ldap2dns/FAQ

1) Where can I find a web interface?
2005-06-06 bklang

The official web interface of ldap2dns is "Beatnik."  Beatnik is a module for
the Horde framework (http://www.horde.org).  Beatnik is actively developed and
should be ready for release soon.  Early adopters are encouraged to checkout
the code from SVN trunk.  The author uses Beatnik productively today.

See http://projects.alkaloid.net for more information.


2) What happened to the webadmin directory?

2005-12-22 bklang
** See security note at the end of this section regarding the old webadmin **

I have deprecated that code in favor of another project I am working on.  It
is called Beatnik and is a Horde framework module.  The status of the webadmin
code was unclear and I was not willing to support it so I deprecated it.  I 
left it as part of the tarball release and in version control in case others
out there felt differently and/or it ever needed to be modified or even revived.

As far as I'm concerned you are welcome to use it but consequently are on your
own.  You might also contact the author, Jacob Rief (jacob.rief@tiscover.com)
for more information but he is no longer interested in maintaing this work
so do not depend on him.

During a routine code audit on the ldap2dns sources a number of potential LDAP
injection vulnerabilities were discovered.  Since this code is deprecated no
attempt to correct these flaws has been made. 


IF YOU CHOOSE TO RUN THE DEPRECATED WEBADMIN SOFTWARE:  Please take all
necessary steps to secure your environment.  The author of this package takes no
responsibility for any problems related to the flawed webadmin code.

Thanks to Erik Cabetas for bringing these issues to my attention.


3) Why have you deprecated all that code?

2005-12-07 bklang
This is partially answered above, but to fully answer the question it's not
any comment or criticism of the original author.  Really it is just code that
appears to me to be somewhat extraneous to what I consider to be the core
functionality of ldap2dns.  That combined with my desire to focus on the core
functionality and not maintain this other work leads me to note the status of
that code to others who may use this package.  The code may or may not work;
you are entirely on your own.  If demand is sufficient some parts may come back
into the main tarball.  However for now I leave it there in case anyone out
there wants it.  It is unmaintained (at least by me) and should not be
considered stable or even working unless you audit it yourself.
You have been warned. Caveat emptor.


# $Id$

-- Old FAQ entry below (meaning is unclear to me -- 2005/12/07 bklang --

From: Steven Dossett <sdossett@panath.com>
Right after I mailed you, I patched the schema :)
I moved from IA5 Strings to Numeric Strings in that section of the schema:

attributetype ( 1.3.6.1.4.1.7222.1.4.12
        NAME 'dnsipaddr'
        EQUALITY numericStringMatch
        SUBSTR numericStringSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )

attributetype ( 1.3.6.1.4.1.7222.1.4.13
        NAME 'dnscipaddr'
        EQUALITY numericStringMatch
        SUBSTR numericStringSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )

Thanks for the quick reply. Take care.