Hi,
I would like to know is there any support for passing vrf-id to openldap library ?
Thanks, Smitha
tishamol@gmail.com wrote:
Hi,
I would like to know is there any support for passing vrf-id to openldap library ?
VRF in OpenLDAP means ValueReturnFilter, which has been supported for years. Look at the ldapsearch(1) manpage, or read the ldapsearch source code.
Thanks, Smitha
Hi Howard,
Sorry for the confusion. I meant virtual routing and forwarding(VRF), where in we will have to bind the socket to a particular vrf-id when connecting to ldap-server.
Thanks, Smitha
tishamol@gmail.com wrote:
Hi Howard,
Sorry for the confusion. I meant virtual routing and forwarding(VRF), where in we will have to bind the socket to a particular vrf-id when connecting to ldap-server.
In Linux you must explicitly bind a socket to a VRF, as doc'd here
https://docs.kernel.org/networking/vrf.html
After you've bound your socket, you can give it to libldap with ldap_init_fd() and then use it normally thereafter.
Thanks, Smitha
Hi Howard,
Old code was like this 1: ldap_initialize() 2: ldap_start_tls_s()
To use ldap_init_fd() code is modified as below 1: socket() 2: connect() 3: setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,(int *) vrfid, strlen(vrfid) + 1); 4: ldap_init_fd() 5: But ldap_start_tls_s() failes with error " Can't contact LDAP server"
Am i missing something in this flow?
Thanks, Smitha
It worked with the above changes. For ldaps i had to call ldap_install_tls (ld) as well .
Thanks, Smitha
openldap-technical@openldap.org
-
Howard Chu -
tishamol@gmail.com