Patch info for dispatcher-ldap

Author Comments

This patch adds a new feature to Stunnel, allowing a
single instance of stunnel to listen on a single port
and use the subject of the presented client
certificate to consult an LDAP directory and retrieve
hostname/portnumber to which the connection is
forwarded.

Stunnel.conf gets a new directive:

Instead of `connect' with a hostname:portnumber, use

CApath  = /etc/stunnel/certs
verify          = 3
Cafile          = /etc/stunnel/chain.pem
cert            = /etc/stunnel/server.crt
key             = /etc/stunnel/server.key

[service]
  accept = 4321
  dispatch =
ldap://localhost:389/o=example.com?host?sub?(&(objectclass=account)(userid=@))

A sample LDIF:

dn: userid=John Doe,o=example.com
objectClass: top
objectClass: account
host: 10.0.0.1:smtp
uid: /CN=John Doe/Email=jd@xyzy99.org

I've only tested this on Linux and FreeBSD.

Best regards,
    -JP

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.