How to configure APM to use AD Global Catalog 3268 and or 3269? Does APM support Authentication using Global Catalog?

Question

I'm using APM and there is a requirement to authenticate users through Global Cagalog instead of regular AD Kerberos or LDAP 389 636. We would like to use the AD Global Catalog which are basically 3268 and 3269 but can't seem to get this to work.

maynor_ovalle · Answer

Got an aswer from F5.  As of 11.4.1 Global Catalog is not supported yet for authentication.  Supported are ldap, ldaps, regular AD and Kerberos.&nbsp;

chris_stennie_1 · Answer

Any updates on this?  Has it been added to the current version?

dirtycache · Answer

Circling back to this as the post/question came up in a Google search -&nbsp;
You can utilize the global catalog by configuring it as an LDAP AAA server object, with the dependent pool members using port 3268/tcp.&nbsp;
That said, you won't have password change functionality with an LDAP AAA object like you would with AD due to them each using a different agent; the LDAP agent does not support this feature while the AD agent does, including against RODCs.&nbsp;

Forum Discussion

How to configure APM to use AD Global Catalog 3268 and or 3269? Does APM support Authentication using Global Catalog?

3 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

XC - geo LB to the origin servers

Floating Ip Problem

F5 rSeries || Upgrade tenant

Expired client-certificate

Related Content

Configuring APM Client Side NTLM Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Configuring Smart Card Authentication to BIG-IP Management Interface

wccp configuration for SSL Orchestrator

iControl REST Authentication Token Management

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS