[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side
- From: hyc@symas.com
- Date: Tue, 11 Dec 2018 12:13:32 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Sharma, Ramakant 2. (Nokia - IN/Bangalore) wrote:
>>> The work of parse_and_validate is wasted since you call inet_pton bot=
h for
>>>validating and for using the result later. You should simply save the =
IPv4 and IPv6 binary
>>>addresses when the validation succeeds. There should be no get_IPvX_fr=
om_lst() functions
>>>at all.
>=20
> I am bit confused regarding this point.
>=20
> The intent of parse_and_validate_sourceip() is to set only valid intern=
et address=A0 to=A0 "ldo_local_IP_addresses" so that we don=92t overwrite
> =93ldo_local_IP_addresses=94 in case user provides some invalid address=
es either from ldap.conf or from application.
Sure, the validation step is required. The result of validation is either=
a struct in_addr or a struct in6_addr.
You should simply store them directly in the ldapoptions struct. Maybe ad=
d a flag to tell that each one has been set.
> Now during connect, the need is to get either IPv4 or IPv6 internet add=
ress based on target LDAP server's address family type. So, once it is kn=
own that target
> LDAP server is using IPv4 or IPv6. Code will fetch the related configur=
ed bind IP from "ldo_local_IP_addresses".
Yes. All that should be required here is to fetch the struct in_addr or i=
n6_addr value accordingly.
>=20
> Since at this step we are not sure at which index the related bind IP i=
s present so, I used inet_pton call to get the matching internet bind IP =
(internet
> address) from the list (intent was not to use binary address)
This is stupid and wasted work.
> If the concern is to avoid inet_pton call at this stage then, I can use=
"." to search IPv4 and ":" to search IPv6 address in respective getters =
(because we
> already know that at this stage the fetched IP will always be valid)
This is stupid and wasted work.
> Kindly let me know your opinion.
>=20
> =A0
>=20
> BR,
>=20
> Ramakant Sharma
>=20
> Senior R&D Engineer
>=20
> Nokia Networks, Bangalore
>=20
> =A0
>=20
--=20
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/