[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and "reverse" wildcards

Howard Chu wrote:
Yes, most of the logic belongs in the application, but you can get some help from LDAP if you design your DIT properly. 

Howard,
from my (limited) experience, the answer is always: the DIT has already been designed with other needs in mind, so it is a constraint rather than an opportunity. For which is which, I concur your suggestion would make things naturally simple as they should be, but it requires: 

- to change the DIT design

- to change the logics of the client and provisioning applications

so it looks much easier to hack the process in between.

p.
Remember that a directory is a hierarchical name space; if you don't take advantage of that fact then you may as well just use an RDBMS.
Telephone numbers are also a hierarchical name space; there's a natural mapping that makes this problem simple:
Given a user with subscriber number xxx-yyyyy just split the number into two components: 
    number=yyyyy,prefix=xxx,ou=subscribers,dc=example,dc=com
Make the application always transform its lookups to match this naming scheme. Then, for users who are "local" to the system, you do a base search on exactly their number. For 123-4567, lookup 
    number=4567,prefix=123,ou=subscribers,dc=example,dc=com
If it exists, you get the result back immediately. If the query is 999-12345 and only the prefix exists, then your lookup for 
    number=12345,prefix=999,ou=subscribers,dc=example,dc=com
will fail, and the result will come back with a matchedDN of prefix=999,ou=subscribers,dc=example,dc=com
Then your app just has to look up the matchedDN entry, and proceed from there. "Wildcards" are unnecessary. 





Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------