Re: Matching rule against IP subnet

[Howard Chu <hyc@symas.com>]

Hallvard B Furuseth wrote:
> Emmanuel Dreyfus writes:
> > As far as I know, it is not possible to match an IP subnet.
> > For instance, if I have an object like this:
> > dn: cn=foo,o=example
> > managedAddr: 192.0.2.0/24
> >
> > And this kind of thing does not seems available:
> > ldapsearch 'managedAddr:addressInSubnetMatch:=192.0.2.1'
>
> Remember that even if it were, OpenLDAP does not support indexing for
> such filters.  So each search would have to inspect every IP-subnet
> entry in scope.
>
> That's another thing which would be quite nice if someone implemented
> someday: Indexing for extended filters.  Not me though...

Ugh...

> > - where do I start to implement it? The thing happen in schema_init.c
> > and schema_prep.c, but I need to select an OID. How?
>
> OpenLDAP has an experimental OID arc, but I don't know where to see
> which ones are used.

http://www.openldap.org/faq/data/cache/197.html

But I'm not convinced this is useful core functionality, which is why I 
suggested using your own registry for now.
--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/