Forum Discussion

Slayer001's avatar
Slayer001
Icon for Cirrus rankCirrus
Jan 06, 2020

AD authentication with LDAPS

Is it possible to create a layered Virtual Server to intercept the LDAP request towards the AD DC's and use LDAPS for the connection? We need to have LDAPS (TCP-636) for the AD auth instead of the d...
ad
application delivery
BIG-IP Access Policy Manager (APM)
ldaps
  • Slayer001's avatar
    Slayer001
    Feb 11, 2020

    Been some time but didn't have time to test it out. I tried with Pool but same result.

    Logged a support case and they confirmed it's not possible with AD auth. They said they know the security patch is coming and are working on something. It should be there before the Microsoft security patch is released.

Slayer001's avatar
Slayer001
Icon for Cirrus rankCirrus
Jan 08, 2020

At the moment it is set to "Direct".

 

The article you linked is for LDAP authentication with an LDAP AAA object, not AD AAA object. We want to be able to use the password change option which is only available with the AD auth/query that needs the AD AAA object.

As a sidenote with LDAP AAA object : In newer versions you don't even need the extra VS for doing LDAPS. It works by selecting LDAPS in the AAA object.

 

I tried with LDAP AAA object but then the password change page doesn't come up if the authenticating user wants to change his/her password.

  • Mitheor's avatar
    Mitheor
    Icon for Cirrus rankCirrus
    Jan 08, 2020

    Hi,

     

    "The article you linked is for LDAP authentication, not AD"

     

    Yeah, i know. I just think it should be almost the same scenario (configuration wise).

     

    If possible i´d try to config the IP via pool instead of Direct.

     

    Other than that, i´m sorry but i don´t understand why it´s not happening.

     

    As said, i´ll try to test it if i have time later.

     

    Br