The OpenLDAP Proxy Server
By Reinhard Voglmaier, April 06, 2004
Most people think of proxy servers only as servers that access resources on behalf of their users, but they can do much more. In this article, I will discuss LDAP proxy servers in particular and describe the functionality of this type of proxy. They can add access control, serve resources to their users, verify that users are who they claim to be, restrict access to resources, and rewrite requests using regular expressions. LDAP proxy servers also provide attribute mapping; this means they can map one attribute to another or hide an attribute altogether. These servers are frequently used for load balancing and fault tolerance, and can also have a cache to store results of frequently requested queries.
Listing 6 Excerpt of LDAP proxy server configuration using chaining
lastmod off
database ldap
suffix "ou=IT, dc=LdapAbc,dc=com"
uri "ldap://Server1.LdapAbc.com:349/ou=IT%2c dc=LdapAbc%2cdc=com"
database ldap
suffix "ou=HR, dc=LdapAbc,dc=com"
uri "ldap://Server2.LdapAbc.com:349/ou=HR%2c dc=LdapAbc%2cdc=com"
database ldap
suffix "dc=LdapAbc,dc=com"
uri "ldap://MainServer.LdapAbc.com:349/dc=LdapAbc%2cdc=com"