[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP configured as Proxy

To: "Marco Pizzoli" <marco.pizzoli@gmail.com>
Subject: Re: OpenLDAP configured as Proxy
From: masarati@aero.polimi.it
Date: Fri, 8 Oct 2010 23:15:53 +0200 (CEST)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <AANLkTi=GryptMHubQV3heGTi25avw8E5AwikTaDjcHEK@mail.gmail.com>
References: <AANLkTi=GryptMHubQV3heGTi25avw8E5AwikTaDjcHEK@mail.gmail.com>
User-agent: SquirrelMail/1.4.15

> Hi all,
> is there a way to obtain a OL configuration to permit proxying an ldap
> connection without knowledge in advance about the target ldap server?
>
> Simple scenario, I would like to put a proxy system in front of a client
> which is trying to check a Certificate Revocation List (CRL), which is
> published via internet.
> I cannot "register" in advance all possibile public CAs in my slapd
> configuration.
>
> I'm searching a way similar to a SOCKS server but specialized for the LDAP
> protocol.
>
> Any hint eventually involving other LDAP tools are obviously appreciated.

This is not possible right now with slapd; in principle, what you need is
something like back-dnssrv, which determines a hostname from the DN of a
request, and generates a referral accordingly.  Then the client itself, or
an instance of slapo-chain on top of back-dnssrv would handle the
referral.

In any case, explicitly configuring public CAs would be a choice, as you
may want to make sure that the right DSA is contacted.

p.

References:
- OpenLDAP configured as Proxy
  - From: Marco Pizzoli <marco.pizzoli@gmail.com>

Prev by Date: Replication server won't update from provider after moving it?
Next by Date: Re: Question about openldap and Outlook
Index(es):
- Chronological
- Thread