Hi
I have a somewhat strange question.
We are using OpenLDAP (openldap-server-2.4.11-bdb) and Berkley DB (db-4.6.21) in a project.
LDAP is used to store subscribernumbers and the address of the ippbx where the subscriber is registered. Typically every subscriber have a separate DN in the LDAP-database. We have a serverfunction that do ldap-searches for subscribernumbers to retrieve the ippbx-address. This part is going to remain working as is.
Now we want to be able to have a "wildcard"-entry in LDAP, that points to an address also. This entry shall respond to any ldap-search matching the wildcard.
Let me give an example:
We have, let's say four ippbx's with prefixes 111, 222, 333 & 444. A subscriber- number consist of the prefix and five more digits. Each subscriber can be registered in any ippbx and still be reachable. The prefix indicates the subscribers "home-location".
Now we want to use a gateway to another telephone-system. We don't want to have all of the subscribers from that system registered in LDAP, so we want a "wildcard"-entry saying that if you dial 99912345 LDAP should have an entry 999xxxx pointing to the gateway for the subscribers in the other telephonesystem. The response to the ldap-search should contain the the gateway address to the telephone-system regardless of the number entered. So if I dial 99912345 I should get the same response as if I dial 99967890.
The response shall have the same format as in the ippbx-solution. We want the ldap DIT to look the same for the wildcard and the others - the DN shall look the same. We don't want to change the serverfunction we are using today.
So - finally my question:
Would it be possible to solve this with OpenLDAP and if so - how can it be done?
Looking forward to your suggestions!
/Kjell
Kjell Gustafsson wrote:
We are using OpenLDAP (openldap-server-2.4.11-bdb) and Berkley DB (db-4.6.21) in a project.
LDAP is used to store subscribernumbers and the address of the ippbx where the subscriber is registered. Typically every subscriber have a separate DN in the LDAP-database. We have a serverfunction that do ldap-searches for subscribernumbers to retrieve the ippbx-address. This part is going to remain working as is.
Now we want to be able to have a "wildcard"-entry in LDAP, that points to an address also. This entry shall respond to any ldap-search matching the wildcard.
Let me give an example:
We have, let's say four ippbx's with prefixes 111, 222, 333 & 444. A subscriber- number consist of the prefix and five more digits. Each subscriber can be registered in any ippbx and still be reachable. The prefix indicates the subscribers "home-location".
Now we want to use a gateway to another telephone-system. We don't want to have all of the subscribers from that system registered in LDAP, so we want a "wildcard"-entry saying that if you dial 99912345 LDAP should have an entry 999xxxx pointing to the gateway for the subscribers in the other telephonesystem. The response to the ldap-search should contain the the gateway address to the telephone-system regardless of the number entered. So if I dial 99912345 I should get the same response as if I dial 99967890.
The response shall have the same format as in the ippbx-solution. We want the ldap DIT to look the same for the wildcard and the others - the DN shall look the same. We don't want to change the serverfunction we are using today.
So - finally my question:
Would it be possible to solve this with OpenLDAP and if so - how can it be done?
The best way to handle this would be to move the logic towards the application. If you want LDAP (and OpenLDAP) do handle it, you need to move your application's logic into OpenLDAP. This requires to write some code. You need to be able to intercept operations that requests external numbers, and return a referral to the system that is able to handle that request. Optionally, you can chain the request, so that the client doesn't even need to handle the referral itself.
It might be pretty straightforward by defining an overlay that does the The Right Thing (TM); of course, the devil is in the details, as usual.
<commercial>You might need expert support to have this done quick and right.</commercial>
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Pierangelo Masarati wrote:
Kjell Gustafsson wrote:
We are using OpenLDAP (openldap-server-2.4.11-bdb) and Berkley DB (db-4.6.21) in a project.
LDAP is used to store subscribernumbers and the address of the ippbx where the subscriber is registered. Typically every subscriber have a separate DN in the LDAP-database. We have a serverfunction that do ldap-searches for subscribernumbers to retrieve the ippbx-address. This part is going to remain working as is.
Now we want to be able to have a "wildcard"-entry in LDAP, that points to an address also. This entry shall respond to any ldap-search matching the wildcard.
Let me give an example:
We have, let's say four ippbx's with prefixes 111, 222, 333& 444. A subscriber- number consist of the prefix and five more digits. Each subscriber can be registered in any ippbx and still be reachable. The prefix indicates the subscribers "home-location".
Now we want to use a gateway to another telephone-system. We don't want to have all of the subscribers from that system registered in LDAP, so we want a "wildcard"-entry saying that if you dial 99912345 LDAP should have an entry 999xxxx pointing to the gateway for the subscribers in the other telephonesystem. The response to the ldap-search should contain the the gateway address to the telephone-system regardless of the number entered. So if I dial 99912345 I should get the same response as if I dial 99967890.
The response shall have the same format as in the ippbx-solution. We want the ldap DIT to look the same for the wildcard and the others - the DN shall look the same. We don't want to change the serverfunction we are using today.
So - finally my question:
Would it be possible to solve this with OpenLDAP and if so - how can it be done?
The best way to handle this would be to move the logic towards the application. If you want LDAP (and OpenLDAP) do handle it, you need to move your application's logic into OpenLDAP. This requires to write some code. You need to be able to intercept operations that requests external numbers, and return a referral to the system that is able to handle that request. Optionally, you can chain the request, so that the client doesn't even need to handle the referral itself.
It might be pretty straightforward by defining an overlay that does the The Right Thing (TM); of course, the devil is in the details, as usual.
<commercial>You might need expert support to have this done quick and right.</commercial>
Yes, most of the logic belongs in the application, but you can get some help from LDAP if you design your DIT properly.
Remember that a directory is a hierarchical name space; if you don't take advantage of that fact then you may as well just use an RDBMS.
Telephone numbers are also a hierarchical name space; there's a natural mapping that makes this problem simple:
Given a user with subscriber number xxx-yyyyy just split the number into two components: number=yyyyy,prefix=xxx,ou=subscribers,dc=example,dc=com
Make the application always transform its lookups to match this naming scheme. Then, for users who are "local" to the system, you do a base search on exactly their number. For 123-4567, lookup number=4567,prefix=123,ou=subscribers,dc=example,dc=com
If it exists, you get the result back immediately. If the query is 999-12345 and only the prefix exists, then your lookup for number=12345,prefix=999,ou=subscribers,dc=example,dc=com will fail, and the result will come back with a matchedDN of prefix=999,ou=subscribers,dc=example,dc=com
Then your app just has to look up the matchedDN entry, and proceed from there. "Wildcards" are unnecessary.
Howard Chu wrote:
Yes, most of the logic belongs in the application, but you can get some help from LDAP if you design your DIT properly.
Howard,
from my (limited) experience, the answer is always: the DIT has already been designed with other needs in mind, so it is a constraint rather than an opportunity. For which is which, I concur your suggestion would make things naturally simple as they should be, but it requires:
- to change the DIT design
- to change the logics of the client and provisioning applications
so it looks much easier to hack the process in between.
p.
Remember that a directory is a hierarchical name space; if you don't take advantage of that fact then you may as well just use an RDBMS.
Telephone numbers are also a hierarchical name space; there's a natural mapping that makes this problem simple:
Given a user with subscriber number xxx-yyyyy just split the number into two components: number=yyyyy,prefix=xxx,ou=subscribers,dc=example,dc=com
Make the application always transform its lookups to match this naming scheme. Then, for users who are "local" to the system, you do a base search on exactly their number. For 123-4567, lookup number=4567,prefix=123,ou=subscribers,dc=example,dc=com
If it exists, you get the result back immediately. If the query is 999-12345 and only the prefix exists, then your lookup for number=12345,prefix=999,ou=subscribers,dc=example,dc=com will fail, and the result will come back with a matchedDN of prefix=999,ou=subscribers,dc=example,dc=com
Then your app just has to look up the matchedDN entry, and proceed from there. "Wildcards" are unnecessary.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
15 apr 2009 kl. 09.43 skrev Howard Chu:
Pierangelo Masarati wrote:
Kjell Gustafsson wrote:
We are using OpenLDAP (openldap-server-2.4.11-bdb) and Berkley DB (db-4.6.21) in a project.
LDAP is used to store subscribernumbers and the address of the ippbx where the subscriber is registered. Typically every subscriber have a separate DN in the LDAP-database. We have a serverfunction that do ldap-searches for subscribernumbers to retrieve the ippbx-address. This part is going to remain working as is.
Now we want to be able to have a "wildcard"-entry in LDAP, that points to an address also. This entry shall respond to any ldap-search matching the wildcard.
Let me give an example:
We have, let's say four ippbx's with prefixes 111, 222, 333& 444. A subscriber- number consist of the prefix and five more digits. Each subscriber can be registered in any ippbx and still be reachable. The prefix indicates the subscribers "home-location".
Now we want to use a gateway to another telephone-system. We don't want to have all of the subscribers from that system registered in LDAP, so we want a "wildcard"-entry saying that if you dial 99912345 LDAP should have an entry 999xxxx pointing to the gateway for the subscribers in the other telephonesystem. The response to the ldap-search should contain the the gateway address to the telephone-system regardless of the number entered. So if I dial 99912345 I should get the same response as if I dial 99967890.
The response shall have the same format as in the ippbx-solution. We want the ldap DIT to look the same for the wildcard and the others - the DN shall look the same. We don't want to change the serverfunction we are using today.
So - finally my question:
Would it be possible to solve this with OpenLDAP and if so - how can it be done?
The best way to handle this would be to move the logic towards the application. If you want LDAP (and OpenLDAP) do handle it, you need to move your application's logic into OpenLDAP. This requires to write some code. You need to be able to intercept operations that requests external numbers, and return a referral to the system that is able to handle that request. Optionally, you can chain the request, so that the client doesn't even need to handle the referral itself.
It might be pretty straightforward by defining an overlay that does the The Right Thing (TM); of course, the devil is in the details, as usual.
<commercial>You might need expert support to have this done quick and right.</commercial>
Yes, most of the logic belongs in the application, but you can get some help from LDAP if you design your DIT properly.
Remember that a directory is a hierarchical name space; if you don't take advantage of that fact then you may as well just use an RDBMS.
Telephone numbers are also a hierarchical name space; there's a natural mapping that makes this problem simple:
Given a user with subscriber number xxx-yyyyy just split the number into two components: number=yyyyy,prefix=xxx,ou=subscribers,dc=example,dc=com
This is pretty much how our DIT is designed.
Make the application always transform its lookups to match this naming scheme. Then, for users who are "local" to the system, you do a base search on exactly their number. For 123-4567, lookup number=4567,prefix=123,ou=subscribers,dc=example,dc=com
If it exists, you get the result back immediately. If the query is 999-12345 and only the prefix exists, then your lookup for number=12345,prefix=999,ou=subscribers,dc=example,dc=com will fail, and the result will come back with a matchedDN of prefix=999,ou=subscribers,dc=example,dc=com
If I understand you correctly I should have the following:
one entry per number and prefix for each of the subscribers I want to register separately, i.e.
number=12345,prefix=111,ou=subscribers,dc=example,dc=com
number=67890,prefix=111,ou=subscribers,dc=example,dc=com
number=12345,prefix=222,ou=subscribers,dc=example,dc=com
number=67890,prefix=222,ou=subscribers,dc=example,dc=com
number=12345,prefix=333,ou=subscribers,dc=example,dc=com
number=67890,prefix=333,ou=subscribers,dc=example,dc=com
and so on, plus one entry for "the unknowns" like this
prefix=999,ou=subscribers,dc=example,dc=com
/Kjelle
Then your app just has to look up the matchedDN entry, and proceed from there. "Wildcards" are unnecessary.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Kjell Gustafsson wrote:
15 apr 2009 kl. 09.43 skrev Howard Chu:
Pierangelo Masarati wrote:
Kjell Gustafsson wrote:
We are using OpenLDAP (openldap-server-2.4.11-bdb) and Berkley DB (db-4.6.21) in a project.
LDAP is used to store subscribernumbers and the address of the ippbx where the subscriber is registered. Typically every subscriber have a separate DN in the LDAP-database. We have a serverfunction that do ldap-searches for subscribernumbers to retrieve the ippbx-address. This part is going to remain working as is.
Now we want to be able to have a "wildcard"-entry in LDAP, that points to an address also. This entry shall respond to any ldap-search matching the wildcard.
Let me give an example:
We have, let's say four ippbx's with prefixes 111, 222, 333& 444. A subscriber- number consist of the prefix and five more digits. Each subscriber can be registered in any ippbx and still be reachable. The prefix indicates the subscribers "home-location".
Now we want to use a gateway to another telephone-system. We don't want to have all of the subscribers from that system registered in LDAP, so we want a "wildcard"-entry saying that if you dial 99912345 LDAP should have an entry 999xxxx pointing to the gateway for the subscribers in the other telephonesystem. The response to the ldap-search should contain the the gateway address to the telephone-system regardless of the number entered. So if I dial 99912345 I should get the same response as if I dial 99967890.
The response shall have the same format as in the ippbx-solution. We want the ldap DIT to look the same for the wildcard and the others - the DN shall look the same. We don't want to change the serverfunction we are using today.
So - finally my question:
Would it be possible to solve this with OpenLDAP and if so - how can it be done?
The best way to handle this would be to move the logic towards the application. If you want LDAP (and OpenLDAP) do handle it, you need to move your application's logic into OpenLDAP. This requires to write some code. You need to be able to intercept operations that requests external numbers, and return a referral to the system that is able to handle that request. Optionally, you can chain the request, so that the client doesn't even need to handle the referral itself.
It might be pretty straightforward by defining an overlay that does the The Right Thing (TM); of course, the devil is in the details, as usual.
<commercial>You might need expert support to have this done quick and right.</commercial>
Yes, most of the logic belongs in the application, but you can get some help from LDAP if you design your DIT properly.
Remember that a directory is a hierarchical name space; if you don't take advantage of that fact then you may as well just use an RDBMS.
Telephone numbers are also a hierarchical name space; there's a natural mapping that makes this problem simple:
Given a user with subscriber number xxx-yyyyy just split the number into two components: number=yyyyy,prefix=xxx,ou=subscribers,dc=example,dc=com
This is pretty much how our DIT is designed.
Make the application always transform its lookups to match this naming scheme. Then, for users who are "local" to the system, you do a base search on exactly their number. For 123-4567, lookup number=4567,prefix=123,ou=subscribers,dc=example,dc=com
If it exists, you get the result back immediately. If the query is 999-12345 and only the prefix exists, then your lookup for number=12345,prefix=999,ou=subscribers,dc=example,dc=com will fail, and the result will come back with a matchedDN of prefix=999,ou=subscribers,dc=example,dc=com
If I understand you correctly I should have the following:
one entry per number and prefix for each of the subscribers I want to register separately, i.e.
number=12345,prefix=111,ou=subscribers,dc=example,dc=com
number=67890,prefix=111,ou=subscribers,dc=example,dc=com
number=12345,prefix=222,ou=subscribers,dc=example,dc=com
number=67890,prefix=222,ou=subscribers,dc=example,dc=com
number=12345,prefix=333,ou=subscribers,dc=example,dc=com
number=67890,prefix=333,ou=subscribers,dc=example,dc=com
and so on, plus one entry for "the unknowns" like this
prefix=999,ou=subscribers,dc=example,dc=com
I take my comment back, then. Good for you :)
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
openldap-technical@openldap.org