This is a new LDAP driver for BIND9.
It allows you to read data and also write data back (DNS Updates) to an LDAP backend.
The new version v11 is compatible with BIND 9.11 and newer. It uses the new API accepted in upstream BIND.
Driver versions <= 10 used unofficial "dynamic database" API so you would need patches for official BIND9.
Documentation and support
Lastest documentation is available inside README in Git.
More detailed information is in wiki articles:
- Version numbering and release notes - What features do I have?
- How PTR record synchronization works (aka sync_ptr feature)
- What to do when named with bind-dyndb-ldap cannot start
- LDAP schema we use
- Migration from zone files to LDAP - How to import existing zone (master) files to LDAP
Did you encounter a bug? Please follow bug reporting guideline. Thank you!
The latest release is available at https://fedorahosted.org/released/bind-dyndb-ldap
Web interface to git repository is available at http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/
(please read General considerations)
- High-level design overview
- Locking overview
- LDAP synchronization overview
- Transition to BIND's native Red-Black Tree Database
- DNSSEC in-line signing support
- Generic support for unknown DNS RR types (RFC 3597)
- Meta-database for auxiliary data like LDAP UUID<->DNS name mapping
- Per-instance configuration in LDAP
- Per-instance record generation
Notes about BIND internals
Design goals and core decisions
- bind-dyndb-ldap was developed for needs of FreeIPA project (but it can be used independently, e.g. with OpenLDAP)
- FreeIPA defines most of bind-dyndb-ldap's high-level goals
- Today, some functionality and code overlaps with existing software. The open question is if we should do something about it, and what happens if we do not do anything. For further details see article about Maintainability.
- Some ideas about alternative approaches are on page SecondGeneration/Ideas.