Article delegate-en/3812 of [1-5017] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3811@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: Delegate as LDAP-to-LDAPS proxy
29 Aug 2007 06:09:01 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project 
Hi,

In message <_A3810@delegate-en.ML_> on 08/26/07(04:47:00)
you Kevin Richter <pzyhabdyi-qprr6ugqsja6.ml@delegate.org> wrote:
 |thanks for a second time for this great piece of software. Today I tried
 |out delegate as ldap-to-ldaps proxy. After one hour for reading manual
 |and building the config everything works :)

Could you show me what is different between the config. and the following
one?

 |Now I have this delegated.conf:
 |
 |-P192.168.25.50:389
 |SERVER=ldap
 |FSV=sslway
 |PERMIT="ldap:1.2.3.4:*"
 |VARDIR=${EXECDIR}
 |
 |1.2.3.4 is replaced and is - of course - the IP of my ldap server.
...
 |Look at the "dn". Why is there the "@1.2.3.4:636" suffix?

Unfortunatelly I don't remember the (tentative) implementation of LDAP proxy
by DeleGate ...

 |Is there a possibility to play with this "MOUNT" option in delegate, so
 |I can omit the "@1.2.3.4:636" in the base-dn?
 |The 1.2.3.4 is the only server I want to connect with.

In such situation, I think, you should relay it on the circuit level
by SERVER=tcprelay without an interpretation LDAP protcol as this:

  SERVER=tcprelay://1.2.3.4:389

for LDAP server or

  SERVER=tcprelay://1.2.3.4:636

for LDAPS server.  Still maybe you can do it on the application level
by SERVER=ldap with MOUNT as follows:

  SERVER=ldap MOUNT="* ldap://1.2.3.4/*"

or

  SERVER=ldap MOUNT="* ldap://1.2.3.4:636/*"

In message <_A3811@delegate-en.ML_> on 08/28/07(19:41:21)
you Kevin Richter <pzyhabdyi-qprr6ugqsja6.ml@delegate.org> wrote:
 |The mount commands works, now.

Could you show me what was the solution?

 |But delegate connects to localhost, why?
 |It should connect to 1.2.3.4
 |
 |Here my log:
 |
 |2+0: 040  3  2 005 1.2.7.2. [UNV  4]( 8) "kric0999"
 |2+0: 059  2  8 043 1.2.8. [UNV 16]( 5)
 |2+0: 05b  3  1 000 1.2.8.1. [UNV  4]( 3) "uid"
 |2+0: *** ou=group,dc=uni-xy,dc=de => ldaps://1.2.3.4:636/ ***
 |2+0: MOUNTed to ldaps://1.2.3.4:636/ <= ou=group,dc=uni-xy,dc=de

Maybe you specified "ldaps://host" in the right hand of the MOUNT parameter
which is not implemented. But you can specify it as "ldap://host:636" instead.

 |Btw:
 |Your engine replaced in my last posting the IP "1.2.3.4" to "3..", twice.

To protect the articles from WWW robots of spammers, strings in articles
with patterns seems like mail-address are rewritten by some (too) simple rule.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V