我在一个bind9 Linux主机上安装了ldap.my.dom ,将ldap.my.domparsing到我的一个ldap服务器(replicated:ldap1 / master和ldap2 / slave) – 都运行Ubuntu 14.04和slapd 2.4.31-1 + nmu2ubuntu8。 4。 当我设置RRDS时,我很肯定ldapsearch在查询ldap.my.dom时会碰到两个RRDS主机。 这似乎是由于某种原因最近打破了,或者也许我完全错过了它在安装过程中。 想知道我在这里有什么问题。
当我使用nslookup (在我的testing环境中从ldap1运行所有这些)时,我可以看到RRDS正常工作,在后续运行中返回不同的顺序:
test# nslookup ldap.my.dom Server: 10.7.1.4 Address: 10.7.1.4#53 Name: ldap.my.dom Address: 10.7.1.21 <<<< .21 first Name: ldap.my.dom Address: 10.7.1.22 test# nslookup ldap.my.dom Server: 10.7.1.4 Address: 10.7.1.4#53 Name: ldap.my.dom Address: 10.7.1.22 Name: ldap.my.dom Address: 10.7.1.21 <<<< .21 now second
不知道这很重要,但nslookup显示PTRlogging也适用于ldap1和ldap2
Server: 10.7.1.4 Address: 10.7.1.4#53 21.1.7.10.in-addr.arpa name = ldap1.my.dom. <<<< .21 is ldap1 test# nslookup 10.7.1.22 Server: 10.7.1.4 Address: 10.7.1.4#53 22.1.7.10.in-addr.arpa name = ldap2.my.dom. <<<< .22 is ldap2
/etc/hosts似乎正常:
127.0.0.1 localhost 10.7.1.21 ldap1.my.dom ldap1 10.7.1.6 mailgw.my.dom mailgw ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
nsswitch.conf包含适当的条目,据我所知:
passwd: files ldap group: files ldap shadow: files ldap hosts: files dns <<<< nothing weird here networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
ldap.conf和/etc/ldap/ldap.conf都包含RRDNS名称
test# egrep -v '($^|\#)' /etc/ldap.conf base dc=my,dc=dom uri ldap://ldap.my.dom <<<< using RRDS hostname ldap_version 3 pam_password md5 ssl start_tls tls_reqcert allow TLS_CACERT /etc/ssl/certs/ca-certificates.crt nss_initgroups_ignoreusers avahi,...(truncated for brevity),www-data pam_password crypt pam_login_attribute uid test# egrep -v '($^|\#)' /etc/ldap/ldap.conf base dc=my,dc=dom uri ldap://ldap.my.dom <<<< using RRDS hostname ldap_version 3 pam_password md5 ssl start_tls tls_reqcert allow TLS_CACERT /etc/ssl/certs/ca-certificates.crt nss_initgroups_ignoreusers avahi,...(truncated for brevity),www-data pam_password crypt pam_login_attribute uid
我应该在哪里找出为什么ldapsearch只碰到.21主机? 我没有在此主机上安装nscd或其他DNScaching服务。
test# while [ 1 ]; do ldapsearch -d255 -x -b "dc=my,dc=dom" -h ldap 2>&1| grep ldap_connect_to_host; sleep 2; done ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389 <<<< always .21?? ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389 ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389 ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389 ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389 ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389 ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389 ldap_connect_to_host: TCP ldap:389 ldap_connect_to_host: Trying 10.7.1.21:389