Article delegate-en/2801 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: New to delegated :)
20 Dec 2004 09:24:08 GMT "Master Brian" <>

Hi Yukata,

thank you for your answer. After few time I'm using delegate software I'm
very happy, it solve me some old question :). I've read carefully your mail,
but this does not solve my problem. I hope you have time to listen the

In the way you show me, delegate only works for one ldap server. Because of
mechanism of digital sign, I don't know on which ldap server my users will
do any request, and I can't use the mount feature supported for ldap because
I cannot modify the ldap client, it simply make a request over internet
(trough the gateway-delegate) and wait for the CRL.
There is any way to set as ldap target the ip address/dns of the server that
I redirect to ldap-delegate?

I'll try to exlpain better.

My user are in a lan without direct access to the internet. They only have a
proxy to work externally.
The ldap client on my users computers make ldap request on many internet
server. The ldap server on internet change, the ip change, so I cannot
define them statically.
On the first gateway for my users, I've installed delegate. With iptables I
redirect any connection trough the gateway on port 389 to the delegate port.

for example my user make an ldap request to The gateway intercept it and redirect to
So delegate should make a request trough socks for
But I cannot statically configure it, beucase if my users ask for another
ldap server (for example the default ldap_server cannot
give the right answer.
Do you think there is any way to solve this with delegate?

I know that it is a very singular problem, but I really don't want to open
port 389 from my lan for security reason, delegate seems to be the solution
for my problem.
Thank you again.

----- Original Message -----
From: "Yutaka Sato" <>
To: <>
Cc: <>
Sent: Sunday, December 19, 2004 8:12 AM
Subject: Re: [DeleGate-En] New to delegated :)

> On 12/02/04(04:12) you "Lorenzo Lolli" <mangabbs@hotmail..> wrote
> in <_A2790@delegate-en.ML_>
>  |this is "detailed graphic" about my needs:
>  |users-->delegated-->sockd-->internet-server-->sockd--delegated-users
>  |
>  |So I've tryed some command like
>  |./delegated ADMIN="someone@somewhere.." -P1090 SERVER=ldap
>  |SOCKS=ip_address_of_my_socks_server:1080 -f
>  |
>  |And my socks server reports some error. Do you think it is possible to
>  |delegated as a transparent ldap proxy? Can you please help me?
> At least the DeleGate should be informed of the location of the target
> LDAP server as:
>   -P389 SERVER=ldap://LdapHost SOCKS=SocksHost
> And if your intention is just relaying TCP connection at port 389 via
> SOCKS server transparently, doing it without interpreting LDAP will
> be more desirable, like this:
>   -P389 SERVER=tcprelay://LdapHost:389 SOCKS=SocksHost
> Cheers,
> Yutaka
> --
>   D G   Yutaka Sato <>
>  ( - )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]