For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ravager's avatar
Ravager
Icon for Altostratus rankAltostratus
Sep 09, 2019

AD auth in APM (protocol used)

Just wondering in its simple state what protocol does APM connect to active directory to authenticate with.   What options do I have around increasing the security to this and what do i have to d...
BIG-IP Access Policy Manager (APM)
security
Dave_W's avatar
Dave_W
Icon for Employee rankEmployee
Sep 09, 2019

Hello,

 

Regarding Active Directory and APM for authentication APM supports Kerberos and for queries APM supports LDAP. As far as increasing security you could use LDAPS, but then you would configure an LDAPS AAA instead of an Active Directory AAA.

 

Here is some more info on Active Directory and LDAP with APM:

 

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/2.html

 

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/4.html

malakibrahim's avatar
malakibrahim
Icon for Nimbostratus rankNimbostratus
Nov 25, 2019

Hello Dave

In APM policy does it mean

AD authentication : uses Kerberos 

AD query : uses LDAP

There's vulnerability with LDAP and Microsoft advised to use LDAPS in this article , So i guess I need only to change AD query with LDAP query "signing enabled" and leave the AD authentication as it is to overcome that vulnerability, Right?

  • Dave_W's avatar
    Dave_W
    Icon for Employee rankEmployee
    Nov 26, 2019

    Hello Malak,

     

    Go into the LDAP AAA object and set it to "Use Pool." Then under "Mode" you can set it to LDAPS and you should see a Server SSL profile drop down menu.