2017-11-19 18:09 GMT+01:00 Turbo Fredriksson <tu...@bayour.com>:

> Have anyone tried running OpenLDAP behind HAProxy? Anything special
> one needs to do?

I do this often, without any particular issue. If you use LDAPS, you
can add option ssl-hello-chk.

Here is a sample configuration file:

global
        log 127.0.0.1 local5 notice
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon
        quiet

defaults
        log global
        option  dontlognull
        option  ldap-check
        retries 3
        mode    tcp
        balance roundrobin
        option redispatch

listen  openldap :389
     server ldap1 IP_LDAP1:390 check
     server ldap2 IP_LDAP2:390 check
     server ldap3 IP_LDAP3:390 check

defaults
        log global
        option  dontlognull
        retries 3
        mode    tcp
        balance roundrobin
        option redispatch
        option ssl-hello-chk

listen  openldap-ssl :636
     server ldap1 IP_LDAP1:637 check
     server ldap2 IP_LDAP2:637 check
     server ldap3 IP_LDAP3:637 check




Clément.

Reply via email to