So management is insisting that we migrate our openLDAP systems from on
premise into the cloud <sigh>. Specifically, AWS behind one of their
load balancers.
However, we currently rely upon some level of IP address based access
control to distinguish between on-campus and off-campus clients. The
Amazon load balancers do client NAT, so the back end servers have no
idea who is connecting at the TCP/IP level.
They do support the haproxy in band protocol for supplying this
information from the load balancer to the server, but that requires
specific support from the server to do. I don't see any such support in
openldap or any evidence of past discussion regarding it.
Is this something that would be considered as a possible feature to be
included at some point, or something not desired as part of the code base?
Thanks...
- HAProxy protocol support? Paul B. Henson
-
