> Hi all, > is there a way to obtain a OL configuration to permit proxying an ldap > connection without knowledge in advance about the target ldap server? > > Simple scenario, I would like to put a proxy system in front of a client > which is trying to check a Certificate Revocation List (CRL), which is > published via internet. > I cannot "register" in advance all possibile public CAs in my slapd > configuration. > > I'm searching a way similar to a SOCKS server but specialized for the LDAP > protocol. > > Any hint eventually involving other LDAP tools are obviously appreciated.
This is not possible right now with slapd; in principle, what you need is something like back-dnssrv, which determines a hostname from the DN of a request, and generates a referral accordingly. Then the client itself, or an instance of slapo-chain on top of back-dnssrv would handle the referral. In any case, explicitly configuring public CAs would be a choice, as you may want to make sure that the right DSA is contacted. p.
