For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

FishNiX_29746's avatar
FishNiX_29746
Icon for Nimbostratus rankNimbostratus
May 12, 2010

Help with LDAPS health monitor v9.4.8

We are trying to load balance some members which vend ldaps with selfsigned certs. I don't really want to import the CA or anything like that... but I am unable to get the members to go active. The ...
config
design
iaine's avatar
iaine
Icon for Nacreous rankNacreous
May 14, 2010
We had a similar problem when we upgraded to 9.4.5 a couple of years a go. I don't know if it's still relevant for your version but these are steps that we followed that F5 support forwarded on.

 

 

Iain

 

 

1. The new openldap installation uses /usr/etc/openldap/ldap.conf as its config file by default. Also the new library requires certificate checking by default. In this ldap.conf file you need to add the line:

 

TLS_REQCERT never

 

NOTE: The cr I file will change the config file the openldap library uses back to /etc/ldap.conf to avoid changes in 2 following.

 

2. Unfortunately subdomain does not allow access to this newly formed ldap.conf file, you need to add this for it to work.

 

2a. Add the following line to /etc/subdomain.d/usr.bin.bigd:

 

/usr/etc/openldap/ldap.conf r,

 

2b. restart subdomain:

 

/etc/rc.d/init.d/subdomain restart