HAPROXY with auth LDAP

TJarriault · June 28, 2019, 11:00am

Hi,
I need to add an LDAP authentication on my haproxy. Is it possible to do this instead basic auth ?

Many thanks,

Tony

ciprian.craciun · June 28, 2019, 11:10am

There was a similar question a few days ago. I’ll link to my reply:

TJarriault · July 2, 2019, 6:36pm

Many thanks, that i find, it’s not user frendly to integrate LDAP authentification on haproxy.
damn…

an other question, if you know :
is it possible to catch status code 404 from the backend to do redirect to an URI for exemple ?
I try this with you success :
acl not_there status 404
http-request redirect code 301 location http://www.yahoo.fr/ if not_there

Regards,
tony

ciprian.craciun · July 2, 2019, 6:40pm

Yes, but you need to use http-response (instead of http-request), though as per documentation there are perhaps some limitations:
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-http-response

TJarriault · July 3, 2019, 7:26am

Hi,
When i tried, the solution you mentionned, with the sample bellow, i’ve got an error during restart

Error
Jul 3 07:25:03 ip-10-215-10-68 haproxy-systemd-wrapper: [ALERT] 183/072503 (9066) : parsing [/etc/haproxy/haproxy.cfg:62]: ‘http-response’ expects ‘allow’, ‘deny’, ‘redirect’, ‘add-header’, ‘del-header’, ‘set-header’, ‘replace-header’, ‘replace-value’, ‘set-nice’, ‘set-tos’, ‘set-mark’, ‘set-log-level’, ‘del-acl’, ‘add-acl’, ‘del-map’, ‘set-map’, but got ‘redirect’.
Jul 3 07:25:03 ip-10-215-10-68 haproxy-systemd-wrapper: [ALERT] 183/072503 (9066) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg

Config file

frontend http_front
bind *:80
stats uri /haproxy?stats
default_backend app

#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 openspeedtest.com:80 check

acl not_there status 404
http-response redirect location http://www.yahoo.fr/ code 301 if not_there

ciprian.craciun · July 3, 2019, 11:55am

It might be that the http-response redirect syntax is slightly different for responses than requests. Try to fiddle with the various keywords (like removing code 301 and location).

Tlams · December 26, 2019, 6:04pm

Hello,

It’s a bit late, but I use to work on this problem:
https://www.tlams.fr/articles/haproxy/LDAP_Auth.html

All comments to improve it are welcome.

Regards,
Tlams.

Gaitonde · June 1, 2024, 6:12am

Hi,
The link does not work anymore. Possible to share the updated link?
Thanks

Topic		Replies	Views
LDAP as backend for BasicAuth (Userlist) Help!	1	1179	June 14, 2019
Can't authenticate with http basic auth to website behind HAProxy Help!	2	3008	July 7, 2024
HAProxy Basic auth on website redirect Help!	0	1407	November 20, 2018
ACL based on Basic Auth User Help!	3	1891	March 27, 2020
Lua packages not working with Haproxy Lua Scripts	0	1031	October 11, 2022

HAPROXY with auth LDAP

Related topics