[Pdns-dev] LDAP backend - extra attributes

Andy Rabagliati andyr at wizzy.com
Sun Jan 14 13:18:35 CET 2007


On Wed, 10 Jan 2007, Andy Rabagliati wrote:

> Folks,
> 
>   I have a feature request for the LDAP backend.
> 
>   I would prefer to flatten the tree, so that all machines are at the
>   same level, but have an extra attribute for the servers - perhaps
> 
> businessCategory: Server
> 
>   That I could use as an additional selector for external DNS.
> 
>   The pdns config file could contain a parameter
> 
> ldap-extraAttribute=businessCategory=Server
> 
>   used for all searches for my external server, but not used for the
>   internal server.
> 
>   Am I being clear ?

I found http://wiki.linuxnetworks.de/index.php/Pdnsldap_troubleshooting
that pointed out that I could use ldap-filter-lookup to do what I needed
to do.

I patched the sources to (I think) fix the bug listed above, so the the
ldap backend documentation is now correct.

I attach the patch.

I did not manage to rebuild a .deb out of the subversion repositores
though, there seems to be quite a food chain for the development
environment.

Cheers,  Andy!
-------------- next part --------------
Index: modules/ldapbackend/ldapbackend.cc
===================================================================
--- modules/ldapbackend/ldapbackend.cc	(revision 941)
+++ modules/ldapbackend/ldapbackend.cc	(working copy)
@@ -124,7 +124,7 @@
 	qesc = toLower( m_pldap->escape( target ) );
 
 	// search for SOARecord of target
-	filter = strbind( ":target:", "(associatedDomain=" + qesc + ")", getArg( "filter-axfr" ) );
+	filter = strbind( ":target:", "associatedDomain=" + qesc, getArg( "filter-axfr" ) );
 	m_msgid = m_pldap->search( dn, LDAP_SCOPE_SUBTREE, filter, (const char**) ldap_attrany );
 	m_pldap->getSearchEntry( m_msgid, m_result, true );
 
@@ -135,7 +135,7 @@
 	}
 
 	prepare();
-	filter = strbind( ":target:", "(associatedDomain=*." + qesc + ")", getArg( "filter-axfr" ) );
+	filter = strbind( ":target:", "associatedDomain=*." + qesc, getArg( "filter-axfr" ) );
 	DLOG( L << Logger::Debug << m_myname << " Search = basedn: " << dn << ", filter: " << filter << endl );
 	m_msgid = m_pldap->search( dn, LDAP_SCOPE_SUBTREE, filter, (const char**) ldap_attrany );
 
@@ -196,12 +196,12 @@
 
 
 	qesc = toLower( m_pldap->escape( qname ) );
-	filter = "(associatedDomain=" + qesc + ")";
+	filter = "associatedDomain=" + qesc;
 
 	if( qtype.getCode() != QType::ANY )
 	{
 		attr = qtype.getName() + "Record";
-		filter = "(&" + filter + "(" + attr + "=*))";
+		filter = "&(" + filter + ")(" + attr + "=*)";
 		attronly[0] = (char*) attr.c_str();
 		attributes = attronly;
 	}
@@ -229,23 +229,23 @@
 
 	 if( parts.size() == 6 && len > 13 && qesc.substr( len - 13, 13 ) == ".in-addr.arpa" )   // IPv4 reverse lookups
 	{
-		filter = "(aRecord=" + ptr2ip4( parts ) + ")";
+		filter = "aRecord=" + ptr2ip4( parts );
 		attronly[0] = "associatedDomain";
 		attributes = attronly;
 	}
 	else if( parts.size() == 34 && len > 9 && ( qesc.substr( len - 9, 9 ) == ".ip6.arpa" ) )   // IPv6 reverse lookups
 	{
-		filter = "(aAAARecord=" + ptr2ip6( parts ) + ")";
+		filter = "aAAARecord=" + ptr2ip6( parts );
 		attronly[0] = "associatedDomain";
 		attributes = attronly;
 	}
 	else   // IPv4 and IPv6 lookups
 	{
-		filter = "(associatedDomain=" + qesc + ")";
+		filter = "associatedDomain=" + qesc;
 		if( qtype.getCode() != QType::ANY )
 		{
 			attr = qtype.getName() + "Record";
-			filter = "(&" + filter + "(" + attr + "=*))";
+			filter = "&(" + filter + ")(" + attr + "=*)";
 			attronly[0] = (char*) attr.c_str();
 			attributes = attronly;
 		}
@@ -269,12 +269,12 @@
 
 
 	qesc = toLower( m_pldap->escape( qname ) );
-	filter = "(associatedDomain=" + qesc + ")";
+	filter = "associatedDomain=" + qesc;
 
 	if( qtype.getCode() != QType::ANY )
 	{
 		attr = qtype.getName() + "Record";
-		filter = "(&" + filter + "(" + attr + "=*))";
+		filter = "&(" + filter + ")(" + attr + "=*)";
 		attronly[0] = (char*) attr.c_str();
 		attributes = attronly;
 	}
@@ -520,9 +520,9 @@
 		declare( suffix, "binddn", "User dn for non anonymous binds","" );
 		declare( suffix, "secret", "User password for non anonymous binds", "" );
 		declare( suffix, "method", "How to search entries (simple, strict or tree)", "simple" );
-		declare( suffix, "filter-axfr", "LDAP filter for limiting AXFR results", ":target:" );
-		declare( suffix, "filter-lookup", "LDAP filter for limiting IP or name lookups", ":target:" );
-		declare( suffix, "disable-ptrrecord", "Depricated, use ldap-method=strict instead", "no" );
+		declare( suffix, "filter-axfr", "LDAP filter for limiting AXFR results", "(:target:)" );
+		declare( suffix, "filter-lookup", "LDAP filter for limiting IP or name lookups", "(:target:)" );
+		declare( suffix, "disable-ptrrecord", "Deprecated, use ldap-method=strict instead", "no" );
 	}
 
 


More information about the Pdns-dev mailing list