Skip to content
This repository has been archived by the owner on May 14, 2024. It is now read-only.

Connect to LDAP through an explicit proxy #761

Closed
taylor-sutton opened this issue Sep 28, 2021 · 5 comments
Closed

Connect to LDAP through an explicit proxy #761

taylor-sutton opened this issue Sep 28, 2021 · 5 comments

Comments

@taylor-sutton
Copy link

Hello,

In our use case, we are trying to connect to an LDAP server over an explicit proxy - connect to the proxy using https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_method then use the TCP connection to the proxy to start the LDAP connection. I did not find a way to do this using the existing ldapjs client - please correct me if there is a way. If there is not, would there be interest in adding some new options to the client constructor to allow this? I've got a way that seems to be mostly working in our fork - https://github.com/Clever/node-ldapjs/pull/1/files (adds a general purpose connection method, not specific to HTTP CONNECT). Happy to iterate on that, if there is interest in getting something like this into this lib.

Thanks,
-Taylor

@jsumners
Copy link
Member

Why would you expect an HTTP proxy to support LDAP?

@taylor-sutton
Copy link
Author

I can speak more on our use case. The proxy itself is https://github.com/stripe/smokescreen - we want to funnel our outgoing traffic through a proxy to control the IP addresses that the servers see. We use HTTP purely for telling the proxy where we want to connect to (host and port) and credentials to authorize access to the proxy. Once the initial CONNECT request and response is done, the proxy drops into TCP mode, just forwarding packets at that level. It's at that point that we can start sending LDAP stuff.

Admittedly, this is a pretty specialized use case.

@jsumners
Copy link
Member

I'm not sure this should be the responsibility of ldapjs. It is far outside of the LDAP standard. At best, it sounds like you would want to hand a socket into the library for it to use, but this is likely very complicated and messy. We need less complication and mess in this code, not more.

If you can stand up a TCP proxy (e.g. HAProxy) as an intermediary, I think that would be best.

@taylor-sutton
Copy link
Author

The change in the PR I linked (https://github.com/Clever/node-ldapjs/pull/1/files) is my initial attempt at adding an API to ldapjs to use user-created sockets. It is messy and somewhat complicated. If that's not something you're interested in having as part of ldapjs to support eccentric use cases, that's understandable, feel free to close this ticket :).

@jsumners
Copy link
Member

👋

On February 22, 2023, we released version 3 of this library. As a result, we are closing this issue/pull request.

Please see issue #839 for more information, including how to proceed if you feel this closure is in error.

@ldapjs ldapjs locked as resolved and limited conversation to collaborators Feb 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants