Re: ldap-check with Active Directory

2015-03-31 Thread Matt .
I'm also testing some ldap checks but I see lots of logging and log partitions filling up like crazy. I wonder if it's really doable to check the ldap status in in a gracefull way. 2015-03-31 9:45 GMT+02:00 Neil - HAProxy List maillist-hapr...@iamafreeman.com: Hello I was thinking of updating

Re: ldap-check with Active Directory

2015-03-31 Thread Neil - HAProxy List
Hello I was thinking of updating the ldap-check but I think I've a better idea. Macros (well ish). send-binary 300c0201 # LDAP bind request ROOT simple send-binary 01 # message ID send-binary 6007 # protocol Op send-binary 0201 # bind request send-binary 03 # LDAP v3 send-binary

Re: ldap-check with Active Directory

2015-03-31 Thread Baptiste
Hi Matt, The issue with LDAP, is that it is not a banner protocol. So either you check the TCP port is well bound on the server for a simple L4 check, for L7, you don't have the choice, you must send a message and check the server's result. Baptiste On Tue, Mar 31, 2015 at 9:53 AM, Matt .

Re: ldap-check with Active Directory

2015-03-31 Thread Matt .
Hi Baptiste, Yes I've seen it also and never got around large logs. What do most people do, empty logt very often ? 2015-03-31 11:29 GMT+02:00 Baptiste bed...@gmail.com: Hi Matt, The issue with LDAP, is that it is not a banner protocol. So either you check the TCP port is well bound on

Re: ldap-check with Active Directory

2015-03-31 Thread Baptiste
I think they play with their syslog server to detect a check from real traffic and prevent the syslog server to log the checks. Baptiste On Tue, Mar 31, 2015 at 11:33 AM, Matt . yamakasi@gmail.com wrote: Hi Baptiste, Yes I've seen it also and never got around large logs. What do most

Re: ldap-check with Active Directory

2015-03-31 Thread Baptiste
I was thinking of updating the ldap-check but I think I've a better idea. Macros (well ish). send-binary 300c0201 # LDAP bind request ROOT simple send-binary 01 # message ID send-binary 6007 # protocol Op send-binary 0201 # bind request send-binary 03 # LDAP v3 send-binary

Re: ldap-check with Active Directory

2015-03-30 Thread Baptiste
you should believe it :) On Mon, Mar 30, 2015 at 11:34 PM, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote: Hello Thanks so much. That worked well, I now get L7OK/0 in 0ms not sure I believe the 0ms but maybe I should Thanks again, Neil On 30 March 2015 at 22:14, Baptiste

Re: ldap-check with Active Directory

2015-03-30 Thread Neil - HAProxy List
Hello Thanks so much. That worked well, I now get *L7OK/0 in 0ms* not sure I believe the 0ms but maybe I should Thanks again, Neil On 30 March 2015 at 22:14, Baptiste bed...@gmail.com wrote: On Mon, Mar 30, 2015 at 10:33 PM, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote:

Re: ldap-check with Active Directory

2015-03-30 Thread Baptiste
On Mon, Mar 30, 2015 at 10:33 PM, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote: Hello I'm trying to use ldap-check with active directory and the response active directory gives is not one ldap-check is happy to accept when I give a 389 directory backend ldap server all is well,