[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Matching rule against IP subnet

To: h.b.furuseth@usit.uio.no (Hallvard B Furuseth)
Subject: Re: Matching rule against IP subnet
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Sun, 16 Nov 2008 08:02:30 +0100
Cc: openldap-devel@openldap.org
In-reply-to: <hbf.20081116il06@bombur.uio.no>
User-agent: MacSOUP/2.7 (unregistered for 666 days)

Hallvard B Furuseth <h.b.furuseth@usit.uio.no> wrote:

> Remember that even if it were, OpenLDAP does not support indexing for
> such filters.  So each search would have to inspect every IP-subnet
> entry in scope.

Even if indexing is not available, the feature would still be useful for
ACL.

> BTW, one point to keep in mind: What do IP ranges look like in IPv6?

Same look: address "/" prefix
IPv6 addresses contain ":", prefixes are from 0 to 128
IPv4 addresses contain ".", prefixes are from 0 to 32.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

References:
- Re: Matching rule against IP subnet
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: test049, test050, test053 in HEAD now fail
Next by Date: Re: test049, test050, test053 in HEAD now fail
Index(es):
- Chronological
- Thread