LDAPS MONITOR

Question

Hi All,&nbsp;
&nbsp;How do we configure the F5 LTM to perform monitoring of the LDAPS service to use the specific Certificate and Key.&nbsp;
&nbsp;There is option to turn on the SSL on the monitor configuration but how do we configure to use the required Certificate and Key.&nbsp;
&nbsp;Any recommendations based on previous deployments ?&nbsp;
&nbsp;Thanks
&nbsp;Raj&nbsp;

hooleylist · Answer

Hi Raj, 
&nbsp;  
&nbsp; I don't believe the LDAP(s) monitor supports a client cert/key natively.  You might be able to modify the ldap.conf to configure this.  I'd check with F5 Support on your options here. 
&nbsp;  
&nbsp; Aaron

lidev · Answer

Hi DevCentral community, the use of TLS certificate with LDAPS monitoring still does not seem to be implemented on the last F5 release, there is a workaround to implement this solution ? (except the modification of the ldap.conf)&nbsp;
Thanks&nbsp;
VLustig&nbsp;

yoann_le_corvi1 · Answer

Hi&nbsp;
I guess you could try creating a local VS on your BIG IP with a Server SSL profile pointing to your LDAPs servers with a client certificate, and monitor that VS instead, using a monitor with alias IP / PORT.&nbsp;
Try it though, I didn't have time to test this approach :)  
&nbsp;
Yoann&nbsp;

lidev · Answer

Hi Yoann, i had the same idea but i was hoping more academic solution working directly with the ladps monitoring :)&nbsp;
Anyway, thanks for your time and i will try this!&nbsp;
VLustig&nbsp;

Forum Discussion

LDAPS MONITOR

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

LDAP Proxy

LDAPS vip - how to?

LDAP Auth, LDAP Query with UPN fails

LDAP StartTLS Extension to LDAPS Proxy

iRule based RADIUS Health Monitor Builder

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS