guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pburdine <>
Subject Re: multiple ldap server in guacamole
Date Sat, 29 Apr 2017 20:01:01 GMT
The solution to this is to use an instance of haproxy in front of your
ldap(s)/AD servers.  Here is an example config that works for me against an
AD server with ldaps (starttls), adjust your servers as required:

  log           /dev/log local6
  pidfile       /var/run/
  chroot        /var/lib/haproxy
  maxconn       8192
  user          haproxy
  group         haproxy
  stats socket /var/lib/haproxy/stats.socket mode 660 level admin
  # Default SSL material locations
  ca-base /etc/ssl/certs
  crt-base /etc/ssl/private

frontend ldap_service_front
  mode                  tcp
  log                   global
  # Edit this line to bind to your local address (eg or public
  bind                  local_bind_address:port   
  description           LDAP Service
  option                tcplog
  option                logasap
  option                socket-stats
  option                tcpka
  timeout client        5s
  default_backend       ldap_service_back

backend ldap_service_back
  server                ldap1 ldap1.domain.local:389 check fall 1 rise 1
inter 2s  # Add first server
  server                ldap2 ldap2.domain.local:389 check fall 1 rise 1
inter 2s  # Add second server, third, etc
  mode                  tcp
  balance               leastconn
  timeout server        2s
  timeout connect       1s
  option                tcpka
  option                tcp-check
  tcp-check             connect port 389
  tcp-check             send-binary 300c0201            # LDAP bind request
"<ROOT>" simple
  tcp-check             send-binary 01                  # message ID
  tcp-check             send-binary 6007                # protocol Op
  tcp-check             send-binary 0201                # bind request
  tcp-check             send-binary 03                  # LDAP v3
  tcp-check             send-binary 04008000            # name, simple
  tcp-check             expect binary 0a0100            # bind response +
result code: success
  tcp-check             send-binary 30050201034200      # unbind request


View this message in context:
Sent from the Apache Guacamole (incubating) - Users mailing list archive at

View raw message