Forum Discussion

Peter_Baumann's avatar
Peter_Baumann
Icon for Cirrostratus rankCirrostratus
Oct 12, 2022

LTM Authentication Profile LDAP Cert Feature in APM?

Hello again,
Since our customer tries to migrate from LTM auth profiles to APM he's missing one feature in APM which was available in LTM auth profiles.
The customer is checking in the LDAP if a certificate is available, here's the relevant config setting:

Does someone know how to implement the same in APM?

Thanks,
Peter

  • If you managed to get the needed answers, please flag the question as answered.

  • Sorry I was quite busy...
    No unfortunately it is not solved.
    Advanced Auth had the Feature as displayed in the screenshot:
    Search Type: Certificate: Specifies that the system searches for a certificate stored in the user's profile in the remote LDAP database.

    So, ACA was checking in the LDAP DB if there's a cert stored in the users profile.
    How can this be done with APM? I couldn't find any solution for it since it is more an active LDAP query which has to be done and not checking session variables.

    Thanks,
    Peter

    • Peter_Baumann's avatar
      Peter_Baumann
      Icon for Cirrostratus rankCirrostratus

      Hello again,
      The customer just told me that with ACA they could validate the provided cert against users cert stored in LDAP.
      So, what is missing in the access profile is the ability to check the from the client provided cert with the cert stored at the user in LDAP.

      The customer was using a cert validation with ACA if the provided cert is matching the user certs stored in LDAP, even when the user has two valid certs and one of it will soon be invalid because of the expired date.

      • AubreyKingF5's avatar
        AubreyKingF5
        Icon for Moderator rankModerator

        Have you used the APM VPE?  I think you can do a simple LDAP search to get the contents of this, but you will need your full DN to set it.