Hi,
I store my DNS records in openldap (I use powerdns with ldap backend) and I am trying to use a search filter like: (aRecord=10.11.12.*) but it never produces results.
I noticed that aRecord is defined in dnsDomain schema (available in cosine.schema) and inherited in dnsDomain2 schema (which is used by powerdns, available here: http://www.linuxnetworks.de/pdnsldap/dnsdomain2.schema).
I came to the conclusion that the problem may be caused by the fact that aRecord (oid: 0.9.2342.19200300.100.1.26) in cosine.schema has no substring matching rule defined in schema:
attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
I thought of modifying it in order to allow substring matching, like:
attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Questions:
1. Is the above logic correct, i.e. has the cause of the problem been identified correctly? 2. Is there any other way we can search substrings of values in this (or other similar) attribute(s) without modifying the schema(s)? 3. Can an LDAP administrator freely modify an organisation's schema(s) whenever it is deemed appropriate? Are there any risks by doing it? (I understand one should be cautious when upgrading openldap, and take care to "cascade" modifications to the upgraded version.) - AND/OR - Is there any process of "schema evolution" where LDAP server users provide feedback so that standard schema(s) are globally adapted to user request(s)? In the end: What is the easiest recommended way of using customized schema(s) in an organization?
Please advise.
Thanks in advance, Nick