Ldap check fail

Hello Experts,
I’ve below config for ldap:

listen bl-ldap
 bind 127.0.0.1:389
 balance roundrobin
 mode tcp
 option ldap-check
 server srv1 172.16.6.91:389 check inter 10s
 server srv2 172.16.1.51:389 check inter 10s
 server srv3 172.16.6.141:389 check inter 10s

But haproxy says all server down:

bl-ldap,srv1,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,1,1,704,704,,1,12,1,,0,,2,0,,0,L7RSP,,1,,,,,,,,,,,0,0,,,,,-1,Not LDAPv3 protocol,,0,0,0,0,,,,Layer7 invalid response,,2,3,0,,,,172.16.6.91:389,,tcp,,,,,,,,
bl-ldap,srv2,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,1,1,704,704,,1,12,2,,0,,2,0,,0,L7RSP,,6,,,,,,,,,,,0,0,,,,,-1,Not LDAPv3 protocol,,0,0,0,0,,,,Layer7 invalid response,,2,3,0,,,,172.16.1.51:389,,tcp,,,,,,,,
bl-ldap,srv3,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,1,1,704,704,,1,12,3,,0,,2,0,,0,L7RSP,,1,,,,,,,,,,,0,0,,,,,-1,Not LDAPv3 protocol,,0,0,0,0,,,,Layer7 invalid response,,2,3,0,,,,172.16.6.141:389,,tcp,,,,,,,,

But in tcpdump, i see bind request and reply is success.

Why haproxy is reported all ldap servers are down, despite having success response in health check.

Pls help.

This is probably a bug, but we will need to analyze the entire pcap file. Can you file an issue with that at github (along with the other outputs requested from the bug template form):

Reported accordingly.

Thanks

1 Like