The source and destination handlers available to the application, with other information such as the version of the handlers and the modes in which they operate, must be provided in the ice.conf file in the /etc/opt/novell/eDirectory/conf/ directory. You modify the ice.conf file by appending the zone handler information.
[Zone] Version: 1.0 Mode: FromFile, FromServer, ToFile Module name: zone Flags: 1
The mode is used to convey the information about the functionality supported by the handler. In the example above, the mode is FromFile, FromServer, ToFile because the zone handler can read from the file, read from the server, and write to the file.
The LDAP handler is used to write to the directory. Ensure that ice.conf also contains the following:
[LDAP] Version: 1.0 Mode: FromServer, ToServer Module Name: ldaphdlr Flags: 1
The module name specifies the handler name. Flags specifies the flags that should be sent to the destination handler. Currently, the only flag available is for LBURP.
Clear-text passwords should be enabled in the LDAP group object to avoid LDAP bind operation failure. You can do this by using iManager.
You can use the ICE zone handler, (named.conf file) along with the corresponding zone master files can be migrated to Novell eDirectory, or a script file can be formed in a particular format. This script file is used to migrate the zone master files of the desired zones, without changing the server and zone configuration information.
The import operation generates an output script file that indicates the status of the zone import with a “done:” token at the beginning of zones imported successfully. If an import fails for a particular zone, the corresponding output script file generated not have a “done:” token for that particular zone and the script file can be reused to import the failed zone later.
ice –S ZONE –f <input file> [–t scr | conf] –x < zone context> –b <DNS server DN> [–l <log file name>] [–r] [–s <LDAP server name>] [–p <port no>] [–d <bind dn>] [–w <password>] –D {Destination Handler with options}
|
Options |
Descriptions |
|---|---|
|
-f <input file> |
The absolute name of the input file. The input file can be either a configuration file (typically named.conf) or a script file. The type of the file passed is specified with the –t option. |
|
-t {scr | conf} |
The type of the file passed with the –f option. scr is used to indicate that a script file is being passed and conf is used to indicate that a configuration file is being passed. scr is the default option used when –t is not specified. |
|
-l <log file name> |
The name of the log file where the messages are logged. By default, the /etc/opt/novell/named/zoneimp.log file is created. If any error is encountered, the important messages are printed on the ICE screen. |
|
-x <zone context> |
The context under which the zone objects are created. |
|
-b <DNS Server DN> |
The distinguished name of the DNS server in Novell eDirectory. The imported zones are associated with this DNS server. This is required to link the imported zone objects to the DNS server and vice versa. |
|
-r |
The zone object, if already present, should be replaced. If this option is not specified, the existing zone objects are not disturbed. |
|
-s <LDAP server name> |
The LDAP server name or IP address to which the zone and configuration information are imported. The default is the local machine (127.0.0.1/”local host”). NOTE:The server name specified here should be the same as the name specified in the destination LDAP handler options (–s option). |
|
-p <port no> |
The port number where the LDAP server is listening. The default value is 389 . NOTE:The port number specified here should be the same as the port specified in the destination LDAP handler options (–p option). |
|
-d <bind dn> |
The distinguished name with which you want to bind to the LDAP server. NOTE:The fully distinguished name specified here should be the same as the name specified in the destination LDAP handler options (–d option). |
|
-w <password> |
The password for the Bind DN. NOTE:The password specified here should be the same as the password specified in the destination LDAP handler options (–w option). If you do not specify the password for bind DN, only those LDAP operations that do not need authentication will pass and the rest will fail. |
Example for Command Line Options: ice –S ZONE –f /home/user/db/named.conf -t conf –s 164.10.1.1 –x o=novell –b cn=DNS_MYSERVER,o=novell –d cn=admin,o=novell –w mypassword –D LDAP –s 164.10.1.1 –d cn=admin,o=novell –w mypassword
Script File Format: A typical line from a script file contains the following fields.
<type of zone> <zone name> [master server IP] <master file name> [zone context] [comments] /* end of line */
Type of Zone: Primary or Secondary.
Zone Name: The domain name for which the resource records are to be imported.
Master Server IP: The IP address of the master server, if the zone is a secondary zone.
Master File Name: The file that contains the resource records.
Zone Context: The context where the zone object should be created.
Comments: Any ASCII pattern, the first character being a semicolon (;)
For example, primary novell.com /home/user/db/novell.com.db; primary zone secondary novell.com 164.1.1.1 /home/user/db/novell.com.db;
Named.conf File Format: The handler supports BIND 9.2 named.conf format only. It interoperates with Novell extended attributes in the named.conf file. That is, it ignores those attributes during import. The existing BIND4 and BIND8 conf files must be converted to BIND9 format before passing them to this utility.
You can use the ICE zone handler, to export the DNS server, zone configuration information, and data from eDirectory and write it to the files.
ice –S ZONE –s<source server> [–p<source LDAP port>] [–d<user name in source server>] [–w<password for source server>] <[–b <DNS Server DN>] [–x <Zone context>]> [–F <LDAP filter>] –D {Destination Handler with options}
|
Options |
Descriptions |
|---|---|
|
-s <server name> |
Specify the LDAP server name or IP address to which the zone and configuration information. The default is the local machine (127.0.0.1/”local host”) The server name specified here should be the same as specified in the destination LDAP handler options (–s option). |
|
-p <port no> |
Specify the port number where the server is listening. The default value is 389 . The port number specified here should be the same as specified in the destination LDAP handler options (–p option). |
|
-d <bind dn> |
Specify the distinguished name with which you want to bind to the LDAP server. The fully distinguished name specified here should be the same as specified in the destination LDAP handler options (–d option). |
|
-w <password> |
Specify the password for the Bind DN. The password specified here should be the same as specified in the destination LDAP handler options (–w option). If you do not specify the password for bind DN, only those LDAP operations that do not need authentication will pass and the rest will fail. |
|
-b <DNS Server DN> |
Specify the FDN of the DNS server object. The handler uses this information to read the configuration information and also to detect zone objects that fall under the administrative domain of this server. If –b option is not specified, the configuration information is not exported and only the zone master files will be formed. |
|
-x <Zone Context> |
Specify the context, from which the zone objects will be exported. x or b option must be specified. If b option is specified without the x option, all zones belonging to that DNS server will be exported. If both these options are specified, the configuration information is exported from the specified DNS server and the zone data with configuration from the specified zone objects. |
|
-F <LDAP filter> |
Specify the LDAP-compliant filter. This acts in conjunction with the –x option described above to specify the zone objects to export. The default value is objectClass=* The –F options works only with the –x option, to export all zones under the given context that match the given filter, and not when both –b and –x are specified. |
D ZONE –p <path>
<path> is the path where the output files are created. The files that are created are named.conf and the zone master files, with the corresponding names of the zone objects as they are in the eDirectory.
By default, all zone information is created in the current directory if the -p option is not specified.
For example, ice –S ZONE –b cn=DNS_MYSERVER,o=novell –s 164.99.1.1 –p 389 –d cn=admin,o=novell –w mypassword –D ZONE –p /home/user/db/