Application Delivery (ADX)

Reply
Contributor
Posts: 49
Registered: ‎04-24-2009

How do I configure the ServerIron to do an LDAP health check (LDAP bind) for LDAPS (LDAP over SSL)?

How do I configure the ServerIron to do an LDAP health check (LDAP bind) for LDAPS (LDAP over SSL)?

I am seeing a Layer 4 health check only using my very simple configuration:

sever real ldap_1 10.100.33.101

  port ldaps

server virtual ldap_vip 10.110.33.100

  port ldaps

  bind ldaps ldap_1 ldaps

Again: Thx for your help.

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: How do I configure the ServerIron to do an LDAP health check (LDAP bind) for LDAPS (LDAP over SSL)?

The ServerIron/ADX is able to do Layer 4 and Layer 7 health checks for LDAP and LDAPS. A Layer 4 check is a TCP connection request which is what you are seeing based on your question. A Layer 7 health check would be a complete TCP connection including the SSL handshake (in case it is LDAPS) and a LDAP bind on top of the established connection. The real server is getting declared as up in case the bind request is successful.

The easiest way to do a Layer 7 LDAPS health check is to use the healthck functionality at the ServerIron. You have to configure a healthck telling the ServerIron what to test and how to test and you do have to bind the healthck to the real servers LDAPS port. This would look like:

healthck ldaps_101 tcp

  dest-ip 10.100.33.101

  port ldaps

  protocol ldaps

server real ldap_1 10.100.33.101

  port ldaps healthck ldaps_101

You do have to define a healthck for each real server because you do need to specify the real server IP address. Have a look at port-policies in case you would like to reuse the same configuration item for multiple real servers to shorten the configuration.

I am going to publish a health check how to soon. Stay tuned!

Contributor
Posts: 49
Registered: ‎04-24-2009

Re: How do I configure the ServerIron to do an LDAP health check (LDAP bind) for LDAPS (LDAP over SSL)?

Wow... faster than fast... I am going to give it a try tomorrow. Will let you know about the result.

Contributor
Posts: 49
Registered: ‎04-24-2009

Re: How do I configure the ServerIron to do an LDAP health check (LDAP bind) for LDAPS (LDAP over SSL)?

Could not wait - working! THX.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.