directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: Intercepting LDAP request
Date Thu, 18 Sep 2008 13:49:28 GMT
Jeff MAURY wrote:
> You can use a simple TCP proxy like JProxy to do that. It simply forward
> data from a local port to a remote destination. If you use SSL, you may have
> some validations errors on your web server (because the server certificate
> (the one for the LDAP server) will not match the IP that send it (the IP of
> your proxy).
> However, I know that there is a library in the ADS distribution that
> encode/decode LDAP requests.
The biggest problem is that this library does not handle the 
communication part. However, you can also have a look at a dormant 
project we have once worked on :

which is a Ldap Proxy. It was designed once upon a time to offer a 
graphical UI allowing you to see all the incoming and outgoing LDAP 
requests. It's not perfect, but it worked, 2 years ago.

Removing all the GUI parts, and switching to the latest version, you 
will be able to make it work. One last consideration : this proxy is 
only able to receive data from one unique client and communicate with 
one unique server, but anyway, this is exactly your case.

If you use SSL, I even think that you will be able to decypher the data, 
but you will have to tune certificates (but I'm not a SSL specialist ...)

cordialement, regards,
Emmanuel L├ęcharny

View raw message