From e349126d23ab22a1ef0640277bb672d63e6dd27b Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Mon, 22 Sep 2014 10:10:09 +0000
Subject: [PATCH] OPENDJ-1565 CR-4564: Optionally bind to a local address
---
opends/resource/schema/02-config.ldif | 14 +++-
opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java | 8 ++
opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java | 8 ++
opends/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java | 7 ++
opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml | 26 ++++++++
opends/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml | 27 ++++++++
opends/src/admin/messages/ReplicationServerCfgDefn.properties | 3 +
opends/src/server/org/opends/server/replication/server/ReplicationServer.java | 5 +
opends/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties | 3 +
opends/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java | 7 ++
opends/build.properties | 1
opends/src/server/org/opends/server/replication/service/ReplicationBroker.java | 10 ++-
opends/src/admin/messages/ReplicationDomainCfgDefn.properties | 3 +
opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml | 24 ++++++++
14 files changed, 134 insertions(+), 12 deletions(-)
diff --git a/opends/build.properties b/opends/build.properties
index f1cb495..1d70012 100644
--- a/opends/build.properties
+++ b/opends/build.properties
@@ -1,2 +1,3 @@
opendmk.lib.dir=
license.file=
+build.offline=false
\ No newline at end of file
diff --git a/opends/resource/schema/02-config.ldif b/opends/resource/schema/02-config.ldif
index 7230249..602f147 100644
--- a/opends/resource/schema/02-config.ldif
+++ b/opends/resource/schema/02-config.ldif
@@ -3765,6 +3765,11 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'OpenDJ Directory Server' )
+attributeTypes: ( 1.3.6.1.4.1.36733.2.1.1.143
+ NAME 'ds-cfg-source-address' EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN 'OpenDJ Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.1
NAME 'ds-cfg-access-control-handler'
SUP top
@@ -4395,7 +4400,8 @@
ds-cfg-conflicts-historical-purge-delay $
ds-cfg-changetime-heartbeat-interval $
ds-cfg-log-changenumber $
- ds-cfg-initialization-window-size )
+ ds-cfg-initialization-window-size $
+ ds-cfg-source-address )
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.58
NAME 'ds-cfg-length-based-password-validator'
@@ -4520,7 +4526,8 @@
ds-cfg-degraded-status-threshold $
ds-cfg-weight $
ds-cfg-monitoring-period $
- ds-cfg-compute-change-number )
+ ds-cfg-compute-change-number $
+ ds-cfg-source-address )
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.65
NAME 'ds-backup-directory'
@@ -5571,7 +5578,8 @@
ds-cfg-ssl-protocol $
ds-cfg-ssl-cipher-suite $
ds-cfg-cached-password-storage-scheme $
- ds-cfg-cached-password-ttl )
+ ds-cfg-cached-password-ttl $
+ ds-cfg-source-address )
X-ORIGIN 'OpenDJ Directory Server' )
objectClasses: ( 1.3.6.1.4.1.36733.2.1.2.5
NAME 'ds-cfg-attribute-cleanup-plugin'
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml
index 2eeda32..0f6fbfa 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/LDAPPassThroughAuthenticationPolicyConfiguration.xml
@@ -22,7 +22,7 @@
! CDDL HEADER END
!
!
- ! Copyright 2011 ForgeRock AS
+ ! Copyright 2011-2014 ForgeRock AS
! -->
<adm:managed-object name="ldap-pass-through-authentication-policy"
plural-name="ldap-pass-through-authentication-policies" extends="authentication-policy"
@@ -184,6 +184,31 @@
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
<adm:property name="connection-timeout">
<adm:synopsis>
Specifies the timeout used when connecting to remote LDAP
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
index 5b6b5e5..155847a 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2007-2010 Sun Microsystems, Inc.
- ! Portions Copyright 2011-2013 ForgeRock AS
+ ! Portions Copyright 2011-2014 ForgeRock AS
! -->
<adm:managed-object name="replication-domain"
plural-name="replication-domains"
@@ -103,6 +103,30 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
<adm:property name="base-dn" mandatory="true" read-only="true">
<adm:synopsis>
Specifies the base DN of the replicated data.
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
index f9f5904..177eeea 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
@@ -75,6 +75,30 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
<adm:property name="replication-server-id" mandatory="true"
read-only="true">
<adm:synopsis>
diff --git a/opends/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties b/opends/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties
index 46b5baf..61dc284 100644
--- a/opends/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties
+++ b/opends/src/admin/messages/LDAPPassThroughAuthenticationPolicyCfgDefn.properties
@@ -35,6 +35,9 @@
property.secondary-remote-ldap-server.description=If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available.
property.secondary-remote-ldap-server.default-behavior.alias.synopsis=No secondary LDAP servers.
property.secondary-remote-ldap-server.syntax.string.pattern.synopsis=A host name followed by a ":" and a port number.
+property.source-address.synopsis=If specified, the server will bind to the address before connecting to the remote server.
+property.source-address.description=The address must be one assigned to an existing network interface.
+property.source-address.default-behavior.alias.synopsis=Let the server decide.
property.ssl-cipher-suite.synopsis=Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections.
property.ssl-cipher-suite.default-behavior.alias.synopsis=Uses the default set of SSL cipher suites provided by the server's JVM.
property.ssl-cipher-suite.requires-admin-action.synopsis=Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change.
diff --git a/opends/src/admin/messages/ReplicationDomainCfgDefn.properties b/opends/src/admin/messages/ReplicationDomainCfgDefn.properties
index 31b3f41..369a56f 100644
--- a/opends/src/admin/messages/ReplicationDomainCfgDefn.properties
+++ b/opends/src/admin/messages/ReplicationDomainCfgDefn.properties
@@ -40,6 +40,9 @@
property.server-id.description=Each directory server within the same Replication Domain must have a different server ID. A directory server which is a member of multiple Replication Domains may use the same server ID for each of its Replication Domain configurations.
property.solve-conflicts.synopsis=Indicates if this server solves conflict.
property.solve-conflicts.description=This boolean indicates if this domain keeps the historical information necessary to solve conflicts. When set to false the server will not maintain historical information and will therefore not be able to solve conflict. This should therefore be done only if the replication is used in a single master type of deployment.
+property.source-address.synopsis=If specified, the server will bind to the address before connecting to the remote server.
+property.source-address.description=The address must be one assigned to an existing network interface.
+property.source-address.default-behavior.alias.synopsis=Let the server decide.
property.window-size.synopsis=Specifies the window size that the directory server will use when communicating with Replication Servers.
property.window-size.description=This option may be deprecated and removed in future releases.
relation.external-changelog-domain.user-friendly-name=External Changelog Domain
diff --git a/opends/src/admin/messages/ReplicationServerCfgDefn.properties b/opends/src/admin/messages/ReplicationServerCfgDefn.properties
index b9111db..65eb106 100644
--- a/opends/src/admin/messages/ReplicationServerCfgDefn.properties
+++ b/opends/src/admin/messages/ReplicationServerCfgDefn.properties
@@ -23,6 +23,9 @@
property.replication-server.syntax.string.pattern.synopsis=A host name followed by a ":" and a port number.
property.replication-server-id.synopsis=Specifies a unique identifier for the Replication Server.
property.replication-server-id.description=Each Replication Server must have a different server ID.
+property.source-address.synopsis=If specified, the server will bind to the address before connecting to the remote server.
+property.source-address.description=The address must be one assigned to an existing network interface.
+property.source-address.default-behavior.alias.synopsis=Let the server decide.
property.weight.synopsis=The weight of the replication server.
property.weight.description=The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power.
property.window-size.synopsis=Specifies the window size that the Replication Server uses when communicating with other Replication Servers.
diff --git a/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java b/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
index 2fbdd9d..bf09c48 100644
--- a/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
+++ b/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
@@ -21,7 +21,7 @@
* CDDL HEADER END
*
*
- * Copyright 2011-2013 ForgeRock AS.
+ * Copyright 2011-2014 ForgeRock AS.
*/
package org.opends.server.extensions;
@@ -1334,7 +1334,11 @@
plainSocket.setTcpNoDelay(cfg.isUseTCPNoDelay());
plainSocket.setKeepAlive(cfg.isUseTCPKeepAlive());
plainSocket.setSoTimeout(timeoutMS);
-
+ if (cfg.getSourceAddress() != null)
+ {
+ InetSocketAddress local = new InetSocketAddress(cfg.getSourceAddress(), 0);
+ plainSocket.bind(local);
+ }
// Connect the ldapSocket.
plainSocket.connect(socketAddress, timeoutMS);
diff --git a/opends/src/server/org/opends/server/replication/server/ReplicationServer.java b/opends/src/server/org/opends/server/replication/server/ReplicationServer.java
index 5c80530..69f1432 100644
--- a/opends/src/server/org/opends/server/replication/server/ReplicationServer.java
+++ b/opends/src/server/org/opends/server/replication/server/ReplicationServer.java
@@ -392,6 +392,11 @@
try
{
socket.setTcpNoDelay(true);
+ if (config.getSourceAddress() != null)
+ {
+ InetSocketAddress local = new InetSocketAddress(config.getSourceAddress(), 0);
+ socket.bind(local);
+ }
int timeoutMS = MultimasterReplication.getConnectionTimeoutMS();
socket.connect(remoteServerAddress.toInetSocketAddress(), timeoutMS);
session = replSessionSecurity.createClientSession(socket, timeoutMS);
diff --git a/opends/src/server/org/opends/server/replication/service/ReplicationBroker.java b/opends/src/server/org/opends/server/replication/service/ReplicationBroker.java
index 3f85b22..7ef8a67 100644
--- a/opends/src/server/org/opends/server/replication/service/ReplicationBroker.java
+++ b/opends/src/server/org/opends/server/replication/service/ReplicationBroker.java
@@ -30,10 +30,7 @@
import java.math.BigDecimal;
import java.math.MathContext;
import java.math.RoundingMode;
-import java.net.ConnectException;
-import java.net.Socket;
-import java.net.SocketException;
-import java.net.SocketTimeoutException;
+import java.net.*;
import java.util.*;
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentSkipListMap;
@@ -1088,6 +1085,11 @@
socket = new Socket();
socket.setReceiveBufferSize(1000000);
socket.setTcpNoDelay(true);
+ if (config.getSourceAddress() != null)
+ {
+ InetSocketAddress local = new InetSocketAddress(config.getSourceAddress(), 0);
+ socket.bind(local);
+ }
int timeoutMS = MultimasterReplication.getConnectionTimeoutMS();
socket.connect(HostPort.valueOf(serverURL).toInetSocketAddress(), timeoutMS);
newSession = replSessionSecurity.createClientSession(socket, timeoutMS);
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java
index b4b9f62..5e3e536 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyTestCase.java
@@ -21,7 +21,7 @@
* CDDL HEADER END
*
*
- * Copyright 2011-2013 ForgeRock AS.
+ * Copyright 2011-2014 ForgeRock AS.
*/
package org.opends.server.extensions;
@@ -30,6 +30,7 @@
import static org.testng.Assert.*;
import java.io.IOException;
+import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.*;
@@ -450,6 +451,11 @@
@Override
+ public InetAddress getSourceAddress() { return null; }
+
+
+
+ @Override
public String getJavaClass()
{
return LDAPPassThroughAuthenticationPolicyFactory.class.getName();
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java
index 73ed6ec..9c54176 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/plugin/DomainFakeCfg.java
@@ -26,6 +26,7 @@
*/
package org.opends.server.replication.plugin;
+import java.net.InetAddress;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -184,6 +185,12 @@
* {@inheritDoc}
*/
@Override
+ public InetAddress getSourceAddress() { return null; }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public int getServerId()
{
return serverId;
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java
index 73237fd..e7ecb31 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/replication/server/ReplServerFakeConfiguration.java
@@ -26,6 +26,7 @@
*/
package org.opends.server.replication.server;
+import java.net.InetAddress;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -211,6 +212,12 @@
* {@inheritDoc}
*/
@Override
+ public InetAddress getSourceAddress() { return null; }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public int getQueueSize()
{
return queueSize;
--
Gitblit v1.10.0