[Date Prev][Date Next]
Re: OpenLDAP and "reverse" wildcards
15 apr 2009 kl. 09.43 skrev Howard Chu:
Pierangelo Masarati wrote:
Kjell Gustafsson wrote:
We are using OpenLDAP (openldap-server-2.4.11-bdb) and Berkley DB
in a project.
LDAP is used to store subscribernumbers and the address of the ippbx
subscriber is registered. Typically every subscriber have a
LDAP-database. We have a serverfunction that do ldap-searches for
subscribernumbers to retrieve the ippbx-address. This part is
working as is.
Now we want to be able to have a "wildcard"-entry in LDAP, that
address also. This entry shall respond to any ldap-search
Let me give an example:
We have, let's say four ippbx's with prefixes 111, 222, 333& 444. A
number consist of the prefix and five more digits. Each
in any ippbx and still be reachable. The prefix indicates the
Now we want to use a gateway to another telephone-system. We
don't want to
have all of the subscribers from that system registered in LDAP,
so we want
a "wildcard"-entry saying that if you dial 99912345 LDAP should
999xxxx pointing to the gateway for the subscribers in the other
The response to the ldap-search should contain the the gateway
telephone-system regardless of the number entered. So if I dial
should get the same response as if I dial 99967890.
The response shall have the same format as in the ippbx-solution. We
want the ldap
DIT to look the same for the wildcard and the others - the DN
We don't want to change the serverfunction we are using today.
So - finally my question:
Would it be possible to solve this with OpenLDAP and if so - how
The best way to handle this would be to move the logic towards the
application. If you want LDAP (and OpenLDAP) do handle it, you
move your application's logic into OpenLDAP. This requires to write
some code. You need to be able to intercept operations that requests
external numbers, and return a referral to the system that is able to
handle that request. Optionally, you can chain the request, so
client doesn't even need to handle the referral itself.
It might be pretty straightforward by defining an overlay that
The Right Thing (TM); of course, the devil is in the details, as
<commercial>You might need expert support to have this done quick and
Yes, most of the logic belongs in the application, but you can get
some help from LDAP if you design your DIT properly.
Remember that a directory is a hierarchical name space; if you
don't take advantage of that fact then you may as well just use an
Telephone numbers are also a hierarchical name space; there's a
natural mapping that makes this problem simple:
Given a user with subscriber number xxx-yyyyy just split the number
into two components:
This is pretty much how our DIT is designed.
Make the application always transform its lookups to match this
naming scheme. Then, for users who are "local" to the system, you
do a base search on exactly their number. For 123-4567, lookup
If it exists, you get the result back immediately. If the query is
999-12345 and only the prefix exists, then your lookup for
will fail, and the result will come back with a matchedDN of
If I understand you correctly I should have the following:
one entry per number and prefix for each of the subscribers I want to
register separately, i.e.
and so on, plus one entry for "the unknowns" like this
Then your app just has to look up the matchedDN entry, and proceed
from there. "Wildcards" are unnecessary.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/