On 19 Nov 2017, at 16:59, Michael Ströder michael@stroeder.com wrote:
Note that ldap_initialize() does not really open the connection.
Yes, that I knew. But it does work in the ldap_connect_to_host() at the beginning, it’s just the ldap_sasl_interactive_bind_s() a few microseconds later that fails for some reason..
I suspect the issue is in your load-balancer setup.
Yes, I’m absolutely convinced of that. That’s why I mentioned several times.
The fact that it works “eventually” (within two hours is the last number I have) is proof of that. The question is what/why [it takes so long to start working].
The listener (port 636 only) is there (and working almost immediately), which is indicated by the fact that the initial connection works), so the ldap_sasl_interactive_bind_s() should work through that one, right?
Have anyone tried running OpenLDAP behind HAProxy? Anything special one needs to do?