LDAPS => LDAPS HAProxy

Software & Web Applications
1

Trying to use HAProxy to translate my internal LDAPS into and external one. Using OpenLDAP with an internal CA.

My setup:
HAProxy + ACME to get a valid cert on firewall.
Frontend with acl “host matches” my sni.
Backend with SSL checks using my internal CA.

I have this working on an https site but am getting failed connections when trying to connect to the LDAPS server. Help?

2

I have never tried to get LDAPS over HAProxy.

3

As far as I can tell, it’s just LDAP wrapped in SSL. There are 3 options when using LDAP:

Plain LDAP
LDAP + STARTTLS
LDAP + SSL

I think it may be because the protocol expects the certificate directly from the server or something. Will experiment more.