[Pdns-users] Problem with aRecord matching in ldap backend

Nick Milas nmilas at admin.noa.gr
Sun Jan 16 19:02:40 UTC 2011


Thanks Norbert,

Although the OpenLDAP guys would not encourage such a change (and, 
formally speaking, they are right), since the aRecord attribute 
definition (in the standard distribution cosine.schema file) is 
according to RFC 1274 without a SUBSTR matching rule, I guess it's the 
easiest solution, provided one can manually "convey" the changes when 
upgrading. I would urge some more LDAP-engaged people to push some 
official changes to this RFC (since it's published in 1991) to allow 
substring matches to this and to other attributes (to provide more 
versatility in searching) and possibly other changes. I am afraid I 
can't do it.

I already tested the change on a testing box and it works.

Thanks again,
Nick


On 16/1/2011 7:50 ΌΌ, Norbert Sendetzky wrote:
> Hi Nick
>
>>> attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
>>> EQUALITY caseIgnoreIA5Match
>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>>
>>> I thought of modifying it in order to allow substring matching, like:
>>>
>>> attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
>>> EQUALITY caseIgnoreIA5Match
>>> SUBSTR caseIgnoreIA5SubstringsMatch
>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>>
>>> Would this change possibly cause any problems? Should I do it or not?
>>> Would powerdns be affected in any way?
>
> This might work. The only problem will be OpenLDAP upgrades because 
> they will overwrite your change.
>
>
> Norbert
>



More information about the Pdns-users mailing list