For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Warren_129981's avatar
Warren_129981
Icon for Nimbostratus rankNimbostratus
Feb 13, 2014

Client unable to bind to LDAPs through LTM virtual for LDAPS

I have setup my F5 LTM 11.4.0 to have a virtual server that is receiving LDAP requests over 636. I have a profile setup with a cert/key for the client communication and a server profile setup with no...
big-ip ltm
pmilot's avatar
pmilot
Icon for Altostratus rankAltostratus
Feb 14, 2014

Here are the scenarios.

 

client => plain text => F5 => plain text => ADS:389 !WORKS!

 

client => plain text => F5 => SSL re-encrypt => ADS:636 !WORKS!

 

client => SSL PASS THROUGH => F5 => SSL PASS THROUGH => ADS:636 !WORKS!

 

client => SSL Client SSL Profile => F5 => SSL re-encrypt => ADS:636 !FAILS!

 

client => SSL Client SSL Profile => F5 => plain text => ADS:389 !FAILS!

 

As soon as we enable the Client-side SSL profile it fails with the SSL handshake failure.

 

Thanks

 

  • pmilot's avatar
    pmilot
    Icon for Altostratus rankAltostratus
    Feb 14, 2014
    I'll mention as well that when we are connecting to the encrypted service we use ldaps:// and when unencrypted we change the URL to ldap://. We do understand that concept well. Thanks