Forum Discussion

Nimbostratus

Feb 13, 2014

Client unable to bind to LDAPs through LTM virtual for LDAPS

I have setup my F5 LTM 11.4.0 to have a virtual server that is receiving LDAP requests over 636. I have a profile setup with a cert/key for the client communication and a server profile setup with no...

big-ip ltm

pmilot

Altostratus

Feb 14, 2014

I've been working with Warren on this issue.

The fail occurs during the SSL Handshake. When we perform a TCP dump, we see the following.

Client Hello Server Hello Cipher suites negotiated Change cipher spec Change cipher spec

Than the F5 closes the connection (RST,ACK) and ltm logs show "SSL Handshake Failed". The client never gets to the point of attempting to bind to the directory.

We have reproduced this from various clients. The client SSL profile is currently set to the default with a cert/key. The certificate contains the vip FQDN in the CN= field and SubjectAltName. Virtual Server is of type "standard". Pretty basic really.

The Directories are Microsoft ADS.

Thanks

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client unable to bind to LDAPs through LTM virtual for LDAPS

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

LDAPS account interception through Virtual Server - Is it possible

Pass client cert based on POST data

F5 Client filtering based on cisco switch port info

VIP Client Logging "Not RFC1918"

Block Active-Sync on Virtual Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS