-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi,
I configured my isc-dhcpd servers to work with openldap, all works
now when I want to find dn for some definite MAC or IP, I am unable to do that
please, help to understand how can I ldapsearch by attribute dhcpStatements values?
in dhcp.schema it is written: - ---[ quotation start ]------------------------------------------- ... attributetype ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' EQUALITY caseIgnoreIA5Match DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) ... - ---[ quotation end ]-------------------------------------------
so, when I use filter "(&(objectClass=dhcpHost)(dhcpStatements=*))"
I successfully receive all objects
but lets say I need to find this object: - ---[ quotation start ]------------------------------------------- dn: cn=ap01,cn=10.0.0.0,cn=officeXXX DHCP Config,ou=officeXXX,ou=DHCP, dc=allstuff cn: ap01 objectClass: top objectClass: dhcpHost dhcpHWAddress: ethernet 20:cf:30:88:5d:18 dhcpStatements: fixed-address 10.0.0.222 - ---[ quotation end ]-------------------------------------------
I use filter: "(&(objectClass=dhcpHost)(dhcpStatements=fixed-address 10.0.0.222))"
and receive empty result ...
it is the same picture for anything except dhcpStatements=* ...
so, how is it correct to write the filter to get all objects with IP like 10.0.0.2* ?
- -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)
On Tue, 01 Apr 2014 17:21:16 +0300 "Zeus Panchenko" zeus@ibs.dn.ua wrote
I use filter: "(&(objectClass=dhcpHost)(dhcpStatements=fixed-address 10.0.0.222))"
and receive empty result ...
Did you change the indexing configuration for attribute 'dhcpStatements'?
Ciao, Michael.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Michael Ströder michael@stroeder.com wrote:
I use filter: "(&(objectClass=dhcpHost)(dhcpStatements=fixed-address 10.0.0.222))"
and receive empty result ...
Did you change the indexing configuration for attribute 'dhcpStatements'?
the only dhcp related stuff in slapd.conf is:
- ---[ quotation start ]------------------------------------------- ... index dhcpHWAddress eq index dhcpStatements eq ... - ---[ quotation end ]-------------------------------------------
and it means that only equality will be matched? if yes than why (&(objectClass=dhcpHost)(dhcpStatements=fixed-address 10.0.0.222)) returns empty result?
have I add approx and sub indexes?
- -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)
On Tue, 01 Apr 2014 18:54:22 +0300 "Zeus Panchenko" zeus@ibs.dn.ua wrote
Michael Ströder michael@stroeder.com wrote:
I use filter: "(&(objectClass=dhcpHost)(dhcpStatements=fixed-address 10.0.0.222))"
and receive empty result ...
Did you change the indexing configuration for attribute 'dhcpStatements'?
the only dhcp related stuff in slapd.conf is:
- ---[ quotation start ]-------------------------------------------
... index dhcpHWAddress eq index dhcpStatements eq ...
- ---[ quotation end ]-------------------------------------------
I rephrase my question: Did you change the indexing configuration for attribute 'dhcpStatements' *after* adding/modifying the entries?
If yes, then see this: http://www.openldap.org/faq/data/cache/136.html
Ciao, Michael.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Michael Ströder michael@stroeder.com wrote:
I rephrase my question: Did you change the indexing configuration for attribute 'dhcpStatements' *after* adding/modifying the entries?
no, I didn't
If yes, then see this: http://www.openldap.org/faq/data/cache/136.html
but all the same, I done it now after changing the indexes
index dhcpHWAddress eq,approx index dhcpStatements eq,approx
and the result is the same - empty :(
when I was trying to add sub to index, slapindex complained with
/usr/local/etc/openldap/slapd.conf: line 198: substr index of attribute "dhcpHWAddress" disallowed
- -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)
Zeus Panchenko wrote:
Michael Ströder michael@stroeder.com wrote:
I rephrase my question: Did you change the indexing configuration for attribute 'dhcpStatements' *after* adding/modifying the entries?
no, I didn't
If yes, then see this: http://www.openldap.org/faq/data/cache/136.html
but all the same, I done it now after changing the indexes
index dhcpHWAddress eq,approx index dhcpStatements eq,approx
and the result is the same - empty :(
when I was trying to add sub to index, slapindex complained with
BTW: Using an approx index makes no sense for these attributes.
/usr/local/etc/openldap/slapd.conf: line 198: substr index of attribute "dhcpHWAddress" disallowed
Because there's no SUBSTR matching rule defined for 'dhcpHWAddress' which is not needed anyway.
Ciao, Michael.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Michael Ströder michael@stroeder.com wrote:
Because there's no SUBSTR matching rule defined for 'dhcpHWAddress'
so, there is no way to ldapsearch by that attribute exept `*' ?
which is not needed anyway.
mmm ... no need to be able to find the object for the definite MAC address, which can has different IP addresses in different offices where dedicated dhcp servers deploied? am I correct?
- -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)
Zeus Panchenko wrote:
Michael Ströder michael@stroeder.com wrote:
Because there's no SUBSTR matching rule defined for 'dhcpHWAddress'
so, there is no way to ldapsearch by that attribute exept `*' ?
You should really make yourself familiar with the various search filters and the matching rule definitions in the attribute type descriptions.
which is not needed anyway.
mmm ... no need to be able to find the object for the definite MAC address, which can has different IP addresses in different offices where dedicated dhcp servers deploied? am I correct?
I did not say that. What I said: It does not make sense in the context of DHCP server with LDAP backend to use substring matching on a MAC address.
Ciao, Michael.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Michael Ströder michael@stroeder.com wrote:
Because there's no SUBSTR matching rule defined for 'dhcpHWAddress'
so, there is no way to ldapsearch by that attribute exept `*' ?
You should really make yourself familiar with the various search filters and the matching rule definitions in the attribute type descriptions.
yes, I agree, and because of this I've written to this ml ...
after some "research" it looks like without schema editing, I can search for definite MAC address (or part of it) by dhcpHWAddress attribute only outside LDAP, with external means ... to do ldapsearch with filter (dhcpHWAddress=*) and to grep for MAC or part of it
if I'm wrong, help me understand where, please
dedicated dhcp servers deploied? am I correct?
I did not say that. What I said: It does not make sense in the context of DHCP server with LDAP backend to use substring matching on a MAC address.
oh, I see now, sorry for misunderstanding ...
- -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)
On Tue, 2014-04-01 at 17:21 +0300, Zeus Panchenko wrote:
(...) attributetype ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' EQUALITY caseIgnoreIA5Match DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) ...
- ---[ quotation end ]-------------------------------------------
so, when I use filter "(&(objectClass=dhcpHost)(dhcpStatements=*))" I successfully receive all objects but lets say I need to find this object:
- ---[ quotation start ]-------------------------------------------
dn: cn=ap01,cn=10.0.0.0,cn=officeXXX DHCP Config,ou=officeXXX,ou=DHCP, dc=allstuff cn: ap01 objectClass: top objectClass: dhcpHost dhcpHWAddress: ethernet 20:cf:30:88:5d:18 dhcpStatements: fixed-address 10.0.0.222
- ---[ quotation end ]-------------------------------------------
I use filter: "(&(objectClass=dhcpHost)(dhcpStatements=fixed-address 10.0.0.222))"
and receive empty result ...
If you've given dhcpStatements an index in slapd.conf when the attribute already existed in LDAP tree, you also need to stop slapd and run sbin/slapindex. Otherwise the index is empty, and tells slapd there are no matches for your filter. OTOH using cn=config to add an index does this automatically.
it is the same picture for anything except dhcpStatements=* ...
so, how is it correct to write the filter to get all objects with IP like 10.0.0.2* ?
Doesn't look like you can. The dhcpStatements attribute description you showed has no SUBSTR(ing) matching rule, so you can't use substring search. "(attrname=*)" is a special case: it's presence search, not substring search.
openldap-technical@openldap.org
-
Hallvard Breien Furuseth -
Michael Ströder -
Zeus Panchenko