That appears to have done the trick. Thank you. I didn't realize I needed the 'ssl' modifier on the server bind line for the backend as well.
On Tue, Feb 23, 2016 at 2:09 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Mon, Feb 22, 2016 at 11:54:01AM -0800, Nunya DamnedBizniss wrote: > > As the subject says, I'm attempting to use SSL Terminated HAProxy to load > > balance LDAP queries against Active Directory DCs. Because this LDAP is > > not HTTP, I've chosen to use TCP Mode. Unfortunately, I have been unable > > to create a working configuration for this. All queries return > > > > ldap_initialize( ldaps://ldap.company.com:636/??base ) > > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > > > Is SSL Termination supported in TCP Mode? For information regarding the > > haproxy.cfg, please see > > > > > > > https://www.reddit.com/r/sysadmin/comments/46c1im/issue_configuring_haproxy_frontend_to_active/ > > I know I'm tired and not seeing well, but I can't find the "ssl" keyword > on your "server" lines, there's check-ssl only. So you decrypt ssl on the > frontend and send it decrypted to port 636 on your servers. > > Willy > >
