IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Configure BIND LDAP driver to use SASL authentication

Browse Source 
We use /etc/named.keytab generated by ipa-server-install to authenticate
against the LDAP server. Also tidy up /etc/named.conf since we're there.
This commit is contained in:
Martin Nagy 2009-06-09 14:59:11 +02:00 committed by Simo Sorce
parent 9fe707a3f2
commit 5149803873
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
install/share/bind.named.conf.template
View File

@ -5,16 +5,15 @@ options {
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
/* Not used yet, support only on very recent bind versions */
# tkey-gssapi-credential "DNS/$FQDN";
# tkey-domain "$REALM";
tkey-gssapi-credential "DNS/$FQDN";
tkey-domain "$REALM";
};
logging {
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
@ -32,5 +31,7 @@ dynamic-db "ipa" {
library "ldap.so";
arg "uri ldap://$FQDN";
arg "base cn=dns, $SUFFIX";
arg "auth_method none";
arg "auth_method sasl";
arg "sasl_mech GSSAPI";
arg "sasl_user DNS/$FQDN";
};