>> "Dr. Ogg" <ogg(a)sr375.com> schrieb am
18.11.2020 um 17:55 in Nachricht
From: Howard Chu <hyc(a)symas.com>
Date: Wednesday, November 18, 2020 at 8:51 AM
To: Paul B. Henson <henson(a)acm.org>, openldap‑technical(a)openldap.org
Subject: Re: HAProxy protocol support?
Paul B. Henson wrote:
> So management is insisting that we migrate our openLDAP systems from on
premise into the cloud <sigh>. Specifically, AWS behind one of their load
> However, we currently rely upon some level of IP address based access
control to distinguish between on‑campus and off‑campus clients. The Amazon
> do client NAT, so the back end servers have no idea who is connecting at
> They do support the haproxy in band protocol for supplying this information
from the load balancer to the server, but that requires specific
> server to do. I don't see any such support in openldap or any evidence of
past discussion regarding it.
> Is this something that would be considered as a possible feature to be
included at some point, or something not desired as part of the code base?
Depends on what that feature actually looks like. Feel free to submit a
on the ‑devel mailing list, including background info on what HAproxy
looks like, and what exact behaviors you want it to provide.
I wonder: Would it be possible to use a specific named bind for on-campus
hosts, and use the name used for binding to controll further access?
‑‑ Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/