bind-dyndb-ldap integration

Hika van den Hoven hikavdh at
Sat Mar 25 04:08:01 UTC 2017

Hoi Hika,

Sorry for my initial double post. I posted after my application and it
got lost. I got a bounce today and reapplied my question. Within 30
min I suddenly got linked in an both my initial post and my repost got
through, including all data from the last two days. Again sorry.

My main uncertainty is where my 'error message' comes from. Is it bind
or dyndb-ldap. In the later case I have to look there. Can at least
anybody give clearity there? Maybe any of the devs listening in?

Wednesday, March 22, 2017, 6:56:55 PM, you wrote:

> Hoi All,

> If have been using bind (and openldap) for a few years. When I first
> set-up bind I looked at possibilities for ldap integration and tried
> sdb-ldap, but found its response time bad. So instead I have since
> used the ldap2zone tool to daily update my zone-files.
> Recently I have been looking again and came upon bind-dyndb-ldap. It
> looks good, although it does not jet have the complete configuration
> set dhcp-ldap has for ics-dhcp.
> The last two weeks I have been reading everything I could find.

> I have so far:
>  - added the bind-dyndb-ldap schema to ldap. (marked out the
>    'dNSdefaultTTL' attribute as it reuses the OID for 'zoneName' in
>    the dnszone schema which I for now still need)
>  - converted my old zone-data into a new tree.
>  - compiled bind-dyndb-ldap-11.1. I run Gentoo, but found an overlay
>    for 11.0 and changed it for 11.1.
>  - Updated to bind 9.11.0-p3
>  - Added:
>          dyndb DNS-ldap "/usr/lib64/bind/" {
>                 uri "ldap://localhost:389";
>                 base "cn=DNSdyndb, dc=home";
>                 auth_method "simple";
>                 bind_dn "cn=Admin, dc=home";
>                 password "my-secret";
>                 directory "dyn";
>                 verbose_checks yes;
>         };

> and got stuck.
> I tried the uri with and without the portnumber, as it says her, as an
> IP-number...
> For now I use my rootdn, but once working I'll create a dedicated user
> with local full rights, as I have with dhcp.
> I have looked through configure for bind if I have to enable
> something, have tried removing dlz from bind, but time and again it
> won't work.

> Running named with `-d 10 -g -u named` from the command line got me
> some more info but I still do not understand what goes wrong. Let
> alone what I have to do.

> The above gives me with the leading datetime removed:
> `
>  ...
>  loading DynDB instance 'DNS-ldap'driver '/usr/lib64bind/'
>  bind-dyndb-ldap version 11.1 compiled at 21:34:13 Mar 20 2017,
>      compiler 4.9.4
>  registered dynamic ldap driver for DNS-ldap.
>  adding task 0x7fd80df75010 to syncrepl list; 1 task in list
>  configuration for dyndb instance 'DNS-ldap' (starting in file
>      /etc/bind/named.conf on line 44):
>  auth_method "simple";
>  base "cn=DNSdyndb, dc=home";
>  bind_dn "cn=Admin, dc=home";
>  directory "dyn";
>  password "????????";
>  uri "ldap://localhost:389";
>  verbose_checks yes;

>  cannot parse settings for 'named.conf for database DNS-ldap': not
>      found
>  LDAP instance 'DNS-ldap' destroyed
>  ...
> `

> And bind is shut-down???

Tot mails,
  bind userlist                            mailto:hikavdh at

"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"

De lerende Mens

More information about the bind-users mailing list