[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4707) patch: option to bind client socket to an address

On Wed, Oct 18, 2006 at 12:23:03PM -0700, Kurt D. Zeilenga wrote:
> At 12:12 PM 10/18/2006, hyc@symas.com wrote:
> >rtsai@ironport.com wrote:
> >> Full_Name: Robert Tsai
> >> Version: 2.3.27
> >> OS: FreeBSD 6.1-RELEASE
> >> URL: ftp://ftp.openldap.org/incoming/openldap-2.3.27-bindaddr.patch.txt
> >> Submission from: (NULL) (
> >> 
> >> This is a patch that provides a mechanism to bind the LDAP client
> >> connection to a desired address via ldap_set_option(...,
> >> LDAP_OPT_BINDADDR). This call saves some state which is then used
> >> by ldap_int_prepare_socket to bind the socket before opening a
> >> connection to the LDAP server.
> >
> >I can't think of any good reason to need such a feature. Can you
> >give some background on why anyone would use it?
> I can see a few cases where a client might want to bind the local
> address, for instance, to ensure use of a particular network
> interface.

Yes, this was the need addressed by the patch. The client host has two
interfaces to two separate networks.

We could have simply configured a host route to the LDAP server, but
that would have been too coarse-grained (all traffic, instead of just
the LDAP traffic).

> However, my concern with patch is one of the approach taken to
> accommodate this binding.  I'm thinking it might be better to
> provide an alternative to ldap_initialize(3) which takes a connected
> descriptor instead of a URL.  Then calling program can do whatever
> it pleases before its used by slapd(8).

That would probably work for me. Contributing from the "outside", I
was hesitant to propose adding another interface into the library, so
I just crammed it into ldap_set_option :).

Robert Tsai | IronPort Systems | http://www.ironport.com/ | 650-989-2063