Forum Discussion

Nimbostratus

Nov 12, 2015

LDAP Monitor - start tls error(-1)

I've created an LDAP monitor and chosen TLS for security. Using the debug to help test the monitor, I received this error "start tls error(-1): Can't contact LDAP server" When I choose SSL for s...

application delivery

LTM

Brad_Parker

Cirrus

Nov 12, 2015

It sounds like your LDAP server doesn't support StartTLS on port 636. The difference here is SSL is LDAPS and is always encrypted. The client initiates an SSL handshake before exchanging an data(most likely 636). The TLS option here is StartTLS, which means the client first contacts the LDAP server on an un-encrypted connection(most likely 389) and the requests to start a TLS tunnel over that connection. In my opinion, LDAPS is more secure as encryption is required from the get go.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

LDAP Monitor - start tls error(-1)

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Getting Started on DevCentral

Getting Started With n8n For AI Automation

Getting started with F5 Distributed Cloud (XC) Telemetry

Physical Security - Starting Points

Get Started with WAAP Security Incidents

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS