Sharma, Ramakant 2. (Nokia - IN/Bangalore) wrote: > Hi Howard, > > Please provide your valuable comments. > > Can we start implementation with the proposed design?
Yes this sounds fine to me. I'm guessing no one else on the list has any comments at this point. > > BR, > Ramakant Sharma > > -----Original Message----- > From: Sharma, Ramakant 2. (Nokia - IN/Bangalore) > Sent: Wednesday, October 10, 2018 2:21 PM > To: 'h...@symas.com' <h...@symas.com>; 'openldap-devel@openldap.org' > <openldap-devel@openldap.org> > Cc: Singam, Sudhir (Nokia - IN/Bangalore) <sudhir.sin...@nokia.com> > Subject: RE: Regarding the feature to introduce new LDAP option to set source > bind IP address > > Hi Howard, > >>> Not sure I understand the value of a list of multiple addresses here. > > [Ramakant]: Yes you are right that there is no use case for multiple IPv4 or > multiple IPv6 address setting for an LDAP client. The list can have only one > IPv4 and one IPv6. LDAP client will chose either IPv4 or IPv6 address for > binding, based on the target address type. > >>> Seems like these should be char* arrays, especially since we already have >>> str2charray(). > [Ramakant]: Modified as per comment and now only one variable will hold both > IPv4 and IPv6. > >>> What specific LDAP API error code will be returned in each instance? > [Ramakant]: We are planning to re-use " LDAP_CONNECT_ERROR ". > > Please find the update content here after above comments. > > " > *Requirement:* > > User shall be able to set IPv4/IPv6 socket bind address to be able to route > the LDAP traffic via desired network interface. Based on the target IP > address type, matching IP address will be picked for explicit binding*//**at > client side*. > > *Work items:* > 1. *LDAP option to set the IPv4/IPv6 socket bind addresses.* > /Format: space separated list of IP addresses/ > > New configuration option LDAP_OPT_SOCKET_BIND_ADDRESSES (0x5013) will be > introduced (in ldap.h) to be used via ldap_set_option. > > For example, > > char* p = "10.24.56.34 2001:0db8:85a3:0000:0000:8a2e:0370:7334"; > ldap_set_option(NULL, LDAP_OPT_SOCKET_BIND_ADDRESSES, p); > > Bind addresses can also be provided in ldap.conf file via the option > "SOCKET_BIND_ADDRESSES" > > Valid examples: > > SOCKET_BIND_ADDRESSES 10.24.56.45 2001:0db8:85a3:0000:0000:8a2e:0370:7334 > SOCKET_BIND_ADDRESSES 10.24.56.45 > SOCKET_BIND_ADDRESSES 2001:0db8:85a3:0000:0000:8a2e:0370:7334 > SOCKET_BIND_ADDRESSES 2001:0db8:85a3:0000:0000:8a2e:0370:7334 10.24.56.45 > > Invalid examples: > SOCKET_BIND_ADDRESSES 2001:0db8:85a3:0000:0000:8a2e:0370:7334 > 2001:0db8:85a3:0000:0000:8a2e:0370:7335 > SOCKET_BIND_ADDRESSES 10.24.56.45 10.24.56.47 > > Note : > Option set to ldap handle will override the global option. > Setting the option multiple times will override the previous values > but does not append. > > 2. *Parsing & validations* > > Space separated IP addresses will be parsed & validated. > Basic syntax validation will be done for IPv4 or IPv6 addresses, if any > error, setting of the option will fail and LDAP client will use the default > IP address or previously successfully validated IP addresses provided by set > option. > If multiple IPv4 or multiple IPv6 address is set, validation will fail. > > "ldapoptions" structure in ldap-int.h will be modified to add new variable > to hold given IPv4 and IPv6 address. > char** ldo_local_IP_addresses > > Any new function /ldap_options_parseBindAddress() will be introduced in > options.c to parse, validate and store the IP address to " > ldo_local_IP_addresses" variable. This function will be similar to > ldap_url_parseHosts. > If parseBindAddress() fails to parse & validate the addresses successfully > then previously set IP address will not be overwritten. If there were no > previous address then default kernel address will be used during connection. > > 3. *Using Bind IP addresses during connection* > > File:os-ip.c > Function: ldap_connect_to_host > - After the connection socket is created (ldap_int_socket) and before it is > connected (ldap_pvt_connect). > Check if the target address family type, *I*f it is AF_INET, IPv4 bind > - If the list is empty means there were no addresses provided from user, > then default kernel provided address will be used for binding the interface. > - If the list is not empty and not able to bind to provided IPv4 address, > connection will fail> > - if the list is not empty and it just contains IPV6 address then default > kernel provided IPv4 address will be used for binding the interface. > If it is AF_INET6, IPv6 bind address will be used from the list. > - If the list is not empty and not able to bind to provided IPv6 addresses, > connection will fail. > - if the list is not empty and it just contains IPV4 address then default > kernel provided IPv6 address will be used for binding the interface. > - If the list is empty then LDAP client will continue to use the kernel > provided IPv6 address. > > " > BR, > Ramakant Sharma > Technical Lead > Nokia Networks, Bangalore > > -----Original Message----- > From: Howard Chu <h...@symas.com> > Sent: Thursday, September 06, 2018 9:18 PM > To: Singam, Sudhir (Nokia - IN/Bangalore) <sudhir.sin...@nokia.com>; > 'openldap-devel@openldap.org' <openldap-devel@openldap.org> > Cc: Sharma, Ramakant 2. (Nokia - IN/Bangalore) <ramakant.2.sha...@nokia.com> > Subject: Re: Regarding the feature to introduce new LDAP option to set source > bind IP address > > Singam, Sudhir (Nokia - IN/Bangalore) wrote: >> Hi Howard, >> >> Any comments ?? > >> >> Hi, >> >> Can we go ahead and implement this ?? >> >> *Regards,* >> *Sudhir Singam* >> >> *DELIVERING BEST-IN-CLASS PLATFORM is our vision* >> >> >> _____________________________________________ >> *From:* Singam, Sudhir (Nokia - IN/Bangalore) >> *Sent:* Wednesday, August 08, 2018 8:48 AM >> *To:* _openldap-devel@openldap.org_ >> <mailto:openldap-devel@openldap.org> >> *Cc:* Sharma, Ramakant 2. (Nokia - IN/Bangalore) >> <_ramakant.2.sharma@nokia.com_ <mailto:ramakant.2.sha...@nokia.com>> >> *Subject:* Regarding the feature to introduce new LDAP option to set >> source bind IP address >> >> >> Hi, >> >> NOKIA has taken up this small feature for contribution. Previously patch was >> submitted via ITS#8847 but got rejected to take different approach. >> Now I have raised ITS#8893. We want to conclude on the approach before >> taking for implementation. Please kindly let us know if following approach >> is OK and if any comments. >> >> *Requirement:* >> >> User shall be able to set multiple IPv4/IPv6 socket bind addresses, to >> be able to route the LDAP traffic via desired network interface. Based on >> the target IP address type, first matching and valid source IP address will >> be picked for explicit binding*//**at client side*. > > Not sure I understand the value of a list of multiple addresses here. >> >> *Work items:* >> >> >> 1. *LDAP option to set the IPv4/IPv6 socket bind addresses.* >> >> /Format: space separated list of IP addresses/ >> >> New configuration option LDAP_OPT_SOCKET_BIND_ADDRESSES (0x5013) will be >> introduced (in ldap.h) to be used via ldap_set_option. >> >> For example, >> >> char* p = "10.24.56.34 2001:0db8:85a3:0000:0000:8a2e:0370:7334"; >> ldap_set_option(NULL, LDAP_OPT_SOCKET_BIND_ADDRESSES, p); >> >> Bind addresses can also be provided in ldap.conf file via the option >> "SOCKET_BIND_ADDRESSES", for example, >> >> SOCKET_BIND_ADDRESSES 10.24.56.45 10.24.56.46 >> 2001:0db8:85a3:0000:0000:8a2e:0370:7334 >> >> Note : >> Option set to ldap handle will override the global option. >> Setting the option multiple times will override the previous values >> but does not append. >> >> >> 2. *Parsing & validations* >> >> >> Space separated IP addresses will be parsed & validated. IPv4 and IPv6 >> addresses are stored separately for easy of access during connection. >> Basic syntax validation will be done for IPv4 or IPv6 addresses, if any >> error, setting of the option will fail and LDAP client will use the default >> IP address. >> >> "ldapoptions" structure in ldap-int.h will be modified to add new >> members "char *ldo_local_IPV4_addresses" -> to hold client local IPv4 >> bind addresses "char *ldo_local_IPV6_addresses" -> to hold client >> local IPv6 bind addresses > > Seems like these should be char* arrays, especially since we already have > str2charray(). > >> Any new function /ldap_options_parseBindAddress/ () will be introduced >> in options.c to parse, validate and store the IP addresses to respective >> variables. This function will be similar to ldap_url_parseHosts. >> >> Memory for ldo_local_IPV4_addresses & ldo_local_IPV6_addresses is >> dynamically allocated in the form of array for easy access. If any >> validation failure, no new memory will be allocated and existing values will >> be retained. >> >> >> 3. *Using Bind IP addresses during connection* >> >> >> File:os-ip.c >> Function: ldap_connect_to_host >> - After the connection socket is created (ldap_int_socket) and before it is >> connected (ldap_pvt_connect). >> Check if the target address family type, *I*f it is AF_INET, IPv4 bind >> address list will be used. >> - If the list is empty and LDAP option was set successfully earlier (IPv6 >> was set), binding will fail and error is returned. >> - If the list is not empty and not able to bind to any of the provided IPv4 >> addresses, connection will fail> - If the list is empty and LDAP option >> setting failed earlier (during syntax validation), LDAP client will continue >> to use the kernel provided IPv4 address. >> If it is AF_INET6, IPv6 bind address list will be used. >> - If the list is empty and LDAP option was set successfully earlier (IPv4 >> was set), binding will fail and error is returned. >> - If the list is not empty and not able to bind to any of the provided IPv6 >> addresses, connection will fail. >> - If the list is empty and LDAP option setting failed earlier (during syntax >> validation), LDAP client will continue to use the kernel provided IPv6 >> address. > > What specific LDAP API error code will be returned in each instance? > >> >> >> >> >> *Regards,* >> *Sudhir Singam* >> >> *DELIVERING BEST-IN-CLASS PLATFORM is our vision* >> >> >> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
