12-13-2011 02:39 AM
Could anyone put me in the direction of a configuration document or advice on configuring load balancing with LDAP secure port. Ive read various articles about LDAPS not being supported on the ACE, is this correct?
I have partially configured this but have nat issues at the moment as its in one arm mode and this VLAN does not have any NAT configured. I have no configuration for the SSL termination and not quite sure how that will work either.
Any advice would be appreciated.
12-13-2011 03:21 AM
Hi Cassandra,
LDAP is not supported in ACE as a L7 protocol, but that doesn't mean you cannot load-balance it, it's simply that you cannot apply any kind of L7 inspection and forget also about the SSL termination. If you configure it for pure L4 load-balancing, it should be just like any other protocol.
If you are using one armed, you must find a way to send the return traffic through the ACE. This is normally done with the use of NAT, but, you may also use other methods such as policy-based routing. Be aware that unless this return traffic goes through the ACE, connections will not work, so there is no point in testing the application until this is fixed.
I hope this helps
Daniel
08-12-2014 07:33 AM
you can L4 loadbalancing for LDAP over SSL,
Something like:
ssl-proxy service sfLDAP_SSL-Proxy
key LDAP-KEY-1024.pem
cert LDAPS.FOO.COM.pem
serverfarm host LDAP-SF
predictor leastconns
rserver rs1 389
inservice
rserver rs2 389
inservice
class-map match-any LDAPS-VIP
2 match virtual-address 10.10.10.100 tcp eq 636
policy-map type loadbalance first-match LDAP-L4-Policy
class class-default
serverfarm LDAP-SF
policy-map multi-match LDAP-MM
class LDAPS-VIP
loadbalance vip inservice
loadbalance policy LDAP-L4-POLICY
ssl-proxy server LDAP-SSL-PROXY
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide