Re: LDAP passthru server...

Hi Jason,

I'm starting to think I could just listen on a port and forward the data stream verbatim to the LDAP server and to a file.

I think this is the best thing to do, i.e. use stunnel or SSH to create a secure tunnel from the 3rd party application machine, to your LDAP box on port 389. Change the address on the 3rd parties machine to point to the port you have set the tunnel to listen on, on that machine, e.g. 127.0.0.1:333.

e.g. ssh -L 333:ldap_server_ip:389 root@ldap_server_ip

For the Perl backend stuff take a look at The OpenLDAP Perl Backend.

HTH.

Walking the road to enlightenment... I found a penguin and a camel on the way.....
Fancy a yourname@perl.me.uk? Just ask!!!

Comment on Re: LDAP passthru server... Download Code

Replies are listed 'Best First'.
Re^2: LDAP passthru server... by jfroebe (Parson) on Jun 01, 2005 at 22:00 UTC
Hi Hmm.. the problem with the ssh method is that it doesn't scale well and does introduce another point of failure. It would be a passable workaround for a low load server but not in a production environment. I'm working on creating an LDAP proxy that also dumps to STDOUT. Jason L. Froebe Team Sybase member No one has seen what you have seen, and until that happens, we're all going to think that you're nuts. - Jack O'Neil, Stargate SG-1	[reply]
Re^3: LDAP passthru server... by ghenry (Vicar) on Jun 01, 2005 at 22:06 UTC
Where would the proxy sit? You still need to encrypt traffic somehow. If you could put the proxy on the client app machine, the proxy could have a TLS/SASL link to your main LDAP box. But again, another SPOF, and more load on that box. Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply]
Re^4: LDAP passthru server... by jfroebe (Parson) on Jun 01, 2005 at 23:45 UTC
oh! I understand where you're coming from now! No, I'm trying to capture the LDAP query/response between the 3rd party application and the LDAP server. Basically, I'll read from the app, send to the ldap server (log the query to a file), read the response from the ldap server, send to the app (log the response to a file). Jason L. Froebe Team Sybase member No one has seen what you have seen, and until that happens, we're all going to think that you're nuts. - Jack O'Neil, Stargate SG-1	[reply]
Re^3: LDAP passthru server... by ghenry (Vicar) on Jun 01, 2005 at 22:15 UTC
I think we should move this discussion on to the OpenLDAP/LDAP-interop lists, as it has been discussed there before and is getting a bit OT perl coding ;-) Thanks. Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply]
Re^4: LDAP passthru server... by jfroebe (Parson) on Jun 01, 2005 at 23:53 UTC
Hi, Yup, it did get sidetracked. I think I wrote the question inadequately for people to understand what I was asking. I'll add the proxy to the code section when I'm done. Jason L. Froebe Team Sybase member No one has seen what you have seen, and until that happens, we're all going to think that you're nuts. - Jack O'Neil, Stargate SG-1	[reply]