beautypg.com

Configuring non-boolean ldap health checks – Brocade Virtual ADX Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

Page 197

background image

Brocade Virtual ADX Server Load Balancing Guide

181

53-1003247-01

Layer 7 health checks

4

Syntax: [no] port {ldap | ldaps | port-num} password string

The string variable specifies the password for the Directory object that the Brocade Virtual ADX
binds as; it is a character string that cannot exceed 64 characters.

Configuring Base Distinguished Names for Authenticated LDAP Bonding
To configure the base Distinguished Name (DN) used to query the LDAP directory, enter commands
such as the following at the real port level of the CLI.

Virtual ADX(config)#server real r1 192.168.20.43

Virtual ADX(config-rs-r1)#port ldap search-base-dn “ou=groups,dc=brocade,dc=com”

Syntax: [no] port {ldap | ldaps} search-base-dn distinguished-name

The distinguished-name is a character string that cannot exceed 256 characters.

LDAP over SSL
The Brocade Virtual ADX can perform LDAP health checks using a Secure Sockets Layer (SSL)
connection on TCP port 636.

The LDAP over SSL (LDAPS) health check procedure works as follows:

The Brocade Virtual ADX initiates an SSL connection with the server on TCP port 636, a secure link
is negotiated, and encrypted data is transferred across the link. After the SSL connection is
established, the Brocade Virtual ADX sends a bind request to the LDAPS server and waits for a
reply. The bind request includes a configurable version number, either 2 or 3 (by default, version 3).

If the LDAPS server sends a bind reply with a result code of any status (no error), the Brocade
Virtual ADX resets the connection and marks the port ACTIVE.

If the LDAPS server does not send a bind reply by the time the LDAPS keepalive interval
expires, the Brocade Virtual ADX retries the health check up to the number of times configured
(by default, two retries). If the LDAPS server still does not respond, the Brocade Virtual ADX
marks the server port FAILED and removes the LDAPS server from the load-balancing rotation
for LDAPS service.

You can configure standard (non-Boolean) LDAPS health checks. Health checking commands
available for other TCP ports are also available for the LDAPS port.

Configuring Non-boolean LDAP health checks

To configure a standard health check for the port ldaps command on real server r1, enter the
following commands.

Virtual ADX(config)#server port ldaps

Virtual ADX(config-port-ldaps)#tcp keepalive enable

Virtual ADX(config-port-ldaps)#exit

Virtual ADX(config)#server real r1 10.10.1.101

Virtual ADX(config-rs-r1)#port ldaps

Virtual ADX(config-rs-r1)#exit

If the no-fast-bringup command is not configured for the LDAPS port, if the l4-check-only command
is configured for the LDAPS port, or if the keepalive health check for the LDAPS port is disabled, the
Brocade Virtual ADX does not establish a secure connection when performing a health check on
port 636. Instead, the Brocade Virtual ADX establishes a regular TCP connection on port 636 and
sends a TCP RESET, using the same method as the LDAP health check.

See also other documents in the category Brocade Computer Accessories: