2017-11-19 18:09 GMT+01:00 Turbo Fredriksson turbo@bayour.com:
Have anyone tried running OpenLDAP behind HAProxy? Anything special one needs to do?
I do this often, without any particular issue. If you use LDAPS, you can add option ssl-hello-chk.
Here is a sample configuration file:
global log 127.0.0.1 local5 notice chroot /var/lib/haproxy user haproxy group haproxy daemon quiet
defaults log global option dontlognull option ldap-check retries 3 mode tcp balance roundrobin option redispatch
listen openldap :389 server ldap1 IP_LDAP1:390 check server ldap2 IP_LDAP2:390 check server ldap3 IP_LDAP3:390 check
defaults log global option dontlognull retries 3 mode tcp balance roundrobin option redispatch option ssl-hello-chk
listen openldap-ssl :636 server ldap1 IP_LDAP1:637 check server ldap2 IP_LDAP2:637 check server ldap3 IP_LDAP3:637 check
Clément.