Adding a source IP to an URI feels wrong to it.
I have not read RFC dealing with URI, however having a quick look [1] seems to indicate that using the at sign in this way is non-standard.
Regardless of the syntax, I don't think a Uniform Resource Identifier is the right place to add source IP information. An LDAP URI typically refer to a (usually remote) LDAP server or servers. It's all about the destination.
A source IP is machine specific. I think a separate option would make more sense. Any specific reason for wanting to add it in the URI?
I am not an OpenLDAP developer/contributor, this is just my opinion.
[1] https://en.wikipedia.org/wiki/Uniform_Resource_Identifier
On Sun, 2018-05-06 at 06:15 +0000, sudhir.singam@nokia.com wrote:
Full_Name: Singam Sudhir Reddy Version: master branch OS: fedora URL: ftp://ftp.openldap.org/incoming/sudhirsingam-180505.patch Submission from: (NULL) (61.1.232.154)
The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by NOKIA. NOKIA has not assigned rights and/or interest in this work to any party. I, SINGAM SUDHIR REDDY authorized by NOKIA, my employer, to release this work under the following terms.
NOKIA hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
Description:
Currently when using the openldap client and try to connect to LDAP server using LDAP URL, client automatically binds to an IP address returned by kernel.
For example, in the below usage, client automatically binds to an IP address returned by kernel.
ldapsearch -H ldap://10.63.57.239:389 D "uid=admin, ou=administrators, ou=topologymanagement, o=netscaperoot" -x -w admin -b "uid=baha, ou=people, ou=accounts, ou=region-911080, ou=regions, ou=netact, dc=noklab, dc=net, dc=localdomain"
But if we want to route the traffic on a specific interface/IP address, currently there is no provision. And the idea or enhancement is to introduce such provision by giving source bind IP address in the URL in the following format.
ldap://TARGET-IP-ADDRESS@SOURCE-BIND-IP-ADDRESS:PORT
For example,
ldapsearch -H ldap://10.63.57.239@10.37.220.9:389 D "uid=admin, ou=administrators, ou=topologymanagement, o=netscaperoot" -x -w admin -b "uid=baha, ou=people, ou=accounts, ou=region-911080, ou=regions, ou=netact, dc=noklab, dc=net, dc=localdomain"
Note this feature is backward compatible, that is, it is optional to provide source bind IP address in the URL.
This feature also supports IPV6 addresses.