Hi Yukata,

thank you for your answer. After few time I'm using delegate software I'm
very happy, it solve me some old question :). I've read carefully your mail,
but this does not solve my problem. I hope you have time to listen the
problem.

In the way you show me, delegate only works for one ldap server. Because of
mechanism of digital sign, I don't know on which ldap server my users will
do any request, and I can't use the mount feature supported for ldap because
I cannot modify the ldap client, it simply make a request over internet
(trough the gateway-delegate) and wait for the CRL.
There is any way to set as ldap target the ip address/dns of the server that
I redirect to ldap-delegate?

I'll try to exlpain better.

My user are in a lan without direct access to the internet. They only have a
proxy to work externally.
The ldap client on my users computers make ldap request on many internet
server. The ldap server on internet change, the ip change, so I cannot
define them statically.
On the first gateway for my users, I've installed delegate. With iptables I
redirect any connection trough the gateway on port 389 to the delegate port.

for example my user 192.168.10.11 make an ldap request to
ldap.infocamere.it:389. The gateway 192.168.0.1 intercept it and redirect to
delegate.
So delegate should make a request trough socks for ldap.infocamere.it:389.
But I cannot statically configure it, beucase if my users ask for another
ldap server (for example indicepa.gov.it:389) the default ldap_server cannot
give the right answer.
Do you think there is any way to solve this with delegate?

I know that it is a very singular problem, but I really don't want to open
port 389 from my lan for security reason, delegate seems to be the solution
for my problem.
Thank you again.

----- Original Message -----
From: "Yutaka Sato" <pficabdyi-mxhgu4zq633w.ml@delegate.org>
To: <pficabdyi-mxhgu4zq633w.ml@delegate.org>
Cc: <p4yfabdyi-mxhgu4zq633w.ml@delegate.org>
Sent: Sunday, December 19, 2004 8:12 AM
Subject: Re: [DeleGate-En] New to delegated :)


> On 12/02/04(04:12) you "Lorenzo Lolli" <mangabbs@hotmail..> wrote
> in <_A2790@delegate-en.ML_>
>  |this is "detailed graphic" about my needs:
>  |users-->delegated-->sockd-->internet-server-->sockd--delegated-users
>  |
>  |So I've tryed some command like
>  |./delegated ADMIN="someone@somewhere.." -P1090 SERVER=ldap
>  |SOCKS=ip_address_of_my_socks_server:1080 -f
>  |
>  |And my socks server reports some error. Do you think it is possible to
use
>  |delegated as a transparent ldap proxy? Can you please help me?
>
> At least the DeleGate should be informed of the location of the target
> LDAP server as:
>
>   -P389 SERVER=ldap://LdapHost SOCKS=SocksHost
>
> And if your intention is just relaying TCP connection at port 389 via
> SOCKS server transparently, doing it without interpreting LDAP will
> be more desirable, like this:
>
>   -P389 SERVER=tcprelay://LdapHost:389 SOCKS=SocksHost
>
> Cheers,
> Yutaka
> --
>   D G   Yutaka Sato <pfqcabdyi-mxhgu4zq633w.ml@delegate.org> http://delegate.org/y.sato/
>  ( - )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
>