thank you for your answer. After few time I'm using delegate software I'm
very happy, it solve me some old question :). I've read carefully your mail,
but this does not solve my problem. I hope you have time to listen the
In the way you show me, delegate only works for one ldap server. Because of
mechanism of digital sign, I don't know on which ldap server my users will
do any request, and I can't use the mount feature supported for ldap because
I cannot modify the ldap client, it simply make a request over internet
(trough the gateway-delegate) and wait for the CRL.
There is any way to set as ldap target the ip address/dns of the server that
I redirect to ldap-delegate?
I'll try to exlpain better.
My user are in a lan without direct access to the internet. They only have a
proxy to work externally.
The ldap client on my users computers make ldap request on many internet
server. The ldap server on internet change, the ip change, so I cannot
define them statically.
On the first gateway for my users, I've installed delegate. With iptables I
redirect any connection trough the gateway on port 389 to the delegate port.
for example my user 192.168.10.11 make an ldap request to
ldap.infocamere.it:389. The gateway 192.168.0.1 intercept it and redirect to
So delegate should make a request trough socks for ldap.infocamere.it:389.
But I cannot statically configure it, beucase if my users ask for another
ldap server (for example indicepa.gov.it:389) the default ldap_server cannot
give the right answer.
Do you think there is any way to solve this with delegate?
I know that it is a very singular problem, but I really don't want to open
port 389 from my lan for security reason, delegate seems to be the solution
for my problem.
Thank you again.
----- Original Message -----
From: "Yutaka Sato" <firstname.lastname@example.org>
Sent: Sunday, December 19, 2004 8:12 AM
Subject: Re: [DeleGate-En] New to delegated :)
> On 12/02/04(04:12) you "Lorenzo Lolli" <mangabbs@hotmail..> wrote
> in <_A2790@delegate-en.ML_>
> |this is "detailed graphic" about my needs:
> |So I've tryed some command like
> |./delegated ADMIN="someone@somewhere.." -P1090 SERVER=ldap
> |SOCKS=ip_address_of_my_socks_server:1080 -f
> |And my socks server reports some error. Do you think it is possible to
> |delegated as a transparent ldap proxy? Can you please help me?
> At least the DeleGate should be informed of the location of the target
> LDAP server as:
> -P389 SERVER=ldap://LdapHost SOCKS=SocksHost
> And if your intention is just relaying TCP connection at port 389 via
> SOCKS server transparently, doing it without interpreting LDAP will
> be more desirable, like this:
> -P389 SERVER=tcprelay://LdapHost:389 SOCKS=SocksHost
> D G Yutaka Sato <email@example.com> http://delegate.org/y.sato/
> ( - ) National Institute of Advanced Industrial Science and Technology
> _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller