Load Balancing SSL LDAP requests

Doug,

 

 

Sorry for crashing into your topic, hopefully I can try work out within this topic as its similar if not the same as what I am trying to implement. Maybe we can try work them out together.

 

 

Client hit request to ldap://server.mydomain.com:1234 ---F5 and then F5 send to an internal LDAP - ldap1.dmz.com

 

 

My setup - (still working in progress) - virtual sever with the following profiles

 

1. client ssl profile with a certificate & key using server.mydomain.com cert

 

2. server ssl profile with a self sign cert from ldap1.dmz.com - certificate=self sign ldap1.dmz.com, key = none, rest =default

 

 

I believe for my setup, i have to do it on the LTM by maybe using iRule the string ldap://server.mydomain.com 1000 and convert them to ldap://ldap1.dmz.com 40000

 

 

Still trying to figure that out or am I going down the wrong road?

 

 

How did you set yours up Doug? is it similar?

 

 

I uses an LDAP client to test it out and can see the SSL terminating to the F5 (wireshark) and looks like it is trying to talk to the back end ldap but didnt progress further than shown below.

 

 

ld = ldap_sslinit("server.mydomain.com", 1000, 1);

 

Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);

 

Error 0 = ldap_connect(hLdap, NULL);

 

Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);

 

Host supports SSL, SSL cipher strength = 128 bits

 

Established connection to server.mydomain.com

 

Retrieving base DSA information... --> just stuck here