05-11-2009 10:31 AM
How do I configure the ServerIron to do an LDAP health check (LDAP bind) for LDAPS (LDAP over SSL)?
I am seeing a Layer 4 health check only using my very simple configuration:
sever real ldap_1 10.100.33.101
server virtual ldap_vip 10.110.33.100
bind ldaps ldap_1 ldaps
Again: Thx for your help.
05-11-2009 10:38 AM
The ServerIron/ADX is able to do Layer 4 and Layer 7 health checks for LDAP and LDAPS. A Layer 4 check is a TCP connection request which is what you are seeing based on your question. A Layer 7 health check would be a complete TCP connection including the SSL handshake (in case it is LDAPS) and a LDAP bind on top of the established connection. The real server is getting declared as up in case the bind request is successful.
The easiest way to do a Layer 7 LDAPS health check is to use the healthck functionality at the ServerIron. You have to configure a healthck telling the ServerIron what to test and how to test and you do have to bind the healthck to the real servers LDAPS port. This would look like:
healthck ldaps_101 tcp
server real ldap_1 10.100.33.101
port ldaps healthck ldaps_101
You do have to define a healthck for each real server because you do need to specify the real server IP address. Have a look at port-policies in case you would like to reuse the same configuration item for multiple real servers to shorten the configuration.
I am going to publish a health check how to soon. Stay tuned!
05-11-2009 10:39 AM
Wow... faster than fast... I am going to give it a try tomorrow. Will let you know about the result.