LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-21-2019, 11:50 AM   #16
tyler2016
Member
 
Registered: Sep 2018
Distribution: Debian, CentOS, FreeBSD
Posts: 243

Rep: Reputation: Disabled

Try commenting out options ldap-check. Are you using StartTLS on your LDAP servers?
 
Old 11-22-2019, 04:34 AM   #17
lqoreader
LQ Newbie
 
Registered: Sep 2019
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by tyler2016 View Post
Try commenting out options ldap-check. Are you using StartTLS on your LDAP servers?
1) ldap-check disabled. Result:

Code:
ldap_result: Can't contact LDAP server (-1)
2) No, StartTLS is not implemented on the LDAP servers.
 
Old 11-22-2019, 06:20 AM   #18
lqoreader
LQ Newbie
 
Registered: Sep 2019
Posts: 16

Original Poster
Rep: Reputation: Disabled
Hmm, I don't know why, but now the ldapsearch query works.

This is the working haproxy.conf file:

Code:
global

defaults

frontend ldap
        bind            :389
        mode            tcp
        description     LDAP Service
        option          tcplog
        option          logasap
        option          socket-stats
        option          tcpka
        timeout client  5s
        default_backend ldapcluster

backend ldapcluster
        server                rm1 192.168.0.109:389 check
        server                rm2 192.168.0.111:389 check
        mode                  tcp
        balance               roundrobin
        option                tcpka
        timeout server        2s
        timeout connect       1s

I created a failover cluster now for HAProxy using Keepalived and even against the virtual IP both the ldapsearch query and LDAP authentication of a web application work perfectly.

This is the keepalived.conf file for HAProxy1 ( = ha1 = 192.168.0.92 ):

Code:
vrrp_script chk_haproxy {
    script "killall -0 haproxy" # check the haproxy process
    interval 2 # every 2 seconds
    weight 2 # add 2 points if OK
}

vrrp_instance VI_1 {
    interface ens160 # interface to monitor
    state MASTER # MASTER on ha1, BACKUP on ha2
    virtual_router_id 51
    priority 101 # 101 on ha1, 100 on ha2
    virtual_ipaddress {
    192.168.0.112 # virtual ip address
    }
    track_script {
        chk_haproxy
    }
}
This is the keepalived.conf file for HAProxy2 ( = ha2 = 192.168.0.103 ):

Code:
vrrp_script chk_haproxy {
    script "killall -0 haproxy" # check the haproxy process
    interval 2 # every 2 seconds
    weight 2 # add 2 points if OK
}
vrrp_instance VI_1 {
    interface ens160 # interface to monitor
    state BACKUP # MASTER on ha1, BACKUP on ha2
    virtual_router_id 51
    priority 101 # 101 on ha1, 100 on ha2
    virtual_ipaddress {
    192.168.0.112 # virtual ip address
    }
    track_script {
        chk_haproxy
    }
}
Thank you @tyler2016 for your considerations and your patience!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Centos 6.4 with OpenLDAP+TLS: OpenLDAP ok, add TLS =>not ok chrism01 Linux - Server 2 10-27-2013 03:15 PM
nss_ldap, openldap and openldap-server ... what is openldap for? chakkerz Linux - Server 2 08-13-2009 07:16 PM
LXer: OpenLDAP Quick Tips: OpenLDAP Logfile analysis LXer Syndicated Linux News 0 12-01-2008 04:00 PM
LXer: OpenLDAP Quick Tips: Regularly upgrade OpenLDAP! LXer Syndicated Linux News 0 11-25-2008 02:00 PM
LXer: OpenLDAP Quick Tips: Using syslog or syslog-ng with slapd for OpenLDAP logging LXer Syndicated Linux News 0 11-14-2008 08:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration