node-ldapjs icon indicating copy to clipboard operation
node-ldapjs copied to clipboard

Published 20 hours ago verified publisher icon ldapjs

Connect to LDAP through an explicit proxy

Open taylor-sutton opened this issue 4 years ago • 4 comments

Hello,

In our use case, we are trying to connect to an LDAP server over an explicit proxy - connect to the proxy using https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_method then use the TCP connection to the proxy to start the LDAP connection. I did not find a way to do this using the existing ldapjs client - please correct me if there is a way. If there is not, would there be interest in adding some new options to the client constructor to allow this? I've got a way that seems to be mostly working in our fork - https://github.com/Clever/node-ldapjs/pull/1/files (adds a general purpose connection method, not specific to HTTP CONNECT). Happy to iterate on that, if there is interest in getting something like this into this lib.

Thanks, -Taylor

taylor-sutton avatar Sep 28 '21 18:09 taylor-sutton

Why would you expect an HTTP proxy to support LDAP?

jsumners avatar Sep 28 '21 18:09 jsumners

I can speak more on our use case. The proxy itself is https://github.com/stripe/smokescreen - we want to funnel our outgoing traffic through a proxy to control the IP addresses that the servers see. We use HTTP purely for telling the proxy where we want to connect to (host and port) and credentials to authorize access to the proxy. Once the initial CONNECT request and response is done, the proxy drops into TCP mode, just forwarding packets at that level. It's at that point that we can start sending LDAP stuff.

Admittedly, this is a pretty specialized use case.

taylor-sutton avatar Sep 28 '21 19:09 taylor-sutton

I'm not sure this should be the responsibility of ldapjs. It is far outside of the LDAP standard. At best, it sounds like you would want to hand a socket into the library for it to use, but this is likely very complicated and messy. We need less complication and mess in this code, not more.

If you can stand up a TCP proxy (e.g. HAProxy) as an intermediary, I think that would be best.

jsumners avatar Sep 28 '21 19:09 jsumners

The change in the PR I linked (https://github.com/Clever/node-ldapjs/pull/1/files) is my initial attempt at adding an API to ldapjs to use user-created sockets. It is messy and somewhat complicated. If that's not something you're interested in having as part of ldapjs to support eccentric use cases, that's understandable, feel free to close this ticket :).

taylor-sutton avatar Sep 28 '21 21:09 taylor-sutton

👋

On February 22, 2023, we released version 3 of this library. As a result, we are closing this issue/pull request.

Please see issue #839 for more information, including how to proceed if you feel this closure is in error.

jsumners avatar Feb 22 '23 19:02 jsumners