Is it possible to implement session stickiness in haproxy when using it to load balance to ldap servers?
Example: I have an lb that load balances to two backend ldap servers. This works fine for reads, but if you browse the tree using directory studio, or implement pam, it causes error in pam and it flaps backs and for authenticating in directory studio.
What I'd like is for the lb to bind a user to one backend serve when they hit the ip for hte load balancer.
I'd suggest using stick tables in HAProxy for this.
A good reference is available on https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#stick on
Effectively you'd do something like this:
backend ldap
mode tcp
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
server s1 192.168.1.1:389
server s2 192.168.1.2:389
You can route based on source IP, so if your admins (using the directory studio) are using static IPs or are on an "admin" network segment, you can just put a rule that always sends them to one of the servers, this will also make logging their session easier.
I have not seen a good solution for TCP session persistence, based on any other factor than Source. Analyze the TCP packets, if you find something inside the packet that helps identify a session, HA proxy will likely be able to route based on that.
frontend ft-public-mysql-in bind 192.168.3.1:53 mode tcp option tcplog acl route1 src 192.168.2.0 acl route2 src 192.168.1.0 use_backend bkserver_pool if route1 use_backend bkserver_1 if route2
