Forum Discussion

Warren_129981's avatar
Warren_129981
Icon for Nimbostratus rankNimbostratus
Feb 13, 2014

Client unable to bind to LDAPs through LTM virtual for LDAPS

I have setup my F5 LTM 11.4.0 to have a virtual server that is receiving LDAP requests over 636. I have a profile setup with a cert/key for the client communication and a server profile setup with no...
big-ip ltm
pmilot's avatar
pmilot
Icon for Altostratus rankAltostratus

Here are the scenarios.

 

client => plain text => F5 => plain text => ADS:389 !WORKS!

 

client => plain text => F5 => SSL re-encrypt => ADS:636 !WORKS!

 

client => SSL PASS THROUGH => F5 => SSL PASS THROUGH => ADS:636 !WORKS!

 

client => SSL Client SSL Profile => F5 => SSL re-encrypt => ADS:636 !FAILS!

 

client => SSL Client SSL Profile => F5 => plain text => ADS:389 !FAILS!

 

As soon as we enable the Client-side SSL profile it fails with the SSL handshake failure.

 

Thanks

 

pmilot's avatar
pmilot
Icon for Altostratus rankAltostratus
Feb 14, 2014
I'll mention as well that when we are connecting to the encrypted service we use ldaps:// and when unencrypted we change the URL to ldap://. We do understand that concept well. Thanks