Singam, Sudhir (Nokia - IN/Bangalore) wrote: > Hi Howard, > > Any comments ??
> > Hi, > > Can we go ahead and implement this ?? > > *Regards,* > *Sudhir Singam* > > *DELIVERING BEST-IN-CLASS PLATFORM is our vision* > > > _____________________________________________ > *From:* Singam, Sudhir (Nokia - IN/Bangalore) > *Sent:* Wednesday, August 08, 2018 8:48 AM > *To:* _openldap-devel@openldap.org_ <mailto:openldap-devel@openldap.org> > *Cc:* Sharma, Ramakant 2. (Nokia - IN/Bangalore) > <_ramakant.2.sharma@nokia.com_ <mailto:ramakant.2.sha...@nokia.com>> > *Subject:* Regarding the feature to introduce new LDAP option to set source > bind IP address > > > Hi, > > NOKIA has taken up this small feature for contribution. Previously patch was > submitted via ITS#8847 but got rejected to take different approach. > Now I have raised ITS#8893. We want to conclude on the approach before taking > for implementation. Please kindly let us know if following approach is OK and > if > any comments. > > *Requirement:* > > User shall be able to set multiple IPv4/IPv6 socket bind addresses, to be > able to route the LDAP traffic via desired network interface. Based on the > target IP > address type, first matching and valid source IP address will be picked for > explicit binding*//**at client side*. Not sure I understand the value of a list of multiple addresses here. > > *Work items:* > > > 1. *LDAP option to set the IPv4/IPv6 socket bind addresses.* > > /Format: space separated list of IP addresses/ > > New configuration option LDAP_OPT_SOCKET_BIND_ADDRESSES (0x5013) will be > introduced (in ldap.h) to be used via ldap_set_option. > > For example, > > char* p = 10.24.56.34 2001:0db8:85a3:0000:0000:8a2e:0370:7334; > ldap_set_option(NULL, LDAP_OPT_SOCKET_BIND_ADDRESSES, p); > > Bind addresses can also be provided in ldap.conf file via the option > SOCKET_BIND_ADDRESSES, for example, > > SOCKET_BIND_ADDRESSES 10.24.56.45 10.24.56.46 > 2001:0db8:85a3:0000:0000:8a2e:0370:7334 > > Note : > Option set to ldap handle will override the global option. > Setting the option multiple times will override the previous values > but does not append. > > > 2. *Parsing & validations* > > > Space separated IP addresses will be parsed & validated. IPv4 and IPv6 > addresses are stored separately for easy of access during connection. > Basic syntax validation will be done for IPv4 or IPv6 addresses, if any > error, setting of the option will fail and LDAP client will use the default > IP address. > > ldapoptions structure in ldap-int.h will be modified to add new members > "char *ldo_local_IPV4_addresses" -> to hold client local IPv4 bind addresses > "char *ldo_local_IPV6_addresses" -> to hold client local IPv6 bind addresses Seems like these should be char* arrays, especially since we already have str2charray(). > Any new function /ldap_options_parseBindAddress/ () will be introduced in > options.c to parse, validate and store the IP addresses to respective > variables. This > function will be similar to ldap_url_parseHosts. > > Memory for ldo_local_IPV4_addresses & ldo_local_IPV6_addresses is dynamically > allocated in the form of array for easy access. If any validation failure, no > new > memory will be allocated and existing values will be retained. > > > 3. *Using Bind IP addresses during connection* > > > File:os-ip.c > Function: ldap_connect_to_host > - After the connection socket is created (ldap_int_socket) and before it is > connected (ldap_pvt_connect). > Check if the target address family type, > *I*f it is AF_INET, IPv4 bind address list will be used. > - If the list is empty and LDAP option was set successfully earlier (IPv6 was > set), binding will fail and error is returned. > - If the list is not empty and not able to bind to any of the provided IPv4 > addresses, connection will fail> - If the list is empty and LDAP option > setting failed earlier (during syntax validation), LDAP client will continue > to use the kernel provided IPv4 address. > If it is AF_INET6, IPv6 bind address list will be used. > - If the list is empty and LDAP option was set successfully earlier (IPv4 was > set), binding will fail and error is returned. > - If the list is not empty and not able to bind to any of the provided IPv6 > addresses, connection will fail. > - If the list is empty and LDAP option setting failed earlier (during syntax > validation), LDAP client will continue to use the kernel provided IPv6 > address. What specific LDAP API error code will be returned in each instance? > > > > > *Regards,* > *Sudhir Singam* > > *DELIVERING BEST-IN-CLASS PLATFORM is our vision* > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
