On Mon, Jun 18, 2012 at 02:01:34PM -0300, Marcio Merlone wrote:
> Greetings,
>
> I have googled a little and just found "not possible" for this,
> please advice me if this is still true or not. I want to store
> mynetworks on LDAP, but seems there is no way to make something like
> a cidr:ldap: type map. Is there any solution other than dump the
> LDAP query to a file or store every individual host on LDAP?
The CIDR matching would have to be done by the LDAP server. If your
LDAP server has a CIDR block attribute type and supports a suitable
matching rule, you can do CIDR lookups in LDAP. Otherwise, you
can't.
For example, Microsoft AD can match bitfields via:
# http://www.alvestrand.no/objectid/1.2.840.113556.1.4.html
#
# 1 - ISO assigned OIDs
# 1.2 - ISO member body
# 1.2.840 - USA
# 1.2.840.113556 - Microsoft
# 1.2.840.113556.1 - Microsoft OID used with DEN
#
# 1.2.840.113556.1.4.319 - pagedResultsControl
# ...
# 1.2.840.113556.1.4.803 - LDAP_MATCHING_RULE_BIT_AND
# 1.2.840.113556.1.4.804 - LDAP_MATCHING_RULE_BIT_OR
# ...
#
LDAP_MATCHING_RULE_BIT_AND = "1.2.840.113556.1.4.803"
LDAP_MATCHING_RULE_BIT_OR = "1.2.840.113556.1.4.804"
So queries like:
"aname:1.2.840.113556.1.4.803:=0x20"
will return only objects for which the value of "aname" has the
"0x20" bit set.
While the above does not directly address your question, it shows
the general mechanism by which LDAP supports complex matching rules.
Perhaps your LDAP server can do CIDR lookups via something similar,
but most likely it cannot. I've never heard of CIDR matching rules
in LDAP servers.
FWIW, Postgres can do CIDR matching.
--
Viktor.
