[Date Prev][Date Next] [Chronological] [Thread] [Top]

Client IP in Loadbalanced configuration

To: <openldap-technical@openldap.org>
Subject: Client IP in Loadbalanced configuration
From: Pascal kolijn <p.kolijn@vu.nl>
Date: Fri, 6 Jul 2018 10:37:01 +0200
Autocrypt: addr=p.kolijn@vu.nl; prefer-encrypt=mutual; keydata= xsDiBD7u/YARBACPxgiv9Q+gelwbQYq65tlRIt0ZPNX7gXBXj7mt504JxQFoMqLwRiKOokMi Zi52BH13QpdQNiHBCQQs9kV+V6hepI1ECzejU2JViJr6g+Y2aryg3fmuJjIpEhON79pTrPQz +F7bB2Wzby129sy89BfqSgTwz7P775PrOIfb+GZyswCgj0sT0sQlkk26TbAngbL4RyVbrUkD /3ROErRfLnsmi/8YZhxI9lnYEXH+TdqDR8ilwcwYG+G177kUJN4vqCyC2jBaOnouMFEr8lub 2s5hwvwR/QtWybewV/4wjZsOroeMZucazK7gmjbgFchynDRxOs7qj406UkcR+9q60cwcwmnv JhiPw9nERmTPIzonS5P2qeYPkAcWBACH3FRp4oMtimh3vtngnvFAs9Lm0n+VuiY2myOrdjks yKzP0QUwmAeKLCITWGp1tyF+4HPMVoW0lhuX/icYmpKStVkfesdu7OSKxznoiU6Fw2XPgz3/ aL7jOg7PFMsETX6R/4iOvhk60vP0dgjdQEF7LodMjE6IXiF/YhRiKSu9Is0fUGFzY2FsIEtv bGlqbiA8cGFzY2FsQGl0LnZ1Lm5sPsJZBBMRAgAZBQI+7v2ABAsHAwIDFQIDAxYCAQIeAQIX gAAKCRAOTdyiSKRsOKNpAJ42TcUtdoJyMj50vdvynEqfJgUfcwCeOUG64hefrWMp5ZUg2ImO ZouIAmXOwE0EPu79gRAEAIranhz4nyg8GzqW9nEcYVKHn5S9HSTfDCjRty4xQPKvnBOtZePe o73Y6o20z1s0ZrNw18xz1uZQGOyO+KOv2fL1iZzUiMK+RNF8n/8sNI4OD72zCkVgY5X+TnZi FuPaj8ey2vn6uA3PfCGMpwTCuIU6C+dPlT5otVXvXka28gOXAAMFA/9X67LmGpHgqSr0RyY9 5n/hlfI2QSbJb+CuYfknSrSn8fo0iR40SMz3XOFfSNd4pxhygltVMVcZXCw6omiFFNONU+cR tEVGqhWp06Kvju5yH70oUnrxXp9F+J6zOwY+LaNwFQ755yYncr2j3Osxg2hV2SQHJGomYTXl zKxho9+kbcJGBBgRAgAGBQI+7v2BAAoJEA5N3KJIpGw4LeEAmgPO30f2e6IbCDvxmmRm4PaQ atxpAJoD37aepIENHYTxBv/iGuP/GhsjBw==
Openpgp: preference=signencrypt
Organization: Vrije Universiteit Amsterdam
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0

List,

I have a haproxy loadbalanced ldap service. I would like to see the
'original' client IP in the openldapserver log files, because now I only
see the haproxies IP addresses for all sessions.

I understand that haproxy has a 'feature' called the PROXY protocol
[https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt] that adds
the original IP as metadata somewhere in the request, I had hopes that
this would work with openldap >= 2.3, because they tested such a PROXY
protocol signature packet. But it is not, yet(?), implemented in openldap.

I also understand that the slapd-ldap backend has a option called
session-tracking-request so some serverside/backend side stuff seems to
be available somewhere in openldap..

So any pointers or tips to achieve this, or use a different setup?

--
Pascal Kolijn
Vrije Universiteit Amsterdam

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Client IP in Loadbalanced configuration
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: permissions replication
Next by Date: slapd crashes on startup
Index(es):
- Chronological
- Thread