[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side
From: hyc@symas.com
Date: Sun, 06 May 2018 18:19:32 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

ryan@openldap.org wrote:
> On Sun, May 06, 2018 at 01:50:23PM +0000, arekkusu@r42.ch wrote:
>> Adding a source IP to an URI feels wrong to it.
>>
>> I have not read RFC dealing with URI, however having a quick look [1] seems to
>> indicate that using the at sign in this way is non-standard.
> 
> I agree. @ in URIs is already defined as separating credentials (or just
> username) from the host. I don't recall whether OpenLDAP supports that
> usage but in any case we shouldn't re-define it.

Agreed. URI syntax is pretty thoroughly specified in multiple RFCs, nobody can 
just arbitrarily decide to change it. And the point of a URI is that it is 
valid for a destination no matter who/where the source is.

This patch completely breaks the function and intent of URIs.

Closing this ITS.

> I believe ITS#8654 is about the same feature? That one implemented this
> by copying a Microsoft option, LDAP_OPT_SOCKET_BIND_ADDRESSES. I would
> think that's probably a better approach. Maybe you could pick up where
> the author of that one left off? He disappeared after posting his patch
> for review...
> 
> thanks
> Ryan
> 
> 
> 
> 


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8846) Patch to introduce new LDAP option to ignore hostname checking while verifying certificates in TLS mode
Next by Date: (ITS#8848) New LDAP URL syntax to support binding to specific IP address at client side
Index(es):
- Chronological
- Thread