[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

To: Turbo Fredriksson <turbo@bayour.com>
Subject: Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server
From: Clément OUDOT <clem.oudot@gmail.com>
Date: Mon, 20 Nov 2017 09:07:28 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=l+azWopdAqP9RUlH2JclYY5fW6ZUAAHN2xWfKReLuNE=; b=djanMS3WBvt3bQ1rvh5aJwWvtBIElF1w4Gu+fxo8aMM5b5yd2sUupSSM85XPYKXxNz qJDI2NrOWnojyrztARyNAGrxXQpJAZzsvd2DJs9p1KSlap6blHRnjVLkFTIK+QC+FdaO Q3/AICQbBMCx+0TnwyaOh0HIHoRx/48yGB2e+00q+FUEniPeCeDurCQWgxSbuJjIbogm JuaDm+qF8L1FH4i0s/TehHlgpTM2KeY2fyPI5mhy15SvPEfnVlzJXiGk/dk4nPS3x5Lb Kreqwyis7Nehu53zkC8fEDl+TKwzF6cJc42ih2QTXMwHndd0H93KskpMP0cVXLVQtWRV x3iw==
In-reply-to: <9E3C573A-67BE-47F8-A20A-28F92FD63967@bayour.com>
References: <B73A7C40-01BB-452F-82B1-C555DF259F2E@bayour.com> <3F78CC58-B07C-48CF-81A1-19996EF71FCB@bayour.com> <b77e1922-bc35-f9eb-7b22-241f1a5ebb3a@stroeder.com> <9E3C573A-67BE-47F8-A20A-28F92FD63967@bayour.com>

2017-11-19 18:09 GMT+01:00 Turbo Fredriksson <turbo@bayour.com>:

> Have anyone tried running OpenLDAP behind HAProxy? Anything special
> one needs to do?

I do this often, without any particular issue. If you use LDAPS, you
can add option ssl-hello-chk.

Here is a sample configuration file:

global
        log 127.0.0.1 local5 notice
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon
        quiet

defaults
        log global
        option  dontlognull
        option  ldap-check
        retries 3
        mode    tcp
        balance roundrobin
        option redispatch

listen  openldap :389
     server ldap1 IP_LDAP1:390 check
     server ldap2 IP_LDAP2:390 check
     server ldap3 IP_LDAP3:390 check

defaults
        log global
        option  dontlognull
        retries 3
        mode    tcp
        balance roundrobin
        option redispatch
        option ssl-hello-chk

listen  openldap-ssl :636
     server ldap1 IP_LDAP1:637 check
     server ldap2 IP_LDAP2:637 check
     server ldap3 IP_LDAP3:637 check




Clément.

Follow-Ups:
- Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- ldap_sasl_interactive_bind_s: Can't contact LDAP server
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server
  - From: Michael Ströder <michael@stroeder.com>
- Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: ssf Security Question
Next by Date: [LMDB] Large transactions
Index(es):
- Chronological
- Thread