Hi Willy.
On 2024-02-15 (Do.) 09:07, TINK-LONG-KI Willy wrote:
Hello All,
I trying to configure a backend on a HAPROXY (release 2.4.25) with LDAPS in
order to authenticate user by the LDAPS.
Any chance to use the latest 2.8 or 2.9?
Below informations about my configuration :
-Port use on the backend : 636
-Mode use on the backend : tcp
-SSL certifcate installed on the LDAPS server.
Do you know if that is possible please ?
When I try to connect to HAPROXY from internet I get this error message :
ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed, reason: Unspecified:
Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 1
This is not a HAProxy error message.
Please can you share the config with minimal config and no sensitive
information's.
The TCP Mode works quite well with TLS forwarding but this requires that the
target server, the ldap server, must handle the TLS Handshake.
You can see this in that picture
https://www.me2digital.com/blog/2019/05/haproxy-sni-routing/
Is the LDAP Server configured for LDAPS?
Have the client the CA Certificates from the LDAPS server?
What's your ldap client config?
Thank you for your help.
Kind Regards,
Willy
Regards
Alex
