15.1 Logging
16.1.4 Exporting Configuration and Script Information
You can use the ICE zone handler, to export the DNS server, zone configuration information, and data from eDirectory and write it to the files.
“Command Line Parameters for ICE Zone Export” on page 189
Command Line Parameters for ICE Zone Export
“Source Handler Options” on page 190 “Destination Handler Options:” on page 190
-d <bind dn> The distinguished name with which you want to bind to the LDAP server.
NOTE: The fully distinguished name specified here should be the same as the name specified in the destination LDAP handler options (–d option).
-w <password> The password for the Bind DN.
NOTE: The password specified here should be the same as the password specified in the destination LDAP handler options (–w option). If you do not specify the password for bind DN, only those LDAP operations that do not need authentication will pass and the rest will fail.
Source Handler Options
ice –S ZONE –s<source server> [–p<source LDAP port>] [–d<user name in source
server>] [–w<password for source server>] <[–b <DNS Server DN>] [–x <Zone context>]> [–F <LDAP filter>] –D {Destination Handler with options}
Options Descriptions
-s <server name> Specify the LDAP server name or IP address to which the zone and configuration information. The default is the local machine (127.0.0.1/”local host”)
The server name specified here should be the same as specified in the destination LDAP handler options (–s option).
-p <port no> Specify the port number where the server is listening. The default value is 389.
The port number specified here should be the same as specified in the destination LDAP handler options (–p option).
-d <bind dn> Specify the distinguished name with which you want to bind to the LDAP server.
The fully distinguished name specified here should be the same as specified in the destination LDAP handler options (–d option). -w <password> Specify the password for the Bind DN.
The password specified here should be the same as specified in the destination LDAP handler options (–w option). If you do not specify the password for bind DN, only those LDAP operations that do not need authentication will pass and the rest will fail.
-b <DNS Server DN> Specify the FDN of the DNS server object.
The handler uses this information to read the configuration information and also to detect zone objects that fall under the administrative domain of this server.
If –b option is not specified, the configuration information is not exported and only the zone master files will be formed.
-x <Zone Context> Specify the context, from which the zone objects will be exported. x or b option must be specified. If b option is specified without the x option, all zones belonging to that DNS server will be exported. If both these options are specified, the configuration information is exported from the specified DNS server and the zone data with configuration from the specified zone objects.
-F <LDAP filter> Specify the LDAP-compliant filter. This acts in conjunction with the –x option described above to specify the zone objects to export. The default value is objectClass=*
The –F options works only with the –x option, to export all zones under the given context that match the given filter, and not when both –b and –x are specified.
DNS/DHCP Advanced Features 191
<path> is the path where the output files are created. The files that are created are named.conf and the zone master files, with the corresponding names of the zone objects as they are in the eDirectory. By default, all zone information is created in the current directory if the ‐p option is not specified. For example, ice –S ZONE –b cn=DNS_MYSERVER,o=novell –s 164.99.1.1 –p 389 –d cn=admin,o=novell –w mypassword –D ZONE –p /home/user/db/
16.2
What’s Next
The next section provides information on installing DNS with the Domain Services for Windows pattern.
17
DNS-DSfW Integration 193 17DNS-DSfW Integration
Novell Domain Services for Windows (DSfW), a component of Open Enterprise Server (OES) 2 SP3, creates seamless cross‐authentication capabilities between Windows/Active Directory and Novell OES 2 Linux/eDirectory servers. This suite of technologies allows Novell customers with Windows networking environments to set up one or more “virtual” Active Directory domains in an eDirectory tree. Users can then log in and authenticate to both eDirectory and Active Directory from a Windows workstation without requiring multiple logins or having the Novell Client for Windows installed. These technologies also enable the user to access Novell File and Print services without a Novell Client on their windows workstations. Administrators can use Novell iManager or Microsoft management consoles to manage users and groups in the directory. Active Directory implementation is based on domain naming standards. Service registration and queries are processed through a DNS server. Microsoft integrates its own directory‐based DNS, and DHCP services Active Directory deployments. In DSfW, bind was used as the DNS server. With DNS‐DSfW integration, bind is replaced by novell‐ bind to be used as the DNS server in OES 2 SP3. As a part of this integration, the following changes are observed in the installation scenarios: IMPORTANT: In a Domain Services for Windows (DSfW) environment, if the services persist difficulties, then the novell‐named, ntpd, and nscd AppArmor profiles should be loaded in complain mode. Section 17.1, “Normal eDirectory with DNS,” on page 193 Section 17.2, “DSfW with DNS,” on page 194 Section 17.3, “DSfW with Remote DNS (Child Domains),” on page 195 Section 17.4, “Scenarios,” on page 195 Section 17.5, “FAQs,” on page 196 Section 17.6, “What’s Next,” on page 19717.1
Normal eDirectory with DNS
For more information on eDirectory with DNS installation, refer Section 11.2, “Installing the DNS Server,” on page 135
IMPORTANT: DNS loads zone database from the file despite eDirectory availability. Hence, the