From: Petter Reinholdtsen <pere@hungry.com>
Date: Fri, 16 Jul 2010 22:09:58 +0000 (+0000)
Subject: More text on this blog post.
X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/commitdiff_plain/b4036ab8dece342055097829b71e034a41f45491

More text on this blog post.
---

diff --git a/blog/draft/2010-07-03-ldap-searches.txt b/blog/draft/2010-07-03-ldap-searches.txt
index 6e13d6b551..276cfb5bc9 100644
--- a/blog/draft/2010-07-03-ldap-searches.txt
+++ b/blog/draft/2010-07-03-ldap-searches.txt
@@ -1,24 +1,211 @@
-Title: What are they searching for - DNS and DHCP in LDAP
+Title: What are they searching for - PowerDNS and ISC DHCP in LDAP
 
-As a step to try to figure a way to merge the DNS and DHCP LDAP
-objects in Debian Edu, I have had a look at how pdns-backend-ldap and
-dhcp3-server-ldap use the LDAP server.  The two approaches are quite
-different.
+As a step to try to see if it possible t to merge the DNS and DHCP
+LDAP objects for compters in Debian Edu, I have had a look at how
+pdns-backend-ldap and dhcp3-server-ldap use the LDAP server.  The two
+approaches are quite different.
 
 To get this information, I started slapd with debugging enabled and
 dumped the debug output to a file to get the LDAP searches performed
-on a Debian Edu main-server.
+on a Debian Edu main-server.  Here is a summary.
 
 powerdns
 ========
 
 http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend
 
-dhcp
-====
+<p>PowerDNs have two modes of operation using LDAP as its backend.
+One "strict" mode where the forward and reverse DNS lookups are done
+using the same LDAP objects, and a "tree" mode where the forward and
+reverse entries are in two different subtrees in LDAP with a structure
+based on the DNS names, as in www.skolelinux.org and
+137.191.36.158.in-addr.arpa.</p>
+
+<p>In tree mode, the server is set up to use a LDAP subtree as its
+base, and a "base" scoped search for the DNS name by adding
+"dc=www,dc=skolelinux,dc=org," to the base with a filter for
+"(associateddomain=www.skolelinux.org)" for the forward entry and
+"dc=137,dc=191,dc=36,dc=158,dc=in-addr,dc=arpa," with a filter for
+"(associateddomain=137.191.36.158.in-addr.arpa)" for the reverse
+entry.  For forward entries, it is looking for attributes named
+dnsttl, arecord, nsrecord, cnamerecord, soarecord, ptrrecord,
+hinforecord, mxrecord, txtrecord, rprecord, afsdbrecord, keyrecord,
+aaaarecord, locrecord, srvrecord, naptrrecord, kxrecord, certrecord,
+dsrecord, sshfprecord, ipseckeyrecord, rrsigrecord, nsecrecord,
+dnskeyrecord, dhcidrecord, spfrecord and modifytimestamp.  For reverse
+entries it is looking for the attributes, dnsttl, arecord, nsrecord,
+cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord, txtrecord,
+rprecord, aaaarecord, locrecord, srvrecord, naptrrecord and
+modifytimestamp.</p>
+
+<p>In Debian Edu/Lenny, the powerdns tree mode is used, and this is
+two example LDAP objects used there.  In addition to these objects,
+the parent objects all th way up to
+ou=hosts,dc=skole,dc=skolelinux,dc=no also exist.</p>
+
+<blockquote><pre>
+dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
+objectclass: top
+objectclass: dnsdomain
+objectclass: domainrelatedobject
+dc: tjener
+arecord: 10.0.2.2
+associateddomain: tjener.intern
+
+dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
+objectclass: top
+objectclass: dnsdomain2
+objectclass: domainrelatedobject
+dc: 2
+ptrrecord: tjener.intern
+associateddomain: 2.2.0.10.in-addr.arpa
+</pre></blockquote>
+
+<p>In strict mode, the server behaves differently.  When looking for
+forward DNS entries, it is doing a "subtree" scoped search with the
+same base as in the tree mode for a object with filter
+"(associateddomain=www.skolelinux.org)" and requests the attributes
+dnsttl, arecord, nsrecord, cnamerecord, soarecord, ptrrecord,
+hinforecord, mxrecord, txtrecord, rprecord, aaaarecord, locrecord,
+srvrecord, naptrrecord and modifytimestamp.  For reverse entires it
+also do a subtree scoped search bug this time the filter is
+"(arecord=10.0.2.2)" and request the attributes associateddomain,
+dnsttl and modifytimestamp.</p>
+
+<p>The forward and reverse searches can be simulated using ldapsearch
+like this:</p>
+
+<blockquote><pre>
+ldapsearch -h ldap -b dc=skole,dc=skolelinux,dc=no -s sub -x \
+  '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
+  cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
+  rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
+  nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
+  rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
+
+ldapsearch -h ldap -b dc=skole,dc=skolelinux,dc=no -s sub -x \
+  '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
+</pre></blockquote>
+
+<p>In addition to the forward and reverse searches , there is also a
+search for SOA records, which behave similar to the forward and
+reverse lookups.</p>
+
+<p>Things to note with the powerdns behaviour is that it do not
+specify any objectclass names, and instead look for the attributes it
+need to generate a DNS reply.  This make it able to work with any
+objectclass that provide the needed attributes.</p>
+
+<p>The attributes are normally provided in the cosine (RFC 1274) and
+dnsdomain2 schemas (for reverse entries like ptrrecord and recent DNS
+additions like aaaarecord and srvrecord).</p>
+
+<p>In Debian Edu, we have created DNS objects using the object classes
+dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
+attributes) and domainrelatedobject (for associatedDomain).  The use
+of structural object classes make it impossible to combine these
+classes with the object classes used by DHCP.</p>
+
+<p>There are other schemas that could be used too, for example the
+dnszone structural object class used by Gosa and bind-sdb for the DNS
+attributes combined with the domainrelatedobject object class, but in
+this case some unused attributes would have to be included as well
+(zonename and relativedomainname).</p>
+
+<p>My proposal would be to switch powerdns to strict mode and not use
+any of the existing objectclasses (dnsdomain, dnsdomain2 and dnszone)
+when one want to combine the DNS information with DHCP information,
+and instead use a auxiliary object class defined something like this
+(using the attributes defined for dnsdomain and dnsdomain2 or
+dnszone):</p>
+
+<blockquote><pre>
+objectclass ( some-oid NAME 'dnsDomainAux'
+    SUP top
+    AUXILIARY
+    MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
+          DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
+          TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
+          NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
+          A6Record $ DNAMERecord
+    ))
+</pre></blockquote>
+
+<p>This will allow any object to become a DNS entry when combined with
+the domainrelatedobject object class to get all the attributes
+powerdns wants.  I am not sure the 'SUP top' part is needed.</p>
+
+ISC dhcp
+========
+
+The DHCP server searches for specific objectclass and requests all the
+object attributes, and then uses the attributes it want.  This make it
+harder to figure out exactly what attributes are used, but thanks to
+the working example in Debian Edu I can at least get an idea what is
+needed.
+
+scope 0 = base
+scope 1 = onelevel
+scope 2 = subtree
+
+In the DHCP server configuration, the LDAP base to use as the search
+filter to use to locate the correct dhcpServer entity is stored.
+These are the relevant entries:
+
+<blockquote><pre>
+ldap-base-dn  "dc=skole,dc=skolelinux,dc=no";
+ldap-dhcp-server-cn "dhcp";
+</pre></blockquote>
+
+The DHCP server uses this information to nest all the DHCP
+configuration needed.  The cn "dhcp" is searched for using the given
+LDAP base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))".  The
+search result is this entry:
+
+<blockquote><pre>
+dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
+cn: dhcp
+objectClass: top
+objectClass: dhcpServer
+dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+</pre></blockquote>
+
+The content of the dhcpServiceDN attribute is used to locate the
+subtree with DHCP configuration.  The DHCP configuration subtree base
+is located using a base scope search with base "cn=DHCP
+Config,dc=skole,dc=skolelinux,dc=no" and filter
+"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
+The search result is this entry:
+
+dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+cn: DHCP Config
+objectClass: top
+objectClass: dhcpService
+objectClass: dhcpOptions
+dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
+dhcpStatements: ddns-update-style none
+dhcpStatements: authoritative
+dhcpOption: smtp-server code 69 = array of ip-address
+dhcpOption: www-server code 72 = array of ip-address
+dhcpOption: wpad-url code 252 = text
+
+Next, the entire subtree is searched for, one level at the time.  When
+all the DHCP configuration is loaded, it is ready to receive requests.
+The subtree in Debian Edu contain objects with object classes
+top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
+top/dhcpSubnet, top/dhcpGroup and top/dhcpHost.  These provide options
+and information about netmasks, dynamic range etc.  Leaving out the
+details here because it is not relevant for the focus of my
+investigation, which is to see if it is possible to merge dns and dhcp
+related computer objects.
+
+When a DHCP request come in, LDAP is searched for the MAC address of
+the client (00:00:00:00:00:00 in this example), using a subtree scoped
+search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as the base
+and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
+00:00:00:00:00:00))" as the filter.
+
 
-The DHCP server searches for specific objectclass and then uses the
-attributes
 
 
 SRCH "dc=skole,dc=skolelinux,dc=no" 2 0    0 0 0
@@ -29,6 +216,41 @@ SRCH "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 0 0    0 0 0
     filter: (&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))
     attrs:
 
+SRCH "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=10.0.2.0,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=group1,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=group2,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=192.168.0.0,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
+    filter: (objectClass=*)
+    attrs:
+
+SRCH "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 2 0    0 0 0
+    filter: (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:1d:6e:9b:e8:dd))
+    attrs:
 
 
 
@@ -342,177 +564,55 @@ SRCH "cn=192.168.0.0,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no"
 SRCH "cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=group1,cn=thinclients,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
 
-connection_get(20)
-connection_get(20)
-=> ldap_bv2dn(dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=skole,dc=skolelinux,dc=no" 2 0    0 0 0
     filter: (&(objectClass=dhcpServer)(cn=dhcp))
     attrs:
-bdb_idl_fetch_key: [b49d1940]
-bdb_idl_fetch_key: [dbcdb35c]
-bdb_idl_fetch_key: [8deee28c]
-
-connection_get(20)
-=> ldap_bv2dn(cn=DHCP Config,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 0 0    0 0 0
-=> ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
-=> ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
-=> ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
-=> ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=dhcp,dc=skole,dc=skolelinux,dc=no)=0 
     filter: (&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))
     attrs:
-base_candidates: base: "cn=dhcp config,dc=skole,dc=skolelinux,dc=no" (0x0000001d)
-dnMatch 0
-	"cn=dhcp,dc=skole,dc=skolelinux,dc=no"
-	"cn=dhcp,dc=skole,dc=skolelinux,dc=no"
-
-connection_get(20)
-=> ldap_bv2dn(cn=DHCP Config,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=dhcp config,dc=skole,dc=skolelinux,dc=no
-
-connection_get(20)
-=> ldap_bv2dn(cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=internal,cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=internal,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
-
-connection_get(20)
-=> ldap_bv2dn(cn=10.0.2.0,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=10.0.2.0,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(cn=10.0.2.0,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=10.0.2.0,cn=internal,cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=10.0.2.0,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=10.0.2.0,cn=internal,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
-
-connection_get(20)
-
 
 SRCH "cn=group1,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=group1,cn=internal,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
 
-connection_get(20)
-
-<= ldap_bv2dn(cn=group2,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=group2,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=group2,cn=internal,cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=group2,cn=INTERNAL,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=group2,cn=internal,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
 
-connection_get(20)
-=> ldap_bv2dn(cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=thinclients,cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=thinclients,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
-
-connection_get(20)
-=> ldap_bv2dn(cn=192.168.0.0,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=192.168.0.0,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(cn=192.168.0.0,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=192.168.0.0,cn=thinclients,cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=192.168.0.0,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=192.168.0.0,cn=thinclients,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
-
-connection_get(20)
-=> ldap_bv2dn(cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(cn=group1,cn=thinclients,cn=dhcp config,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" 1 0    0 0 0
     filter: (objectClass=*)
     attrs:
-bdb_idl_fetch_key: %cn=group1,cn=thinclients,cn=dhcp config,dc=skole,dc=skolelinux,dc=no
 
-connection_get(19)
-=> ldap_bv2dn(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (associatedDomain=gateway.intern)
     attrs: dNSTTL aRecord nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-base_candidates: base: "dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" (0x0000003d)
 
-connection_get(17)
-=> ldap_bv2dn(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (&(associatedDomain=gateway.intern)(sOARecord=*))
     attrs: SOARecord dNSTTL modifyTimestamp
-base_candidates: base: "dc=gateway,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" (0x0000003d)
-
-connection_get(18)
-=> ldap_bv2dn(dc=gateway,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=gateway,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(dc=gateway,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=gateway,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=gateway,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (associatedDomain=gateway.intern.intern)
     attrs: dNSTTL aRecord nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
@@ -964,61 +1064,19 @@ connection_get(17)
 SRCH "dc=uk,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (&(associatedDomain=uk)(sOARecord=*))
     attrs: SOARecord dNSTTL modifyTimestamp
-send_ldap_result: err=10 matched="ou=hosts,dc=skole,dc=skolelinux,dc=no" text=""
-connection_get(18)
-=> ldap_bv2dn(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (associatedDomain=tjener.intern)
     attrs: dNSTTL aRecord nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-base_candidates: base: "dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" (0x0000003c)
 
-connection_get(18)
-=> ldap_bv2dn(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (&(associatedDomain=tjener.intern)(sOARecord=*))
     attrs: SOARecord dNSTTL modifyTimestamp
-base_candidates: base: "dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" (0x0000003c)
-
-connection_get(18)
-=> ldap_bv2dn(dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-SRCH "dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
-    filter: (&(associatedDomain=intern)(sOARecord=*))
-    attrs: SOARecord dNSTTL modifyTimestamp
-
-
 
-
-<= ldap_bv2dn(dc=tjener,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=tjener,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=tjener,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=tjener,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (associatedDomain=tjener.intern.intern)
     attrs: dNSTTL aRecord nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-send_ldap_result: err=10 matched="dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" text=""
-
-=> ldap_bv2dn(dc=*,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no,0)
-<= ldap_bv2dn(dc=*,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
-
-<= ldap_dn2bv(dc=*,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 
-<= ldap_dn2bv(dc=*,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no)=0 
 SRCH "dc=*,dc=intern,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no" 0 3    0 0 0
     filter: (associatedDomain=\2A.intern.intern)
     attrs: dNSTTL aRecord nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp