This week I had to make a configuration of an LDAP server in High Availability. From what I saw in the need to have a tool that allows me to be able to receive requests and forward them to each of the nodes of the LDAP servers.
When we talk about High Availability (High Availavility – HA) we refer to an environment with the main objective of always keeping the service available, therefore it is essential to have the service to be used on more than one server so that in case of failure in one of the teams that make up the cluster, the end users do not notice the incidents.
Therefore I would like in this POST to perform a load balancing configuration using HAPROXY software, I hope it can be useful.
DATA:
-
TEAM HAPROXY (apps.rinnovocorp.com:389)
-
TEAM LDAP 1 (idm01.rinnovocorp.com:3060)
-
TEAM LDAP 2 (idm02.rinnovocorp.com:3060)
1) First we proceed with the installation of the Software:
2) Installation completed successfully:
3) We enter the Service configuration directory:
4) We add the FRONTEND and BACKEND settings in the haproxy.cfg:
Here is a brief explanation of the configuration:
FRONTEND: It’s the configuration with which you will be listening to the requests in the HAPROXY. One of the important configurations that must be taken into account is that the protocol to be used is TCP since LDAP communication is carried out through said protocol. Something very important that should not be missing is the default_backend since this parameter refers to the configuration where the destinations to which the incoming request will be sent are defined. The value 0.0.0.0 indicates that you listen to all the interfaces that the server has configured and active.
BACKEND: This is the configuration where the 2 computers that have the LDAP services configured will be referred to. It is always very important that we define the TCP protocol.
5) After the configuration of the file, we perform a restart of the services:
6) We initially tested that the service is available on each of the LDAP nodes:
NOTE: We will test from a device other than HAPROXY and LDAP devices.
NODO 1 LDAP
NODO 2 LDAP
7) Once the 2 LDAP devices have been validated, we will do a test using the HAPROXY load balancing service that we configure:
With this we validate that the HAPROXY service is working. Now it would be to validate the high availability
8) HAPROXY service test with the 2 LDAP services below:
LDAP 1 Shutdown
LDAP 2 Shutdown
HAPROXY balancing service test:
9) HAPROXY service test with LDAP Server 1 UP:
LDAP 1 Up
LDAP 2 Shutdown
HAPROXY balancing service test:
10) HAPROXY service test with LDAP Server 2 AND ABOVE:
LDAP 1 Shutdown
LDAP 2 Up
HAPROXY balancing service test:
Written By GuChe