Forum Discussion
NimbostratusMultiple servers in auth ldap system-auth?
It appears that auth ldap system-auth accepts multiple servers:
auth ldap system-auth {
bind-dn "xxxx"
bind-pw xxxx
login-attribute xxxx
search-base-dn xxxx
servers { 10.2.66.57 ; 10.7.66.57 }
This option and behavior do not seem to be documented anywhere, and only one server shows up in the GUI.
Is this supposed to work? This seems marginally simpler than setting up a local LDAP pool and virtual if it does.
LTM version is 13.1.0.5,
It does not seem to work yet:
Note: F5 is currently tracking, as bug 247212 (formerly CR112085), a request for enhancement (RFE) to assign multiple LDAP servers in a system authentication profile.
Source: https://support.f5.com/csp/article/K11072
Jason_NanceBefore you setup an LDAP virtual server/pool know that you cannot authenticate against (read: route to) a virtual server which is "hosted" by the LTM to which the user is attempting to login.
Meaning you cannot do this:
- LTM A - setup "ldap.foo.com" virtual server
- LTM A - point at "ldap.foo.com" for authentication
You would have to setup the virtual server on a different LTM (or LTM cluster).
wsanders_233261It works for us. Every LTM I've worked on has been able to route to its own virtuals. It might make an extra round trip through the LTM, but it works.
