Hey all! So I’m setting up.. or have setup rather.. a few new production load balancer servers to be used for handling LDAPS connections. Anyway last week I encountered some client requests that were directed at ldaps.domain.com:636 and were given the wrong SSL cert. In the config (pasted here https://0bin.net/paste/1aOh1F4y#qStfT0m0mER3rhI3DonDbCsr0NRmVuH9XiwvagEkAiE ) My questions surround the syntax of the config file.. My belief is that using SNI I should not specify a cert file in the frontend. In my testing internally I can bind and do lookups all day long. I did setup an EC2 instance, had the firewall holes poked and using LDP.exe was able to bind and perform look ups as well. But when the production environment started trying SNI was not being matched, the requests for ldaps were being given the SSL cert for etech.com (sanitized). Anyway, from what it seems, I can’t find a ton of info on Haproxy with SNI and LDAPS so I question if my config is correct.
Thanks! [Jamf] Ben Hart IT Systems Administrator 100 Washington Ave S, Minneapolis, MN 55401 [Phone] +00 1 989 424 0187 [Email] ben.h...@jamf.com [Web] www.jamf.com<https://www.jamf.com> [Facebook] [Twitter] [LinkedIn] [YouTube]
