Hi all, is there a way to obtain a OL configuration to permit proxying an ldap connection without knowledge in advance about the target ldap server?
Simple scenario, I would like to put a proxy system in front of a client which is trying to check a Certificate Revocation List (CRL), which is published via internet. I cannot "register" in advance all possibile public CAs in my slapd configuration.
I'm searching a way similar to a SOCKS server but specialized for the LDAP protocol.
Any hint eventually involving other LDAP tools are obviously appreciated.
Thanks Marco
Hi all, is there a way to obtain a OL configuration to permit proxying an ldap connection without knowledge in advance about the target ldap server?
Simple scenario, I would like to put a proxy system in front of a client which is trying to check a Certificate Revocation List (CRL), which is published via internet. I cannot "register" in advance all possibile public CAs in my slapd configuration.
I'm searching a way similar to a SOCKS server but specialized for the LDAP protocol.
Any hint eventually involving other LDAP tools are obviously appreciated.
This is not possible right now with slapd; in principle, what you need is something like back-dnssrv, which determines a hostname from the DN of a request, and generates a referral accordingly. Then the client itself, or an instance of slapo-chain on top of back-dnssrv would handle the referral.
In any case, explicitly configuring public CAs would be a choice, as you may want to make sure that the right DSA is contacted.
p.
openldap-technical@openldap.org
-
Marco Pizzoli -
masarati@aero.polimi.it