Forum Discussion

Warren_129981's avatar
Warren_129981
Icon for Nimbostratus rankNimbostratus
Feb 13, 2014

Client unable to bind to LDAPs through LTM virtual for LDAPS

I have setup my F5 LTM 11.4.0 to have a virtual server that is receiving LDAP requests over 636. I have a profile setup with a cert/key for the client communication and a server profile setup with no...
big-ip ltm
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Feb 13, 2014

Interesting. So does your LDAP configuration require something special to exist in the SSL? Normally LDAP is pretty flexible about the SSL layer. That said, there is a difference between LDAP and LDAPS besides the SSL layer. I'm assuming that if you point the client directly at the server and make an LDAPS call, it works. And if you disable both the client and server SSL profiles on the VIP (SSL pass through), then that too works with LDAPS. The reason why I make the distinction is because the following are not equivalent: 

ldapsearch -H ldaps://server

ldapsearch -H ldap://server:636

Ldapsearch is a command line tool you can use on the BIG-IP to test LDAP, and even though the requests are using the same port, the former will work while the latter will not.