Forum Discussion
Dev_56330
Cirrus
Jan 15, 2018Remote User Management - LDAP Client Cert
Has anyone successfully deployed LDAP using client cert authentication to the BIG-IP TMUI? I see the guide though it is not very intuitive so I was curious if anyone would be willing to share their ...
Kevin_K_51432
Jan 18, 2018Historic F5 Account
Greetings,
My configuration is far simpler than yours, I'll post it below. For me, the ssldump output wasn't very helpful. I used both the /var/log/httpd/httpd_errors and /var/log/secure logs to troubleshoot.BIG-IP config:
list sys httpd
sys httpd {
ssl-ca-cert-file /Common/bigip_ca
ssl-ocsp-default-responder http://172.24.171.29:2345
ssl-ocsp-enable on
ssl-ocsp-override-responder on
ssl-verify-client require
}
list auth cert-ldap
auth cert-ldap system-auth {
bind-dn cn=admin,dc=ldap,dc=test,dc=net
bind-pw $M$nq$CDOcADlm/Mkwy8MIU1/eLg==
login-attribute uid
login-filter "[a-z]{5}"
login-name cn
search-base-dn ou=People,dc=ldap,dc=test,dc=net
servers { 172.24.171.2 }
sso on
}
LDAP entry:
kevin, People, ldap.test.net
dn: uid=kevin,ou=People,dc=ldap,dc=test,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: kevin
cn: kevin
displayName: kevin
SSL certificate:
Subject: C=US, ST=Washington, L=Seattle, O=Example, OU=Example BIGIP Admins, CN=kevin
Hope this is helpful!
KevinKevin_K_51432
Jan 18, 2018Historic F5 Account
Defintely SSL related. So, a few SSL related things I ran into:
1) Ensure the OCSP service up and reachable.
2) Ensure you are using SHA256 for signing.
3) Ensure the CA cert has the "extendedKeyUsage = OCSPSigning" extension.
4) Ensure the CA cert is in the certificate database. httpd checks the CA cert first for some reason.
Hope these points offer some help!
KevinRecent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects