Forum Discussion
Slayer001
Cirrus
CirrusAD authentication with LDAPS
Is it possible to create a layered Virtual Server to intercept the LDAP request towards the AD DC's and use LDAPS for the connection? We need to have LDAPS (TCP-636) for the AD auth instead of the d...
Been some time but didn't have time to test it out. I tried with Pool but same result.
Logged a support case and they confirmed it's not possible with AD auth. They said they know the security patch is coming and are working on something. It should be there before the Microsoft security patch is released.
Slayer001Cirrus
CirrusHello,
That's what I was trying but the traffic is not being send to that "internal" VS with serverssl profile but it's trying to find the IP of that VS somewhere else on the network via it's routing table and doesn't use the internal virtual address with ARP turned off.
First it tries to connect on port 88 for Kerberos but that fails as it can't find the IP of the VS and hence the traffic is not send towards the pool members (the real AD servers).
Is there anything special that needs to be done to send the traffic towards the internal VS? Or is it not possible to use a internal VS in the Direct AD auth settings? If it's possible with AD auth based on a pool. I can create a pool with the internal VS as it's only member?
I know these articles exist for HTTPS authentication but never found anything similar for AD so I'm wondering if it is even possible.
MitheorCirrus
CirrusHi,
just in case, are these auth request being processed in any way by the F5 (fe APM users) or only packets that the F5 is balancing/forwarding?