Hello All,
I have been searching for quite sometime the issue with my setup with SSL error.
We have a haproxy in tcp mode which connects to another haproxy in tcp mode which in the backend connects to ldap server.
- First Haproxy server is just used to forward the traffic to 2nd haproxy which binds to 636 port this is done due to network limitation on the client end.
Configuration is as below:
frontend ldaps_636
bind *:636
mode tcp
option tcplog
log global
use_backend ldaps_636
backend ldaps_636
balance roundrobin
mode tcp
option ldap-check
server <second_haproxy_server>:636 ssl check verify none inter 12000 rise 3 fall 3
- The second haproxy which binds with 636 and connects to ldap backend servers in port 635. config is as below:
listen ldap_backend
bind 0.0.0.0:636
balance roundrobin
log global
mode tcp
option tcplog
option httpchk
server <ldapserver1_ip>:635 check port 5434 inter 12000 rise 3 fall 3
server <ldapserver2_ip>:635 check port 5434 inter 12000 rise 3 fall 3
But when we perform a ldapsearch we get ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)
And when we perform a openssl test no certificates are passed, not sure what is wrong here could someone please help.
[root@host~]# openssl s_client -showcerts -verify 5 -connect <first_haproxy>:636
verify depth is 5
CONNECTED(00000003)
write:errno=104
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 289 bytes
—