[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP configured as Proxy

> Hi all,
> is there a way to obtain a OL configuration to permit proxying an ldap
> connection without knowledge in advance about the target ldap server?
> Simple scenario, I would like to put a proxy system in front of a client
> which is trying to check a Certificate Revocation List (CRL), which is
> published via internet.
> I cannot "register" in advance all possibile public CAs in my slapd
> configuration.
> I'm searching a way similar to a SOCKS server but specialized for the LDAP
> protocol.
> Any hint eventually involving other LDAP tools are obviously appreciated.

This is not possible right now with slapd; in principle, what you need is
something like back-dnssrv, which determines a hostname from the DN of a
request, and generates a referral accordingly.  Then the client itself, or
an instance of slapo-chain on top of back-dnssrv would handle the

In any case, explicitly configuring public CAs would be a choice, as you
may want to make sure that the right DSA is contacted.