List,
I have a haproxy loadbalanced ldap service. I would like to see the 'original' client IP in the openldapserver log files, because now I only see the haproxies IP addresses for all sessions.
I understand that haproxy has a 'feature' called the PROXY protocol [https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt] that adds the original IP as metadata somewhere in the request, I had hopes that this would work with openldap >= 2.3, because they tested such a PROXY protocol signature packet. But it is not, yet(?), implemented in openldap.
I also understand that the slapd-ldap backend has a option called session-tracking-request so some serverside/backend side stuff seems to be available somewhere in openldap..
So any pointers or tips to achieve this, or use a different setup?
-- Pascal Kolijn Vrije Universiteit Amsterdam
On 06. juli 2018 10:37, Pascal kolijn wrote:
I have a haproxy loadbalanced ldap service. I would like to see the 'original' client IP in the openldapserver log files, because now I only see the haproxies IP addresses for all sessions.
I understand that haproxy has a 'feature' called the PROXY protocol [https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt] that adds the original IP as metadata somewhere in the request, (...)
I've never heard of PROXY protocol support in OpenLDAP. Our site uses LVS for load balancing, it preserves client IP addresses when used in Tunneling mode or Direct Routing mode. Not in NAT mode.
openldap-technical@openldap.org
-
Hallvard Breien Furuseth -
Pascal kolijn