Forum Discussion

epaalx's avatar
epaalx
Icon for Cirrus rankCirrus
Mar 10, 2020

LDAPS for remote authentication, without certificate validation

Hi Experts,

our BIG-IP vCMP Host and Guest are using LDAP for administrative access authentication and I need to change to LDAPS. I don't want LDAP Server certificate validation because Active Directory administrators are likely to change this certificate (and its CA) without notice.

In "ldap system-auth" I see parameter "ssl" and "port" which are obvious, but am unsure if about "ssl-check-peer" and "ssl-ca-cert-file".

Is it enough to set "ssl-client-cert" to 'disabled' and leave "ssl-ca-cert-file" as 'none' to disable LDAP server certification validation whilst still enabling LDAPS?

R's, Alex

  • Hi Alex,

     

    Yes it is. With ssl-peer-check disable the BIG-IP's won't verify the LDAPS server certificate.

     

    Cheers,

     

    Kees