lets say I have a TCP service, like LDAP for example and I would like to create a "proxy/facade" in front of it - to intercept client calls in order to do some custom replication logic. Is it possible to do this and if yes, what approach would be the best in case if I want callers to use standard/existing LDAP libraries (so that they don't have to change anything, but to "talk" to LDAP via my proxy).
I could generalize this question by saying that I want multiple (like 10 or so, but not much) TCP services to be proxied; but general idea is to start with one.
Thank you all in advance
This is possible if you can sufficiently impersonate the server to the client.
For this you need to make sure that the client actually accesses the proxy instead of the original server. There are various options for this, like configuring the client, controlling DNS used by the client, being in the network path to the original server ...
Then you need to make sure that the client actually trusts your proxy instead of the server. In case the server authenticates to the client this means access to the used credentials (like certificates and matching private key) or alternatively configure the client to trust your proxy instead of the server.
And after making sure that the client actually uses the proxy instead of the server you can start implementing your business logic. This depends on the protocol spoken, i.e. LDAP vs. HTTP vs. SMTP etc are very different protocols which need to be implemented in your proxy in order to properly manipulate the traffic. And specifically with HTTP there are also many application specific APIs on top of HTTP which need to be implemented too in your proxy - depending on what exactly you want to do.
In summary: there is a broad range of options and there is no one size fits all implementation. You better start with one or a few very specific use cases and only try to generalize where appropriate to cover these use cases.