summaryrefslogtreecommitdiffstats
path: root/contrib/dlz/modules/ldap/testing
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/dlz/modules/ldap/testing')
-rw-r--r--contrib/dlz/modules/ldap/testing/README10
-rw-r--r--contrib/dlz/modules/ldap/testing/dlz.schema187
-rw-r--r--contrib/dlz/modules/ldap/testing/example.ldif168
-rw-r--r--contrib/dlz/modules/ldap/testing/named.conf46
-rw-r--r--contrib/dlz/modules/ldap/testing/slapd.conf44
5 files changed, 455 insertions, 0 deletions
diff --git a/contrib/dlz/modules/ldap/testing/README b/contrib/dlz/modules/ldap/testing/README
new file mode 100644
index 0000000..69b1381
--- /dev/null
+++ b/contrib/dlz/modules/ldap/testing/README
@@ -0,0 +1,10 @@
+These files were used for testing on Ubuntu Linux using OpenLDAP.
+
+- Move aside /etc/ldap/slapd.d
+- Move slapd.conf to /etc/ldap
+- Move dlz.schema to /etc/ldap/schema/dlz.schema
+- Run "/etc/init.d/slapd restart"
+- Run "ldapadd -x -f example.ldif -D 'cn=Manager,o=bind-dlz' -w secret"
+
+LDAP server is now loaded with example.com data from the file example.ldif
+
diff --git a/contrib/dlz/modules/ldap/testing/dlz.schema b/contrib/dlz/modules/ldap/testing/dlz.schema
new file mode 100644
index 0000000..6c79ab2
--- /dev/null
+++ b/contrib/dlz/modules/ldap/testing/dlz.schema
@@ -0,0 +1,187 @@
+#
+#
+# 1.3.6.1.4.1.18420.1.1.X is reserved for attribute types declared by the DLZ project.
+# 1.3.6.1.4.1.18420.1.2.X is reserved for object classes declared by the DLZ project.
+# 1.3.6.1.4.1.18420.1.3.X is reserved for PRIVATE extensions to the DLZ attribute
+# types and object classes that may be needed by end users
+# to add security, etc. Attributes and object classes using
+# this OID MUST NOT be published outside of an organization
+# except to offer them for consideration to become part of the
+# standard attributes and object classes published by the DLZ project.
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.10
+ NAME 'dlzZoneName'
+ DESC 'DNS zone name - domain name not including host name'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.20
+ NAME 'dlzHostName'
+ DESC 'Host portion of a domain name'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.30
+ NAME 'dlzData'
+ DESC 'Data for the resource record'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.40
+ NAME 'dlzType'
+ DESC 'DNS record type - A, SOA, NS, MX, etc...'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.50
+ NAME 'dlzSerial'
+ DESC 'SOA record serial number'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.60
+ NAME 'dlzRefresh'
+ DESC 'SOA record refresh time in seconds'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.70
+ NAME 'dlzRetry'
+ DESC 'SOA retry time in seconds'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.80
+ NAME 'dlzExpire'
+ DESC 'SOA expire time in seconds'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.90
+ NAME 'dlzMinimum'
+ DESC 'SOA minimum time in seconds'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.100
+ NAME 'dlzAdminEmail'
+ DESC 'E-mail address of person responsible for this zone - @ should be replaced with . (period)'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.110
+ NAME 'dlzPrimaryNS'
+ DESC 'Primary name server for this zone - should be host name not IP address'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.120
+ NAME 'dlzIPAddr'
+ DESC 'IP address - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40}
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.130
+ NAME 'dlzCName'
+ DESC 'DNS cname'
+ SUP name
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.140
+ NAME 'dlzPreference'
+ DESC 'DNS MX record preference. Lower numbers have higher preference'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.150
+ NAME 'dlzTTL'
+ DESC 'DNS time to live - how long this record can be cached by caching DNS servers'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.18420.1.1.160
+ NAME 'dlzRecordID'
+ DESC 'Unique ID for each DLZ resource record'
+ SUP name
+ SINGLE-VALUE )
+
+#------------------------------------------------------------------------------
+# Object class definitions
+#------------------------------------------------------------------------------
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.10
+ NAME 'dlzZone'
+ DESC 'Zone name portion of a domain name'
+ SUP top STRUCTURAL
+ MUST ( objectclass $ dlzZoneName ) )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.20
+ NAME 'dlzHost'
+ DESC 'Host name portion of a domain name'
+ SUP top STRUCTURAL
+ MUST ( objectclass $ dlzHostName ) )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.30
+ NAME 'dlzAbstractRecord'
+ DESC 'Data common to all DNS record types'
+ SUP top ABSTRACT
+ MUST ( objectclass $ dlzRecordID $ dlzHostName $ dlzType $ dlzTTL ) )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.40
+ NAME 'dlzGenericRecord'
+ DESC 'Generic DNS record - useful when a specific object class has not been defined for a DNS record'
+ SUP dlzAbstractRecord STRUCTURAL
+ MUST ( dlzData ) )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.50
+ NAME 'dlzARecord'
+ DESC 'DNS A record'
+ SUP dlzAbstractrecord STRUCTURAL
+ MUST ( dlzIPAddr ) )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.60
+ NAME 'dlzNSRecord'
+ DESC 'DNS NS record'
+ SUP dlzGenericRecord STRUCTURAL )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.70
+ NAME 'dlzMXRecord'
+ DESC 'DNS MX record'
+ SUP dlzGenericRecord STRUCTURAL
+ MUST ( dlzPreference ) )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.80
+ NAME 'dlzSOARecord'
+ DESC 'DNS SOA record'
+ SUP dlzAbstractRecord STRUCTURAL
+ MUST ( dlzSerial $ dlzRefresh $ dlzRetry
+ $ dlzExpire $ dlzMinimum $ dlzAdminEmail $ dlzPrimaryNS ) )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.90
+ NAME 'dlzTextRecord'
+ DESC 'Text data with spaces should be wrapped in double quotes'
+ SUP dlzGenericRecord STRUCTURAL )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.100
+ NAME 'dlzPTRRecord'
+ DESC 'DNS PTR record'
+ SUP dlzGenericRecord STRUCTURAL )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.110
+ NAME 'dlzCNameRecord'
+ DESC 'DNS CName record'
+ SUP dlzGenericRecord STRUCTURAL )
+
+objectclass ( 1.3.6.1.4.1.18420.1.2.120
+ NAME 'dlzXFR'
+ DESC 'Host allowed to perform zone transfer'
+ SUP top STRUCTURAL
+ MUST ( objectclass $ dlzRecordID $ dlzIPAddr ) )
diff --git a/contrib/dlz/modules/ldap/testing/example.ldif b/contrib/dlz/modules/ldap/testing/example.ldif
new file mode 100644
index 0000000..8362b1e
--- /dev/null
+++ b/contrib/dlz/modules/ldap/testing/example.ldif
@@ -0,0 +1,168 @@
+# server suffix - o=bind-dlz
+
+dn: o=bind-dlz
+objectclass: organization
+o: bind-dlz
+
+dn: ou=dns,o=bind-dlz
+objectclass: organizationalUnit
+ou: dns
+
+dn: dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzZone
+dlzZoneName: example.com
+
+dn: dlzHostName=@,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzHost
+dlzHostName: @
+
+dn: dlzHostName=www,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzHost
+dlzHostName: www
+
+dn: dlzHostName=mail,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzHost
+dlzHostName: mail
+
+dn: dlzHostName=backup,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzHost
+dlzHostName: backup
+
+dn: dlzHostName=ns1,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzHost
+dlzHostName: ns1
+
+dn: dlzHostName=ns2,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzHost
+dlzHostName: ns2
+
+dn: dlzHostName=~,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzHost
+dlzHostName: ~
+
+dn: dlzRecordID=1,dlzHostName=@,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzGenericRecord
+dlzRecordID: 1
+dlzHostName: @
+dlzType: txt
+dlzData: "this is a text record"
+dlzTTL: 10
+
+dn: dlzRecordID=2,dlzHostName=www,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzARecord
+dlzRecordID: 2
+dlzHostName: www
+dlzType: a
+dlzIPAddr: 192.168.0.1
+dlzTTL: 10
+
+dn: dlzRecordID=3,dlzHostName=mail,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzARecord
+dlzRecordID: 3
+dlzHostName: mail
+dlzType: a
+dlzIPAddr: 192.168.0.2
+dlzTTL: 10
+
+dn: dlzRecordID=4,dlzHostName=backup,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzARecord
+dlzRecordID: 4
+dlzHostName: backup
+dlzType: a
+dlzIPAddr: 192.168.0.3
+dlzTTL: 10
+
+dn: dlzRecordID=5,dlzHostName=@,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzMXRecord
+dlzRecordID: 5
+dlzHostName: @
+dlzType: mx
+dlzData: mail
+dlzPreference: 20
+dlzTTL: 10
+
+dn: dlzRecordID=6,dlzHostName=@,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzMXRecord
+dlzRecordID: 6
+dlzHostName: @
+dlzType: mx
+dlzData: backup
+dlzPreference: 40
+dlzTTL: 10
+
+dn: dlzRecordID=7,dlzHostName=www,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzMXRecord
+dlzRecordID: 7
+dlzHostName: www
+dlzType: mx
+dlzData: backup
+dlzPreference: 40
+dlzTTL: 10
+
+dn: dlzRecordID=8,dlzHostName=www,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzMXRecord
+dlzRecordID: 8
+dlzHostName: www
+dlzType: mx
+dlzData: mail
+dlzPreference: 20
+dlzTTL: 10
+
+dn: dlzRecordID=9,dlzHostName=ns1,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzARecord
+dlzRecordID: 9
+dlzHostName: ns1
+dlzType: a
+dlzIPAddr: 192.168.0.4
+dlzTTL: 10
+
+dn: dlzRecordID=10,dlzHostName=ns2,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzARecord
+dlzRecordID: 10
+dlzHostName: ns2
+dlzType: a
+dlzIPAddr: 192.168.0.5
+dlzTTL: 10
+
+dn: dlzRecordID=11,dlzHostName=@,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzSOARecord
+dlzRecordID: 11
+dlzHostName: @
+dlzType: soa
+dlzSerial: 2
+dlzRefresh: 2800
+dlzRetry: 7200
+dlzExpire: 604800
+dlzMinimum: 86400
+dlzAdminEmail: root.example.com.
+dlzPrimaryns: ns1.example.com.
+dlzTTL: 10
+
+dn: dlzRecordID=12,dlzHostName=@,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzNSRecord
+dlzRecordID: 12
+dlzHostName: @
+dlzType: ns
+dlzData: ns1.example.com.
+dlzTTL: 10
+
+dn: dlzRecordID=13,dlzHostName=@,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzNSRecord
+dlzRecordID: 13
+dlzHostName: @
+dlzType: ns
+dlzData: ns2
+dlzTTL: 10
+
+dn: dlzRecordID=14,dlzHostName=~,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzARecord
+dlzRecordID: 14
+dlzHostName: ~
+dlzType: a
+dlzIPAddr: 192.168.0.250
+dlzTTL: 10
+
+dn: dlzRecordID=15,dlzZoneName=example.com,ou=dns,o=bind-dlz
+objectclass: dlzXFR
+dlzRecordID: 15
+dlzIPAddr: 127.0.0.1
diff --git a/contrib/dlz/modules/ldap/testing/named.conf b/contrib/dlz/modules/ldap/testing/named.conf
new file mode 100644
index 0000000..e79a02e
--- /dev/null
+++ b/contrib/dlz/modules/ldap/testing/named.conf
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+controls { };
+
+options {
+ directory ".";
+ port 5300;
+ pid-file "named.pid";
+ session-keyfile "session.key";
+ listen-on { any; };
+ listen-on-v6 { none; };
+ recursion no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 127.0.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+
+dlz "test" {
+ database "dlopen ../dlz_ldap_dynamic.so 2
+ v3 simple {cn=Manager,o=bind-dlz} {secret} {127.0.0.1}
+ ldap:///dlzZoneName=$zone$,ou=dns,o=bind-dlz???objectclass=dlzZone
+ ldap:///dlzHostName=$record$,dlzZoneName=$zone$,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))
+ ldap:///dlzHostName=@,dlzZoneName=$zone$,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
+ ldap:///dlzZoneName=$zone$,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))
+ ldap:///dlzZoneName=$zone$,ou=dns,o=bind-dlz??sub?(&(objectclass=dlzXFR)(dlzIPAddr=$client$))";
+};
diff --git a/contrib/dlz/modules/ldap/testing/slapd.conf b/contrib/dlz/modules/ldap/testing/slapd.conf
new file mode 100644
index 0000000..14c8ffb
--- /dev/null
+++ b/contrib/dlz/modules/ldap/testing/slapd.conf
@@ -0,0 +1,44 @@
+# this is the full path to the core.schema
+include /etc/ldap/schema/core.schema
+
+# this is the full path to the dlz.schema
+include /etc/ldap/schema/dlz.schema
+
+# these files hold the slapd process ID and program args when
+# slapd is started.
+pidfile /var/run/slapd/slapd.pid
+argsfile /var/run/slapd/slapd.args
+
+modulepath /usr/lib/ldap
+moduleload back_hdb
+
+# this allows ldap version 2 connections. You should comment
+# it out if you don't need ldap version 2.
+allow bind_v2
+
+# this sets up the Berkeley DB database backend for LDAP to use.
+database hdb
+
+# This is the root of the LDAP server. You still need to add
+# an entry to this location via a LDIF file, or you won't be
+# able to add anything else into the LDAP server.
+suffix "o=bind-dlz"
+
+# this is the "username" you have to use when connecting to the
+# ldap server to make updates. Type the whole thing exactly
+# as you see it as a parameter to ldapadd.
+rootdn "cn=Manager,o=bind-dlz"
+
+# this is the "password" you have to use when connecting to the
+# ldap server to make updates.
+rootpw secret
+
+# this is the directory that the LDAP server will create the
+# Berkeley DB backend in.
+directory /var/lib/ldap
+
+# this just adds some indexing to the LDAP server.
+# probably should have more to better optimize DLZ LDAP searches.
+index cn,sn,uid pres,eq
+index objectClass eq
+