[Date Prev][Date Next]
Re: Matching rule against IP subnet
Emmanuel Dreyfus wrote:
As far as I know, it is not possible to match an IP subnet. For
instance, if I have an object like this:
And this kind of thing does not seems available:
I can think of a few useful matching rules:
subnetExactMatch (192.0.2.5/24 and 192.0.2.10/24 are the same)
- can someone confirm this cannot be done yet?
- is there a RFC to implement that does this? Or should I start with
what I have though about and presented above?
- is this functionnality welcome?
- where do I start to implement it? The thing happen in schema_init.c
No, just write it as a loadable module.
but I need to select an OID. How?
Same way anyone else does. Register an OID for your organization and manage it
as you see fit.
The motivation is DNS configuration stored in LDAP. That feature could
enable the delegation of subnet management to different administrators,
the access being enforced by slapd ACL.
Subnets and DNS domains are quite distinct and don't map directly onto each
other. I don't think you've presented a clear case for (or even a clear
description of) this functionality yet.
In my own domain-based directories I simply use the DN hierarchy:
A lookup for 220.127.116.11 will return NoSuchObject with MatchedDN =
dc=73,dc=216,... and a lookup of that MatchedDN gives me the info I need.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/