Forum Discussion
APM AD auth and LDAP request signing
F5 appear to have issued an article on the 8th Jan that appears to state there is no issue. https://support.f5.com/csp/article/K30054212
I really would have expected more detailed information regards to the APM AD and the mechanisms it supports for compliance purposes. Questions are now being asked if data is being passed in the clear. If I can't get more info I am going to have to switch to LDAPS. This was the original recommendation from support at the tail end of 2019 which is worst case. We still have our DC's configured to provide more detailed logs and see the event 2889 as a result of the F5 making an unsigned LDAP bind. Hopefully we will get more information soon, I will also keep chasing my SE for an more definitive answer.
In November we did some tcpdumps when APM did the AD Auth (14.1.x sw). Using wireshark on the dumps we saw that there were no signing of the LDAP SASL binding requests. ALso the AD event log indicated the same. The K30054212 recommendation "No changes are required for LDAPS or Active Directory AAA servers" may need some more clarification?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com