Paul B. Henson wrote: > So management is insisting that we migrate our openLDAP systems from on > premise into the cloud <sigh>. Specifically, AWS behind one of their load > balancers. > > However, we currently rely upon some level of IP address based access control > to distinguish between on-campus and off-campus clients. The Amazon load > balancers > do client NAT, so the back end servers have no idea who is connecting at the > TCP/IP level. > > They do support the haproxy in band protocol for supplying this information > from the load balancer to the server, but that requires specific support from > the > server to do. I don't see any such support in openldap or any evidence of > past discussion regarding it. > > Is this something that would be considered as a possible feature to be > included at some point, or something not desired as part of the code base?
Depends on what that feature actually looks like. Feel free to submit a proposal on the -devel mailing list, including background info on what HAproxy protocol looks like, and what exact behaviors you want it to provide. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
