[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP configured as Proxy
> Hi all,
> is there a way to obtain a OL configuration to permit proxying an ldap
> connection without knowledge in advance about the target ldap server?
>
> Simple scenario, I would like to put a proxy system in front of a client
> which is trying to check a Certificate Revocation List (CRL), which is
> published via internet.
> I cannot "register" in advance all possibile public CAs in my slapd
> configuration.
>
> I'm searching a way similar to a SOCKS server but specialized for the LDAP
> protocol.
>
> Any hint eventually involving other LDAP tools are obviously appreciated.
This is not possible right now with slapd; in principle, what you need is
something like back-dnssrv, which determines a hostname from the DN of a
request, and generates a referral accordingly. Then the client itself, or
an instance of slapo-chain on top of back-dnssrv would handle the
referral.
In any case, explicitly configuring public CAs would be a choice, as you
may want to make sure that the right DSA is contacted.
p.