Hi Howard,   Any comments ??

  Hi,   Can we go ahead and implement this ??   *Regards,* *Sudhir Singam*   *DELIVERING BEST-IN-CLASS PLATFORM is our vision*     _____________________________________________ *From:* Singam, Sudhir (Nokia - IN/Bangalore) *Sent:* Wednesday, August 08, 2018 8:48 AM *To:* _openldap-devel(a)openldap.org_ <mailto:openldap-devel@openldap.org> *Cc:* Sharma, Ramakant 2. (Nokia - IN/Bangalore) <_ramakant.2.sharma(a)nokia.com_ <mailto:ramakant.2.sharma@nokia.com>> *Subject:* Regarding the feature to introduce new LDAP option to set source bind IP address     Hi,   NOKIA has taken up this small feature for contribution. Previously patch was submitted via ITS#8847 but got rejected to take different approach. Now I have raised ITS#8893. We want to conclude on the approach before taking for implementation. Please kindly let us know if following approach is OK and if any comments.   *Requirement:*   User shall be able to set multiple IPv4/IPv6 socket bind addresses, to be able to route the LDAP traffic via desired network interface. Based on the target IP address type, first matching and valid source IP address will be picked for explicit binding*//**at client side*.

  *Work items:*   1. *LDAP option to set the IPv4/IPv6 socket bind addresses.* /Format: space separated list of IP addresses/   New configuration option LDAP_OPT_SOCKET_BIND_ADDRESSES (0x5013) will be introduced (in ldap.h) to be used via ldap_set_option.   For example,   char* p = “10.24.56.34 2001:0db8:85a3:0000:0000:8a2e:0370:7334”; ldap_set_option(NULL, LDAP_OPT_SOCKET_BIND_ADDRESSES, p);   Bind addresses can also be provided in ldap.conf file via the option “SOCKET_BIND_ADDRESSES”, for example,   SOCKET_BIND_ADDRESSES 10.24.56.45 10.24.56.46 2001:0db8:85a3:0000:0000:8a2e:0370:7334           Note :         Option set to ldap handle will override the global option.         Setting the option multiple times will override the previous values but does not append.   2. *Parsing & validations*   Space separated IP addresses will be parsed & validated. IPv4 and IPv6 addresses are stored separately for easy of access during connection. Basic syntax validation will be done for IPv4 or IPv6 addresses, if any error, setting of the option will fail and LDAP client will use the default IP address.   “ldapoptions” structure in ldap-int.h will be modified to add new members "char *ldo_local_IPV4_addresses" -> to hold client local IPv4 bind addresses "char *ldo_local_IPV6_addresses" -> to hold client local IPv6 bind addresses

Any new function /ldap_options_parseBindAddress/ () will be introduced in options.c to parse, validate and store the IP addresses to respective variables. This function will be similar to ldap_url_parseHosts.   Memory for ldo_local_IPV4_addresses & ldo_local_IPV6_addresses is dynamically allocated in the form of array for easy access. If any validation failure, no new memory will be allocated and existing values will be retained.   3. *Using Bind IP addresses during connection*   File:os-ip.c Function: ldap_connect_to_host - After the connection socket is created (ldap_int_socket) and before it is connected (ldap_pvt_connect). Check if the target address family type, *I*f it is AF_INET, IPv4 bind address list will be used. - If the list is empty and LDAP option was set successfully earlier (IPv6 was set), binding will fail and error is returned. - If the list is not empty and not able to bind to any of the provided IPv4 addresses, connection will fail> - If the list is empty and LDAP option setting failed earlier (during syntax validation), LDAP client will continue to use the kernel provided IPv4 address. If it is AF_INET6, IPv6 bind address list will be used. - If the list is empty and LDAP option was set successfully earlier (IPv4 was set), binding will fail and error is returned. - If the list is not empty and not able to bind to any of the provided IPv6 addresses, connection will fail. - If the list is empty and LDAP option setting failed earlier (during syntax validation), LDAP client will continue to use the kernel provided IPv6 address.

        *Regards,* *Sudhir Singam*   *DELIVERING BEST-IN-CLASS PLATFORM is our vision*