[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side
From: arekkusu@r42.ch
Date: Sun, 06 May 2018 13:50:23 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Adding a source IP to an URI feels wrong to it.

I have not read RFC dealing with URI, however having a quick look [1] seems to
indicate that using the at sign in this way is non-standard.

Regardless of the syntax, I don't think a Uniform Resource Identifier is the
right place to add source IP information. An LDAP URI typically refer to a
(usually remote) LDAP server or servers. It's all about the destination.

A source IP is machine specific. I think a separate option would make more
sense. Any specific reason for wanting to add it in the URI?

I am not an OpenLDAP developer/contributor, this is just my opinion.

[1] https://en.wikipedia.org/wiki/Uniform_Resource_Identifier

On Sun, 2018-05-06 at 06:15 +0000, sudhir.singam@nokia.com wrote:
> Full_Name: Singam Sudhir Reddy
> Version: master branch
> OS: fedora
> URL: ftp://ftp.openldap.org/incoming/sudhirsingam-180505.patch
> Submission from: (NULL) (61.1.232.154)
> 
> 
> The attached file is derived from OpenLDAP Software. All of the modifications
> to
> OpenLDAP Software represented in the following patch(es) were developed by
> NOKIA. NOKIA has not assigned rights and/or interest in this work to any
> party.
> I, SINGAM SUDHIR REDDY authorized by NOKIA, my employer, to release this work
> under the following terms.
> 
> NOKIA hereby place the following modifications to OpenLDAP Software (and only
> these modifications) into the public domain. Hence, these modifications may be
> freely used and/or redistributed for any purpose with or without attribution
> and/or other notice.
> 
> ****
> 
> Description:
> 
> Currently when using the openldap client and try to connect to LDAP server
> using
> LDAP URL, client automatically binds to an IP address returned by kernel.
> 
> For example, in the below usage, client automatically binds to an IP address
> returned by kernel.
> 
> ldapsearch -H ldap://10.63.57.239:389 D "uid=admin, ou=administrators,
> ou=topologymanagement, o=netscaperoot" -x -w admin -b "uid=baha, ou=people,
> ou=accounts, ou=region-911080, ou=regions, ou=netact, dc=noklab, dc=net,
> dc=localdomain"
> 
> But if we want to route the traffic on a specific interface/IP address,
> currently there is no provision. And the idea or enhancement is to introduce
> such provision by giving source bind IP address in the URL in the following
> format.
> 
> ldap://TARGET-IP-ADDRESS@SOURCE-BIND-IP-ADDRESS:PORT
> 
> For example,
> 
> ldapsearch -H ldap://10.63.57.239@10.37.220.9:389 D "uid=admin,
> ou=administrators, ou=topologymanagement, o=netscaperoot" -x -w admin -b
> "uid=baha, ou=people, ou=accounts, ou=region-911080, ou=regions, ou=netact,
> dc=noklab, dc=net, dc=localdomain"
> 
> Note this feature is backward compatible, that is, it is optional to provide
> source bind IP address in the URL.
> 
> This feature also supports IPV6 addresses.
> 
>

Prev by Date: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side
Next by Date: Re: (ITS#8847) New LDAP URL syntax to support binding to specific IP address at client side
Index(es):
- Chronological
- Thread