I'm migrating from ldapdns to pdns (ldapdns's lockups are killing me) and it's LDAP backend, and have hit a interesting snag, namely I suspect due to some 'liberal' interpretation of the RFCs by ldapdns or yourselves. I'm not saying what you currently do is wrong by any means, I'm just intrigued why the use of the associatedDomain attribute is apparently hardcoded, forcing you to pull in the domainRelatedObject objectclass for each domain object in the tree? My initial guess is simplicity, as the query string needn't be processed, just plugged into the query filter.
The crux of the issue is that I designed my tree to mimic the DNS hierarchy: dc=jamie-thompson,dc=co,dc=uk,dc=. dc=1,dc=1,dc=168,dc=192,dc=in-addr,dc=arpa,dc=. ...and so on.This works just fine with ldapdns, but doesn't with pdns-ldap, as I have no associatedDomain attributes, the information from which probably being inferred from the LDAP tree structure by ldapdns.
This seems reasonable to me, as duplicating the information from the DN in the associatedDomain seems superfluous, it's just as easy to transform the query "www.jamie-thompson.co.uk" into...
base: "dc=www,dc=jamie-thompson,dc=co,dc=uk" + rootValue filter: "(dc=*)" (or even better, dc=<leftmost component of domain query>) scope: base ...or thereabouts.My reading of the RFC is that all that's required is the objectClass dNSDomain (or more likely given you do things more correctly with PTR records, dNSDomain2), and the only required attribute for that is "dc" (domainComponent), which would seem to mesh with what I have/want. domainRelatedObject's associatedDomain attribute seems to be intended for non-linearly mapped directories, so that ou=jamie-thompson could then have the associatedDomain of jamie-thompson.co.uk without any additional fluff. Which is indeed useful, but not quite what I'm after.
Anyway, want I mean by that rambling is that it'd be nice to have the option of a mode that uses the basic dc attributes as the search base, and the filter solely used to filter the results by whatever arbitrary filter the sysadmin wants.
Thoughts? - Jamie
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
