7.1 Configuring the ICE Zone Handler

This section provides information about configuring the ICE zone handler.

7.1.1 Modifying the ice.cfg File

The source and destination handlers available to the application, with other information such as the version of the handlers and the modes in which they operate must be provided in the ice.cfg file in the sys:\system directory. You modify the ice.cfg file by appending the zone handler information.

[Zone]

Version 1.0

Mode: FromFile, FromServer, ToFile

Module name: zone

Flags: 1

The mode is used to convey the information about the functionality supported by the handler. In the example above, the mode is FromFile, FromServer, ToFile because zone handler can read from the file, read from the server, and write to the file.

The LDAP handler is used to write to the directory. Ensure ice.cfg also contains the following:

[LDAP]

Version: 1.0

Mode: FromServer, ToServer

Module Name: ldaphdlr

Flags: 1

The module name specifies the handler name. Flags specifies the flags that should be sent to the destination handler. Currently, the only flag available is for LBURP.

Enabling Clear-Text Passwords

Clear-text passwords should be enabled in the LDAP group object to avoid LDAP bind operation failure. You can do this using ConsoleOne®.

7.1.2 Importing Configuration and Script Files

Using the ICE zone handler, the named.con file, along with the corresponding zone master files can be migrated to Novell® eDirectory™, or a script file can be formed in a particular format. This script file is used to migrate the zone master files of the desired zones, without changing the server and zone configuration information.

The import operation generates an output script file that indicates the status of zone import with a token “done:” at the beginning of zones imported successfully. If an import fails for a particular zone, the corresponding output script file generated will not have a “done:” tag for that particular zone and the script file can be reused to import the failed zone later.

Command Line Parameters for ICE Zone Import

You can access online help for the command line parameters for zone handlers by typing ice –h zone at the system console of the NetWare® server.

Zone Source Handler Parameter: ice –S ZONE –f <input file> [–t scr | conf] –x < zone context> –b <DNS server DN> [–l <log file name>] [–r] [–s <LDAP server name>] [–p <port no>] [–d <bind dn>] [–w <password>] –D {Destination Handler with options }

Options

Descriptions

-f <input file>

The absolute name of the input file. The input file can be either a configuration file (typically named.con) or a script file. The type of the file passed is specified with the –t option.

-t {scr | conf}

The type of the file passed with the –f option. scr is used to indicate that a script file is being passed and conf is used to indicate that a configuration file is being passed. scr is the default option used when –t is not specified.

-l <log file name>

The name of the log file, where the messages are logged. By default, sys:\zoneimp.log file is created. If any error is encountered, the important messages are printed on the ICE screen.

NOTE:The ICE utility will create a log file named sys:\ice.log

-x <zone context>

The context under which the zone objects are created.

-b <DNS Server DN>

The distinguished name of the DNS server in Novell eDirectory. The imported zones are associated with this DNS server. This is required to link the imported zone objects to the DNS server and vice versa.

-r

The zone object, if already present, should be replaced. If this option is not specified, the existing zone objects are not disturbed.

-s <LDAP server name>

The LDAP server name or IP address to which the zone and configuration information will be imported. Default: local machine (127.0.0.1/”local host”)

NOTE:The server name specified here should be the same as specified in the destination LDAP handler options (–s option).

-p <port no>

The port number where the LDAP server is listening. The default value is 389 .

NOTE:The port number specified here should be the same as specified in the destination LDAP handler options (–p option).

-d <bind dn>

The distinguished name with which you want to bind to the LDAP server.

NOTE:The fully distinguished name specified here should be the same as specified in the destination LDAP handler options (–d option).

-w <password>

The password for the Bind DN.

NOTE:The password specified here should be the same as specified in the destination LDAP handler options (–w option). If you do not specify the password for bind DN, only those LDAP operations that do not need authentication will pass and the rest will fail.

LDAP Destination Handler Parameter: This can be obtained using the ice –h LDAP command at the system console of the NetWare server.

Example for Command Line Options: ice –S ZONE –f sys:/etc/dns/named.con –t conf –s 164.10.1.1 –x o=novell –b cn=DNS_MYSERVER,o=novell –d cn=admin,o=novell –w mypassword –D LDAP –s 164.10.1.1 –d cn=admin,o=novell –w mypassword

Script File Format: A typical line from a script file contains the following fields.

<type of zone> <zone name> [master server IP] <master file name> [zone context] [comments] /* end of line */

Type of Zone: Primary or Secondary.

Zone Name: The domain name for which the resource records are to be imported.

Master Server IP: The IP address of the master server, in case the zone is a secondary zone.

Master File Name: The file that contains the resource records.

Zone Context: The context where the zone object should be created.

Comments: Any ASCII pattern, the first character being a semicolon (;)

For example, primary novell.com sys:etc\dns\novell.com.db; primary zone secondary novell.com 164.1.1.1 sys:etc\dns\novell.com.db;

Named.conf File Format: The handler supports BIND 9.2 named.con format only. It interoperates with Novell-extended attributes in the named.con file. That is, it ignores those attributes during import. The existing BIND4 and BIND8 conf files must be converted to BIND9 format before passing them to this utility.

7.1.3 Exporting Configuration and Script Information

Using the ICE zone handler, the DNS server, zone configuration information, and data can be exported from eDirectory and written to the files.

Command Line Parameters for ICE Zone Export

Source Handler Options: ice –S ZONE –s<source server> [–p<source LDAP port>] [–d<user name in source server>] [–w<password for source server>] <[–b <DNS Server DN>] [–x <Zone context>]> [–F <LDAP filter>] –D {Destination Handler with options}

Options

Descriptions

-s <server name>

Specify the server name or IP address that contains the zone and configuration information. The default is the local machine (127.0.0.1)

-p <port no>

Specify the port number where the server is listening. The default value is 389 .

-d <bind dn>

Specify the distinguished name with which you want to bind to the LDAP server.

-w <password>

Specify the password for the Bind DN.

NOTE:If the bind DN or password is not given, the result is based on the LDAP anonymous bind operation, and might not export all of the data.

-b <DNS Server DN>

Specify the FDN of the DNS server object.

The handler uses this information to read the configuration information and also to detect zone objects that fall under the administrative domain of this server.

NOTE:If –b option is not specified, the configuration information is not exported and only the zone master files will be formed.

-x <Zone Context>

Specify the context, from which the zone objects will be exported.

x or b option must be specified. If b option is specified without the x option, all zones belonging to that DNS server will be exported. If both these options are specified, the configuration information is exported from the specified DNS server and the zone data with configuration from the specified zone objects.

-F <LDAP filter>

Specify the LDAP compliant filter. This acts in conjunction with the –x option described above to specify the zone objects to export. The default value is objectClass=*

The –F options works only with –x option, to export all zones under the given context which match the given filter, and not when both –b and –x are specified.

Destination Handler Options: D ZONE –p <path>

<path> - The path where the output files are created. The files that are created are named.conf and the zone master files, with the corresponding names of the zone objects as in the eDirectory.

By default, all zone information is created in the sys: \etc\dns\export volume and files, with names corresponding to the domain names.

For example, ice –S ZONE –b cn=DNS_MYSERVER,o=novell –s 143.72.1.1 –p 389 –d cn=admin,o=novell –w mypassword –D ZONE –p sys:\export\