Forum Discussion
refra_151287
Cirrus
CirrusQuestion: Can I use SSL LDAP to authenticate users?
Hello All,
I'm trying to authenticate users using LDAP, but LDAP is part of client authentication license which is not licensed at LTM anymore. So I'm trying to use SSL Client Certificate LDAP to authenticate users, but I have some inquiries: 1- is that method able to authenticate users,i can see that able to authorize? 2- I read that the F5 uses the username at the certificate (one of 3 options) and search for that user name in the remote LDAP, so the client should use certificate with his/her name, How can we do that? 3- what I understand too that the client don't have to enter any additional parameters such as password, right? finally can i have more detailed documentation about the process of SSL cc LDAP.
1 Reply
Ronald_van_der3Nimbostratus
- You are able to authenticate users, and thus a basic set of authorization.
- That is correct, the username should be available in the certificate, usually the Common Name.
- The client will have to select the specific certificate when it authenticates in his browser. If the corresponding private key is encrypted, the user should also enter the password before he can authenticate.
- https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/35.html
