Forum Discussion
How are you planning to evaluate the Client Certificate group Memberships in LDAP with LTM? If you are using ACA, I highly recommend that you look at implementing APM, with ACA there is not much life left as far as support goes. https://support.f5.com/kb/en-us/solutions/public/14000/200/sol14263.html
Are you just validating the certificate with OCSP and setting a "group" membership from that? Or do you plan to validate the Client Certificate against OCSP, then validate the users memberships in LDAP?
If you plan to use ACA, you can find some guidance here: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_auth_profiles.html1192487
Since ACA relies heavily on irules, you should be able to modify many of the parameters from there.