tcp proxy?

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks, I have a old application that is trying to do a ldap bind to run auth.
It sends the login request with the username in the form uid=user,ou=orgunit,o=org
Is there a way I can write a proxy server using perl to rewrite the above so that it sends it as cn=user,ou=orgunit,o=org
There is no way to have the old app rewrite its ldap query. Is there a way to have a perl app sit in between the ldap server and the old application trying to do ldap auth?
are there any code examples?

Comment on tcp proxy?

Replies are listed 'Best First'.
Re: tcp proxy? by g0n (Priest) on Jul 10, 2005 at 22:04 UTC
Is it possible? Yes. Is it easy? I'm afraid not. Since you want to modify the content of the bind request, you will need to get the ASN1 encoded data from the bind request packet from the app, convert it (using Convert::ASN1) into a usable form, change the "uid" to "cn", convert back to ASN1, and forward the packet on. ASN1 encoded data contains a checksum, so you almost certainly won't be able to modify the packet without converting it. I would recommend exploring the perldocs & source code of Convert::ASN1 and Net::LDAP. I have a block of code that receives a bind request on an open port and decodes it which might give you a starting point. I will post it on this thread when I've removed company specifics from it. In the meantime take a look at the modules above - the source code of both of them is reasonably straightforward to follow. Update: You might also want to post this question to the perl-ldap mailing list http://lists.perl.org/showlist.cgi?name=perl-ldap. Update: The code in the link posted by mtve does the same as the code I intended to post. -------------------------------------------------------------- g0n, backpropagated monk	[reply]
Re: tcp proxy? by jbrugger (Parson) on Jul 10, 2005 at 20:55 UTC
Isn't apache's mod-rewrite an idea (when using a GET, you can rewrite the request)? otherwice you might look here for a perl-proxy example. For more about LDAP and perl, i suggest you surf to the Perl-LDAP pages. "We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise." - Larry Wall.	[reply]
Re: tcp proxy? by locked_user mtve (Deacon) on Jul 12, 2005 at 08:04 UTC
you may look at http://www.frox25.no-ip.org/~mtve/wiki/LDAProxy.html