Forum Discussion

Warren_129981's avatar
Warren_129981
Icon for Nimbostratus rankNimbostratus
Feb 13, 2014

Client unable to bind to LDAPs through LTM virtual for LDAPS

I have setup my F5 LTM 11.4.0 to have a virtual server that is receiving LDAP requests over 636. I have a profile setup with a cert/key for the client communication and a server profile setup with no...
big-ip ltm
F5User-LB_25540's avatar
F5User-LB_25540
Icon for Nimbostratus rankNimbostratus

Bug in F5 When configuring LDAPS (Secure LDAP). Please Fix F5 to accept hostname for Secure LDAP server pool connections.

 

Why it is an issue with F5's... Microsoft by default creates a cert that uses FQHN on domain controllers. By default in order to connect via LDAPS to Microsoft domain controller you must connect using FQHN, NOT IP. Big F5 only accepts IPs for LDAP which makes secure LDAPS fail to Microsoft Domain Controllers.

 

Work Around: Add an additional certificate on the Domain controller with IP as subject alternative name?

 

Amresh008's avatar
Amresh008
Icon for Nimbostratus rankNimbostratus
Feb 12, 2019

@ F5User-LB, please update the BUG ID for this and as per my understanding, let's say that the ssl certificate has been issued on the name of xyz.com, with it's IP being 1.2.3.4, you suggest that another certificate be issued for 1.2.3.4 as the name ?