[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Matching rule against IP subnet



Emmanuel Dreyfus wrote:
Hello

As far as I know, it is not possible to match an IP subnet. For
instance, if I have an object like this:

dn: cn=foo,o=example
managedAddr: 192.0.2.0/24

And this kind of thing does not seems available:
ldapsearch 'managedAddr:addressInSubnetMatch:=192.0.2.1'

I can think of a few useful matching rules:
addressInSubnetMatch
subnetInSubnetMatch
subnetContainsSubnetMatch
subnetContainsAddressMatch
subnetExactMatch        (192.0.2.5/24 and 192.0.2.10/24 are the same)

Questions:
- can someone confirm this cannot be done yet?
- is there a RFC to implement that does this? Or should I start with
what I have though about and presented above?
- is this functionnality welcome?
- where do I start to implement it? The thing happen in schema_init.c
and schema_prep.c,

No, just write it as a loadable module.

but I need to select an OID. How?

Same way anyone else does. Register an OID for your organization and manage it as you see fit.


The motivation is DNS configuration stored in LDAP. That feature could
enable the delegation of subnet management to different administrators,
the access being enforced by slapd ACL.

Subnets and DNS domains are quite distinct and don't map directly onto each other. I don't think you've presented a clear case for (or even a clear description of) this functionality yet.


In my own domain-based directories I simply use the DN hierarchy:

	dc=doubleclick,dc=net,ou=spam,dc=highlandsun,dc=com
	dc=73,dc=216,dc=in-addr,dc=arpa,ou=spam,dc=highlandsun,dc=com

etc...

A lookup for 216.73.86.10 will return NoSuchObject with MatchedDN = dc=73,dc=216,... and a lookup of that MatchedDN gives me the info I need.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/