Forum Discussion

Warren_129981's avatar
Warren_129981
Icon for Nimbostratus rankNimbostratus
Feb 13, 2014

Client unable to bind to LDAPs through LTM virtual for LDAPS

I have setup my F5 LTM 11.4.0 to have a virtual server that is receiving LDAP requests over 636. I have a profile setup with a cert/key for the client communication and a server profile setup with no...
big-ip ltm
pmilot_70356's avatar
pmilot_70356
Icon for Nimbostratus rankNimbostratus
Feb 14, 2014

Here are the scenarios.

 

client => plain text => F5 => plain text => ADS:389 !WORKS!

 

client => plain text => F5 => SSL re-encrypt => ADS:636 !WORKS!

 

client => SSL PASS THROUGH => F5 => SSL PASS THROUGH => ADS:636 !WORKS!

 

client => SSL Client SSL Profile => F5 => SSL re-encrypt => ADS:636 !FAILS!

 

client => SSL Client SSL Profile => F5 => plain text => ADS:389 !FAILS!

 

As soon as we enable the Client-side SSL profile it fails with the SSL handshake failure.

 

Thanks

 

  • pmilot_70356's avatar
    pmilot_70356
    Icon for Nimbostratus rankNimbostratus
    Feb 14, 2014
    I'll mention as well that when we are connecting to the encrypted service we use ldaps:// and when unencrypted we change the URL to ldap://. We do understand that concept well. Thanks