AD auth in APM (protocol used)

Question

Just wondering in its simple state what protocol does APM connect to active directory to authenticate with.

What options do I have around increasing the security to this and what do i have to do.

ie NTLMv2, kerberos etc.

dave_w · Answer

Hello,&nbsp;Regarding Active Directory and APM for authentication APM supports Kerberos and for queries APM supports LDAP. As far as increasing security you could use LDAPS, but then you would configure an LDAPS AAA instead of an Active Directory AAA.&nbsp;Here is some more info on Active Directory and LDAP with APM:&nbsp;https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/2.html&nbsp;https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/4.html

malakibrahim · Answer

Hello DaveIn APM policy  does it mean AD authentication : uses Kerberos&nbsp;AD query : uses LDAPThere's vulnerability with LDAP and Microsoft advised to use LDAPS in this article , So i guess I need only to change AD query with LDAP query "signing enabled" and leave the AD authentication as it is to overcome that vulnerability, Right?

dave_w · Answer

Hello Malak,&nbsp;Go into the LDAP AAA object and set it to "Use Pool." Then under "Mode"  you can set it to LDAPS and you should see a Server SSL profile drop down menu.

Forum Discussion

AD auth in APM (protocol used)

Recent Discussions

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

Related Content

Proxy Protocol v2 Initiator

HTTP/2 Protocol in Plain English using Wireshark

Remote Desktop Protocol (RDP) using an SSL VPN

SSL protocol mismatch

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS