From 1f8ab40fba40a59b0a7f58c659914d46dc6ef6aa Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Mon, 22 Sep 2014 10:25:35 +0000
Subject: [PATCH] Forward port OPENDJ-1565 CR-4564: Optionally bind to a local address
---
opendj3-server-dev/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java | 7 +
opendj3-server-dev/src/server/org/opends/server/replication/service/ReplicationBroker.java | 10 ++-
opendj3-server-dev/src/admin/messages/ReplicationDomainCfgDefn.properties | 3 +
opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml | 24 ++++++++
opendj3-server-dev/resource/schema/02-config.ldif | 14 +++-
opendj3-server-dev/src/server/org/opends/server/replication/server/ReplicationServer.java | 5 +
opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml | 27 ++++++++
opendj3-server-dev/src/admin/messages/ReplicationServerCfgDefn.properties | 3 +
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java | 7 ++
opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml | 26 ++++++++
opendj3-server-dev/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties | 3 +
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java | 7 ++
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java | 7 ++
13 files changed, 131 insertions(+), 12 deletions(-)
diff --git a/opendj3-server-dev/resource/schema/02-config.ldif b/opendj3-server-dev/resource/schema/02-config.ldif
index 5474a5a..f75575d 100644
--- a/opendj3-server-dev/resource/schema/02-config.ldif
+++ b/opendj3-server-dev/resource/schema/02-config.ldif
@@ -3783,6 +3783,11 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'OpenDJ Directory Server' )
+attributeTypes: ( 1.3.6.1.4.1.36733.2.1.1.143
+ NAME 'ds-cfg-source-address' EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN 'OpenDJ Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.1
NAME 'ds-cfg-access-control-handler'
SUP top
@@ -4412,7 +4417,8 @@
ds-cfg-conflicts-historical-purge-delay $
ds-cfg-changetime-heartbeat-interval $
ds-cfg-log-changenumber $
- ds-cfg-initialization-window-size )
+ ds-cfg-initialization-window-size $
+ ds-cfg-source-address )
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.58
NAME 'ds-cfg-length-based-password-validator'
@@ -4537,7 +4543,8 @@
ds-cfg-degraded-status-threshold $
ds-cfg-weight $
ds-cfg-monitoring-period $
- ds-cfg-compute-change-number )
+ ds-cfg-compute-change-number $
+ ds-cfg-source-address )
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.65
NAME 'ds-backup-directory'
@@ -5588,7 +5595,8 @@
ds-cfg-ssl-protocol $
ds-cfg-ssl-cipher-suite $
ds-cfg-cached-password-storage-scheme $
- ds-cfg-cached-password-ttl )
+ ds-cfg-cached-password-ttl $
+ ds-cfg-source-address )
X-ORIGIN 'OpenDJ Directory Server' )
objectClasses: ( 1.3.6.1.4.1.36733.2.1.2.5
NAME 'ds-cfg-attribute-cleanup-plugin'
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml
index 2eeda32..0f6fbfa 100644
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml
+++ b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml
@@ -22,7 +22,7 @@
! CDDL HEADER END
!
!
- ! Copyright 2011 ForgeRock AS
+ ! Copyright 2011-2014 ForgeRock AS
! -->
<adm:managed-object name="ldap-pass-through-authentication-policy"
plural-name="ldap-pass-through-authentication-policies" extends="authentication-policy"
@@ -184,6 +184,31 @@
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
<adm:property name="connection-timeout">
<adm:synopsis>
Specifies the timeout used when connecting to remote LDAP
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
index 5b6b5e5..155847a 100644
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
+++ b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2007-2010 Sun Microsystems, Inc.
- ! Portions Copyright 2011-2013 ForgeRock AS
+ ! Portions Copyright 2011-2014 ForgeRock AS
! -->
<adm:managed-object name="replication-domain"
plural-name="replication-domains"
@@ -103,6 +103,30 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
<adm:property name="base-dn" mandatory="true" read-only="true">
<adm:synopsis>
Specifies the base DN of the replicated data.
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
index f9f5904..177eeea 100644
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
+++ b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
@@ -75,6 +75,30 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
<adm:property name="replication-server-id" mandatory="true"
read-only="true">
<adm:synopsis>
diff --git a/opendj3-server-dev/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties b/opendj3-server-dev/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties
index 46b5baf..61dc284 100644
--- a/opendj3-server-dev/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties
+++ b/opendj3-server-dev/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties
@@ -35,6 +35,9 @@
property.secondary-remote-ldap-server.description=If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available.
property.secondary-remote-ldap-server.default-behavior.alias.synopsis=No secondary LDAP servers.
property.secondary-remote-ldap-server.syntax.string.pattern.synopsis=A host name followed by a ":" and a port number.
+property.source-address.synopsis=If specified, the server will bind to the address before connecting to the remote server.
+property.source-address.description=The address must be one assigned to an existing network interface.
+property.source-address.default-behavior.alias.synopsis=Let the server decide.
property.ssl-cipher-suite.synopsis=Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections.
property.ssl-cipher-suite.default-behavior.alias.synopsis=Uses the default set of SSL cipher suites provided by the server's JVM.
property.ssl-cipher-suite.requires-admin-action.synopsis=Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change.
diff --git a/opendj3-server-dev/src/admin/messages/ReplicationDomainCfgDefn.properties b/opendj3-server-dev/src/admin/messages/ReplicationDomainCfgDefn.properties
index 31b3f41..369a56f 100644
--- a/opendj3-server-dev/src/admin/messages/ReplicationDomainCfgDefn.properties
+++ b/opendj3-server-dev/src/admin/messages/ReplicationDomainCfgDefn.properties
@@ -40,6 +40,9 @@
property.server-id.description=Each directory server within the same Replication Domain must have a different server ID. A directory server which is a member of multiple Replication Domains may use the same server ID for each of its Replication Domain configurations.
property.solve-conflicts.synopsis=Indicates if this server solves conflict.
property.solve-conflicts.description=This boolean indicates if this domain keeps the historical information necessary to solve conflicts. When set to false the server will not maintain historical information and will therefore not be able to solve conflict. This should therefore be done only if the replication is used in a single master type of deployment.
+property.source-address.synopsis=If specified, the server will bind to the address before connecting to the remote server.
+property.source-address.description=The address must be one assigned to an existing network interface.
+property.source-address.default-behavior.alias.synopsis=Let the server decide.
property.window-size.synopsis=Specifies the window size that the directory server will use when communicating with Replication Servers.
property.window-size.description=This option may be deprecated and removed in future releases.
relation.external-changelog-domain.user-friendly-name=External Changelog Domain
diff --git a/opendj3-server-dev/src/admin/messages/ReplicationServerCfgDefn.properties b/opendj3-server-dev/src/admin/messages/ReplicationServerCfgDefn.properties
index b9111db..65eb106 100644
--- a/opendj3-server-dev/src/admin/messages/ReplicationServerCfgDefn.properties
+++ b/opendj3-server-dev/src/admin/messages/ReplicationServerCfgDefn.properties
@@ -23,6 +23,9 @@
property.replication-server.syntax.string.pattern.synopsis=A host name followed by a ":" and a port number.
property.replication-server-id.synopsis=Specifies a unique identifier for the Replication Server.
property.replication-server-id.description=Each Replication Server must have a different server ID.
+property.source-address.synopsis=If specified, the server will bind to the address before connecting to the remote server.
+property.source-address.description=The address must be one assigned to an existing network interface.
+property.source-address.default-behavior.alias.synopsis=Let the server decide.
property.weight.synopsis=The weight of the replication server.
property.weight.description=The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power.
property.window-size.synopsis=Specifies the window size that the Replication Server uses when communicating with other Replication Servers.
diff --git a/opendj3-server-dev/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java b/opendj3-server-dev/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
index ece35eb..b96bf80 100644
--- a/opendj3-server-dev/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
+++ b/opendj3-server-dev/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
@@ -22,7 +22,6 @@
*
*
* Portions Copyright 2011-2014 ForgeRock AS.
- * Portions Copyright 2014 ForgeRock AS
*/
package org.opends.server.extensions;
@@ -1290,7 +1289,11 @@
plainSocket.setTcpNoDelay(cfg.isUseTCPNoDelay());
plainSocket.setKeepAlive(cfg.isUseTCPKeepAlive());
plainSocket.setSoTimeout(timeoutMS);
-
+ if (cfg.getSourceAddress() != null)
+ {
+ InetSocketAddress local = new InetSocketAddress(cfg.getSourceAddress(), 0);
+ plainSocket.bind(local);
+ }
// Connect the ldapSocket.
plainSocket.connect(socketAddress, timeoutMS);
diff --git a/opendj3-server-dev/src/server/org/opends/server/replication/server/ReplicationServer.java b/opendj3-server-dev/src/server/org/opends/server/replication/server/ReplicationServer.java
index 3ab3c9f..957d470 100644
--- a/opendj3-server-dev/src/server/org/opends/server/replication/server/ReplicationServer.java
+++ b/opendj3-server-dev/src/server/org/opends/server/replication/server/ReplicationServer.java
@@ -379,6 +379,11 @@
try
{
socket.setTcpNoDelay(true);
+ if (config.getSourceAddress() != null)
+ {
+ InetSocketAddress local = new InetSocketAddress(config.getSourceAddress(), 0);
+ socket.bind(local);
+ }
int timeoutMS = MultimasterReplication.getConnectionTimeoutMS();
socket.connect(remoteServerAddress.toInetSocketAddress(), timeoutMS);
session = replSessionSecurity.createClientSession(socket, timeoutMS);
diff --git a/opendj3-server-dev/src/server/org/opends/server/replication/service/ReplicationBroker.java b/opendj3-server-dev/src/server/org/opends/server/replication/service/ReplicationBroker.java
index 2b88d91..c37bdda 100644
--- a/opendj3-server-dev/src/server/org/opends/server/replication/service/ReplicationBroker.java
+++ b/opendj3-server-dev/src/server/org/opends/server/replication/service/ReplicationBroker.java
@@ -30,10 +30,7 @@
import java.math.BigDecimal;
import java.math.MathContext;
import java.math.RoundingMode;
-import java.net.ConnectException;
-import java.net.Socket;
-import java.net.SocketException;
-import java.net.SocketTimeoutException;
+import java.net.*;
import java.util.*;
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentSkipListMap;
@@ -1121,6 +1118,11 @@
socket = new Socket();
socket.setReceiveBufferSize(1000000);
socket.setTcpNoDelay(true);
+ if (config.getSourceAddress() != null)
+ {
+ InetSocketAddress local = new InetSocketAddress(config.getSourceAddress(), 0);
+ socket.bind(local);
+ }
int timeoutMS = MultimasterReplication.getConnectionTimeoutMS();
socket.connect(HostPort.valueOf(serverURL).toInetSocketAddress(),
timeoutMS);
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java
index 234c7a8..3d25aee 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java
@@ -22,11 +22,11 @@
*
*
* Portions Copyright 2011-2014 ForgeRock AS.
- * Portions Copyright 2014 ForgeRock AS
*/
package org.opends.server.extensions;
import java.io.IOException;
+import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.*;
@@ -454,6 +454,11 @@
@Override
+ public InetAddress getSourceAddress() { return null; }
+
+
+
+ @Override
public String getJavaClass()
{
return LDAPPassThroughAuthenticationPolicyFactory.class.getName();
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java
index acb4897..1ab18f2 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java
@@ -26,6 +26,7 @@
*/
package org.opends.server.replication.plugin;
+import java.net.InetAddress;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -184,6 +185,12 @@
* {@inheritDoc}
*/
@Override
+ public InetAddress getSourceAddress() { return null; }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public int getServerId()
{
return serverId;
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java
index 73237fd..e7ecb31 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java
@@ -26,6 +26,7 @@
*/
package org.opends.server.replication.server;
+import java.net.InetAddress;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -211,6 +212,12 @@
* {@inheritDoc}
*/
@Override
+ public InetAddress getSourceAddress() { return null; }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public int getQueueSize()
{
return queueSize;
--
Gitblit v1.10.0