start)
title "Starting ldapdns."
touch $logfile;chown ldapdns $logfile || error=$?
sudo -u ldapdns -b "/usr/sbin/ldapdns" >$logfile 2>$logfile ||
error=$?
status
;;
/usr/sbin/ldapdns:
#!/bin/sh
source /etc/profile
cd /var/ldapdns
rm -f root/ldap.tmp root/ldap
/usr/sbin/ldapdns-hosts hosts root/ldap root/ldap.tmp
CPU=`cat /proc/cpuinfo | grep processor | wc -l`
ROOT=/var/ldapdns/root
source /etc/ldapdns.conf
pre=$1
shift
$pre /usr/sbin/ldapdns-dg "$@"
/etc/ldapdns.conf:
SCHEMA=LDAPDNS
LISTEN=0:5300
HOSTMASTER=hostmaster@localhost
#SELFNS=a.ns.myhostname
#REPLICAS=b.ns.myhostname:c.ns.myhostname
export ROOT CPU LISTEN SCHEMA HOSTMASTER SELFNS REPLICAS
/var/ldapdns/hosts/ns:
base o=top
address 127.0.0.1
dn cn=admin,o=top
password ****
method simple
is root
And:
dn: dc=ns,ou=Hosts,ou=Network,o=top
objectClass: top
objectClass: dnsdomain
objectClass: domainRelatedObject
dc: ns
aRecord: 10.0.0.2
mXRecord: mail.ambigc.com
associatedDomain: ns.ambigc.com.sg
But:
# dig @localhost -p 5300 -t any ns
; <<>> DiG 9.2.2 <<>> @localhost -p 5300 -t any ns
;; global options: printcmd
;; connection timed out; no servers could be reached
Any ideas on what to try would be appreciated.
Thanks,
Chris Hamilton
|
|
From: Edward R. <ed...@om...> - 2003-10-31 21:24:24
|
I am trying to get the AXFR support in ldapdns working.. I'm using LDAP dns version 2.0.5 on a RH 7.3 system.. I set AXFR=3D. THREADS=3D1, HANDLERS=3D1 just to get it to work for now. ldapdns works fine, ldapaxfr TCP requests work,=20 dig @mymachine +tcp test.domain works but this=20 dig @mymachine +tcp -t axfr test.domain fails with=20 ;; communications error to 127.0.0.1#53: end of file and the ldapaxfr process quits and the master spawns a new one.. a GDB backtrace yeilds this. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 32742)] 0x080559a2 in ldapdns_process_axfrsearch_start (c=3D0x8065300) at engine.c:2598 2598 if (!response_axstart(c, 1, c->request_name, DNS_T_SOA, DNS_C_IN, c->ttl) (gdb) bt #0 0x080559a2 in ldapdns_process_axfrsearch_start (c=3D0x8065300) at engine.c:2598 #1 0x00000001 in ?? () #2 0x08055ef0 in one2one_msgwait_loop (o_void=3D0x80656c0) at engine.c:2790 #3 0x08059cba in main (argc=3D1, argv=3D0xbffff684) at engine.c:3771 #4 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 |
|
From: Mrs. B. <mrs...@ni...> - 2003-09-01 03:28:02
|
LDAPDNS 2.05 fixes a few minor bugs, Andreas Brenk's annoyances with SCHEMA=ldapdns (and makes it work more like LDAPDNS 3) and there's a fix to protect against bombing out in the event of a configuration error. |
|
From: Mrs. B. <mrs...@ni...> - 2003-09-01 03:27:18
|
It's been convenient :) On Sun, 2003-08-31 at 08:45, Andreas Brenk wrote: > Hi, > > until a few days ago, all my nSRecords were set to @, using the > servers specified in the environment. > > When I deleted the @-nSRecord in one domain and inserted two "normal" > ones, I expected the nameservers from the environment to disappear from > the answer. Instead they were listed additionally. So the answer now > contained the ones from the environment and the ones from the nSRecords. > > Is it already possible to eliminate the environment servers from an answer? > > If not, could you change ldapdns' behaviour to just use the environment > servers whenever there's an @-nSRecord in the zone, and else omit them? > > nSRecord: @ -> environment > nSRecord: ns-1, ns-2 -> ns-1, ns-2 > nSRecord: @, ns-1, ns-2 -> environment, ns-1, ns-2 > > I think this would be the most intuitive behaviour. What do you say? > > Have a nice weekend, > Andreas > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Ldapdns-users mailing list > Lda...@li... > https://lists.sourceforge.net/lists/listinfo/ldapdns-users |
|
From: Mrs. B. <mrs...@ni...> - 2003-09-01 03:22:12
|
FYI: This isn't likely to change as it'll require pushing more stuff through the current engine callbacks... I think they might work if the lengths are the same (as that's all that's copied) If someone else wants to go through the trouble, I'll include it, but I'm focusing in LDAPDNS 3 these days :/ On Sun, 2003-08-31 at 22:58, Mrs. Brisby wrote: > The associatedDomain syntax modes aren't complete for LDAPDNS 2. For > LDAPDNS 3 they work exactly as you'd expect :) > > For example :) > > I have an LDIF that creates this: > > dn: o=My Domain Root > o: My Domain Root > associatedDomain: nimh.org > associatedDomain: nimh.zorg > aRecord: 216.169.144.42 > mXRecord: 10 nimh.org > > And a env of: > CPU=`cat /proc/cpuinfo | grep processor | wc -l` > ROOT=~/src/testbed-ldapdns/root > SCHEMA=LDAPDNS > LISTEN=0:5300 > HOSTMASTER=hos...@ni... > SELFNS=mydebugserver > > And when I do either of: > > $ dig @127.0.0.1 -p5300 -t any www.nimh.org > $ dig @127.0.0.1 -p5300 -t any www.nimh.zorg > > I get exactly what I'd expect: > > ; <<>> DiG 9.2.2 <<>> @127.0.0.1 -p5300 -t any www.nimh.zorg > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63860 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1 > > ;; QUESTION SECTION: > ;www.nimh.zorg. IN ANY > > ;; ANSWER SECTION: > nimh.zorg. 86400 IN SOA mydebugserver. > hostmaster.nimh.org. 1062385562 10800 7200 604800 86400 > www.nimh.zorg. 86400 IN CNAME nimh.org. > www.nimh.zorg. 86400 IN A 216.169.144.42 > www.nimh.zorg. 86400 IN MX 10 nimh.org. > > ;; AUTHORITY SECTION: > www.nimh.zorg. 86400 IN NS mydebugserver. > > ;; ADDITIONAL SECTION: > www.nimh.zorg. 86400 IN A 216.169.144.42 > > ;; Query time: 11 msec > ;; SERVER: 127.0.0.1#5300(127.0.0.1) > ;; WHEN: Sun Aug 31 22:55:42 2003 > ;; MSG SIZE rcvd: 175 > > > > > On Sun, 2003-08-31 at 15:08, Andreas Brenk wrote: > > Hi, > > > > I just had a look at the LDAPDNS schema, as I plan to migrate from the > > old COSINE layout. > > > > Everything runs fine as long as I just have one associatedDomain > > attribute per entry. When I add a second one ldapdns breaks. It just > > handles one of the specified domains. If I'm not mistaken it's the last > > one that is returned by the server. > > > > Is it possible to fix this? I'd really like to have multiple > > associatedDomains per subtree. (Or am I doing something stupid here?) > > > > Regards, > > Andreas > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Ldapdns-users mailing list > > Lda...@li... > > https://lists.sourceforge.net/lists/listinfo/ldapdns-users > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Ldapdns-users mailing list > Lda...@li... > https://lists.sourceforge.net/lists/listinfo/ldapdns-users |
|
From: Mrs. B. <mrs...@ni...> - 2003-09-01 02:58:25
|
The associatedDomain syntax modes aren't complete for LDAPDNS 2. For LDAPDNS 3 they work exactly as you'd expect :) For example :) I have an LDIF that creates this: dn: o=My Domain Root o: My Domain Root associatedDomain: nimh.org associatedDomain: nimh.zorg aRecord: 216.169.144.42 mXRecord: 10 nimh.org And a env of: CPU=`cat /proc/cpuinfo | grep processor | wc -l` ROOT=~/src/testbed-ldapdns/root SCHEMA=LDAPDNS LISTEN=0:5300 HOSTMASTER=hos...@ni... SELFNS=mydebugserver And when I do either of: $ dig @127.0.0.1 -p5300 -t any www.nimh.org $ dig @127.0.0.1 -p5300 -t any www.nimh.zorg I get exactly what I'd expect: ; <<>> DiG 9.2.2 <<>> @127.0.0.1 -p5300 -t any www.nimh.zorg ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63860 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.nimh.zorg. IN ANY ;; ANSWER SECTION: nimh.zorg. 86400 IN SOA mydebugserver. hostmaster.nimh.org. 1062385562 10800 7200 604800 86400 www.nimh.zorg. 86400 IN CNAME nimh.org. www.nimh.zorg. 86400 IN A 216.169.144.42 www.nimh.zorg. 86400 IN MX 10 nimh.org. ;; AUTHORITY SECTION: www.nimh.zorg. 86400 IN NS mydebugserver. ;; ADDITIONAL SECTION: www.nimh.zorg. 86400 IN A 216.169.144.42 ;; Query time: 11 msec ;; SERVER: 127.0.0.1#5300(127.0.0.1) ;; WHEN: Sun Aug 31 22:55:42 2003 ;; MSG SIZE rcvd: 175 On Sun, 2003-08-31 at 15:08, Andreas Brenk wrote: > Hi, > > I just had a look at the LDAPDNS schema, as I plan to migrate from the > old COSINE layout. > > Everything runs fine as long as I just have one associatedDomain > attribute per entry. When I add a second one ldapdns breaks. It just > handles one of the specified domains. If I'm not mistaken it's the last > one that is returned by the server. > > Is it possible to fix this? I'd really like to have multiple > associatedDomains per subtree. (Or am I doing something stupid here?) > > Regards, > Andreas > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Ldapdns-users mailing list > Lda...@li... > https://lists.sourceforge.net/lists/listinfo/ldapdns-users |
|
From: Andreas B. <ab...@ae...> - 2003-08-31 19:09:05
|
Hi, I just had a look at the LDAPDNS schema, as I plan to migrate from the old COSINE layout. Everything runs fine as long as I just have one associatedDomain attribute per entry. When I add a second one ldapdns breaks. It just handles one of the specified domains. If I'm not mistaken it's the last one that is returned by the server. Is it possible to fix this? I'd really like to have multiple associatedDomains per subtree. (Or am I doing something stupid here?) Regards, Andreas |
|
From: Andreas B. <ab...@ae...> - 2003-08-31 12:45:39
|
Hi, until a few days ago, all my nSRecords were set to @, using the servers specified in the environment. When I deleted the @-nSRecord in one domain and inserted two "normal" ones, I expected the nameservers from the environment to disappear from the answer. Instead they were listed additionally. So the answer now contained the ones from the environment and the ones from the nSRecords. Is it already possible to eliminate the environment servers from an answer? If not, could you change ldapdns' behaviour to just use the environment servers whenever there's an @-nSRecord in the zone, and else omit them? nSRecord: @ -> environment nSRecord: ns-1, ns-2 -> ns-1, ns-2 nSRecord: @, ns-1, ns-2 -> environment, ns-1, ns-2 I think this would be the most intuitive behaviour. What do you say? Have a nice weekend, Andreas |
|
From: Mrs. B. <mrs...@ni...> - 2003-08-06 22:47:12
|
There is a known bug in the AXFR switch handling code. Until then, if
you really need AXFR, use tcpserver and it's cdb-based rules file.
On Wed, 2003-08-06 at 15:28, Pet...@gm... wrote:
> hi,
>
> I´ve installed ldapdns 2.04 on a Gentoo Linux System. It works very well and
> I´m very surprised.
> But I´ve got a problem with ldapaxfr. If I set the environment variable on
> AXFR=. I can retrieve all the data. With AXFR=de I just get data from TLD de.
> However, I couldn´t find a configuration that allows me to define which IP
> can interrogate which zone (like axfrdns).
> Configurations like /var/lib/ldapdns/root/axfr don´t have any effect.
> Can someone give me an example how a computer with the IP 123.345.567 can
> call the domain my.example.tld ?
> With the following command I tried to get out which data were read:
> strace -e trace=open,close,read,write -f -o axfr.log /etc/init.d/ldapaxfr
> start
> the result was:
> 25148 open("search", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> 25148 open("switch", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> 25148 open("axfr", O_RDONLY) = 4
> 25148 read(4, "de=127.0.0.1\n", 4096) = 20
> Why do I need search and switch for ldapaxfr?
> de=127.0.0.1 means TLD de could be transfered to the IP 127.0.0.1 Is this
> right?
>
> Thank you in advance
> Peter
|
|
From: <Pet...@gm...> - 2003-08-06 19:28:39
|
hi,
I´ve installed ldapdns 2.04 on a Gentoo Linux System. It works very well and
I´m very surprised.
But I´ve got a problem with ldapaxfr. If I set the environment variable on
AXFR=. I can retrieve all the data. With AXFR=de I just get data from TLD de.
However, I couldn´t find a configuration that allows me to define which IP
can interrogate which zone (like axfrdns).
Configurations like /var/lib/ldapdns/root/axfr don´t have any effect.
Can someone give me an example how a computer with the IP 123.345.567 can
call the domain my.example.tld ?
With the following command I tried to get out which data were read:
strace -e trace=open,close,read,write -f -o axfr.log /etc/init.d/ldapaxfr
start
the result was:
25148 open("search", O_RDONLY) = -1 ENOENT (No such file or
directory)
25148 open("switch", O_RDONLY) = -1 ENOENT (No such file or
directory)
25148 open("axfr", O_RDONLY) = 4
25148 read(4, "de=127.0.0.1\n", 4096) = 20
Why do I need search and switch for ldapaxfr?
de=127.0.0.1 means TLD de could be transfered to the IP 127.0.0.1 Is this
right?
Thank you in advance
Peter
--
COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
--------------------------------------------------
1. GMX TopMail - Platz 1 und Testsieger!
2. GMX ProMail - Platz 2 und Preis-Qualitätssieger!
3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post
|
|
From: Mrs. B. <mrs...@ni...> - 2003-07-23 13:52:25
|
No, it's not normal behavior. Try recompiling with -g and attaching gdb to the process. If/when it dies, your gdb window should tell you why, and with a backtrace, where. On Mon, 2003-07-21 at 18:30, Mariano Absatz wrote: > Hi, > > I'm still trying out ldapdns 2.04... I see it ocassionally dying for no > aparent reason... even when there are no queries or any other interaction. > > Right now its mostly idle, noone queries it and I have a perl script that > periodically (every 15 minutes), parses the tree looking for domains for > which I'm secondary and checking if the SOA serial changed, if it did so, it > will delete the domain from the local ldap and retransfer it (from a BIND > server). > > The script is based on admin/transfer_zone, I added an objectclass and a > couple of attributes to handle the automatic discovery of secondary zones and > master servers. > > I thought my script was responbible for ldapdns dying, but I've been checking > it and I've seen it die between one run and another of my script... > > I'm running ldapdns under supervise, and it wakes up again immediately, but > it doesn't even log a line about why it died?... > > Is this "normal" behaviour? Can I change anything so that I can, at least, > see anything in the logs? > > This is a typical multilog output (|tai64nlocal): > > 2003-07-21 15:10:19.860510500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:10:23.179338500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:10:24.201095500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:10:27.183295500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:10:31.251570500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:10:35.191314500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:21:43.546799500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:21:47.302131500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:21:52.612205500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:21:55.176499500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:21:56.272321500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:21:58.546940500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:22:02.212474500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:22:03.546919500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:22:04.662829500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:22:07.176844500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:22:10.177428500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:22:15.177390500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:49:56.458340500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:50:00.274094500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 15:50:08.274382500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 16:07:20.504596500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 16:07:24.523136500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 16:07:32.174394500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 16:12:54.316440500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 16:12:58.178170500 ldapdns info: starting ldapdns 2.04 (1:1/128) > 2003-07-21 16:13:06.178535500 ldapdns info: starting ldapdns 2.04 (1:1/128) > > > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > Marriage is a fine institution - but I'm not ready for an institution. > -- Mae West > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > Ldapdns-users mailing list > Lda...@li... > https://lists.sourceforge.net/lists/listinfo/ldapdns-users |
|
From: Mariano A. <ld...@li...> - 2003-07-21 22:30:38
|
Hi,
I'm still trying out ldapdns 2.04... I see it ocassionally dying for no
aparent reason... even when there are no queries or any other interaction.
Right now its mostly idle, noone queries it and I have a perl script that
periodically (every 15 minutes), parses the tree looking for domains for
which I'm secondary and checking if the SOA serial changed, if it did so, it
will delete the domain from the local ldap and retransfer it (from a BIND
server).
The script is based on admin/transfer_zone, I added an objectclass and a
couple of attributes to handle the automatic discovery of secondary zones and
master servers.
I thought my script was responbible for ldapdns dying, but I've been checking
it and I've seen it die between one run and another of my script...
I'm running ldapdns under supervise, and it wakes up again immediately, but
it doesn't even log a line about why it died?...
Is this "normal" behaviour? Can I change anything so that I can, at least,
see anything in the logs?
This is a typical multilog output (|tai64nlocal):
2003-07-21 15:10:19.860510500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:10:23.179338500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:10:24.201095500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:10:27.183295500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:10:31.251570500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:10:35.191314500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:21:43.546799500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:21:47.302131500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:21:52.612205500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:21:55.176499500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:21:56.272321500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:21:58.546940500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:22:02.212474500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:22:03.546919500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:22:04.662829500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:22:07.176844500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:22:10.177428500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:22:15.177390500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:49:56.458340500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:50:00.274094500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 15:50:08.274382500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 16:07:20.504596500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 16:07:24.523136500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 16:07:32.174394500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 16:12:54.316440500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 16:12:58.178170500 ldapdns info: starting ldapdns 2.04 (1:1/128)
2003-07-21 16:13:06.178535500 ldapdns info: starting ldapdns 2.04 (1:1/128)
--
Mariano Absatz
El Baby
----------------------------------------------------------
Marriage is a fine institution - but I'm not ready for an institution.
-- Mae West
|
2 messages has been excluded from this view by a project administrator.
