General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Sogo and samba 4 AD authentification


Chronological Thread 
  • From: "mj" ( ) < >
  • To:
  • Subject: Re: [SOGo] Sogo and samba 4 AD authentification
  • Date: Wed, 21 Mar 2018 12:20:10 +0100
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 29AECC04204

Hi,

On 03/20/2018 06:05 PM, Goetz Reinicke ( ) wrote:
So haproxy is Talking encrypted to the samba servers? With the option of
failover this sounds interesting. How hard is the haproxy configuration?

Yes, like that. Config not very complicated, and it works very nicely. In fact we do this on all servers that require ldap connections.

Relevant bits from haproxy.cfg:

frontend ldap_service_front
mode tcp
bind localhost:389
description LDAP Service
option socket-stats
option tcpka
timeout client 5s
default_backend ldaps_service_back

backend ldaps_service_back
mode tcp
balance roundrobin
server dc2 ldap.server.ip.1:636 check fall 1 rise 1 inter 2s
verify none check check-ssl ssl
server dc3 ldap.server.ip.2:636 check fall 1 rise 1 inter 2s
verify none check check-ssl ssl
server dc4 ldap.server.ip.3:636 check fall 1 rise 1 inter 2s
verify none check check-ssl ssl
option log-health-checks
option ldap-check
timeout server 2s
timeout connect 2s

As you can see, we are currently not checking the certificates, which is not good. This is still on our to-do list.

MJ



Archive powered by MHonArc 2.6.18.

Top of page