[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Matching rule against IP subnet

To: hyc@symas.com (Howard Chu)
Subject: Re: Matching rule against IP subnet
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Sun, 16 Nov 2008 09:06:44 +0100
Cc: openldap-devel@openldap.org
In-reply-to: <491FC2F3.1060503@symas.com>
User-agent: MacSOUP/2.7 (unregistered for 666 days)

Howard Chu <hyc@symas.com> wrote:

> In my own domain-based directories I simply use the DN hierarchy:
> 
>       dc=doubleclick,dc=net,ou=spam,dc=highlandsun,dc=com
>       dc=73,dc=216,dc=in-addr,dc=arpa,ou=spam,dc=highlandsun,dc=com
> 

How do you get that working with BIND, for instance? The schema is
there:
http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt

Exemple:
dn: relativeDomainName=host,o=home
objectClass: dNSZone
relativeDomainName: host
zoneName: example.net
dNSClass: IN
aRecord: 192.0.2.3

dn: relativeDomainName=3,zoneName=2.0.192.in-addr.arpa,o=home
objectClass: dNSZone
relativeDomainName: 3
zoneName: 2.0.192.in-addr.arpa
dNSClass: IN
pTRRecord: host.example.net.

Currently, we have everything needed to setup an ACL so that John Doe
can only set a pTRRecord within *.sales.example.net.  One just have to
setup a val.regex ACL. 

But there is no way to tell that he can only set a pTRRecord within
192.0.2.128/25, therefore my inquiry on that topic.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: Matching rule against IP subnet
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- Re: Matching rule against IP subnet
  - From: Howard Chu <hyc@symas.com>

References:
- Re: Matching rule against IP subnet
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: test049, test050, test053 in HEAD now fail
Next by Date: Re: Matching rule against IP subnet
Index(es):
- Chronological
- Thread