My notes on replacing /etc/hosts with LDAP

From Docunext Technology Wiki

I had a tough time finding documentation on how to setup GNU/Linux and LDAP, but in the end its not too tough. I was making the mistake of trying to use DNS entries rather than ipHosts.

Contents 1 Configuration Files 1.1 /etc/nsswitch.conf 1.2 /etc/ldap/ldap.conf 2 Uses 3 Alternatives 4 External Links

Configuration Files

I've got a few notes to share:

/etc/nsswitch.conf

passwd:         files mysql ldap
group:          files mysql ldap
shadow:         files mysql ldap

hosts:          files dns ldap
networks:       files

/etc/ldap/ldap.conf

nss_base_hosts         ou=Hosts,dc=example,dc=com?one

Test it out:

getent hosts

Uses

Why did I want to setup LDAP to resolve simple hostnames? I wanted to do this to override public DNS records. I use pfSense and m0n0wall to setup VPNs, and services behind the firewalls are sometimes inhibited by the fact that public IP addresses won't resolve due to IP masquerading.

I had originally setup several private DNS servers, but that proved to be a bit of a pain to manage.

Alternatives

Now I'm actually using pdnsd for internal hostnames. I store the information in ldap, then convert it to text in /etc/hosts, and then share it with pdnsd.

External Links

• http://www.linux.com/base/ldp/howto/archived/LDAP-Implementation-HOWTO/dns.html