For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

berkleyapac_259's avatar
berkleyapac_259
Icon for Nimbostratus rankNimbostratus
Feb 04, 2019

Setup load balancing for Secure LDAP

Hi,   We're having some trouble load balancing internal LDAP requests via our F5's and would like to know if the way we're attempting to implement it is correct.   We have two datacenters whic...
application delivery
BIG-IP
LTM
Maneesh_72711's avatar
Maneesh_72711
Icon for Cirrostratus rankCirrostratus
Feb 05, 2019

Why arent you handling LDAP/S traffic just via the GTM instead of routing it to LTM ?

 

We have had issues with GTM/LTM combo and moved back to just GTM (DNS) loadbalancing, everyday we had queries from users for their A/C locks as underlined AD servers did not have visbility of actual source IP due to SNAT (until you want to introduce XFF as well). if your setup is inline then you wont have issues.

 

Better to have just DNS based loadblancing and you can restrict traffic via the Topology based loadbalancing which will resolve to just one DC based on LDNS queries.

 

The way you have configured to 389 similar way you can configure for 636 and other ports.