AW: [Pdns-dev] ldapdns schema compatibility for LDAP backend [PATCH]

Norbert Sendetzky norbert at linuxnetworks.de
Fri Jan 9 22:35:10 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 02 January 2004 23:49, you wrote:
> > For AXFR the associatedDomain attribute is still needed (contrary
> > to your code), because NS and MX records should be part of the
> > same entry as the SOA record (they belong to the same object in
> > the dns hierarchy). But there is no possiblity to return both,
> > the base and the subtree entries in one query when the dn points
> > to the base entry
>
> Uh. This is very bad news. It forces to make a redundancy in the
> database. The same information is placed in DN and the
> associatedDomain. It is annoying if it is edited by hand with LDAP
> browser.

The redundancy provided by associatedDomain (or by the layout of the
tree - depends on the point of view) is good, because it speeds up
AXFR transfers. Your original code needs quite a lot time to
reconstruct the domain name from the node names.

But you are right, adding the attribute by hand is not feasable - not
if you have more than just a few records in your tree. I've therefore
written a converter, which creates a ldif file with the necessary
statements. It can be applied to the tree by ldapmodify. If you are
interested, I can send it to you.

> But I don't understand exactly. In my code everyting was working. I
> could even do a transfer to secondary DNS which was powered by
> BIND.

Yes, but I havn't rewritten it to fit into the the current cvs code. I
still think that it is better to simple generate the associateDomain
attribute and add them to the ldap entries.

> Could AXFR without assosiatedDomain be an option?

If you are still interested in a pure ldapdns mode, you are free to
adapt your code to the current ldap backend. But be aware of the fact
that the AXFR performance is hit by this solution.

The situation regarding the ldapdns PTR records is still unclear to
me. Perhaps you may also be interested in extending the conversion
tool to generate valid PTR record entries.


Norbert

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEUEARECAAYFAj//Ho4ACgkQxMLs5v5/7eBgygCUDdOu+qJy+z9PJ46wf6wcnY3t
4gCfRMsHs17Vl9QpL0QTzl4kG2+YKe8=
=T+gE
-----END PGP SIGNATURE-----

More information about the Pdns-dev mailing list