[Pdns-dev] LDAP backend - extra attributes
Andy Rabagliati
andyr at wizzy.com
Sun Jan 14 13:18:35 CET 2007
On Wed, 10 Jan 2007, Andy Rabagliati wrote:
> Folks,
>
> I have a feature request for the LDAP backend.
>
> I would prefer to flatten the tree, so that all machines are at the
> same level, but have an extra attribute for the servers - perhaps
>
> businessCategory: Server
>
> That I could use as an additional selector for external DNS.
>
> The pdns config file could contain a parameter
>
> ldap-extraAttribute=businessCategory=Server
>
> used for all searches for my external server, but not used for the
> internal server.
>
> Am I being clear ?
I found http://wiki.linuxnetworks.de/index.php/Pdnsldap_troubleshooting
that pointed out that I could use ldap-filter-lookup to do what I needed
to do.
I patched the sources to (I think) fix the bug listed above, so the the
ldap backend documentation is now correct.
I attach the patch.
I did not manage to rebuild a .deb out of the subversion repositores
though, there seems to be quite a food chain for the development
environment.
Cheers, Andy!
-------------- next part --------------
Index: modules/ldapbackend/ldapbackend.cc
===================================================================
--- modules/ldapbackend/ldapbackend.cc (revision 941)
+++ modules/ldapbackend/ldapbackend.cc (working copy)
@@ -124,7 +124,7 @@
qesc = toLower( m_pldap->escape( target ) );
// search for SOARecord of target
- filter = strbind( ":target:", "(associatedDomain=" + qesc + ")", getArg( "filter-axfr" ) );
+ filter = strbind( ":target:", "associatedDomain=" + qesc, getArg( "filter-axfr" ) );
m_msgid = m_pldap->search( dn, LDAP_SCOPE_SUBTREE, filter, (const char**) ldap_attrany );
m_pldap->getSearchEntry( m_msgid, m_result, true );
@@ -135,7 +135,7 @@
}
prepare();
- filter = strbind( ":target:", "(associatedDomain=*." + qesc + ")", getArg( "filter-axfr" ) );
+ filter = strbind( ":target:", "associatedDomain=*." + qesc, getArg( "filter-axfr" ) );
DLOG( L << Logger::Debug << m_myname << " Search = basedn: " << dn << ", filter: " << filter << endl );
m_msgid = m_pldap->search( dn, LDAP_SCOPE_SUBTREE, filter, (const char**) ldap_attrany );
@@ -196,12 +196,12 @@
qesc = toLower( m_pldap->escape( qname ) );
- filter = "(associatedDomain=" + qesc + ")";
+ filter = "associatedDomain=" + qesc;
if( qtype.getCode() != QType::ANY )
{
attr = qtype.getName() + "Record";
- filter = "(&" + filter + "(" + attr + "=*))";
+ filter = "&(" + filter + ")(" + attr + "=*)";
attronly[0] = (char*) attr.c_str();
attributes = attronly;
}
@@ -229,23 +229,23 @@
if( parts.size() == 6 && len > 13 && qesc.substr( len - 13, 13 ) == ".in-addr.arpa" ) // IPv4 reverse lookups
{
- filter = "(aRecord=" + ptr2ip4( parts ) + ")";
+ filter = "aRecord=" + ptr2ip4( parts );
attronly[0] = "associatedDomain";
attributes = attronly;
}
else if( parts.size() == 34 && len > 9 && ( qesc.substr( len - 9, 9 ) == ".ip6.arpa" ) ) // IPv6 reverse lookups
{
- filter = "(aAAARecord=" + ptr2ip6( parts ) + ")";
+ filter = "aAAARecord=" + ptr2ip6( parts );
attronly[0] = "associatedDomain";
attributes = attronly;
}
else // IPv4 and IPv6 lookups
{
- filter = "(associatedDomain=" + qesc + ")";
+ filter = "associatedDomain=" + qesc;
if( qtype.getCode() != QType::ANY )
{
attr = qtype.getName() + "Record";
- filter = "(&" + filter + "(" + attr + "=*))";
+ filter = "&(" + filter + ")(" + attr + "=*)";
attronly[0] = (char*) attr.c_str();
attributes = attronly;
}
@@ -269,12 +269,12 @@
qesc = toLower( m_pldap->escape( qname ) );
- filter = "(associatedDomain=" + qesc + ")";
+ filter = "associatedDomain=" + qesc;
if( qtype.getCode() != QType::ANY )
{
attr = qtype.getName() + "Record";
- filter = "(&" + filter + "(" + attr + "=*))";
+ filter = "&(" + filter + ")(" + attr + "=*)";
attronly[0] = (char*) attr.c_str();
attributes = attronly;
}
@@ -520,9 +520,9 @@
declare( suffix, "binddn", "User dn for non anonymous binds","" );
declare( suffix, "secret", "User password for non anonymous binds", "" );
declare( suffix, "method", "How to search entries (simple, strict or tree)", "simple" );
- declare( suffix, "filter-axfr", "LDAP filter for limiting AXFR results", ":target:" );
- declare( suffix, "filter-lookup", "LDAP filter for limiting IP or name lookups", ":target:" );
- declare( suffix, "disable-ptrrecord", "Depricated, use ldap-method=strict instead", "no" );
+ declare( suffix, "filter-axfr", "LDAP filter for limiting AXFR results", "(:target:)" );
+ declare( suffix, "filter-lookup", "LDAP filter for limiting IP or name lookups", "(:target:)" );
+ declare( suffix, "disable-ptrrecord", "Deprecated, use ldap-method=strict instead", "no" );
}
More information about the Pdns-dev
mailing list