Hi everyone,
Sorry to post for this, but I’m loosing it trying to understand what’s happening with a very simple use-case that is not working as expected.
I’m working with HAProxy v3.0.2-a45a8e6 on RHEL8 and openLdap backend listening on port 636. HAproxy’s health-check is working properly, OpenLDAP is also working correctly.
I did a very very (very) basic configuration for HAProxy to provide a TCP LB with one backend (!) :
global
log /dev/log local0
user haproxy
group haproxy
daemon
defaults
mode tcp
frontend loadbalancer-ldap
bind :636
default_backend openldap
backend openldap
balance roundrobin
server openldap1 <openldap1.fqdn>:636 ssl verify none
From the openldap server, with ldap client, I can connect to <openldap1.fqdn>:636 with ldaps scheme, but I can’t connect to haproxy.fqdn:636 (Can’t contact LDAP server (-1))
From the same openldap server, with openssl s_client to <openldap1.fqdn>:636, I can see the certificate provided by the server, but I got 0 bytes received from SSL handshake with openssl s_client to haproxy.fqdn:636
From the same openldap server, I can netcat haproxy.fqdn on port 636 (so machine and port are reachable)
Despite the warning on timeouts for client, server and connect, a check of configuration file is okay (but warning states that it should work, and actually I got a parallel config file which is the original and complete one where they are set and that is not working either).
I’m loosing my mind on this, hope I may find help here
Thanks in advance for the help !
1 post - 1 participant