I’m running into a problem where I can’t seem to make my ldap proxy work. I have several proxies behind an F5 load balancer doing Layer 4 load balancing. They’re all running CentOS with minimum specs (1g of mem, 2 cpu, plenty of drive space).
When I try to
ldapsearch against it I just get
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1). I don’t get a push notification. Appending a code also fails.
An odd thing I noticed is I was able to
ldapsearch on the server against itself via 127.0.0.1 and that returned something but it never prompted for 2fac.
Things I’ve verified:
- telnet works between each point
- firewalls are open between all
- ad_client works because I have radius proxies working that leverage i
- certificate is good and signed by our CA
[main] client=ad_client [duo_only_client] [ad_client] host=ldap.contoso.com search_dn=DC=CONTOSO,DC=COM service_account_username=SERVICEACCOUNT transport=ldaps ssl_ca_certs_file=ca_certs.pem ssl_verify_hostname=true service_account_password=REMOVED [ldap_server_auto] ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ client=ad_client failmode=safe ssl_port=636 ssl_key_path=ldap_server.key ssl_cert_path=ldap_server.pem skey=REMOVED ikey=REMOVED [radius_server_auto] ...
Is there anything I’m missing? Someway I can try to auth against it and verify.