[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: c_peer_name unavailable to CLDAP clients

To: Howard Chu <hyc@symas.com>
Subject: Re: c_peer_name unavailable to CLDAP clients
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 02 Sep 2004 15:02:41 -0700
Cc: lukeh@PADL.COM, openldap-devel@OpenLDAP.org
In-reply-to: <4136FC19.4060905@symas.com>
References: <200409010343.NAA20195@au.padl.com> <4136FC19.4060905@symas.com>

At 03:55 AM 9/2/2004, Howard Chu wrote:
>Luke Howard wrote:
>
>>Because connectionless clients share a single connection structure,
>>their address (ie.  the peer address) cannot be associated with a
>>connection. However, it would be useful to have the peer address
>>stored as part of the operation structure, so it can be made
>>available to SLAPI plugins.
>>
>>Thoughts?
>What exactly would you want to do with this information? Since the UDP transport has no integrity checking of any kind, and only anonymous requests are supported, I don't see that you can make any meaningful policy decisions here. The address is logged for informational purposes, but relying on it for anything else seems like a bad idea.

Might be useful for logging (and/or auditing) purposes.
(But I agree that they should not be relied on for
any non-informational purposes.)

References:
- c_peer_name unavailable to CLDAP clients
  - From: Luke Howard <lukeh@PADL.COM>
- Re: c_peer_name unavailable to CLDAP clients
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: leaks (was: releng plans)
Next by Date: Re: commit: ldap/servers/slapd/back-bdb dn2id.c
Index(es):
- Chronological
- Thread