Full_Name: sudhir reddy singam Version: master branch OS: fedora URL: Submission from: (NULL) (131.228.66.13) The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by NOKIA. NOKIA has not assigned rights and/or interest in this work to any party. I, SINGAM SUDHIR REDDY authorized by NOKIA, my employer, to release this work under the following terms. NOKIA hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. **** Description: This is continuation to ITS#8847. NOKIA has decided to contribute on this small feature, that is, providing new LDAP option to be able to set the source bind IP address at openldap client side. Following are the design details of what we are planning to do. Please provide your comments for the design, so that we can proceed with the implementation. Details: Requirement: User shall be able to set multiple IPv4/IPv6 socket bind addresses, to be able to route the LDAP traffic via desired network interface. Based on the target IP address type, first matching and valid source IP address will be picked for explicit binding at client side. Work items: 1) LDAP option to set the IPv4/IPv6 socket bind addresses. Format: space separated list of IP addresses New configuration option LDAP_OPT_SOCKET_BIND_ADDRESSES (0x5013) will be introduced (in ldap.h) to be used via ldap_set_option. For example, char* p = �10.24.56.34 2001:0db8:85a3:0000:0000:8a2e:0370:7334�; ldap_set_option(NULL, LDAP_OPT_SOCKET_BIND_ADDRESSES, p); Bind addresses can also be provided in ldap.conf file via the option �SOCKET_BIND_ADDRESSES�, for example, SOCKET_BIND_ADDRESSES 10.24.56.45 10.24.56.46 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Note : Option set to ldap handle will override the global option. Setting the option multiple times will override the previous values but does not append. 2) Parsing & validations Space separated IP addresses will be parsed & validated. IPv4 and IPv6 addresses are stored separately for easy of access during connection. Basic syntax validation will be done for IPv4 or IPv6 addresses, if any error, setting of the option will fail and LDAP client will use the default IP address. �ldapoptions� structure in ldap-int.h will be modified to add new members "char *ldo_local_IPV4_addresses" -> to hold client local IPv4 bind addresses "char *ldo_local_IPV6_addresses" -> to hold client local IPv6 bind addresses Any new function ldap_options_parseBindAddress () will be introduced in options.c to parse, validate and store the IP addresses to respective variables. This function will be similar to ldap_url_parseHosts. Memory for ldo_local_IPV4_addresses & ldo_local_IPV6_addresses is dynamically allocated in the form of array for easy access. If any validation failure, no new memory will be allocated and existing values will be retained. 3) Using Bind IP addresses during connection File:os-ip.c Function: ldap_connect_to_host - After the connection socket is created (ldap_int_socket) and before it is connected (ldap_pvt_connect). Check if the target address family type, If it is AF_INET, IPv4 bind address list will be used. - If the list is empty and LDAP option was set successfully earlier (IPv6 was set), binding will fail and error is returned. - If the list is not empty and not able to bind to any of the provided IPv4 addresses, connection will fail. - If the list is empty and LDAP option setting failed earlier (during syntax validation), LDAP client will continue to use the kernel provided IPv4 address. If it is AF_INET6, IPv6 bind address list will be used. - If the list is empty and LDAP option was set successfully earlier (IPv4 was set), binding will fail and error is returned. - If the list is not empty and not able to bind to any of the provided IPv6 addresses, connection will fail. - If the list is empty and LDAP option setting failed earlier (during syntax validation), LDAP client will continue to use the kernel provided IPv6 address.
--On Tuesday, August 07, 2018 5:33 AM +0000 sudhir.singam@gmail.com wrote: > Full_Name: sudhir reddy singam > Version: master branch > OS: fedora > URL: > Submission from: (NULL) (131.228.66.13) > > > > The attached file is derived from OpenLDAP Software. All of the > modifications to > OpenLDAP Software represented in the following patch(es) were developed by > NOKIA. NOKIA has not assigned rights and/or interest in this work to any > party. I, SINGAM SUDHIR REDDY authorized by NOKIA, my employer, to > release this work under the following terms. > > NOKIA hereby place the following modifications to OpenLDAP Software (and > only these modifications) into the public domain. Hence, these > modifications may be freely used and/or redistributed for any purpose > with or without attribution and/or other notice. > > **** Hello, There is no patch associated with this ITS. Can you please respond to this email and attach it? Thanks, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
changed notes
See also ITS#8654, ITS#8847, ITS#8930 Duplicate of ITS#8847
changed notes changed state Open to Closed
--On Saturday, November 17, 2018 12:14 AM +0000 quanah@symas.com wrote: > --On Tuesday, August 07, 2018 5:33 AM +0000 sudhir.singam@gmail.com wrote: > >> Full_Name: sudhir reddy singam >> Version: master branch >> OS: fedora >> URL: >> Submission from: (NULL) (131.228.66.13) Never mind, I see this is a duplicate of ITS#8847. Please do not file duplicate ITSes for the same issue. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
*** This issue has been marked as a duplicate of issue 8847 ***