54339 – UDM dns/ptr_record list --filter ip=xx.xx.xx.xx do not work

Bug 54339 - UDM dns/ptr_record list --filter ip=xx.xx.xx.xx do not work

Summary: UDM dns/ptr_record list --filter ip=xx.xx.xx.xx do not work

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	UDM - CLI
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 5.0-7-errata
Assignee:	Marius Meschter
QA Contact:	Felix Botner

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:

Reported:	2022-01-14 14:11 CET by Dirk Schnick
Modified:	2024-05-08 12:37 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022010521000284
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
patch (https://git.knut.univention.de/univention/ucs/-/merge_requests/242) (2.49 KB, patch) 2022-01-14 15:06 CET, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 2 Florian Best

2022-01-14 15:06:59 CET

Created attachment 10903 [details]
patch (https://git.knut.univention.de/univention/ucs/-/merge_requests/242)

(In reply to Dirk Schnick from comment #0)
> A customer complained that the udm dns/ptr_record filter is not working if
> ip is used. A filter on address works:
> 
> root@dc0:~ # udm dns/ptr_record list --filter address=173
> address=173
> DN:
> relativeDomainName=173,zoneName=59.200.10.in-addr.arpa,cn=dns,
> dc=intranet
>   address: 173
>   ip: 10.200.59.173
>   ptr_record: xxx.intranet.
> 
> root@dc0:~ # udm dns/ptr_record list --filter ip=10.200.59.173
> ip=10.200.59.173

The property "ip" of a dns/ptr_record is not part of the mapping and therefore not evaluated in a filter.
Therefor the filter needs to be manually rewritten in the UDM module.

This is not quite easy as the IP address is not part of the dns/ptr_records LDAP attributes - only the address (relativeDomainName) and the subnet reverse address (zoneName). The IP is constructed virtually.

So we have to search for the host parts of the given IP address only in the reverse zones matching the subnet.
But we don't know the subnet - the IP address in your filter doesn't contain a subnet mask.

And in real life there could be more subnet masks as the common /8 and /16 and /24 and 32.
We could search for every possible combination - but this would be a large LDAP filter.

A search filter for the subnet might be constructed like:

# univention-ldapsearch -LLL '(&(relativeDomainName=42)(zoneName=8.9.11.in-addr.arpa))' dn
dn: relativeDomainName=42,zoneName=8.9.11.in-addr.arpa,cn=dns,l=school,l=dev

Attached is a patch which works for IPv4 with 8, 16, and 24-er netmask.

Comment 3 Marius Meschter

2024-05-03 09:27:57 CEST

univention-directory-manager-modules.yaml
544d2174bc39 | Bug #54339: allow to search for dns/ptr_record ip=$address

univention-directory-manager-modules (15.0.26-9)
544d2174bc39 | Bug #54339: allow to search for dns/ptr_record ip=$address

ucs-test (10.0.21-39)
2e26b11ef987 | test(udm): added tests for new UDM CLI filtering

Comment 4 Julia Bremer

2024-05-07 10:31:54 CEST

~OK: Works for some IP addresses (Ipv4) 
OK: Jenkins
OK: YAML
Verified

Comment 5 Iván.Delgado

2024-05-08 12:37:58 CEST

<https://errata.software-univention.de/#/?erratum=5.0x1038>