LDAP 代理与认证

HAProxy 可作为 LDAP 目录服务的负载均衡器。

基础 LDAP 代理配置

haproxy

frontend ldap_front
    bind *:389
    bind *:636 ssl crt /etc/ssl/certs/
    mode tcp
    option tcp-check

    default_backend ldap_cluster

backend ldap_cluster
    mode tcp
    balance roundrobin
    option tcp-check
    tcp-check connect port 389
    
    server ldap1 10.0.0.11:389 check inter 5s
    server ldap2 10.0.0.12:389 check inter 5s backup

Active Directory 集成

haproxy

    # AD GC (Global Catalog)
    server dc1 10.0.1.11:3268 check inter 10s
    server dc2 10.0.1.12:3268 check inter 10s

LDAP over SSL

haproxy

frontend ldaps_front
    bind *:636 ssl crt /etc/ssl/certs/ alpn ldap
    option ssl-hello-chk

故障排查

bash

ldapsearch -h 10.0.0.11 -p 389 -x -b "dc=example,dc=com"
openssl s_client -connect 10.0.0.11:636

LDAP 代理与认证 ​

基础 LDAP 代理配置 ​

Active Directory 集成 ​

LDAP over SSL ​

故障排查 ​

LDAP 代理与认证

基础 LDAP 代理配置

Active Directory 集成

LDAP over SSL

故障排查