Howard Chu hyc@symas.com wrote:
In my own domain-based directories I simply use the DN hierarchy:
dc=doubleclick,dc=net,ou=spam,dc=highlandsun,dc=com dc=73,dc=216,dc=in-addr,dc=arpa,ou=spam,dc=highlandsun,dc=com
How do you get that working with BIND, for instance? The schema is there: http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt
Exemple: dn: relativeDomainName=host,o=home objectClass: dNSZone relativeDomainName: host zoneName: example.net dNSClass: IN aRecord: 192.0.2.3
dn: relativeDomainName=3,zoneName=2.0.192.in-addr.arpa,o=home objectClass: dNSZone relativeDomainName: 3 zoneName: 2.0.192.in-addr.arpa dNSClass: IN pTRRecord: host.example.net.
Currently, we have everything needed to setup an ACL so that John Doe can only set a pTRRecord within *.sales.example.net. One just have to setup a val.regex ACL.
But there is no way to tell that he can only set a pTRRecord within 192.0.2.128/25, therefore my inquiry on that topic.