For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ca689_1627's avatar
ca689_1627
Icon for Nimbostratus rankNimbostratus
Oct 24, 2011

Exchange 2010 authentication w/Secure LDAP

We are successfully authenticating users through the LTM/APM using LDAP in our AAA server. We need to switch to using Secure LDAP. What is required to ge this working? Simply chaning the port on the AAA server to the secure port does not do it. Any help would be much appreciated.
microsoft
partner

4 Replies

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Oct 24, 2011
    Are you running version 10 of BIG-IP? I believe you need to set up a pool of LDAP servers and a virtual using serverssl, then use that VIP address as your AAA server. Check out this video: http://devcentral.f5.com/weblogs/dctv/archive/2010/02/05/tech-demo-ldaps-configuration-on-big-ip-edge-gateway.aspx
  • ca689_1627's avatar
    ca689_1627
    Icon for Nimbostratus rankNimbostratus
    Oct 24, 2011

     

    Yes - running 10.2.3. First time seeing that video... we'll check it out. Thanks!

     

  • ca689_1627's avatar
    ca689_1627
    Icon for Nimbostratus rankNimbostratus
    Oct 25, 2011

     

    The configuration for Secure LDAP as described in the video works great for us. One question on that... it seems that there might be clear text credentials between the two VIPs. Is this a concern and if so, has anyone addressed this situation?
  • ca689_1627's avatar
    ca689_1627
    Icon for Nimbostratus rankNimbostratus
    Nov 07, 2011

     

    Quick update on this... we ended up moving to version 11 with iApps and Secure LDAP is built in to that version. There is no need in version 11 to create a separate vertual server for Secure LDAP. It seems to work great.