Can APM ActiveDirectory AAA server use port 636, or StartTLS on 389?

Question

I've noticed that when I set up management/administration of an F5, and I can allow remote active directory users to log in, and I can select whether they use port 389 (cleartext LDAP), port 636 (LDAP with SSL encryption), or port 389 with StartTLS (LDAP with TLS encryption).&nbsp;
When it comes to APM though, I don't see that option when configuring an Active Directory AAA server. When I take network captures, I see port 389 being used for the AD Query objects in my VPE. Now I'm not an expert in the LDAP protocol, and maybe within port 389 APM is using the StartTLS command (does anyone know if that is the case?), but if not, does anyone know how to set up the ActiveDirectory AAA server in APM to use encryption when communicating with Active Directory?&nbsp;
Note: When it comes to encryption I would prefer port 389 with the StartTLS command, since TLS is more secure than SSL on port 636. But either would be preferable to 389 plaintext.&nbsp;
F5 Version: 12.1.2&nbsp;

algebraic_mirror · Answer

Bump&nbsp;

Forum Discussion

Can APM ActiveDirectory AAA server use port 636, or StartTLS on 389?

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

STARTTLS Server SMTP with cleartext and STARTTLS client support

LDAP StartTLS Extension to LDAPS Proxy

F5 Distributed Cloud Origin Server Subset Rules

BIG-IP High Availability with Azure Route Server

virtual server config

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS