Thanks Guys, will give Mel's solution a try since its the simplest. If that doesn't work, will give Mikes a go.
Will supply feedback on how I go.
Edit: Althought reading the context help on the F5 box, Mandatory attributes refer I think to the actual healthcheck returning proper LDAP attributes. I remember reading that the basic LDAP healthcheck doesnt request attributes, this must enforce that. Unsure how the expired cert checking fits in but will give it a go.
Specifies whether the target must include attributes in its response to be considered up.
No: Specifies that the system performs only a one-level search (based on the Filter setting), and does not require that the target returns any attributes.
Yes: Specifies that the system performs a sub-tree search, and if the target returns no attributes, the target is considered down.