Loadbalancing LDAP in ACE?

dsimonse · ‎12-06-2011

Hi there!

Does anyone have experience in loadbalancing ldap services in ACE? Both port 389 and 636.

And do you have a working config that you can provide?

Regards

Dennis

Daniel Arrondo Ostiz · ‎12-06-2011

Hi Dennis,

There is no specific configuration required for LDAP on the ACE. The only thing that needs to be taken into account is that no L7 processing is supported for LDAP, so, you will only be able to load-balance at L4

The main effect of this is that, in case you need stickiness, you will be limited to the src-ip option.

For the health-monitoring, as part of the default probe scripts, there is one for LDAP which will check that the server is really able to serve requests. I would suggest you to have a look at it.

Regards

Daniel

abal · ‎06-17-2012

Hi

Did you get this working?

I am trying to get secure Ldap load balancing to work on ACE 4710 running version A 1(8.0). Currently It is only working when pointing directly to the real servers. I am using normal tcp probe on port 646 for checking server health status.

Regards

Abal

Sent from Cisco Technical Support iPad App

dsimonse · ‎06-18-2012

Hi Abal,

In a way I got it working...

The thing that didn't work was when we wanted to take a realserver out of service the clients got a RST that they couldn't handle. So we didn't take the LB solution into production.

Got a tip to put the the second as a backup rserver but haven't evaluated that.

abal · ‎06-18-2012

Thanks for your reply.

Do you have the ace version you are using and the working config using port 636?

Regards

Abal

EPHRAIM MANI · ‎11-20-2013

Hi Dsimonse,

Advise if you were able to Loadbalnace LDAP communication successufully.

~EM

dsimonse · ‎12-02-2013

Hi Ephrahim,

I've not been able to test the suggestion from the BU yet, sorry.

//Dennis