https://bugs.openldap.org/show_bug.cgi?id=10387
Issue ID: 10387
Summary: Reverse lookup does not work for IPv6 addresses
proxied over IPv4
Product: OpenLDAP
Version: 2.6.10
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: +openldap(a)Eero.xn--Hkkinen-5wa.fi
Target Milestone: ---
I have an IPv4/IPv6 reverse proxy server which listens for ldap[s]://
connections and forwards them using the proxy procotol to an IPv4-only slapd
server which listens for pldap[s]:// connections. The slapd server has the
global olcReverseLookup setting set to TRUE.
The reverse lookup works as expected if an LDAP client connects to the reverse
proxy using IPv4. However, if the LDAP client connects to the reverse proxy
using IPv6, the reverse lookup does not work.
The slap_listener function in the servers/slapd/daemon.c file accepts a
connection
(https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_10/s…).
Because the reverse proxy connects to the slapd server using the proxy protocol
over IPv4, this fills the from variable with an IPv4 address and sets the len
variable to the size of the struct sockaddr_in. This is correct.
The slap_listener function detects that the connection is proxied
(https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_10/s…)
and uses the proxyp function to get the address of the LDAP client. This fills
the from variable with an IPv4 or an IPv6 address (depending on whether the
LDAP client used IPv4 or IPv6 to connect the reverse proxy) but does not update
the len variable.
The slap_listener function detects that reverse lookup is to be used
(https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_10/s…)
and used the ldap_pvt_get_hname function to get the reverse name
(https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_10/s…)
passing the address of the from variable, which may contain either an IPv4 or
an IPv6 address, and the value of the len variable, which is equal to the size
of the struct sockaddr_in. This is correct for IPv4 but not for IPv6.
Either the slap_listener function or the proxyp function should update the
value of the len variable.
--
You are receiving this mail because:
You are on the CC list for the issue.