Hi,
On 03/20/2018 06:05 PM, Goetz Reinicke ([email protected])
wrote:
So haproxy is Talking encrypted to the samba servers? With the option of
failover this sounds interesting. How hard is the haproxy configuration?
Yes, like that. Config not very complicated, and it works very nicely.
In fact we do this on all servers that require ldap connections.
Relevant bits from haproxy.cfg:
frontend ldap_service_front
mode tcp
bind localhost:389
description LDAP Service
option socket-stats
option tcpka
timeout client 5s
default_backend ldaps_service_back
backend ldaps_service_back
mode tcp
balance roundrobin
server dc2 ldap.server.ip.1:636 check fall 1 rise 1 inter 2s
verify none check check-ssl ssl
server dc3 ldap.server.ip.2:636 check fall 1 rise 1 inter 2s
verify none check check-ssl ssl
server dc4 ldap.server.ip.3:636 check fall 1 rise 1 inter 2s
verify none check check-ssl ssl
option log-health-checks
option ldap-check
timeout server 2s
timeout connect 2s
As you can see, we are currently not checking the certificates, which is
not good. This is still on our to-do list.
MJ
--
[email protected]
https://inverse.ca/sogo/lists
