https://bugs.openldap.org/show_bug.cgi?id=9655
Issue ID: 9655
Summary: Expose the SNI hostname to olcAccess
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Since OpenLDAP now supports SNI, it apparently knows to which Host the client
has connected, when the server is reachable under many names.
• Expose the negotiated hostname to oclAccess and provide example how to limit
the namingContext on the root DSE based on the requested host
Rationale: HTTP servers offer the concept of virtual domains, where they serve
different content behind the same IP, based on the Host: header. I want to
offer public, anonymous LDAP access, but the returned results shall be
completely different, and depend on the contacted host. The statements in the
<WHO> field peername=<peername>, sockname=<sockname>, domain=<domain>, and
sockurl=<sockurl> are evaluated only based on the contacting system (do not
depend on the requested domain). (Maybe the “contacting sockurl” can do this,
but this is not very clear from the documentation). So they serve similar
purpose, but ignore SNI.
--
You are receiving this mail because:
You are on the CC list for the issue.
